Children under 13 (or the applicable local age of digital consent) cannot create their own Microsoft or Xbox account. A parent must set up and consent to the account on the child's behalf through Microsoft Family Safety or another provided mechanism.
This analysis describes what Xbox's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Parents are responsible for establishing and managing accounts for younger children, and Microsoft's platform relies on parental consent mechanisms to comply with COPPA and equivalent international laws, meaning parents should actively review and configure Family Safety settings.
Parents who allow children under 13 to use Xbox or other Microsoft services through a parent-created account should configure privacy and content settings through Microsoft Family Safety, as the parental account holder retains responsibility for the child's account activity and associated purchases.
How other platforms handle this
YOU MUST BE AND HEREBY AFFIRM THAT YOU ARE AN ADULT OF THE LEGAL AGE OF MAJORITY IN YOUR COUNTRY OR STATE OF RESIDENCE. If you are under the legal age of majority, your parent or legal guardian must consent to this agreement.
The Service is not directed to children under the age of 16. If you are under the age of 16, you may only use the Service with the involvement and consent of a parent or guardian. If you are a parent or guardian and you are aware that your child has provided us with personal information without your...
The Service is not directed to children under the age of 13. If you are under 13 years of age, please do not use or access the Service at any time or in any manner. If we learn that personally identifiable information has been collected on the Service from persons under 13 years of age and without v...
Monitoring
Xbox has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"If you are under 13 (or under the applicable age of digital consent in your country), you may not set up your own Microsoft account, but a parent or guardian may set up an account on your behalf. If your child has an account set up by you as a parent, you may provide consent to the child's use of Microsoft services, including Xbox, through the Microsoft Family Safety application or by other means we provide.— Excerpt from Xbox's Xbox Terms of Use
REGULATORY LANDSCAPE: This provision directly implicates the Children's Online Privacy Protection Act (COPPA), enforced by the FTC, which requires verifiable parental consent before collecting personal information from children under 13. The provision also references compliance with country-specific ages of digital consent, engaging the GDPR Article 8 framework in the EU, which sets the default age of digital consent at 16 but allows member states to lower it to a minimum of 13. The FTC is the primary enforcement authority for COPPA compliance. GOVERNANCE EXPOSURE: High. COPPA enforcement has resulted in significant FTC penalties against major technology companies in recent years. The adequacy of the parental consent verification mechanism referenced in this provision (Microsoft Family Safety) would be a key compliance evaluation point. The broad scope of Microsoft services covered by this agreement, including Xbox online gaming, data collection through gaming activity, and voice communication features, creates meaningful COPPA exposure. JURISDICTION FLAGS: EU member states each set their own age of digital consent between 13 and 16, creating a patchwork compliance requirement for Microsoft's services across the EEA. UK GDPR sets the age of consent at 13. Organizations operating in the EU should verify which national implementation applies to their user population. CONTRACT AND VENDOR IMPLICATIONS: Developers and third-party publishers distributing games or apps through Xbox and the Microsoft Store should assess whether their own data collection practices within Microsoft's ecosystem comply with COPPA when child accounts may access their content. COMPLIANCE CONSIDERATIONS: Privacy teams should audit the Microsoft Family Safety parental consent flow to confirm it meets COPPA's verifiable parental consent standard, which the FTC has interpreted to require more than a simple affirmative click. Organizations or schools that deploy Microsoft services to children should verify whether their usage falls under COPPA or FERPA, and whether additional data processing agreements with Microsoft are required.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Parents are responsible for establishing and managing accounts for younger children, and Microsoft's platform relies on parental consent mechanisms to comply with COPPA and equivalent international laws, meaning parents should actively review and configure Family Safety settings.
Parents who allow children under 13 to use Xbox or other Microsoft services through a parent-created account should configure privacy and content settings through Microsoft Family Safety, as the parental account holder retains responsibility for the child's account activity and associated purchases.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Xbox.