It's a lot easier to add an API that's opt-in for an application that needs it. What's the appropriate way an OS should handle an application that doesn't declare this new property? Fail open? Fail closed? It would quickly turn into a mess. IMO it's better to do it this way because the applications that need it (browsers, chat clients, etc.) will use it to provide legal shielding. This isn't a technical problem they're trying to solve, it's a legal liability one. I generally like this approach, but I think there's no reason to mandate that an application use the API, just mandate that if they do they are considered to have real knowledge of the age range of the user in question. If you provide the API, the incentive to use it is already there for the applications it's needed for the most.
Or just do what reasonable states do and create liability for distributing child inappropriate things to children, and require distributors to use a commercially reasonable way to validate age. The law doesn't need to say specifically how to do it, and it certainly doesn't need to mandate things on unrelated third parties like OS vendors and device manufacturers. The people who want to distribute adult content can work with OS vendors to develop acceptable liability shields for themselves.
So a application that wants to filter will categorize their services privately and then write custom filtering logic, but will not just categorize their services publicly? That is nonsense.
And your point about fail open versus closed also makes no sense since if there are zero repercussions to not writing filtering logic then nobody would even bother. If there is liability, then obviously everybody will fail closed and every application developer needs to evaluate and change their application to only allow acceptable usage. This is much harder if they have to write custom filtering logic instead of just publishing their data categorization.
