California Considers Exempting Linux from Age Verification Law Following Backlash from Open Source Communities

The state of California has stirred significant controversy in the tech industry with its “Digital Age Assurance Act (AB 1043),” a digital age verification law passed at the end of 2025. Particularly, the law has faced fierce backlash from the Linux and open-source development communities, prompting the state legislature to propose an amendment, “AB 1856,” which aims to exclude open-source operating systems from the law’s scope.

What is OS-Level Age Verification?

The core of AB 1043 lies in its goal to elevate online age verification—traditionally conducted at the website or app level—to the operating system (OS) level. Specifically, the law would require operating systems to request a user’s age or date of birth during device setup and share it as an “age category signal”—such as “under 13,” “13–15 years old,” “16–17 years old,” or “18 and older”—with apps or app stores. While designed with commercial platforms like Apple’s iOS and Google’s Android in mind, aligning with policy objectives to enhance the protection of minors in the digital space, this approach has revealed significant contradictions when applied to the world of open-source software.

Challenges Faced by the Linux Community

Unlike centralized platforms such as iOS and Android, mainstream Linux distributions like Debian, Fedora, Ubuntu, Arch Linux, and Mint are not managed by a single company. Many of these are community-driven projects that often lack user registration or telemetry collection mechanisms. Some projects don’t even have a formal corporate structure. AB 1043 imposes an obligation on “providers of operating systems” to implement age verification features. However, the law’s broad definition led to concerns that developers and distributors of infinitely forkable open-source software could be required to build age verification platforms. This raised fundamental questions among Linux developers, such as, “How would California enforce the law on countless forked projects?” The decentralized development model itself was seen as fundamentally incompatible with centralized regulatory frameworks.

Electronic Frontier Foundation Sounds the

Alarm The Electronic Frontier Foundation (EFF), a well-known privacy advocacy organization, has also sharply criticized the legislation. The EFF expressed concerns that OS-level age verification could pave the way for a broad online identity tracking infrastructure. While the collection of age information by operating systems and its dissemination to apps may appear to support the protection of minors, it also creates a scenario where all users’ age data is stored by the OS. This situation carries inherent risks of surveillance and data misuse. For the EFF, this law represents the establishment of a potential infrastructure for privacy violations under the guise of legal compliance.

Key Points of Amendment AB 1856 In response

to these criticisms, the same legislator who introduced the original AB 1043 bill proposed the amendment AB 1856. The amendment is currently under review by a California state legislative committee ahead of its scheduled June session. The crux of AB 1856 is clear: it seeks to exclude software distributed under licenses that permit users to “copy, redistribute, and modify the software” from the definition of “providers of operating systems.” This effectively exempts operating systems distributed under open-source licenses like GPL, MIT, and Apache from the obligation to implement age verification features. As a result, major Linux distributions like Debian, Fedora, Ubuntu, Arch Linux, and Mint would no longer bear the burden of compliance with the law.

Impact on Commercial Platforms If the

amendment is passed, the primary entities still affected would be commercial mobile operating systems like Apple’s iOS and Google’s Android. These platforms already have mechanisms for user account management and telemetry collection, suggesting that implementing technical solutions for age verification is not impossible. However, debates over the necessity and fairness of imposing age verification requirements on commercial OS platforms are expected to continue. The amendment is focused solely on sparing open-source software, without fundamentally altering the approach to digital age verification.

Implementation Set for January 2027 AB 1043

is scheduled to take effect on January 1, 2027. If AB 1856 is passed before this date, the Linux community will be relieved of legal obligations under the law. However, the broader issues raised by this legislation remain significant. How can legislative bodies design technology regulations that adequately distinguish between commercial platforms and decentralized open-source ecosystems? California’s experience highlights the confusion that can arise when lawmakers fail to fully understand technological diversity before drafting regulations. This case will likely serve as a reference point for future discussions on such matters.

Beyond the Debate While the introduction of

the amendment is a positive step, the fundamental issues remain unresolved. Concerns about the privacy implications of OS-level age verification are shared equally by users of commercial platforms. The exemption of the Linux community from these regulations does not mark the end of debates over digital age verification. Instead, it underscores the gap in understanding between regulators and the tech community. As similar regulations are considered in other states and countries, California’s experience will serve as a valuable lesson. Open-source software, characterized by its decentralized and democratic nature, resists adaptation to centralized regulatory frameworks. Legislators must design regulations with a deep understanding of technological realities; otherwise, they risk perpetuating an unproductive cycle of drafting and revising laws.