California’s age-verification law is facing a significant reversal after backlash from the open-source community forced lawmakers to reconsider how the regulation applies to volunteer-run projects. Assembly Bill 1043, known as the Digital Age Assurance Act, was signed into law by Governor Gavin Newsom in late 2024 and is set to take effect on January 1, 2027. The law requires operating system providers to collect a user’s date of birth during account setup and categorize users into age brackets: under 13, 13–15, 16–17, and 18 and over, then transmit this age signal to apps that request it. What seemed straightforward for commercial vendors like Microsoft and Apple created an impossible compliance burden for Linux distributions and other open-source operating systems run by volunteers with no centralized infrastructure.
Key Takeaways
- California’s Digital Age Assurance Act requires operating system providers to implement age verification and transmit age signals to applications.
- The law’s broad language inadvertently targeted Linux distributions and open-source operating systems, which lack centralized account systems.
- Volunteer-run Linux projects cannot feasibly comply with the age-verification mandate without fundamental architectural changes.
- A proposed amendment would exempt software distributed under licenses allowing copying, redistribution, and modification without royalty or fee.
- The original lawmaker is now backing the exemption amendment after the backlash exposed the law’s unintended consequences.
How the age-verification law applies to operating systems
The age-verification law applies to any entity distributing an operating system in California, not just major tech companies. When a user sets up an operating system or accesses it, the provider must collect their date of birth and place them into one of four age brackets. The system then sends a real-time secure age signal to applications that request it, allowing app developers to enforce age-appropriate content restrictions. This architecture works for centralized platforms where a company controls account creation and maintenance. But Linux distributions operate fundamentally differently—they are typically distributed freely through volunteer networks, with no single point of account management or user data collection. A person downloading Linux from a mirror site operated by a volunteer has no account setup flow. The operating system itself does not authenticate users or maintain a database of their birthdates. Implementing age verification would require Linux projects to build centralized infrastructure that contradicts the open-source model itself.
The compliance crisis for Linux and open-source projects
The original age-verification law created an untenable situation for volunteer-run Linux distributions. These projects operate on donations and volunteer labor, with no corporate backing or legal departments to navigate regulatory compliance. Forcing them to implement age verification would require building account systems, data storage infrastructure, and age-bracket transmission protocols—capabilities that commercial operating systems already possess but that open-source projects fundamentally lack. The law’s broad language did not distinguish between centralized commercial platforms and decentralized open-source ecosystems, treating them as equivalent distribution channels. For a Linux maintainer in California, the choice became impossible: either build expensive compliance infrastructure or face civil penalties of $2,500 per affected child for negligent infractions and $7,500 per child for intentional non-compliance. This threat forced the open-source community to mobilize and demand a fix, arguing that the law’s authors had not considered how it would apply to software distributed under free and open-source licenses.
The proposed amendment and lawmaker’s reversal
In response to the backlash, a proposed amendment to the age-verification law would create an exemption for Linux and other open-source operating systems. The amendment language, reportedly emailed to the office of the bill’s original sponsor Buffy Wicks, defines the exemption to cover software distributed under license terms that allow recipients to copy, redistribute, and modify the software, including commercially and without royalty or fee. This language aligns with how free and open-source licenses like the GNU General Public License (GPL) actually work. The original lawmaker is now backing this amendment, marking a significant retreat from the initial broad approach. Rather than defending the original bill’s scope, Wicks’s office has reportedly moved to carve out open-source systems entirely, acknowledging that the law was never intended to burden volunteer projects that cannot implement centralized age verification. This reversal is noteworthy because it demonstrates how technical reality can force lawmakers to revise legislation that sounded reasonable on paper but proved unworkable in practice.
Why the exemption matters for open-source software
The proposed exemption protects the open-source ecosystem from impossible compliance burdens while still allowing the age-verification law to apply to commercial operating system providers. Open-source projects depend on distributed development and free redistribution—core principles that cannot coexist with centralized age-verification systems. By exempting software distributed under open-source licenses, the amendment preserves the legal environment that has enabled Linux, FreeBSD, and thousands of other free projects to thrive without corporate gatekeeping. The exemption also reflects a practical recognition: California cannot regulate software that has no single point of control. Attempting to do so would either require open-source projects to abandon their licensing model or face penalties they cannot possibly comply with. The amendment represents a compromise that lets the age-verification law proceed for centralized platforms while acknowledging the architectural impossibility of applying it to decentralized open-source distribution. This outcome underscores a broader principle: legislation written without input from the affected technical community often creates unintended consequences that require expensive fixes.
Is the age-verification amendment already in effect?
The proposed amendment to exempt Linux and open-source operating systems from California’s age-verification law has been reported and reportedly sent to lawmakers, but the available reporting does not confirm whether it has been formally enacted or remains in the proposal stage. The amendment process in California requires legislative action, and the timing of any formal adoption remains unclear from the available information.
When does California’s age-verification law take effect?
California’s Digital Age Assurance Act, Assembly Bill 1043, is scheduled to take effect on January 1, 2027. This gives operating system providers and app developers time to implement the required age-verification systems, assuming the proposed exemption for open-source software is enacted before the deadline.
What happens if an operating system provider does not comply with the age-verification law?
Non-compliance with the age-verification law carries significant civil penalties: $2,500 per affected child for negligent infractions and $7,500 per child for intentional non-compliance. These penalties apply to operating system providers and distributors that fail to implement the required age-verification and age-signal transmission systems by the January 1, 2027 deadline.
California’s age-verification law exposed a critical gap between legislative intent and technical reality. Lawmakers seeking to protect minors online created a regulation that inadvertently threatened the open-source ecosystem—the very foundation that powers much of the internet’s infrastructure. The forced reversal by the original lawmaker, while humbling, demonstrates that even well-intentioned regulation must account for how different software distribution models actually work. The proposed exemption for open-source systems is not a victory for the tech industry so much as an acknowledgment that volunteer-run projects cannot be regulated like centralized corporations. As the January 1, 2027 deadline approaches, the real test will be whether the amendment passes before it takes effect, and whether commercial operating system providers can implement the age-verification systems the law demands.
Edited by the All Things Geek team.
Source: TechRadar
