Summary
- California (AB 1856) and Colorado (SB 26-051) have enacted laws requiring operating systems to implement device-level age verification but have specifically exempted open-source software.
- These mandates require “Operating System Providers” to collect a user’s age during account setup and share a non-identifiable “age signal” with third-party apps.
- Following significant backlash from open source community, both states narrowed their definitions to exclude Linux and open source software distributed under licenses that allow users to copy, redistribute, and modify the code.
- While a pure Linux distribution is exempt, platforms like Valve’s SteamOS may still fall under the mandate. This is because SteamOS ships with a proprietary storefront and client.
- Similarly, while Android is technically open source, the version shipped on most phones includes proprietary Google Play Services, which would likely trigger the mandate.
If the current draft passes, it does something as well. Websites that want or have to rely on the signal will do it. Linux users will have to implement something if they want to access them. Parents that want to limit the access for their children on linux will be looking for implementations and use them. Everything happening without forcing the distributions.
Have you read the bill? This is explicitly NOT aimed at websites but at apps. I’m not defending it, but be angry about what it actually is.