Summary
- California (AB 1856) and Colorado (SB 26-051) have enacted laws requiring operating systems to implement device-level age verification but have specifically exempted open-source software.
- These mandates require “Operating System Providers” to collect a user’s age during account setup and share a non-identifiable “age signal” with third-party apps.
- Following significant backlash from open source community, both states narrowed their definitions to exclude Linux and open source software distributed under licenses that allow users to copy, redistribute, and modify the code.
- While a pure Linux distribution is exempt, platforms like Valve’s SteamOS may still fall under the mandate. This is because SteamOS ships with a proprietary storefront and client.
- Similarly, while Android is technically open source, the version shipped on most phones includes proprietary Google Play Services, which would likely trigger the mandate.
I think it’s more that someone managed to explain to them in words they could understand how unenforceable it was, and having it be unenforceable for some weakens the law’s standing as a whole. Now it doesn’t because they aren’t required to try.