California Weighs Open-Source Exemption for Age Verification Mandates
Table of Contents
The Legislative Tug-of-War Over Digital Identity
California is currently navigating a complex intersection of child safety and the fundamental nature of open-source software. A proposed amendment to the state’s Digital Age Assurance Act (AB 1043) could provide a critical lifeline for developers of operating systems like Linux and FreeBSD, who have found themselves caught in the crosshairs of a sweeping mandate to verify user ages.
The original legislation, signed by Governor Gavin Newsom last October, was designed with a clear objective: shielding minors from the predatory elements of the internet, including sextortion and mental health hazards. However, the law’s broad application meant that anyone distributing an operating system was required to provide an accessible interface during account setup for users to declare their birth date. For the decentralized world of open-source development, this requirement was not just a technical hurdle, but an existential one.
The Open-Source ‘Carve-Out’
The friction sparked by AB 1043 led Assemblymember Buffy Wicks (D-Oakland) and Senator Tom Umberg (D-Santa Ana) to introduce AB 1856. This amendment seeks to refine the law’s definitions to avoid an accidental collision with the First Amendment and the practicalities of community-driven software. The most pivotal change appears in a version of the bill published on May 18, 2026, which explicitly clarifies that an “operating system provider” does not include entities distributing software under licenses that allow recipients to copy, redistribute, and modify the code.
If passed, this exemption would effectively remove the burden of age verification from the vast majority of Linux distributions. Without it, the open-source community faced a grim choice: implement invasive tracking mechanisms that contradict the ethos of privacy, or simply block California residents from accessing their software.
The urgency of this amendment was highlighted by the reactive measures of some smaller projects. MidnightBSD briefly attempted to ban California residents entirely in February, only to spend the following month desperately researching how to implement a verification system that wouldn’t alienate its user base.
The Proprietary Gray Area
While the amendment offers relief for pure open-source projects, it creates a nuanced legal gray area for hybrid models. The question remains whether this exemption extends to companies like Valve. While SteamOS is based on Linux, it is bundled with the proprietary Steam Client and distributed as a tightly integrated ecosystem. If the state determines that the distribution model is primarily proprietary rather than a permissive open-source license, Valve could still be mandated to implement age gates for Steam Deck users in California.
The Cost of Verification
Beyond the legal definitions, the Electronic Frontier Foundation (EFF) has voiced sharp criticism of the act, arguing that it effectively outsources government censorship to private developers. The EFF contends that such mandates entrench the dominance of Big Tech, as only companies with massive legal and engineering resources can afford to implement these systems at scale.
This financial burden is a growing concern. According to a paper by George S. Ford of the Phoenix Center for Advanced Legal and Economic Public Policy Studies, age verification laws often create a “balk rate”—the percentage of users who leave a site rather than provide sensitive data. In some sectors, this rate can soar to 99 percent. Furthermore, the emergence of a specialized industry of “authentication brokers” suggests a move toward a gated internet where a few centralized entities extract monopoly rents to verify identities for the state.
A Growing National Trend
California is not alone in this push. Over 25 states have enacted similar age verification laws, with West Virginia and Colorado following suit. Interestingly, Carl Richell, CEO of Linux laptop manufacturer System76, noted that Colorado’s approach has been more inclusive of the developer community, offering exemptions for open-source apps, code repositories, and containers from the outset.
As the January 1, 2027, effective date for AB 1043 approaches, the fate of the Linux ecosystem in California depends on whether the state recognizes that the “distributor” of a free, modifiable kernel is fundamentally different from a commercial app store operator.
