Proposed changes to California’s Digital Age Assurance Act aim to exempt open source operating systems from age verification rules effective January 1, 2027.
The amendment, published on May 18, 2026, introduces language that excludes any operating system or application distributed under license terms that permit copying, redistribution, and modification from the definition of “operating system provider.”
If approved, Linux distributions, FreeBSD, and other open source operating systems will not be required to enforce age verification upon installation or first launch.
The amendment is identified as AB 1856, which was introduced in February by Assemblymember Buffy Wicks as an update to the original legislation (AB 1043), which was signed into law in October 2025.
What does the Basic Digital Age Assurance Act require?
The Digital Age Assurance Act mandates that operating system providers, app stores, and application developers verify a user’s age. Distributors of operating systems are required to provide an accessible interface for users to input their date of birth, age, or both during account creation.
The purpose of this law is to protect children from cyberbullying, sextortion and mental health problems. It applies to California residents and will go into effect January 1, 2027.
The relevant amendment language states that “operating system provider” does not refer to a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
This wording aligns with common open source licensing terms, such as the GPL, MIT, Apache, and BSD licenses. As a result, Linux vendors will not be required to enforce age verification upon installation of their distributions under this exemption.
Unresolved Edge Cases for Hybrid and Partially Open Source Systems
The discount raises questions about hybrid products. Valve ships its proprietary Steam client on top of Linux-based SteamOS.
It is unclear whether SteamOS qualifies for the exemption entirely or whether the proprietary Steam client imposes additional obligations on Valve, as the current amendment text does not explicitly address this.
MidnightBSD briefly included a clause in February that banned California residents from using the operating system, instead implementing an age verification system. The project later began exploring age verification mechanisms. Other open source projects had considered similar options before the amendment was proposed.
To date, at least 25 state laws requiring age verification have been passed in the United States. Next month, a new age verification law is set to go into effect in West Virginia. Colorado has also approved a bill on age verification, which is currently awaiting the Governor’s signature.
According to Carl Reichel, founder of System76, the Colorado bill provides exemptions for open source operating systems, applications, code repositories, and containers.
The Electronic Frontier Foundation has criticized AB 1043, arguing that it shifts censorship responsibilities to app developers and strengthens the dominance of major operating system and device manufacturers.
The group argues that such rules could harm the rights of free expression, digital freedom, and privacy of users and developers.
The practical cost of age verification for open source projects and what happens next
Santa Clara University law professor Eric Goldman recently wrote a blog post examining how age verification affects website traffic. The denial rate, or bounce rate, varies by site, but can be as high as 99 percent on some platforms, including Pornhub.
The Age Verification Providers Association estimated in 2021 that annual revenues from selling age verification services to OECD countries could reach approximately $11.4 billion within 10 to 15 years. This estimate came before the enactment of several state-level age verification laws across the United States.
The open source exemption proposal still needs to pass legislation before it can become law. Linux distributors and open source project maintainers should keep an eye on the amendment’s progress through the California legislature ahead of January 1, 2027, the effective date for AB 1043.
Projects that are considering implementing an age verification mechanism may want to hold off until the final status of the amendment is confirmed.
