California moves to exempt Linux from its upcoming age-verification law after backlash over forcing operating systems to collect users’ ages — amendment proposed by the same lawmaker who wrote the original law

California lawmakers may be backing away from a controversial age-verification requirement bill that alarmed Linux and open-source developers earlier this year, after a new amendment bill proposed exempting most open-source operating systems from the state’s upcoming Digital Age Assurance Act. In practice, that would likely exempt most mainstream Linux distributions — including Debian, Fedora, Ubuntu, Arch Linux, and Mint — from compliance requirements scheduled to take effect on January 1, 2027.

Assembly Bill 1856 (AB 1856), currently moving through California’s legislature ahead of committee reviews in June, would amend the state’s earlier age-assurance law by excluding software distributed under licenses that allow users to “copy, redistribute, and modify the software.”

The proposed amendment specifically states: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.

The amendment follows months of backlash after California passed the original Assembly Bill 1043 (AB 1043), formally known as the Digital Age Assurance Act, in late 2025. The law sought to shift online age verification away from individual websites and apps and down to the operating-system level instead.

Under the original law, operating systems would be required to request a user’s age or birth date during device setup, then expose an “age bracket signal” to apps and app stores. The law, which defined brackets such as “under 13,” “13–15,” “16–17,” and “18+,” immediately raised questions about how such requirements would apply to decentralized, open-source software ecosystems.

Unlike Apple’s iOS or Google’s Android, most Linux distributions are not centrally controlled commercial platforms. Many are community-run projects maintained by volunteers, often without user accounts, telemetry systems, or even formal corporate ownership structures. Critics argued the law’s wording was so broad that it could technically force open-source operating systems to become age-verification platforms.

Privacy advocates, including the Electronic Frontier Foundation, criticized the legislation as invasive and warned it could create infrastructure for broader identity tracking online. Linux developers also questioned how California could realistically enforce such requirements on infinitely forkable open-source software projects.

The controversy became particularly heated after reports suggested platforms like SteamOS could still fall under the law due to their ties to proprietary application ecosystems. Valve’s Linux-based gaming platform ships with the proprietary Steam storefront and client, potentially placing it closer to Apple’s App Store or Google Play from a regulatory standpoint.

AB 1856 does not repeal the original Digital Age Assurance Act. Instead, it narrows the definition of who qualifies as an “operating system provider” under the law. Commercial platforms with proprietary app ecosystems could remain subject to California’s age-assurance requirements even if most open-source Linux distributions are ultimately exempted.

California Assembly Member Buffy Wicks introduced the amendment on February 11, 2026. However, the open-source exemption language appeared in later revisions that began drawing attention across Linux and privacy communities. The latest version is dated May 18, 2026, and as of May 19, 2026, the bill was read a second time and ordered to third reading.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.