California to exempt open-source OSes from age-verification law after backlash

California Assembly Bill 1856 would narrow the state’s Digital Age Assurance Act (AB 1043) by excluding operating systems distributed under licenses that permit copying, redistribution, and modification. That carve-out would cover mainstream Linux distributions like Debian, Fedora, Ubuntu, Arch, and Mint before the law takes effect on January 1, 2027. The amendment comes from Assembly Member Buffy Wicks, the same lawmaker behind the original bill, after months of pushback from open-source developers and the EFF.

The underlying law pushes age verification down from individual sites to the OS layer, requiring operating systems to collect a user’s age at setup and expose bracketed signals (under 13, 13–15, 16–17, 18+) to apps and stores. Critics pointed out the obvious mismatch with community-run, forkable projects that have no central authority, no user accounts, and no telemetry to hang verification on. Enforcement against an infinitely forkable ecosystem was never realistic.

The exemption is not a repeal — proprietary platforms remain on the hook, and the language hinges on license terms rather than technology. SteamOS is the awkward edge case: its base is Linux, but it ships bundled with Valve’s proprietary Steam client and storefront, which could pull it back under the law’s definition of an operating system provider. The bill was ordered to third reading on May 19, 2026.