Home LinuxLinux Is Exempt From Colorado and California’s New Age Verification Laws – Here’s Why
LinuxAndroidGoogleLinux DistributionsOpensourceOperating SystemsSmart DevicesSteamSteam DeckSteamOSValve

Linux Is Exempt From Colorado and California’s New Age Verification Laws – Here’s Why

Colorado and California Age Verification Laws Exempt Open Source Operating Systems

By sk
Written by sk 1.2K views 7 mins read

Quick Summary

  • California (AB 1856) and Colorado (SB 26-051) have enacted laws requiring operating systems to implement device-level age verification but have specifically exempted open-source software.
  • These mandates require "Operating System Providers" to collect a user's age during account setup and share a non-identifiable "age signal" with third-party apps.
  • Following significant backlash from open source community, both states narrowed their definitions to exclude Linux and open source software distributed under licenses that allow users to copy, redistribute, and modify the code.
  • While a pure Linux distribution is exempt, platforms like Valve's SteamOS may still fall under the mandate. This is because SteamOS ships with a proprietary storefront and client.
  • Similarly, while Android is technically open source, the version shipped on most phones includes proprietary Google Play Services, which would likely trigger the mandate.

Age Verification Laws in California and Colorado

Your computer is about to get a lot more nosy. Imagine turning on a new laptop and, before you can even see the desktop, it asks for your birth date. That was almost the mandatory reality for every user in California and Colorado.

Two overlapping pieces of legislation are reshaping the rules. Colorado's SB 26-051 ("Age Attestation on Computing Devices") has passed both chambers and was sent to the Governor in May 2026, with a July 2028 effective date.

In California, the underlying law is AB 1043 (the Digital Age Assurance Act), already signed by Governor Newsom and set to take effect January 1, 2027. A follow-up amendment, AB 1856, introduced by the same legislator who wrote AB 1043, is currently advancing through committee and would carve out a major protection for open-source software. As of late May 2026, AB 1856 had not yet passed, but its trajectory is being closely watched by the Linux and FOSS communities.

Both laws aim to protect children by moving age checks away from individual websites and onto the device itself. But after a significant backlash from open-source developers, lawmakers in both states added a critical twist: most open-source software would be exempt.

Related Read: MidnightBSD Excludes California from Desktop Use Due to Digital Age Assurance Act

The Open-Source Escape

Legislators realized they couldn't easily enforce compliance against decentralized software. Most Linux distributions, such as Debian, Fedora, and Arch, have no central corporate office to fine or sue.

The Colorado bill, as amended, states that Article 30 does not apply to an operating system provider or developer that distributes software under license terms allowing recipients to copy, redistribute, and modify the software without restrictions from the provider or developer.

California's AB 1856 uses nearly identical language. The exemption also explicitly covers free code repositories and containerized software distribution, meaning platforms like GitHub, GitLab, and Docker would not be treated as commercial app stores under either law.

Crucially, neither exemption mentions Linux by name. They describe a category of licensing, which means any project distributed under qualifying free and open-source terms is protected, without the law picking winners among specific ecosystems.

This protection for volunteer-built tools matters. System76 founder and CEO Carl Richell, who develops the Pop!_OS Linux distribution and lobbied actively for the Colorado amendment, confirmed on Bluesky and Fosstodon that the updated bill includes "a strong exemption for open source distros and apps."

The Restriction Condition: What "Open Source" Actually Means Here

There is a meaningful condition embedded in the exemption language that deserves attention. The protection is not simply about publishing source code. In Colorado's language, the exemption applies only to developers who do not prevent users from installing modified versions of the software on their own devices.

This draws directly on a concept the free-software world calls "Tivoization", a practice that became notorious when TiVo, in the early 2000s, used Linux under the open-source GPL license but locked down its hardware so users could never actually run modified code on their devices. In that sense, the exemption has a built-in integrity test: if you publish your source code but lock the device against user modification, you don't qualify.

This does not mean, as some early commentary suggested, that Apple or Google would be forced to unlock bootloaders to claim the exemption. Those companies operate commercial, proprietary ecosystems and do not qualify for the open-source exemption regardless.

The restriction condition is relevant to open-source distributors specifically. It prevents them from taking the exemption while simultaneously locking down hardware.

Why Your Steam Deck Might Still Need an ID

Even with the open-source win, there is a genuine gray area for hybrid systems. Valve's SteamOS is a clear example. It runs a Linux kernel, technically open source, but it is bundled with the proprietary Steam client, which functions as a commercial application storefront.

Under both laws, the relevant question is whether the platform operates a "covered application store". Since Steam distributes third-party applications commercially, Valve may still be subject to the age-verification requirements even though the underlying OS is open source.

This creates a practical asymmetry: the same Linux kernel is legally "safe" when downloaded as a generic distribution, but potentially "regulated" when it ships pre-installed on a gaming device with a commercial storefront attached.

What about Android?

Android generally falls into the same category as SteamOS regarding these age verification mandates. Even though the Android Open Source Project (AOSP) is free software, the version on most smartphones includes proprietary Google Play Services and device-specific features.

While AOSP or its "de-googled" forks (like GrapheneOS) might technically qualify for the open-source exemption, all mainstream smartphones are affected by default due to their pre-installed commercial ecosystems.

Billions in a Single Bug: The Risk of Scaling Fines

The financial stakes for getting this wrong are severe. The Colorado law's penalties are calculated per affected minor, not as a flat corporate fine. According to the official legislative fiscal note for SB 26-051:

  • $2,500 per minor for negligent violations
  • $7,500 per minor for intentional violations

Enforcement is handled by the Colorado Attorney General through civil action. For a major operating system serving millions of young users, a single software defect in the age-signal API could theoretically compound these figures dramatically, though courts would ultimately determine the scope of any resulting liability.

An Unexamined Problem: The Second-Hand Device Market

One area neither law appears to explicitly address is what happens when used devices change hands. Both laws focus on the "account setup" moment, when a user's age is first entered and stored. But if a device is sold without a factory reset, the new owner could be operating under the previous user's age profile.

This creates potential liability questions for resellers and raises the prospect that devices may need to be wiped clean before sale to avoid compliance problems, a friction that could increase e-waste and slow the secondary market.

This appears to be an unintended consequence neither legislature has yet addressed, and it may require clarification in future rulemaking or amendment.

What Happens Next

California's AB 1043 takes effect January 1, 2027. Whether AB 1856's open-source exemption will be in place before that deadline depends on its passage through the California legislature before the end of the current session.

Colorado's SB 26-051 takes effect July 1, 2028, with the open-source exemption already written into the enrolled bill.

Linux advocates are treating the Colorado amendment as a meaningful win for the FOSS community, while remaining cautious about implementation. History suggests that today's statutory exemption can become tomorrow's target for amendment, particularly as regulators and courts work through the first wave of enforcement actions.win

For now, the era of the anonymous operating system is genuinely under pressure, but the communities that built the open internet appear to have earned at least a temporary reprieve.

Resources:

Senthilkumar Palani (aka SK) is the Founder and Editor in chief of OSTechNix. He is a Linux/Unix enthusiast and FOSS supporter. He lives in Tamilnadu, India.

You May Also Like

How To Install Proxmox Backup Server Step by...

How To Fix “Warning: local is newer than...

Oomox – Customize And Create Your Own GTK2,...

How To Move Home Directory To New Partition...

Display Network Information In Linux Using What IP...

VirtualBox Error – Cannot register the DVD image...

1 comment

Jim Lee May 27, 2026 - 8:13 am

This is what happens when technology-related legislation is allowed to be crafted by people who have very little/no understanding of the subject in the first place. So many edge cases in the laws that they didn’t even consider.

Reply

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More