California's bid to amend its landmark OS-level age-verification law passed the state Assembly on May 28, 2026, in a nearly unanimous 68-1 vote, sending the bill to the Senate with two simultaneous outcomes that privacy advocates describe as a mixed verdict: open-source Linux distributions would gain a formal exemption from the law's most burdensome requirements, while all web browsers and websites would be pulled into an expanded age-data collection framework for the first time.
Assembly Bill 1856, introduced by Assemblymember Buffy Wicks — the same lawmaker who wrote the original law — amends the Digital Age Assurance Act, which Gov. Gavin Newsom signed on October 13, 2025. That law requires every operating system provider in California to collect a user's age or birth date at device setup and transmit a bracketed signal to app developers — classifying users as under 13, 13–15, 16–17, or 18 and older — and is scheduled to take effect January 1, 2027.
The Electronic Frontier Foundation, which opposed AB 1043 from the start and has continued to fight AB 1856 in the Senate, described the bill's current state on May 29, 2026 as "one step forward, two steps back."
One Clause Redefines "Operating System Provider"
The entire open-source reprieve rests on a single sentence added to AB 1856's definition of who counts as an "operating system provider." As revised on May 18, 2026, the bill states that the term does not apply to "a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software."
That language places Debian, Fedora, Ubuntu, Arch Linux, Linux Mint, FreeBSD, and virtually every other permissively licensed project outside the law's compliance requirements. For most Linux distributions, the relief is substantial: the original AB 1043 would have required community-run projects maintained by volunteers — projects that in many cases have no centralized accounts system, no formal legal entity, and no technical infrastructure for transmitting age signals — to implement mandatory age-bracketing application programming interfaces by 2027 or face civil penalties of up to $7,500 per affected child for intentional violations.
Read more: Missouri's New Online Age Verification Law to Take Effect Soon: Could Your Privacy Be at Risk?
The technical mismatch was stark. Most Linux distributions are not centrally controlled commercial platforms in the way Apple's iOS or Google's Android are. There is no single entity controlling the end-to-end experience, no revenue stream to fund compliance, and no realistic mechanism for a volunteer project to register every California user's age bracket and expose it to third-party developers through a real-time interface. AlmaLinux board chair benny Vasquez wrote in an April 2026 post that the organization believed AB 1043 might require operating systems to implement verification and pass results to applications, but chose to monitor court proceedings and upstream projects rather than immediately alter its software.
Does the California Age Verification Law Apply to SteamOS?
The exemption language introduces one significant grey area that the bill does not resolve: Valve's SteamOS. Tom's Hardware reported that because Valve ships its proprietary Steam client and storefront by default on SteamOS, the platform sits closer to Apple's App Store or Google Play from a regulatory standpoint than to a standalone Linux distribution. Whether SteamOS as a whole qualifies for the open-source exemption, or whether Valve's bundled proprietary software keeps it within the law's scope, is not answered in the current text.
A similar ambiguity affects any open-source operating system that ships with or integrates proprietary application stores. The EFF noted that it remains unclear how the law applies when open-source software is incorporated into a commercial product or service, and called on the Senate to clarify that the exemption covers open-source applications as well as operating systems.
Commercial platforms — Apple's iOS, Google's Android, and Microsoft Windows — remain fully subject to AB 1043's requirements. Apple has released its Declared Age Range API and Google has launched its Play Age Signals API in beta to handle compliance obligations under the various state laws now in effect or pending.
AB 1856 Expands Age-Gating to Browsers and Websites
While the open-source exemption addresses one set of objections, the EFF's Molly Buckley argues that the version of AB 1856 that cleared the Assembly introduces a separate and more far-reaching problem: the bill extends AB 1043's age-bracketing requirements beyond operating systems and app stores to cover browser providers and website operators.
Under AB 1043 as originally enacted, the age-signal pipeline ran from the OS to app stores to app developers. AB 1856 adds a second channel: age data would now flow directly from browsers to websites. Every browser provider and every website operator in scope would be required to request and transmit users' age-bracket data, making it "nearly impossible for regular internet users to avoid AB 1043's age gates," according to the EFF's analysis.
That expansion compounds what digital rights advocates describe as the structural problem with the original law: even though AB 1043 does not explicitly mandate full identity verification, its liability structure creates strong commercial pressure on companies to collect and store more sensitive user data. The practical outcome, critics argue, is likely to include more ID checks, more biometric scanning, and more centralized data collection — creating breach risks of the kind already documented in other jurisdictions. MidnightBSD, one BSD variant, briefly added a clause to its license in February 2026 banning California users from the operating system entirely rather than attempting compliance; the project later began exploring an age-verification mechanism after the open-source amendment appeared.
What the 68-1 Assembly Vote Means for Linux Developers Right Now
AB 1856 is not law yet. The bill passed the California Assembly 68-1 on May 28, 2026, and was referred to the Senate Rules Committee as of May 27. It must pass the Senate and be signed into law before the open-source exemption takes effect. AB 1043's compliance deadline of January 1, 2027 remains unchanged.
Linux distribution maintainers, FreeBSD developers, and other open-source operating system contributors are advised to monitor AB 1856's progress in the Senate before assuming compliance is no longer required. If the bill passes the Senate in its current form and is signed by the governor, the open-source exemption would protect virtually all permissively licensed distributions. If amendments in the Senate strip or narrow the carve-out language, the compliance question reopens.
The bill's passage through the Assembly also confirms the unusual political dynamic that produced it: Wicks authored both the original law and the amendment designed to correct one of its most criticized provisions — a relatively rare instance of a California legislator publicly revising the scope of her own statute within months of its signing. AB 1043 passed the Assembly 76-0 and the Senate 38-0 in 2025, with support from Google, Meta, OpenAI, Snap, and Pinterest. AB 1856 cleared the Assembly with one dissenting vote.
Frequently Asked Questions
Does California's age verification law apply to Linux?
Under AB 1043 as originally enacted, Linux distributions were included in the law's definition of "operating system provider" and would have been required to implement age-bracketing systems by January 1, 2027. If AB 1856 is signed into law in its current form, any operating system or application distributed under a license that permits recipients to copy, redistribute, and modify the software — which covers the vast majority of Linux distributions — would be exempt from those requirements.
What does AB 1856 do to websites and browsers?
AB 1856 adds browser providers and website operators to the list of entities required to comply with California's age-bracketing framework — an expansion that goes beyond the original AB 1043, which applied only to operating system providers and app stores. The Electronic Frontier Foundation has warned this extension would create a direct age-data pipeline from browsers to websites, making it extremely difficult for California internet users to avoid having their age bracket collected.
Is SteamOS exempt from California's open source age verification exemption?
That question is unresolved in the current text of AB 1856. Valve ships the proprietary Steam client as part of SteamOS, which may place the platform closer to a covered application store than to a standalone open-source operating system. The EFF has called on the Senate to clarify how the exemption applies when open-source operating systems are incorporated into commercial products.
When does California's Digital Age Assurance Act take effect?
AB 1043, the Digital Age Assurance Act, is scheduled to take effect on January 1, 2027. AB 1856, which would amend it with the open-source exemption and the browser and website expansion, has passed the California Assembly and is now in the Senate.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
