California is backing away from a law that could have turned Linux into an age-verification tool. A new amendment would exempt most open-source operating systems from the Digital Age Assurance Act, softening a rule that had alarmed privacy advocates, Linux maintainers, and anyone who thinks asking an operating system for a birthday is a bit much.
If the California Linux age checks change passes, popular distributions such as Debian, Fedora, Ubuntu, Arch Linux, and Linux Mint would likely be outside the new requirements. The catch is that the law itself is not going away, and closed ecosystems with their own app stores may still be in scope. That leaves room for more regulatory wrangling, which is usually where these things get weird.
What AB 1856 changes
The amendment, AB 1856, rewrites the definition of an ”operating system provider” so it excludes software distributed under licenses that let users freely copy, modify, and redistribute it. In practical terms, that shields most open-source platforms from the obligation to collect a user’s age or birth date during first setup and pass an age signal to apps.
That signal was the heart of the original law, AB 1043, which shifted age verification away from websites and apps and onto the device itself. The categories were blunt by design: ”under 13”, ”13-15”, ”16-17”, and ”18+”. Convenient for lawmakers, messy for everyone else.
Why Linux drew the line
The backlash was easy to predict. Most Linux distributions are not run by a single company, do not require mandatory accounts, and often have no clear legal owner at all. That makes them very different from iOS or Android, where Apple and Google can actually enforce centralized policy.
Privacy groups argued that the original wording would have pushed open-source systems into a surveillance role they were never designed for. The Electronic Frontier Foundation went further, warning that the law risked laying groundwork for broader online identity tracking. That is a fairly brutal accusation, but it lands because the technical burden would have been dumped on communities that do not have the business structure or the appetite to run identity checks for the state.
SteamOS is the awkward exception
SteamOS remains the awkward case. It is built on Linux, but Valve’s tight integration with Steam’s proprietary store and client services could make regulators treat it more like a locked-down platform than a classic distro.
That distinction matters because California is not really deciding whether Linux is open source in the abstract; it is deciding which software stacks can be expected to police age in the first place. In other words, the state seems to have noticed that one size does not fit both Debian and a gaming appliance with a storefront attached.
California’s next test
The amendment was introduced by Assembly member Buffy Wicks and the latest version is dated 18 May 2026. The bill has already cleared a second reading and is headed for further consideration in June, with the new rules slated to take effect on 1 January 2027 if they survive the process.
Expect the remaining fight to center on hybrids: commercial Linux-based platforms, app stores bundled into operating systems, and anything else that looks open on the surface but is controlled in practice. California has tried to blunt the sharpest edge of its age-check law; now it has to prove the cut is precise enough to survive contact with the real software world.