Linux is Getting a Free Pass on Age Verification in California and Colorado
Age verification laws have been spreading fast, and we have been keeping tabs on them for a while now. California’s Digital Age Assurance Act (AB 1043) was the first to land, signed in October 2025, with Colorado following with its own version (SB26-051).
Neither made any concessions for open source software in the original language, which left Linux distributions and other community-run projects in a very uncomfortable dilemma.
Both have since moved to fix that, with Colorado having wrapped it up earlier this month and California heading for a full Assembly vote.
What’s California doing?
AB 1043 required OS providers to collect a user’s age or birth date at account setup and share it with apps through a real-time API, starting January 1, 2027. Open Source projects got no special treatment in the original text, which is something we wrote about when the bills started drawing attention.
Assembly Member Buffy Wicks, who authored AB 1043 herself, introduced AB 1856 in February to address that.
After four rounds of revisions, the bill has rewritten the definition of “operating system provider” to exclude anyone distributing an OS under terms that let recipients copy, redistribute, and modify the software.
Most Linux distributions under permissive or copyleft licenses fall cleanly within that.
In tandem, another change covers the application side, where software that is not offered as a standalone executable through a covered app store is no longer treated as an “application” under the law.
The bill passed the Appropriations Committee 11-0 on May 14. It was ordered to third reading on May 19 and is awaiting an assembly vote. Interestingly, Buffy is the chair of that committee.
What about Colorado?
The formatting of this bill document could be better. โ ๏ธ
Colorado’s path here involved some direct community legwork. Carl Richell, the founder of System76, spent some considerable time working with Senator Matt Ball, one of SB26-051’s co-authors, to get open source exclusions written into the bill.
The bill exempts OS providers and developers distributing software under terms that permit copying, redistribution, and modification. It also adds a requirement that exempt software have no platform-imposed technical or contractual restrictions on installing modified versions.
The extra clause is aimed at tivoization, where manufacturers lock down hardware to block modified software from running even when the source code is freely available.
Beyond that, code repository providers, containerized software distributions, and applications from free, publicly available code repositories are explicitly excluded too.
The law also has a narrower scope, only applying to OS providers that operate a covered app store or ship one pre-installed. An OS provider with no app store involvement does not come into scope at all.
Besides that, SB26-051 is now set to take effect on July 1, 2028.
Some closing wordsโฆ
Neither state got here automatically. The open source exemptions did not exist in either bill to start with, and it took sustained community pressure and direct legislative outreach to get them added.
This is something that can be applied to many other issues, of course. Though, when the representatives are more interested in serving certain interests (say due to pressure from certain lobbies) than their constituents, disruption tends to be the only way out.
