California Governor Gavin Newsom signed into law in October 2025 a measure requiring age verification for all operating system users within the state, with the provisions taking effect January 1, 2027. The Digital Age Assurance Act (AB 1043) mandates that operating system providers collect age information during account setup and transmit that data to app developers via a real-time application programming interface (API).
The law applies to a broad range of operating systems, extending beyond major players like Windows, macOS, Android, and iOS to include Linux distributions and Valve’s SteamOS, according to reports from Tom’s Hardware and PC Gamer. OS providers must categorize users into one of four age brackets – under 13, 13 to under 16, 16 to under 18, and 18 or older – and relay this information to developers upon request.
Developers receiving this age signal are legally considered to have “actual knowledge” of a user’s age range, shifting the responsibility for ensuring age-appropriate content onto them. Non-compliance carries penalties of up to $2,500 per affected child for negligent violations and $7,500 per child for intentional violations, enforced by the California Attorney General.
The implementation of AB 1043 presents significant challenges for open-source operating systems. Byteiota.com reports that Linux distributions, which often lack centralized account infrastructure, face a practical impossibility in enforcing the law. Users frequently download and install these systems without creating accounts, and the decentralized nature of development allows for modification and removal of any compliance features.
The law requires OS providers to maintain a “reasonably consistent real-time application programming interface” for age categorization. Though, the potential scope extends to even basic command-line tools, raising concerns about the feasibility of implementation for all software, as noted by commenters on Hacker News. Smaller Linux distributions, lacking dedicated legal teams and resources, could face substantial penalties despite limited capacity to comply.
The California legislature did not appear to fully consider the implications for open-source software development, according to Byteiota.com. The law’s broad definition of an “operating system provider” – encompassing anyone who “develops, licenses, or controls the operating system software” – further complicates compliance for a wide range of entities.
