California’s AB 1856, currently advancing through the state legislature ahead of committee reviews in June, would amend the Digital Age Assurance Act (AB 1043) to exclude open-source operating systems from its age-verification requirements. Under AB 1043, which takes effect January 1, 2027, covered OS providers must prompt users for their age or date of birth during device setup and generate an age-band signal for apps and stores — with civil penalties of up to $2,500 per affected child for negligent violations and $7,500 for intentional ones. AB 1856, authored by the same lawmaker behind the original bill, adds a carve-out stating that an “operating system provider” does not include any entity distributing software under licenses that permit recipients to “copy, redistribute, and modify” it — language that would effectively exempt most mainstream Linux distributions including Debian, Fedora, Ubuntu, Arch Linux, and Linux Mint.
The amendment draws a parallel line on the application side, excluding software components not distributed as standalone executable apps through a covered application store. That distinction, however, leaves Valve’s SteamOS in an ambiguous position: because SteamOS ships the proprietary, closed-source Steam client — which functions as a full-fledged application storefront — it would likely still fall under the law’s scope, as would any other Linux-based platform bundling a proprietary app store. Open-source developers had previously raised the question of how California could realistically enforce account-registration and age-signaling requirements against infinitely forkable projects with no central operator. AB 1856 does not repeal AB 1043; it narrows its reach. Whether it passes before the 2027 deadline remains to be seen.