California and Colorado have revised their age verification laws to carve out exemptions for open-source operating system providers. The changes follow advocacy from System76 CEO Carl Richell, who said he was meeting with lawmakers to support language that would let open-source operating systems, including Linux distributions, avoid having to include age verification systems.
Article 30 of Colorado Senate Bill 26-051 now states that the article does not apply to “an operating system provider or developer that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software without any platform-imposed technical or contractual restrictions imposed by the provider or developer on installing all modified versions.” California’s Digital Age Assurance Act, bill AB 1856, was also amended. The bill now says: “Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
Those exemptions mean most Linux distributions are not expected to require users to submit information for age verification. The situation is less clear for dual-license distributions such as SteamOS. While its Arch Linux-based operating system layer is open-source and appears exempt, the bundled Steam Client remains a proprietary app store that will likely still require age data.
Open-source browsers may also face added obligations under California’s approach. No similar exception appears to exist in the California bill for open-source or similarly licensed browsers. That could leave projects such as Firefox and Chromium needing to add support for requesting an age attestation signal from the operating system.
