Morning Edition LIVE
Vol. I · No. 1
Est.
MMXXVI

The A.I. Beat

Dispatches from the frontier of machine intelligence
Three
Dollars
← Front page Legal & Policy May 30, 2026 · 5 min read
Legal & Policy

California Backs Off Open Source Age-Gating, But the Rest of Us Are Still Stuck

AB 1856 would spare Linux from California's age verification law, but every browser and website would still need to card you.
California Backs Off Open Source Age-Gating, But the Rest of Us Are Still Stuck

California lawmakers heard the outcry over forcing operating systems to verify user ages and they blinked. AB 1856, now moving through the legislature, would exempt open-source operating systems from the state’s Digital Age Assurance Act. That’s the good news. The bad news is that everything else just got worse.

The Digital Age Assurance Act (AB 1043), passed last year, mandated age verification across digital platforms in a way that threatened to make open-source operating systems legally unworkable. The law required platforms to sort users into age brackets and restrict access accordingly. For community-built systems like Linux distributions, that created an impossible compliance burden. There’s no company to sue, no central authority to enforce age checks, and no way to retrofit such requirements into software built by volunteers across the world.

Public pressure worked. The open-source exemption in AB 1856 recognizes that reality. But the bill doesn’t stop there, and what it does next should worry anyone who uses the internet in California, which thanks to the state’s market size means everyone who uses the internet anywhere.

Browsers and Websites, Meet Your New Bouncer Job

Under AB 1856, all web browsers and websites would be required to request and collect users’ ages. Not just social media platforms. Not just sites directed at children. All of them.

This is age-gating as infrastructure. Every browser vendor would need to implement age collection. Every website would need to handle age data. The bill doesn’t specify exactly how this should work, which means we’re likely to see a patchwork of half-baked solutions, each one a new privacy liability.

The EFF calls this out plainly: it jeopardizes speech, privacy, and security. Age verification systems require collecting and storing sensitive personal information. That information can be breached, misused, or handed over to governments. It also creates a detailed map of who visits which websites, exactly the kind of tracking that privacy advocates have spent years trying to dismantle.

There’s also the anonymity problem. Requiring age verification makes it harder to browse anonymously, which isn’t just a convenience. It’s how journalists protect sources, how activists organize in hostile environments, and how people access health information they’re not ready to discuss openly.

The Compliance Nightmare

For large platforms, age verification is expensive and annoying. For small websites, it’s potentially fatal. If you run a blog, a forum, or a niche community site, AB 1856 would require you to implement age collection or risk enforcement action. You can’t outsource this easily. You can’t ignore it if you have California users. And you definitely can’t do it without thinking hard about what happens when your age verification database gets hacked.

The law also doesn’t solve the problem it’s supposedly aimed at: keeping kids safe online. Determined teenagers will lie about their ages, use VPNs, or find workarounds. What the law does do is normalize constant identity verification as the price of internet access, and it sets a precedent for other states to follow with their own requirements.

What Happens Next

AB 1856 still needs to pass both chambers and survive the governor’s desk. If it does, California will have carved out open-source software while doubling down on age verification everywhere else. That’s a partial win that feels more like a warning.

Other states are watching. If California can mandate browser-level age checks, others will try. We could end up with a balkanized internet where every state has different age verification rules and compliance requirements. Or we could end up with a federal law that preempts the whole mess, though there’s no sign of that happening.

The open-source exemption in AB 1856 shows that public pressure can force legislators to recognize technical reality. Now the question is whether that pressure can be sustained long enough to force them to recognize the privacy and speech costs of universal age verification.

Right now, the bill treats open-source operating systems as a special case deserving protection. It should be treating the open internet the same way.

regulation copyright