California lawmakers have revised the Digital Age Assurance Act (AB 1043) by adding an amendment under AB‑1856 that grants a blanket exemption to open‑source operating systems, including popular Linux distributions such as Debian, Arch, Ubuntu, and Mint.
AB 1043, enacted late last year, was designed to enforce age verification at the operating‑system level. The legislation requires devices to capture a user’s age during initial setup, producing an “age bracket signal” that is then transmitted to websites and applications. Under the original framework, every OS operating in California would have had to implement a centralized tracking mechanism to confirm whether a user was a minor.
The updated language narrows the definition of who is liable, replacing the earlier broad description of a “developer” as anyone who “owns, maintains, or controls an application” with a more specific clause that limits responsibility to those who “own an application, or maintain or control the hosting of the application in a covered application store.”
The amendment explicitly carves out open‑source initiatives from the scope of an “operating system provider.” It states that a person or entity is not considered an OS provider if they distribute an operating system or application under license terms that allow recipients to copy, redistribute, and modify the software.
In addition, the bill clarifies that an “application” does not encompass software components that are not sold as standalone executable applications through a covered application store.
Crucially, the legislation now requires that age verification must include any age information shared with a developer by an account holder concerning the user linked to that account.
The recent legislative tweak follows a fierce backlash from the open‑source community, which warned that the original wording would undermine the decentralized developer ecosystem. System76 CEO Carl Richell, for instance, rallied lawmakers to carve out exemptions for open‑source operating systems, contending that community‑driven platforms cannot verify user ages without infringing on fundamental privacy principles.
While the broader open‑source sector largely sidestepped the mandate, major tech firms have largely acquiesced. Google and Apple are already developing a “Digital Credentials API” for Safari and Chromium to meet the new requirements, and Microsoft plans to embed an age‑range API directly into its operating system.
AB‑1856 has cleared committee votes and is now poised for a final assembly vote, marking a pivotal moment for the industry’s compliance trajectory.
News Source: Neowin
Comments
Be the first to comment.