California lawmakers have amended AB 1856 to exclude Linux distributions and other open-source software projects from the state’s OS-level age verification rules.
The latest amendment to the bill, published on May 18, 2026, updates California’s Digital Age Assurance Act, which takes effect January 1, 2027. The law requires operating system providers to collect a user’s birth date, age, or both during account setup and to provide an age-bracket signal to app stores, application developers, browser providers, and website operators.
The key change is the revised definition of “operating system provider.” The amended text defines it as an entity that develops, licenses, or controls operating system software on a computer, mobile device, or other general-purpose computing device.
The key change, however, is that the bill now adds that an operating system provider does not include an entity that distributes an operating system or application under license terms that allow the recipient to copy, redistribute, and modify the software.
“Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
And as you can imagine, this distinction is more than significant for the Linux ecosystem and other open-source projects. The reason is simple: most Linux distributions use licenses, such as the GPL family, that permit copying, redistribution, and modification.
In practice, the amendment appears to exclude most community and commercial Linux distributions from the definition of operating system provider. This approach distinguishes the California proposal from a broad OS-level age-verification mandate that would apply equally to both proprietary and open-source platforms.
At the same time, the California amendment reflects a broader trend of state-level age assurance proposals targeting operating systems, app stores, browsers, and websites as enforcement points.
Colorado has also passed SB26-051, a separate age attestation bill for computing devices, but it treats open-source software differently. California’s amended language is more relevant to Linux because it expressly excludes software distributed under licenses that allow copying, redistribution, and modification.
Finally, to be clear, AB 1856 is still a bill, not yet a law. However, its current text shows a clear shift: the state’s age-verification framework continues to target OS-level age signals, but the amended definition now appears intended to exclude Linux distributions and other open-source software distributors from the same compliance category as proprietary operating-system platforms. Which, no matter how you look at it, is more than a positive turn of events.
