Late last week, the same California lawmaker who authored AB-1043 — the “Digital Age Assurance Act” requiring every operating system sold in the state to implement age verification by January 2027 — filed an amendment exempting Linux from the mandate. The carve-out was proposed after weeks of backlash from open-source developers, hardware vendors, and the kind of technically literate users legislators usually ignore.
The amendment hasn’t passed yet. But it’s already done something more damaging to the law’s credibility than any protest could: it admitted the quiet part out loud.
The Amendment That Surrenders the Premise
AB-1043 was sold to the California Assembly as a child-safety measure. The text is sweeping — Section 2299.8 requires “any operating system made available for use in California” to prompt users to select an age bracket at device setup and then communicate that bracket to “covered applications” running on the system. Failure to comply means no California market.
If you actually believed every sentence of the bill’s preamble about protecting minors from harmful content, you would not exempt Linux. You’d argue that Linux users have children too — that unverified operating systems undermine the entire regulatory scheme. You’d say that if the goal is a safety net under every child in the state, the net can’t have a gap labeled “but only if you know how to flash a USB drive.”
Instead, the amendment’s sponsor — who wrote the original bill — proposed exempting Linux. This is an admission that the law’s sweep was never about principle. It was about leverage.
What Big Tech Metadata Reveals That Linux’s Doesn’t
The exemption makes sense only if you understand AB-1043 as a data-extraction pipeline, not a safety regulation. Commercial operating systems — Windows, macOS, ChromeOS — phone home. They have telemetry, account systems, hardware identifiers. Age information collected during account setup slots neatly into existing advertising infrastructure. The systems are already watching.
Linux isn’t. An open-source distribution installed on a machine bought with cash runs blind to the state in a way that Windows installed on a Dell purchased with a credit card at Best Buy never will. That’s not an accident of the open-source ethos — it’s the structural reality that made the exemption possible. A law that existed to verify ages would find a way to rope in all operating systems. A law that exists to verify ages and then do something with that verification downstream finds Linux genuinely irrelevant. Not a threat, just a rounding error.
One engineer I spoke with — browsing Slashdot from a workstation running Pop!_OS, the System76 distribution that would have been most affected — put it this way: “The legislators don’t care about my ThinkPad. They care about my daughter’s school Chromebook and every phone in her grade. Linux isn’t where the harvest is.”
2299.8 Million Californians, Give or Take
Consider the numbers. California’s population is roughly 39 million. The best estimates of desktop Linux usage hover between 2 and 4 percent — let’s call it three, which gives you a bit over a million machines. Now subtract children who set up their own devices, shared family machines, school-managed hardware, and that number shrinks further.
If your stated goal is to protect 39 million Californians from harm but you exempt even 3 percent of devices, you’ve admitted the harm-prevention framework isn’t rigorous in its own terms. And if you exempt those 3 percent because they generate no surveillance-surplus value, you’ve revealed which framework actually guided the drafting.
The Lawmaking Has Become the Metadata
AB-1043 was never going to protect a single child. It was going to produce compliance metadata — logs of who clicked “I’m over 18” or “I’m 13-17” — that commercial platforms could use to segment users by age at the system level. The Linux exemption makes this transparent. The operating systems no one uses for commercial surveillance? Exempt. The ones that power the ad economy? Regulated, with new signals appended.
This is, perversely, good governance in one narrow sense: we now know the lawmakers see the difference. They’re just not honest about what the difference means. The age-verification conversation is conducted in the language of child safety but functions in the grammar of data extraction. California’s amendment proposes to exempt the systems that don’t feed the grammar.
If legislators were serious about protecting children online, they’d mandate that platforms stop collecting children’s data regardless of what age the operating system claims. They don’t, because that isn’t the point. The amendment didn’t change AB-1043. It just held it up to the light.
If you’re a parent in California, nothing about your child’s safety online improved last week. But something did become clearer: the law wasn’t written for you.