US state laws push age checks into the operating system
- Reference: 1772810106
- News link: https://www.theregister.co.uk/2026/03/06/os_age_verification/
- Source link:
The top line of California's [1]Assembly Bill No. 1043 says: "AB 1043, Wicks. Age verification signals: software applications and online services." It was approved last October, but it's hit the headlines this week. In brief:
This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device…
To summarize: OS vendors must collect and store the age or date of birth for each user account, and the OS must inform app stores. In a way that is not anti-competitive, of course. Yay, capitalism.
It's not alone. Colorado's [2]Senate Bill 26-051 [PDF], titled "A Bill for an Act Concerning age attestation for users of computing devices," requires OS vendors to collect and store age brackets for users, and tell app stores if they're underage – and developers must check for it. If you fail to do this negligently, there's a $2,500 fine; if you do so intentionally, it's $7,500. That'll intimidate all those dotcom billionaires.
New York [3]Senate Bill S8102A goes further. It "requires manufacturers of internet-enabled devices to conduct age assurance" to check all users' ages, and provide this info to "all websites, online services, online applications and mobile applications" – as well as app stores.
[4]
For commercial OSes, this is not such a big problem. Yes, it's government-mandated snooping and snitching, but recent versions of most Microsoft and Apple OSes demand some kind of online account, and Apple wants you to add a payment method too.
[5]
[6]
It's a bigger problem for FOSS OSes, though. Some are taking pre-emptive action. FreeBSD distribution MidnightBSD has added a clause to its [7]license :
California residents are not authorized to use MidnightBSD for desktop use in the state of California effective January 1, 2027.
The [8]DB48X scientific calculator app has [9]done similar , banning users in California next year and Colorado in 2028.
[10]Discord drama delays age verification debut until the second half of 2026
[11]UK data watchdog fines Reddit £14.47M for letting kids slip past the gate
[12]House of Lords votes to ban social media for Brits under 16
[13]Good morning, Brit Xbox fans – ready to prove your age?
It's causing wider concern, and there are discussions [14]in the Fedora Project as well as [15]in the Linux Mint forums . Even the FreeDOS Project is [16]discussing it , although since FreeDOS doesn't have user accounts, or a web browser or an app store, there's little the project is able to do. Canonical's VP of engineering, Jon Seager, who [17]talked to us last November , said in the [18]Ubuntu Discourse that the company has its lawyers looking into it.
Around the same time, we [19]reported from the Ubuntu Summit on the news that the COSMIC desktop was coming soon. That speaker has also published one of the more nuanced takes we have seen on the subject so far. [20]System76 on Age Verification Laws , from the company's CEO, Carl Richell, argues against the bills, saying that they're too loosely specified and wide-ranging, and also that they won't work because kids will easily circumvent them.
This isn't just a US problem. The EU also has [21]guidelines for protecting minors that could have wider ramifications. In the meantime, we only wish that more governmental bodies were [22]as clued up as those in Norway . ®
Bootnote
The Reg FOSS desk has had an Apple account since about 1996, before the NeXT deal was even on the cards, and back then Apple had no payment mechanisms. These days, he finds considerable amusement in watching various bits of macOS throw errors at him because he literally can't pay for anything. We haven't tried, but there are reportedly [23]ways around this , and [24]Macworld has steps to remove your payment method.
Get our [25]Tech Resources
[1] https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
[2] https://leg.colorado.gov/bill_files/110990/download
[3] https://www.nysenate.gov/legislation/bills/2025/S8102/amendment/A
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aasIL9K9V89-5MGiRDQG-gAAAM4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aasIL9K9V89-5MGiRDQG-gAAAM4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aasIL9K9V89-5MGiRDQG-gAAAM4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://github.com/MidnightBSD/src?tab=License-1-ov-file
[8] https://48calc.org/
[9] https://github.com/c3d/db48x/commit/7819972b641ac808d46c54d3f5d1df70d706d286
[10] https://www.theregister.com/2026/02/24/discord_drama_delays_age_verification/
[11] https://www.theregister.com/2026/02/24/ico_fines_reddit/
[12] https://www.theregister.com/2026/01/22/house_of_lords_votes_to_ban_under_16_socmed/
[13] https://www.theregister.com/2025/08/28/xbox_online_safety_act/
[14] https://discussion.fedoraproject.org/t/california-age-verification/181968
[15] https://forums.linuxmint.com/viewtopic.php?t=464675
[16] https://sourceforge.net/p/freedos/mailman/freedos-devel/thread/CAHvaD3bijzX1LZ4Db%2B7MMmnU%3DV6jiHzi3XDaTtkW9-jginS2Bg%40mail.gmail.com/#msg59302653
[17] https://www.theregister.com/2025/11/03/canonical_jon_seager_qa/
[18] https://discourse.ubuntu.com/t/ubuntus-response-to-californias-digital-age-assurance-act-ab-1043/77948
[19] https://www.theregister.com/2025/11/03/cosmic_1_before_xmas/
[20] https://blog.system76.com/post/system76-on-age-verification
[21] https://digital-strategy.ec.europa.eu/en/library/commission-publishes-guidelines-protection-minors
[22] https://www.theregister.com/2026/03/06/forbrukerradet_aim_enshittification/
[23] https://appuals.com/how-to-create-your-apple-id-without-credit-card/
[24] https://www.macworld.com/article/334285/how-to-set-up-an-apple-id-without-using-a-payment-method.html
[25] https://whitepapers.theregister.com/
Re: Still running with no Apple account
Similarly for the implication that you MUST provide a payment method for an Apple account. I have an account for my phone but I have never registered any payment method - it still works fine (for free apps, obvs)
Re: Still running with no Apple account
It's not mandatory, but if you don't then you can't use any Apple services.
Re: Still running with no Apple account
> When did Apple accounts become mandatory for desktop use?
They aren't. Yet.
But quite a few features don't work without one.
How bizarre
It's worth taking a brief look at how California defines 'operating system provider:
>> “Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
A home router? I would describe that as a specialised computing device, but it does have an OS.
A 'smart'watch?
A wifi dongle (still seen around occasionally).
Suppose I have a computer not connected to the internet, or perhaps a VM in VirtualBox. What then?
*Applications* is even worse:
>> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer
I can see Github disappearing from California.
Re: How bizarre
I can see a lot disappearing from cali (and the wider internet)
What a superb piece of anti-competive law. If you're big enough, then running a register of approved users(more on this later) , while being a cost, is a huge cost a small start up will be unable to fund.
So wheres the next google et al coming from?
As for approved users? will this be every user has to have an on-line account? or will it be the admin only? what about our 3 shop floor laptops.... each one can be used by any of the 20 or so employees, is each one going to have to have an account on each laptop? or do we shift users from laptop to laptop, bearing in mind that the software installed on each one varies from 2 different CAD/CAM programs along with various data comm programs to cope with every interface from a USB, various network ports , to a dog slow RS232.
oh and banning the apprentice from using them because he's under 18
What a dogs dinner.
Still I'm sure all the FOSS/linux peeps will be welcome over here........ right upto the point where some politician goes 'think of the children' and does the same..
PS and then microslop/fapple get hacked...
Re: How bizarre
Some cables run a full blown OS inside the plug.
Re: How bizarre
Networks chips too, for about two decades now (maybe more). Both LAN and wireless.
Because everyone's going to give their correct DOB.
Entering the wrong DOB will be punishable by 10..20 years imprisonment. That'll teach you to hack the age verification database!
To protect the children!
They do all this "to protect the children".
But the only person currently in jail for the sex trafficking, kidnappings, and raping organized by J Epstein is a woman.
No man has even been to court for the kidnappings and abuses on his island.
Hypocrisy?
Re: To protect the children!
Misogyny trumps everything.
Re: To protect the children!
Politicians ruin everything.
Retro PCs and software are going to become really popular.
How?
How are all those data centers and warehouses run when Linux is outlawed?
I don't understand why the calculator app wouldn't be available. My understanding (from the article) is the the OS has to get age verification. After that I would assume that anything running on the OS would be Ok because it can get verification (or not ) the age of the user from the OS. What am I missing?
Does this calculator app refuse to display any result where the value comes to 5318008 ?
Payment methods
Anytime some system makes me use some sort of payment method to register, I create a virtual credit card with a token 1 EUR limit - and it typically expires 2 months later. It may later nag me because of the expiry date, but this way prevents me from unwittingly buying anything I'd rather not :)
I see differences...
The one states "operating system", the other states "manufacturers of internet-enabled devices to conduct age assurance".
The former is impossible, the latter can be fulfilled to "some extend".
But what about server OS-es? Do all admins need age verification now? There is no "user" in the common sense on a file server, no enforceable age verification in centralized authentification services.
Those laws are bollocks, made by people who never got beyond "Hot or not? Swipe left or right.". A side target is total overwatch, which is very much against the true american freedom definition.
Re: I see differences...
Irrespective of the details of the various laws suggested in the article, I suppose a minimal solution could be that an installed OS (and its user accounts) might at least be enabled with the ability to record an age in some manner (whether in years, or as a simple child/adult binary, or as some fiendishly complicated cryptographic token), and then provide it by some standard mechanism if requested. Then it would be up to the device owner/admin how rigorously to verify the ages of their users (if at all), and up to some remote service provider how they respond - or how much they trust - any age provided by a user (or whatever mechanism might have been implemented). Then, in the case of some unfortunate outcome, at least you could get some finger-pointing/ blame-mongering out of the way more efficiently. :-/
How does this work for shared devices?
I suspect there are a multitude of problems with these no doubt well intentioned laws. But one that comes to mind is shared devices in schools, libraries, internet cafes, some businesses, etc where there is no one-to-one pairing of OS to user.
California, Colorado, New York, funny, all blue states, but of course Trump is the fascist. It's always been the left to worry about. They'd love to get rid of any form of privacy, so they can enforce speech regulations on people.
I'd recommend a book for you, but it's probably not in your local library. Or bookshop. Or school.
Yes, Trump is a cruel-hearted, dementia-riddled fascist.
Yes, politicians in both red and blue states have also given the usual "think of the children" excuses in trying to micromanage everything from app stores to social media to adult websites.
Noticing a trend?
One bad leader doesn't excuse another.
Embedded tracking
Note that the secondary requirement then has to be that the person using the device or operating system is robustly identified and that identity is communicated to the service they are using.
This may not be in the legislation as written, but to enforce it, we inevitably get to the point where users are personally identified, and that identity is shared with any online system that requests it.
Suddenly we have state mandated tracking of all computer activity.
That'll go well....
Still running with no Apple account
When did Apple accounts become mandatory for desktop use? I still don't have one and can use my MacBooks just fine as long as I don't try and install stuff from the crApp store. Never felt the need. The FOSS I install is distributed outside it.