California’s new Digital Age Assurance Act transforms child safety into the tech equivalent of airport security—well-intentioned but invasive for everyone. Governor Gavin Newsom signed Assembly Bill 1043 on October 13, 2025, forcing operating system providers to collect users’ ages at setup and broadcast that data to apps through a “reasonably consistent real-time API.”
The law takes effect January 1, 2027, covering everything from Windows and iOS to obscure Linux distributions. Your favorite privacy-focused distro? Now legally required to ask when you were born and tell every app whether you’re under 13, 13-16, 16-18, or 18+. Penalties reach $7,500 per child for intentional violations.
Open-Source Developers Face an Impossible Choice
Privacy-by-design distributions must now implement surveillance features or risk California’s wrath.
Here’s where things get dystopian. Distributions like Arch and Debian intentionally avoid centralized accounts—that’s the whole point. These systems were built by people who reject surveillance capitalism, yet California demands they become participants.
As the Lunduke Journal noted, the impact on open-source is “terrifying.” Many distributions lack legal entities to fine, creating enforcement nightmares that could fragment the ecosystem.
The law passed unanimously (76-0 in the Assembly, 38-0 in the Senate), suggesting lawmakers didn’t grasp how this demolishes core principles of privacy-focused computing. Assemblymember Buffy Wicks, the bill’s author, claims it avoids constitutional issues by focusing on “age assurance” rather than content moderation. That’s like saying speed cameras aren’t about enforcement—just measurement.
Big Tech Wins While Indie Developers Scramble
Microsoft and Apple adapt easily; hobbyist OS maintainers face compliance costs they can’t afford.
Corporate giants already collect user data and maintain account systems. Adding age verification barely registers as a development sprint. Meanwhile, the maintainer keeping FreeDOS alive in their spare time suddenly needs legal counsel and API documentation.
Even more absurdly, single-person projects like TempleOS—a biblical-themed OS with roughly twelve users worldwide—technically fall under this law’s scope.
The requirement creates a two-tier system where surveillance-friendly platforms thrive while privacy-respecting alternatives wither under compliance burdens. Self-declared ages might seem less intrusive than government ID checks, but they establish the infrastructure for future expansions. Newsom’s signing message already hints at “further refinement” coming in 2026.
Smart money says VPNs and non-California accounts become the new normal, turning age verification into another game of digital IDs. California wanted to protect kids online—instead, it just made privacy harder for everyone else.
