I suspect enforcement will come in two major forms:
1) Valid enforcement against popular software that has real, demonstrated risk (ahem…ROBLOX, YouTube), and they will fight
2) Lawfare against smaller services that might represent a competitive risk and who may be a target for those in camp #1
I would never suggest that we ignore the law. I would suggest, however, that my vibe-coded tool that lets people track time and create invoices does not need to gather the age of anyone.
Common sense should be an emergent property of this new systemic regulation, and we should all aim for that.
Whenever I see "XYZ Company supports this restrictive legislation" I immediately think of regulatory capture. Every new regulation is a new hurdle for competitors.
What the hell does this mean for open source software and even enterprise software?
Must we all build from source?
And if I need to start "Black Market Linux" who will join me?
I've read this and it bamboozles me (IANAL) and I don't see a size threshold, nor a floor, as in "free". IMNSHO, overreaching, without limits.
And when kids are writing vibe apps, will they be nailed for $2500+?
It doesn't seem nearly as oppressive as you fear. It age-gates online services. The only impact to software is indirect: "covered manufacturers" of devices must provide a mechanism during setup to collect the user's age. This is to be used to send a signal about age to online services.
By my reading, that's about it. Am I missing something?
> The bill would define “covered manufacturer” to mean a person who is a manufacturer of a device, an operating system for a device, or a covered application store. The bill would require a developer, as defined, with actual knowledge that a user is a child via receipt of a signal regarding a user’s age to, to the extent technically feasible, provide readily available features for parents to support a child user with respect to the child user’s use of the service and as appropriate given the risks that arise from use of the application, as specified.
Tell me how this exempts linux systems, the distro authors, and every app developer for said operating systems.
So, an IT director might have to certify that all sysadmins and developers are over 18?
And what if a child has access to email or other service run on that system. Tomorrow, I'll give some thought to wi-fi and other routers.
> Tell me how this exempts linux systems, the distro authors, and every app developer for said operating systems.
There's nothing to exempt. If the OS is preinstalled on a device, this will require the device to ask the user's age during initialization. That's all.
> So, an IT director might have to certify that all sysadmins and developers are over 18?
I see nothing in the law that even hints at this.
> And what if a child has access to email or other service run on that system. Tomorrow, I'll give some thought to wi-fi and other routers.
I also see nothing in the law that addresses this.
I suspect enforcement will come in two major forms: 1) Valid enforcement against popular software that has real, demonstrated risk (ahem…ROBLOX, YouTube), and they will fight 2) Lawfare against smaller services that might represent a competitive risk and who may be a target for those in camp #1
I would never suggest that we ignore the law. I would suggest, however, that my vibe-coded tool that lets people track time and create invoices does not need to gather the age of anyone.
Common sense should be an emergent property of this new systemic regulation, and we should all aim for that.
> Google, Meta and OpenAI supported the bill
Companies whose level of respect for user privacy is well-known.
Also, perhaps significantly, the passed version of the bill removes "sole" from "for the sole purpose of providing..."
Whenever I see "XYZ Company supports this restrictive legislation" I immediately think of regulatory capture. Every new regulation is a new hurdle for competitors.
What the hell does this mean for open source software and even enterprise software? Must we all build from source? And if I need to start "Black Market Linux" who will join me?
I've read this and it bamboozles me (IANAL) and I don't see a size threshold, nor a floor, as in "free". IMNSHO, overreaching, without limits.
And when kids are writing vibe apps, will they be nailed for $2500+?
The text is here: https://legiscan.com/CA/text/AB1043/id/3193837
It doesn't seem nearly as oppressive as you fear. It age-gates online services. The only impact to software is indirect: "covered manufacturers" of devices must provide a mechanism during setup to collect the user's age. This is to be used to send a signal about age to online services.
By my reading, that's about it. Am I missing something?
> The bill would define “covered manufacturer” to mean a person who is a manufacturer of a device, an operating system for a device, or a covered application store. The bill would require a developer, as defined, with actual knowledge that a user is a child via receipt of a signal regarding a user’s age to, to the extent technically feasible, provide readily available features for parents to support a child user with respect to the child user’s use of the service and as appropriate given the risks that arise from use of the application, as specified.
Tell me how this exempts linux systems, the distro authors, and every app developer for said operating systems.
So, an IT director might have to certify that all sysadmins and developers are over 18?
And what if a child has access to email or other service run on that system. Tomorrow, I'll give some thought to wi-fi and other routers.
I see nothing excepted.
YMMV
> Tell me how this exempts linux systems, the distro authors, and every app developer for said operating systems.
There's nothing to exempt. If the OS is preinstalled on a device, this will require the device to ask the user's age during initialization. That's all.
> So, an IT director might have to certify that all sysadmins and developers are over 18?
I see nothing in the law that even hints at this.
> And what if a child has access to email or other service run on that system. Tomorrow, I'll give some thought to wi-fi and other routers.
I also see nothing in the law that addresses this.
Sounds like devices can be required to ask for a birth date.
Surely that information could never leak out, or be used for other purposes.
Are browsers supposed fetch user age from OS and send X-User-Age to websites?
An official post: https://www.gov.ca.gov/2025/10/13/governor-newsom-signs-bill...