State Law Tracker

Laws We Are Violating

A running inventory of US state laws that require operating system providers to collect age data from users, along with Ageless Linux's compliance status for each one. Every entry reads the same way.

Signed Law
Enjoined / Blocked
Active Bill
No Action

Enacted Laws

States Where Ageless Linux Is Noncompliant

California
AB 1043 — Digital Age Assurance Act
Requires OS providers to collect age at account setup, provide real-time age bracket API to developers. Self-declaration only — no ID verification. Signed by Gov. Newsom Oct 13, 2025. Passed 76-0 (Assembly), 38-0 (Senate).
Ageless Linux: NONCOMPLIANT
LAW
Effective
Jan 1, 2027
Texas
SB 2420 — App Store Accountability Act
Requires app stores to verify age using "commercially reasonable methods" — potentially including government ID. Requires parental consent for minors. Signed May 27, 2025. Blocked by federal preliminary injunction Dec 23, 2025. CCIA lawsuit alleges First Amendment violations.
ENJOINED — LITIGATION PENDING
BLOCKED
Was Jan 1, 2026
Injunction active
Utah
SB 142 — App Store Accountability Act
Requires "commercially reasonable" age verification by app stores. Private right of action — parents and minors can sue for $1,000 per violation. The only state where individuals (not just the AG) can enforce. Compliance deadline: May 6, 2026 — first state to actually enforce if no injunction. CCIA filed suit + motion for preliminary injunction on Feb 5, 2026 in the U.S. District Court for the District of Utah, arguing First Amendment, parental autonomy, and interstate commerce fragmentation. Ruling pending.
Ageless Linux: NONCOMPLIANT
LAW
Compliance
May 6, 2026
Louisiana
HB 570 — App Store Accountability Act
Similar to Texas/Utah model — app store focused, "commercially reasonable" verification. Requires developers to associate minor accounts with parent accounts. AG enforcement only, no private right of action. $10,000/violation after 45-day cure.
Ageless Linux: NONCOMPLIANT
LAW
Effective
Jul 1, 2026

Active Bills

States Working on Becoming Noncompliant

Colorado
SB 26-051 — Age Attestation on Computing Devices
Near-identical copy of California's AB 1043. OS-level age collection, real-time API, self-declaration. Passed Senate 28-7 on March 3, 2026. Heading to House. Effective Jan 1, 2028 if passed. Can be sent to voters via referendum petition. System76 CEO Carl Richell met with co-author Sen. Matt Ball, who suggested excluding open source software from the bill. Amendment not enacted — can be stripped at any stage.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
Passed Senate
Mar 3, 2026
Illinois
SB 3977 — Digital Age Assurance
Hybrid OS-level + social media approach. Requires operating system providers to provide an accessible interface at account setup for age indication and signal a user's age category to operators requesting it. Sponsored by Sen. Laura Ellman (D). Currently in committee.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
Introduced
2026
New York
S8102A — Age Assurance on Internet-Enabled Devices
Requires device manufacturers, OS providers, and app stores to conduct "age assurance" at device activation. Stricter than California — requires "commercially reasonable" methods that "reasonably prevent against circumvention," not just self-declaration. $10,000 per violation. AG Letitia James gets rulemaking and enforcement authority. Effective one year after signing if passed.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
In Committee
2026
Federal
KIDS Act (H.R. 7757) + GUARD Act (S.3062)
The KIDS Act is a 12-bill omnibus package incorporating KOSA, the SCREEN Act, and others. Passed House Energy & Commerce committee on party lines (Democrats largely opposing). Includes a mandated federal study of device/OS-level age verification methods (Commerce + FCC + FTC, report due 1 year after enactment). The GUARD Act targets AI chatbots specifically. FTC issued a Feb 2026 COPPA policy statement creating a safe harbor for operators who collect data solely for age verification. Senate prospects uncertain.
WATCHING
PENDING
Committee
2026

International

It's Not Just the United States

Brazil
Lei 15.211 — Estatuto Digital da Criança e do Adolescente (Digital ECA)
Scope: operating systems, app stores, social media, games, and "any software likely to be accessed by minors." Explicitly bans self-declaration (Art. 9) — requires "proportional, auditable, and technically secure" age verification methods. Simultaneously bans "mass, generic, or indiscriminate surveillance" (Art. 37). The law demands real verification, forbids asking users their age, and forbids surveillance. The ANPD has not yet issued implementing regulations defining what methods are acceptable. Penalties up to 10% of Brazilian gross revenue or R$50M (~$9.4M USD) per violation. Foreign providers must maintain a legal representative in Brazil. Enforced by the ANPD (Autoridade Nacional de Proteção de Dados).
Ageless Linux: NONCOMPLIANT
LAW
Effective
Mar 17, 2026

Analysis

Two Models, Same Problem

These laws follow two distinct models, but both create the same compliance moat for open-source operating systems (see Goldman, "Segregate-and-Suppress").

Model A: App Store Accountability (TX, UT, LA)

Focuses on app stores. Requires "commercially reasonable" age verification — which could mean government ID checks. Requires parental consent for minors. Texas version has been blocked as likely unconstitutional under the First Amendment. Utah is the only state with a private right of action (individuals can sue, not just the AG).

Linux impact: Primarily affects app store operators. If apt, Flathub, or Snap Store are "covered application stores," their maintainers have obligations. Individual distro maintainers face less direct liability, but the definition is broad enough to sweep them in.

Model B: OS-Level Age Assurance (CA, CO)

Focuses on operating system providers. Requires self-declared age collection at account setup, real-time API for age signals. No ID verification — just a birthdate field. This is the model that directly targets Linux distributions, because it requires the OS itself to collect and transmit age data.

Linux impact: Every distribution is an "operating system provider." Every maintainer who ships a custom image is a person who "controls the operating system software on a general purpose computing device." Ageless Linux exists to make this absurdity tangible.

Both Models Share One Feature

Apple and Google already comply. The 600+ volunteer Linux distributions cannot. The compliance cost is zero for trillion-dollar platform companies and prohibitive for community projects. Both models passed with overwhelming bipartisan support. Both were supported by the major platform companies.

This is not a coincidence. This is a compliance moat.

The EFF calls this pattern "a windfall for Big Tech and a death sentence for smaller platforms."

Enforcement Timeline

When Things Become Illegal

Oct 13, 2025
California AB 1043 signed
Passed 76-0 / 38-0. Effective Jan 1, 2027.
Dec 23, 2025
Texas SB 2420 enjoined
Federal judge blocks enforcement pending litigation.
Feb 5, 2026
CCIA sues Utah over SB 142
First Amendment, parental autonomy, interstate commerce. Motion for preliminary injunction filed.
Mar 3, 2026
Colorado SB 26-051 passes Senate 28-7
Heading to House. Would take effect Jan 1, 2028.
Mar 17, 2026
Brazil Lei 15.211 takes effect
First international OS-level age verification law. Bans self-declaration. Penalties up to ~$9.4M USD.
May 6, 2026
Utah SB 142 compliance deadline
First US enforcement date if CCIA injunction fails. App stores and developers must comply.
Jul 1, 2026
Louisiana HB 570 takes effect
App store accountability requirements active.
Dec 31, 2026
Utah enforcement begins
Private right of action active. Individuals can sue.
Jan 1, 2027
California AB 1043 takes effect
Ageless Linux becomes officially noncompliant. We begin distributing devices.
Jul 1, 2027
California retrofit deadline
Existing devices must have age collection interface added.
Jan 1, 2028
Colorado SB 26-051 takes effect (if passed)
Second state with OS-level requirements.

Ageless Linux compliance status across all jurisdictions, all dates:

NONCOMPLIANT

Penalty Comparison

Cost of Giving a Child a Computer

$7,500
California / Colorado
per child, intentional
$10,000
Louisiana
per violation, after cure
$10,000
Texas
per violation (DTPA)
$10,000
New York
per violation (if passed)
$1,000
Utah
per violation + attorney fees
Private right of action
~$9.4M
Brazil
per violation or 10% of Brazilian revenue
R$50M cap

Cost of one Ageless Linux device: $12-18
Maximum combined US penalty for one device given to one child: $46,000

US penalty-to-cost ratio: 3,067:1
Brazil penalty for one violation: up to 522,222:1