New Bill California’s Digital Age Assurance Act to take Effect January 1, 2027

Last October, California Governor Gavin Newsom signed California’s Digital Age Assurance Act (AB 1043), a bill that would require operating system providers in California, like Linux and Steam, to collect age information from users at account setup and transmit that data to app developers via a real-time API. This bill is said to take effect on January 1, 2027, in an effort to take action on youth online safety. Here’s all you need to know about California’s Digital Age Assurance Act, what you should expect, and the response to the bill.

California’s Digital Age Assurance Act (AB 1043)

As reported earlier this week, California’s Digital Age Assurance Act, which would require online operating systems like Linux and Steam to verify users’ age during account setups, will become effective as of January 1, 2027. California’s Digital Age Assurance Act was signed by California Governor Gavin Newsom last October in response to growing concerns about online safety for children and users under the age of 18.

California’s Digital Age Assurance Act requires operating systems to make interface changes to their software, which would require users to verify their age during account setups. The operating systems included in this category are Windows, macOS, Android, iOS, Linux distributions, and Valve’s SteamOS. These operating systems are also required to collect and transfer that data to app developers. This will ensure the developers are aware of their users’ age range under the law, shifting legal liability for age-appropriate content decisions onto them.

Last year, online gaming platform Roblox came under fire for dozens of lawsuits and investigations, alleging that the platform failed to protect children from sexual predators, grooming, and sexually explicit content. Concerns over online protection for children grew exponentially during this time, which prompted the passing of California’s Digital Age Assurance Act. More information on the bill can be found on the California Legislative Information website, and here is an official excerpt from the bill summarizing its contents:

This bill, beginning January 1, 2027, would require, among other things related to age verification with respect to software applications, an operating system provider, as defined, to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed.

The bill would require a developer to request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

Response

The response to this law has drawn a bit of ire from certain online communities, who have heavily critiqued the passing of California’s Digital Age Assurance Act. Certain Linux communities have been more vocal about their discontent with the bill. Here’s what a few users on Reddit have said:

“What really scares me is that we have lawmakers stupid enough to propose a law like this.
This is basically impossible for California to enforce. Worst case, they are too stupid to know that. Best case, it is performative.
Even if Linux Mint decides to add some kind of age verification, to comply with CA law, there’s no reason anyone would choose that version. There are hundreds of other jurisdictions in which Mint operates that don’t require this kind of stupidity. It’s more likely that they will put a disclaimer on their website “not for use in California”, wrote CatoDomine.

“Lets also add your talking about US politicians who have no idea how the internet works or let alone what email is”, wrote StretchAcceptable881.

“What scares me is that even if no law passed, all these companies can just keep going ahead with it because more data and tracking is still valuable to them. We not only need to fight laws advocating for this but also push laws to prevent it”, said crisperstorm.