State Law Tracker
Laws We Are Violating
A running inventory of US state laws that require operating system providers to collect age data from users — plus adjacent laws that close evasion vectors and so reshape the same compliance landscape — along with Ageless Linux's status for each. Every entry reads the same way.
Signed Law
Enjoined / Blocked
Active Bill
Withdrawn
No Action
Enacted Laws
States Where Ageless Linux Is Noncompliant
California
AB 1043 — Digital Age Assurance Act
Requires OS providers to collect age at account setup, provide real-time
age bracket API to developers. Self-declaration only — no ID verification.
Signed by Gov. Newsom Oct 13, 2025. Passed 76-0 (Assembly), 38-0 (Senate).
Ageless Linux: NONCOMPLIANT
LAW
Effective
Jan 1, 2027
Jan 1, 2027
Texas
SB 2420 — App Store Accountability Act
Requires app stores to verify age using "commercially reasonable methods" — potentially
including government ID. Requires parental consent for minors. Signed May 27, 2025.
Preliminarily enjoined Dec 23, 2025 — but the Fifth Circuit stayed that
injunction on June 4, 2026, and the law took effect the same day. Apple and
Google began rolling out Texas age-assurance flows immediately. CCIA (No. 25A1390) and
two teen app users (Students Engaged in Advancing Texas, No. 25A1389) filed emergency
applications at the U.S. Supreme Court on June 15, 2026 to restore the injunction;
Justice Alito ordered Texas to respond by June 22. No ruling yet — the
first Supreme Court test of an app-store age-verification mandate since
FSC v. Paxton (2025).
Ageless Linux: NONCOMPLIANT
LAW
In effect Jun 4, 2026
SCOTUS pending
SCOTUS pending
Utah
SB 142 — App Store Accountability Act
Requires "commercially reasonable" age verification by app stores.
Private right of action — parents and minors can sue for $1,000 per violation.
The only state where individuals (not just the AG) can enforce.
Amended by HB 498 (signed Mar 18, 2026), making Utah the first state to revise its
App Store Accountability Act. The May 6, 2026 compliance deadline passed and
the law is now in effect — Apple and Google rolled out age-category signals
and parental-consent flows. CCIA voluntarily dismissed its suit (~Apr 21,
2026) after the state reaffirmed that SB 142 creates only a private right of
action, with no government enforcement — undercutting CCIA's pre-enforcement standing.
No injunction issued. Private enforcement phases in toward Dec 31, 2026.
Ageless Linux: NONCOMPLIANT
LAW
In effect
May 6, 2026
May 6, 2026
Utah
SB 73 — Online Age Verification Amendments
Network-layer companion to SB 142. First US law to explicitly
target VPN circumvention of age verification. Deems a user "located in the state"
for compliance purposes "regardless of whether the individual is using a virtual
private network." Also prohibits covered websites from publishing instructions
on how to use a VPN to bypass age gates — a content-based speech restriction.
Sponsored by Sen. Calvin R. Musselman, signed by Gov. Cox Mar 19, 2026.
Enforced by Utah's Division of Consumer Protection; introduced version set
$1,000/day for failure to provide required notification.
Closes the network-layer escape hatch and increases pressure on sites to
rely on OS-attested age signals — exactly the surface Ageless Linux strips.
EFF and NordVPN call reliable VPN detection "technically impossible."
Took effect May 6, 2026, but Utah agreed to suspend enforcement of the VPN
provisions until Sept 3, 2026 under a litigation standstill after Aylo
(Pornhub's parent) sued.
Ageless Linux: ADJACENT TARGET
LAW
In effect May 6, 2026
Enforcement → Sep 3
Enforcement → Sep 3
Louisiana
HB 570 — App Store Accountability Act
Similar to Texas/Utah model — app store focused, "commercially reasonable" verification.
Requires developers to associate minor accounts with parent accounts.
AG enforcement only, no private right of action. $10,000/violation after 45-day cure.
HB 977 (signed May 15, 2026) pushed the effective date back a full year to
July 1, 2027 and amended the act to let developers rely on app-store-supplied
age and parental-consent signals, adding a "family account" exception.
Ageless Linux: NONCOMPLIANT
LAW
Effective
Jul 1, 2027
Jul 1, 2027
Alabama
HB 161 — App Store Accountability Act
The fourth state to enact an App Store Accountability Act. App-store-focused,
"commercially reasonable" age verification with parental consent for minors,
following the Texas / Utah / Louisiana template. Signed Feb 17, 2026.
Ageless Linux: NONCOMPLIANT
LAW
Effective
Jan 1, 2027
Jan 1, 2027
Colorado
SB 26-051 — Age Attestation on Computing Devices
Near-identical copy of California's AB 1043 — OS-level age collection, real-time API,
self-declaration. The House passed it 40-23 on Apr 30, 2026; Gov. Polis signed
it June 3, 2026. Effective July 1, 2028. Unlike AB 1043, the enacted text
carries an open-source exemption — added in House committee after
lobbying by System76 founder Carl Richell — excluding providers who distribute under
licenses that let recipients "copy, redistribute, and modify the software without
restrictions," plus public code repositories and container images. The phrase "without
restrictions" may not cleanly cover copyleft (GPL) licenses that condition
redistribution, so the exemption's reach over a distribution like Ageless Linux is
unsettled. We do not rely on it.
Ageless Linux: EXEMPTION UNRESOLVED (copyleft)
LAW
Signed Jun 3, 2026
Effective Jul 1, 2028
Effective Jul 1, 2028
Active Bills
States Working on Becoming Noncompliant
California
AB 1856 — Digital Age Assurance Act amendments
Follow-on bill from AB 1043's own author, Asm. Buffy Wicks. It moves in two
directions at once: it adds an open-source exemption — excluding
software "distributed under licenses that allow users to copy, redistribute, and
modify the software" from the definition of "operating system provider" — while
expanding age-gating to require web browsers and websites to request
and collect user ages, a reach well beyond AB 1043's OS-signal model. Passed the
Assembly 68-1 on May 28, 2026; referred to Senate Rules. EFF's verdict: "one step
forward, two steps back." If enacted as written, the exemption would spare
distributions like Ageless Linux at the OS layer in California — the browser/website
expansion would not.
Ageless Linux: EXEMPTION PROPOSED (OS layer)
BILL
Passed Assembly
May 28, 2026
May 28, 2026
Illinois
SB 3977 — Digital Age Assurance
Hybrid OS-level + social media approach. Requires operating system providers
to provide an accessible interface at account setup for age indication and
signal a user's age category to operators requesting it. Sponsored by
Sen. Laura Ellman (D). Currently in committee.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
Introduced
2026
2026
New York
S8102A — Age Assurance on Internet-Enabled Devices
Requires device manufacturers, OS providers, and app stores to conduct
"age assurance" at device activation. Stricter than California — requires
"commercially reasonable" methods that "reasonably prevent against
circumvention," not just self-declaration. $10,000 per violation.
AG Letitia James gets rulemaking and enforcement authority.
Effective one year after signing if passed.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
In Committee
2026
2026
Federal
H.R. 8250 — Parents Decide Act
First federal bill to adopt California's OS-level model directly.
Requires every operating system provider to collect a date of birth
from every user at account setup, require parental verification for
users under 18, and expose an API that hands that date of birth to
every app developer. Defines "operating system provider" as
"a person that develops, licenses, or controls the operating
system" — no exemption for open source, non-commercial, or
hobbyist maintainers. The phrase "general purpose computing device"
is undefined and punted to FTC rulemaking. Introduced April 13, 2026
by Rep. Josh Gottheimer (D-NJ-5) with original cosponsor Rep. Elise
Stefanik (R-NY); Rep. Brian Fitzpatrick (R-PA) joined as a second
cosponsor April 22, 2026. Referred to House Energy & Commerce —
no hearing or markup scheduled, no Senate companion. Enforced by the
FTC as an unfair or deceptive act or practice. FTC regulations due
within 180 days of enactment; effective one year after enactment.
The sponsor's press release named "Apple and Google" as the targets;
the statutory text catches every Linux distribution maintainer in
the country.
Ageless Linux: PREEMPTIVELY NONCOMPLIANT
BILL
Introduced
Apr 13, 2026
Apr 13, 2026
Federal
KIDS Act (H.R. 7757) + GUARD Act (S.3062)
The KIDS Act has become the consolidated House children's-online-safety vehicle.
A bipartisan Energy & Commerce deal announced June 24, 2026 folds in KOSA,
COPPA 2.0, Sammy's Law, and the federal App Store Accountability Act
(Lee S.1586 / James H.R.3149), and the package is scheduled for a House floor
vote the week of June 29, 2026 under suspension of the rules. The GUARD Act
(AI companion chatbots) was reported out of the Senate Judiciary Committee unanimously
on Apr 30, 2026 and now awaits a Senate floor vote; a House companion was introduced in
April. The federal app-store mandate is advancing inside KIDS rather than standing alone.
WATCHING
PENDING
House floor
wk of Jun 29
wk of Jun 29
Withdrawn
States That Blinked
Michigan
HB 4429 / SB 284 — Digital Age Assurance Act
Identical bipartisan bills (Rep. Brad Paquette, R-Niles; Sen. John Cherry, D-Flint)
based on Digital Childhood Alliance model legislation. Would have required device
manufacturers and operating systems to estimate user age at activation and transmit
a continuous "digital age signal" to apps and websites. Critics — including
the Michigan Fair Elections Institute and University of Michigan privacy
researchers — identified that the bills lacked limits on data use, had no
restrictions on combining data with other personal information, and contained
no data deletion requirements. Pulled by sponsors April 6, 2026
after advocacy outreach beginning April 4.
WITHDRAWN
DEAD
Pulled
Apr 6, 2026
Apr 6, 2026
International
It's Not Just the United States
Brazil
Lei 15.211 — Estatuto Digital da Criança e do Adolescente (Digital ECA)
Scope: operating systems, app stores, social media, games, and "any software
likely to be accessed by minors." Explicitly bans self-declaration
(Art. 9) — requires "proportional, auditable, and technically secure" age
verification methods. Simultaneously bans "mass, generic, or indiscriminate
surveillance" (Art. 37). The law demands real verification, forbids asking
users their age, and forbids surveillance. The ANPD has not yet issued
implementing regulations defining what methods are acceptable. Penalties up to
10% of Brazilian gross revenue or R$50M (~$9.4M USD) per violation. Foreign
providers must maintain a legal representative in Brazil. Enforced by the ANPD
(Autoridade Nacional de Proteção de Dados).
Ageless Linux: NONCOMPLIANT
LAW
Effective
Mar 17, 2026
Mar 17, 2026
Analysis
Two Models, Same Problem
These laws follow two distinct models, but both create the same compliance moat for open-source operating systems (see Goldman, "Segregate-and-Suppress").
Model A: App Store Accountability (TX, UT, LA)
Focuses on app stores. Requires "commercially reasonable" age verification — which could mean government ID checks. Requires parental consent for minors. Texas was preliminarily enjoined as likely unconstitutional under the First Amendment, but the Fifth Circuit stayed that injunction and the law took effect June 4, 2026; the question is now before the Supreme Court. Utah is the only state with a private right of action (individuals can sue, not just the AG).
Linux impact: Primarily affects app store operators. If
apt, Flathub, or Snap Store are "covered application stores,"
their maintainers have obligations. Individual distro maintainers face
less direct liability, but the definition is broad enough to sweep them in.
Model B: OS-Level Age Assurance (CA, CO; MI withdrawn)
Focuses on operating system providers. Requires age collection at account setup, real-time API for age signals. California and Colorado accept self-declaration; the federal Parents Decide Act (H.R. 8250) adds parental verification for minors. This is the model that directly targets Linux distributions, because it requires the OS itself to collect and transmit age data.
Linux impact: Every distribution is an "operating system provider." Every maintainer who ships a custom image is a person who "controls the operating system software on a general purpose computing device." Ageless Linux exists to make this absurdity tangible.
Both Models Share One Feature
Apple and Google already comply. The 600+ volunteer Linux distributions cannot. The compliance cost is zero for trillion-dollar platform companies and prohibitive for community projects. Both models passed with overwhelming bipartisan support. Both were supported by the major platform companies.
This is not a coincidence. This is a compliance moat.
The EFF calls this pattern "a windfall for Big Tech and a death sentence for smaller platforms."
Enforcement Timeline
When Things Become Illegal
Oct 13, 2025
California AB 1043 signed
Passed 76-0 / 38-0. Effective Jan 1, 2027.
Dec 23, 2025
Texas SB 2420 enjoined
Federal judge blocks enforcement pending litigation.
Feb 5, 2026
CCIA sues Utah over SB 142
First Amendment, parental autonomy, interstate commerce. Motion for preliminary injunction filed.
Feb 17, 2026
Alabama HB 161 signed
Fourth state to enact an App Store Accountability Act. Effective Jan 1, 2027.
Mar 3, 2026
Colorado SB 26-051 passes Senate 28-7
Heading to House. Would take effect Jul 1, 2028.
Mar 17, 2026
Brazil Lei 15.211 takes effect
First international OS-level age verification law. Bans self-declaration. Penalties up to ~$9.4M USD.
Apr 6, 2026
Michigan HB 4429 / SB 284 withdrawn
Digital Age Assurance Act pulled by sponsors after privacy advocates identified critical gaps. First state bills based on this model to be withdrawn.
Apr 13, 2026
Federal H.R. 8250 "Parents Decide Act" introduced
Rep. Josh Gottheimer (D-NJ) and Rep. Elise Stefanik (R-NY) introduce the first federal bill to require OS-level age verification. Scope: every "operating system provider." FTC enforcement as an unfair or deceptive practice. Referred to House Energy & Commerce.
Apr 21, 2026
CCIA drops its Utah SB 142 suit
Voluntary dismissal after the state confirms SB 142 has no government enforcement — only a private right of action. The PI motion is never decided; the law stands.
Apr 30, 2026
Colorado House passes SB 26-051 40-23; GUARD Act clears Senate Judiciary
Colorado's House adopts an open-source exemption. The same week, the federal GUARD Act is reported out of the Senate Judiciary Committee unanimously.
May 6, 2026
Utah SB 142 in effect; SB 73 takes effect
First US App Store Accountability Act compliance date passes. SB 73 (the VPN/network-layer law) takes effect the same day, though Utah agrees to pause its enforcement until Sept 3.
May 15, 2026
Louisiana delays HB 570 to 2027
HB 977 pushes the effective date back a full year and lets developers rely on app-store age signals.
May 28, 2026
California AB 1856 passes Assembly 68-1
Adds an open-source exemption to AB 1043 while expanding age-gating to browsers and websites. Now in the Senate.
Jun 3, 2026
Colorado SB 26-051 signed
Gov. Polis signs the second US OS-level age law — with an open-source exemption. Effective Jul 1, 2028.
Jun 4, 2026
Texas SB 2420 takes effect
The Fifth Circuit stays the December injunction; the App Store Accountability Act goes live. Apple and Google begin Texas age-assurance flows.
Jun 15, 2026
CCIA and teen users ask SCOTUS to re-block Texas
Emergency applications (Nos. 25A1389 / 25A1390). Justice Alito orders Texas to respond by June 22. First Supreme Court test of an app-store age mandate since FSC v. Paxton.
Wk of Jun 29, 2026
KIDS Act (H.R. 7757) House floor vote
Consolidated KOSA + COPPA 2.0 + App Store Accountability Act package scheduled under suspension of the rules.
Sep 3, 2026
Utah SB 73 enforcement standstill ends
The VPN provisions become enforceable unless the Aylo litigation extends the pause.
Dec 31, 2026
Utah enforcement begins
Private right of action active. Individuals can sue.
Jan 1, 2027
California AB 1043 + Alabama HB 161 take effect
Ageless Linux becomes officially noncompliant. We begin distributing devices.
Jul 1, 2027
California retrofit deadline; Louisiana HB 570 takes effect
Existing California devices must have an age collection interface added. Louisiana's delayed App Store Accountability Act goes live.
Jul 1, 2028
Colorado SB 26-051 takes effect
Second state with OS-level requirements — subject to its open-source exemption.
Ageless Linux compliance status across all jurisdictions, all dates:
NONCOMPLIANT
Penalty Comparison
Cost of Giving a Child a Computer
$7,500
California / Colorado
per child, intentional
$10,000
Louisiana
per violation, after cure
$10,000
Texas
per violation (DTPA)
$10,000
New York
per violation (if passed)
$1,000
Utah
per violation + attorney fees
Private right of action
Private right of action
~$9.4M
Brazil
per violation or 10% of Brazilian revenue
R$50M cap
R$50M cap
Cost of one Ageless Linux device: $12-18
Maximum combined US penalty for one device given to one child:
$46,000
US penalty-to-cost ratio: 3,067:1
Brazil penalty for one violation: up to 522,222:1