California Assembly Bill 1856 is getting friendly press coverage because it now exempts Linux from the state’s age-tracking mandate. The part nobody’s talking about is that it simultaneously expands the surveillance to your web browser.
AB 1856, authored by the same lawmaker who wrote the original Digital Age Assurance Act, amends the law to exclude open-source operating systems from its definition of “operating system provider.”
Any software distributed under a license that lets users “copy, redistribute, and modify the software” would no longer be covered. Debian, Ubuntu, Fedora, Arch Linux, and Mint all walk free. That sounds like a win and tech outlets are reporting it as one. It’s also a distraction from what the bill adds.
The original law, AB 1043, required operating systems to harvest users’ ages during device setup and feed that data to app stores and app developers through a real-time API.
Reclaim Your Digital Freedom.
Get unfiltered coverage of surveillance, censorship, and the technology threatening your civil liberties.
AB 1856 keeps all of that and extends the data pipeline to browser providers and website operators. Browsers would now be required to collect age signal data from the OS and pass it along to any website subject to online age verification laws.
We obtained a copy of the amended bill for you here.
Those websites, in turn, would have to request the age signal when you visit them. Your age bracket, declared once during OS setup, would follow you from app to app and now from site to site, broadcast to every developer and website operator who asks.
This is how a law originally limited to apps and app stores becomes an age-tracking system for the entire internet.
The Expanding Universe of “Covered” Websites
The category of websites subject to age verification laws started narrow as the earliest mandates targeted pornography sites. It has since expanded to social media platforms and a growing list of sites legislators consider likely to “harm” children in loosely defined ways. That list keeps getting longer and AB 1856 doesn’t define its own boundary. It piggybacks on whatever other laws exist, meaning every future expansion of age verification requirements automatically expands the reach of AB 1856’s browser-based data pipeline, too.
California has actually built an age-tracking infrastructure that scales itself.
How the Original Law Works
Governor Gavin Newsom signed AB 1043 into law on October 13, 2025. It passed both chambers unanimously, 76-0 in the Assembly and 38-0 in the Senate, with backing from Google and Meta. The law takes effect January 1, 2027.
AB 1043 requires every operating system provider to ask users for their age or birth date during account setup. That information gets sorted into four brackets: under 13, 13 to under 16, 16 to under 18, and 18 or older. Operating systems must then maintain a real-time API that hands this age bracket to any app or app store that requests it. Developers who receive the signal are treated as having “actual knowledge” of the user’s age, which triggers liability under other laws like the California Age-Appropriate Design Code.
Assemblymember Buffy Wicks, who authored both AB 1043 and the new amendment, said the original bill “avoids constitutional concerns by focusing strictly on age assurance, not content moderation.”
Age assurance is the prerequisite that enables content moderation. Sorting every user into an age bracket and broadcasting that bracket to developers in real time is the mechanism through which content gets restricted. Calling it something else doesn’t change what it does.
What AB 1856 Actually Changes
AB 1856 makes four modifications to the original law. The open-source exemption gets all the attention. The other three deserve more.
AB 1856 now requires the OS-level age signal to flow not just to apps and app stores, but to browser providers and website operators covered by age verification laws. Browser providers must collect the age signal and relay it to covered websites. Covered websites must request it. This transforms a system designed around app stores into one that reaches across the open web.
Second, the bill limits the age-tracking mandate to operating systems that have an account setup feature. Systems without one are excluded. This is the provision that, combined with the open-source carve-out, puts most Linux distributions clearly outside the law’s reach.
Third, AB 1856 narrows the “actual knowledge” provision. Under the original law, receiving an age signal gave a developer deemed knowledge of a user’s age “across all platforms of the application and points of access of the application.”
The amendment limits that to “when the user accesses the application from a specified device.” This is genuinely less invasive for the user, preventing a single age signal from following them across every device they own. But the narrowing only applies to apps. The new browser-to-website pipeline creates a separate channel where your age data flows directly to web servers.
Fourth, the definition of “operating system provider” now excludes anyone distributing software under open-source license terms. The latest version of the bill, dated May 18, 2026, was read a second time on May 19 and ordered to third reading, with committee reviews expected in June.
What Nobody’s Asking
The Linux exemption addresses a compliance absurdity. But the bill’s expansion of the age-data pipeline to browsers and websites received almost no scrutiny in coverage. The original law was bad: it required operating systems to harvest your age and beam it to app developers. The amended law does the same thing and extends the pipeline across the web.
Newsom himself acknowledged the law’s problems when he signed AB 1043, citing “complexities such as multi-user accounts shared by a family member and user profiles utilized across multiple devices.” AB 1856 responds to some of those concerns. The device-specific “actual knowledge” provision is a real improvement but the governor didn’t ask for browser-based age tracking and the amendment delivers it anyway.
The bill is still moving through the legislature and committee reviews are expected in June. The open-source exemption, if it passes, will protect most Linux users from the system’s reach but it doesn’t solve the looming issue.
