As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California's Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user's age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF's year-end review put it more bluntly: 2025 was "the year states chose surveillance over safety." The foundation's concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws' overreach.
Governments across the world are pulling out the exact same argument (protect the children) to push through laws with consequences that go well beyond keeping a kid off a harmful website. All while attendees of a certain island roam about the world freely.
It's Not Just the U.S.
The UK moved first back in 2023. The Online Safety Act's child safety duties went into force in July 2025, where it required platforms to deploy age verification measures, blocking minors from accessing harmful material.
Australia followed in December 2025 with a ban on social media accounts for under-16s, requiring age checks for adults to use the platform. It is narrower in scope, targeting platforms rather than app stores or operating systems.
Brazil has gone further. The Digital Statute of the Child and Adolescent comes into effect on March 17, 2026, and it explicitly names operating systems and app stores by definition.
Article 12 requires both to implement auditable age verification, expose an age signal via API to third-party apps, and get parental/legal guardian consent before minors can download anything.
Singapore's approach skips the OS side of things and goes straight for the app stores themselves. Their IMDA requires the likes of Apple, Google, Huawei, Microsoft, and Samsung to implement age assurance by March 31, 2026.
Apple has already gotten it done, rolling out its Declared Age Range API on February 24, blocking 18+ apps in Singapore, Australia, and Brazil.
As usual, the EU is doing its own thing. In October 2025, the Commission introduced the second version of its age verification blueprint, which is a mobile app that lets users prove they're over 18 without revealing any personal data. It's built on the same technical foundation as the EU Digital Identity Wallets rolling out across member states.
Five countries are already in the process of customizing it for their needs: Denmark, France, Greece, Italy, and Spain.
The Fallout
Predictably, the Linux community has not taken this quietly. While there is a bunch of misinformation strewn about, some things are clear.
Take Ubuntu, for instance. Aaron Rainbolt, an Ubuntu Community Council member, posted on the Ubuntu mailing list raising this issue of age checks with a post titled:
On the unfortunate need for an "age verification" API for legal compliance reasons in some U.S. states
In the post, he proposed a D-Bus interface called org.freedesktop.AgeVerification1. Rather than storing raw personal data, it would only expose an age bracket to apps that request it. The goal is a spec loose enough that any distro can implement it however they see fit, while still satisfying what laws like AB 1043 actually require.
Then there's the thread up on Fedora's Discourse, where a user asked whether the developers were aware of California's age verification law. Jef Spaleta, Fedora Project Leader, chimed in with a measured approach, where no telemetry was required, and a local API would do the heavy lifting.
Here, apps would query Fedora for an age bracket, and the OS would provide it. He even suggested it could be as simple as a new file in /etc/ that would be populated during account creation.
As for what people think of this, take the example of a Redditor, who is going as far as hoarding ISO files for old builds of Linux and Windows once age verification-equipped versions start rolling out. I am sure many will follow in their footsteps.
Lastly, my take on this situation? This feels less like coincidence and more like a coordinated move being run under the guise of protecting children's rights. We already know how certain regimes around the world treat those rights.
