Age assurance laws targeting operating systems and app stores risk sweeping in open source projects and developer infrastructure like GitHub, package managers, and code platforms.
Key Takeaways
CA AB 1043, CO SB 26-051, IL HB 4140, and NY S 8102 all require OS-level age signals transmitted via real-time API to apps, with scope definitions broad enough to capture developer tooling.
Overly broad definitions of “application store” could capture package managers, code repositories, and open source indexing services that host downloadable software.
Brazil’s Digital ECA (enforceable March 2026) has already caused some open source projects to restrict access due to compliance uncertainty, despite regulatory signals favoring FOSS exemptions.
GitHub cites positive precedents: Australia’s social media age law and France’s proposal both explicitly exempt open source code collaboration platforms.
Colorado’s latest amended text clarifies software installed outside app stores, including from public repositories, is not in scope, showing developer engagement works.
Hacker News Comment Review
Thin discussion so far; one commenter floats display-side age verification using local camera inference as a privacy-preserving alternative, noting China already deploys this at scale for screen-time limits.
Notable Comments
@Animats: Proposes display-level camera age estimation done locally, bypassing OS/app store data collection entirely; points to existing Chinese deployments as proof of feasibility.
