As of March 2026, no Linux distribution has shipped an age reporting implementation. However, MidnightBSD — a BSD, not Linux — has merged and shipped a complete subsystem. Here's where each stands.
Last updated: March 29, 2026
PR #40954
was merged on March 18, 2026, adding a birthDate field (YYYY-MM-DD) to systemd's
JSON user records. The PR explicitly cites AB 1043,
CO SB 26-051, and Lei 15.211
as motivation. The field stores exact dates of birth, not brackets. It is readable by any
process querying userdb and writable only by administrators via homectl.
This is the data layer for the emerging age verification stack. It coordinates with AccountsService MR #176 and xdg-desktop-portal PR #1922. Merged by a systemd maintainer.
Because systemd is the init system on essentially every major Linux distribution, this commit affects the entire ecosystem — not just distributions that choose to comply.
Aaron Rainbolt's merge request to add org.freedesktop.AgeVerification1 to the XDG
specifications has been closed. Community pushback cited reputational risk of
associating a core desktop standard with politically sensitive regulation. Rainbolt indicated
future work would move into the portal infrastructure used by technologies such as Flatpak.
The interface specification itself remains relevant — the question is where it will be hosted,
not whether it will be attempted.
Source: linuxiac.com
The debian-devel mailing list has seen 30+ messages on age verification compliance, with the thread active through March 10. The community is split into four camps:
systemd-censord, a mock compliance packageAlex North-Keys (March 8) posted a detailed argument that anonymity protects children better than age verification, and that building age infrastructure into the OS undermines the privacy of the users it claims to protect.
No General Resolution has been proposed. No DPL statement has been issued.
Jon Seager (VP Engineering) stated that Canonical is reviewing the situation with legal counsel but has "no concrete plans on how, or even whether, Ubuntu will change." Rainbolt's D-Bus proposal was cross-posted to ubuntu-devel, but the discussion there has been limited compared to Debian.
Source: discourse.ubuntu.com
Jef Spaleta (Fedora Project Leader) posted on Fedora Discussion that the project is
exploring options. Key points from his comments: no telemetry, a local-only API would handle
it, and the implementation could be as simple as a new file in /etc/ populated
during account creation.
The legal list is aware of the issue. No mechanism has been shipped or formally proposed within Fedora.
Source: discussion.fedoraproject.org
Carl Richell (CEO, System76) published a blog post opposing age verification mandates. His central argument: the laws are technically ineffective because any child can spin up a virtual machine and set their age to 18.
Richell met with Colorado co-author Sen. Matt Ball, who "suggested excluding open source software from the bill." System76 is actively lobbying the Colorado legislature for this exemption. Amendment not yet enacted — can be stripped at any stage.
Sources: blog.system76.com, phoronix.com
A forum thread and mailing list thread exist, but no official position has been taken. The community is largely dismissive — Arch lacks centralized account infrastructure, has no installer-driven account setup flow, and its rolling-release model doesn't lend itself to mandatory compliance features.
Sources: bbs.archlinux.org, arch-general mailing list
No discussion found on any official mailing list, forum, or blog.
No public statement found from Red Hat or IBM regarding OS-level age verification. The Fedora discussion (above) is the closest proxy, but Fedora and Red Hat operate with separate governance.
No response from Valve. Notable: the Steam Deck is an Arch-based Linux device actively marketed to minors, making it a conspicuous target for age verification mandates. Valve's silence is likely strategic — they already have age gates in the Steam storefront and may argue that's sufficient.
MidnightBSD is pursuing a dual strategy: geographic exclusion and a shipped compliance implementation. The project modified its license to exclude California residents from desktop use (effective January 1, 2027) and Brazil (effective March 17, 2026), with threatened exclusions for Colorado, Illinois, and New York if pending bills pass.
Separately, MidnightBSD merged a complete age verification subsystem — the aged(8) daemon. This is the first operating system to ship a native implementation. The system consists of:
/var/run/aged/aged.sock, enabled by defaultagev_get_age_bracket(), agev_set_age(), agev_set_dob()age4p, age13p, age16p, age18p) for mport package gating
The implementation is purely self-declared — no ID checks, no network calls. The PR author
acknowledged this "will not comply with Brazil or the proposed law in New York." A
known parsing bug in
agev_get_age_bracket() causes 4 of 5 response types to be parsed incorrectly.
Community reception: hostile. Two comments on PR #302: "Orwellian" and "Lame."
Sources: PR #302, PR #310, PR #317, lunduke.substack.com
Aaron Rainbolt is driving the D-Bus proposal from within these projects. Kicksecure and Whonix are positioned to be the first distributions to ship an implementation.
This has not been well-received by the projects' own user base. Whonix forum users — people who chose Whonix specifically for privacy — are calling the proposal "a privacy disaster" and "a new fingerprinting mechanism: age bracket."
Source: forums.whonix.org
DB48X, an open-source calculator firmware, declared itself "probably an operating system under these laws" and added a legal notice forbidding use by California and Colorado residents. A calculator firmware taking this position illustrates the breadth of the statute's language.
Source: github.com/c3d/db48x
Rejected compliance outright. No plans to implement anything in response to age verification mandates.
Source: pcgamer.com
Declared it will not implement age checks, aligning with a principled stand against such requirements.
Source: itsfoss.com
No official response. NixOS is a significant distribution with its own research foundation (NixOS Foundation) and a hardware partnership with Framework. Its declarative, reproducible configuration model makes mandatory compliance features structurally awkward — there is no imperative installer flow to attach an age prompt to.
A legal curiosity: the NixOS website credits copyright to "NixOS Contributors." Under AB 1043 § 1798.500(g), every person who "controls the operating system software" is an operating system provider. If copyright is held collectively by all contributors, every one of them is arguably an OS provider subject to the statute.
Artix developer nous stated unambiguously: "We'll NEVER require any verification or identification from the user" (March 7, 2026).
Artix is a systemd-free fork of Arch Linux, which makes it structurally immune to the
systemd userdb birthDate field (PR #40954). No systemd means no
systemd-userdbd, no homectl, no JSON user records. The entire
data layer of the emerging age verification stack does not exist on Artix systems.
Source: forum.artixlinux.org
Deliberately noncompliant. Distributes removal tools. That's us.
The following organizations all sat out AB 1043 during its passage through the California legislature. None submitted testimony, published public analysis, or filed formal opposition on the record:
A law that mandates behavioral changes in every operating system distributed in California passed without a word from the organizations that claim to represent free and open-source software.