(5)(a) "COVERED APPLICATION" MEANS A CONSUMER SOFTWARE APPLICATION THAT IS ACCESSED THROUGH A COVERED APPLICATION STORE AND THAT MAY BE RUN OR DIRECTED BY A USER ON A DEVICE.
(b) "COVERED APPLICATION" DOES NOT INCLUDE:
(I) A SOFTWARE APPLICATION THAT DOES NOT PROCESS USERS' PERSONAL DATA; OR
(II) AN APPLICATION FROM A FREE, PUBLICLY AVAILABLE CODE REPOSITORY.
As someone working on an open source project in CO, this is a welcome fit of common sense. How do these laws typically work in other jurisdictions, do they block non-conforming sites? Or does it open you up to lawsuits?
Edit: It looks like these laws will be enforced by app stores primarily, because they have more significant liability. I'm guessing they won't take the effort to provide exemptions to jurisdictions with the open source carveout unless it is common.
"It's only for porn sites" to "its only for social media" to "its doesn't include open source projects" to "its only when you need an internet connection".
We have age verification for many things. The problem now is trust. There is, for obvious reasons, negative trust that this won't ultimately harm people. That it won't be used to harvest more data and invade our digital lives even more. That negative trust is there because we see a constant ability to gather even more information about us, and use it to produce real harm, but no hint at an entity actually fighting back to protect people. If anyone in any government is reading this, you do not gain my trust that big tech will not abuse my information by requiring big tech to collect more of my information, you just loose my trust in the government. Earn my trust back and then, maybe, in some distant future, we can talk about 'but who will think of the children' legislation like this.
18 comments
[ 3.8 ms ] story [ 42.6 ms ] thread(b) "COVERED APPLICATION" DOES NOT INCLUDE:
(I) A SOFTWARE APPLICATION THAT DOES NOT PROCESS USERS' PERSONAL DATA; OR
(II) AN APPLICATION FROM A FREE, PUBLICLY AVAILABLE CODE REPOSITORY.
A colleague is hosting a virtual session on these and other similar bills around the world in two days https://maintainermonth.github.com/schedule/2026-05-22-age-a...
Or, now slightly out of date, read https://github.blog/news-insights/policy-news-and-insights/w... Added: I had not scrolled far enough on the front page, https://news.ycombinator.com/item?id=48214215 is on this blog.
Edit: It looks like these laws will be enforced by app stores primarily, because they have more significant liability. I'm guessing they won't take the effort to provide exemptions to jurisdictions with the open source carveout unless it is common.
"It's only for porn sites" to "its only for social media" to "its doesn't include open source projects" to "its only when you need an internet connection".
Whoever is behind this needs to be exposed, tarred, and feathered.
Names matter. We saw ChatControl 1.0 get defeated, it probably didn't hurt that the name implied censorship.
I feel like age verification is important online - a copy of the real world. Check my ID before I go in the pub.
It feels like it's jumped all the way to positive-ID. Not just "of age" but become you are "First Last".
It's possible (right?) to assert age and is-human attributes w/o knowing which specific human at what specific age I am online?