Distro Compliance Tracker

How Distros Are Responding

We track how Linux distributions are responding to age verification mandates, and we provide tools to undo whatever they implement. If a distribution adds an age collection prompt, we will publish a script that removes it. If it ships a D-Bus age verification daemon, we will publish a package that replaces it with silence.

Current Status

As of March 2026

AB 1043 takes effect January 1, 2027. No major distribution has shipped an application-facing compliance mechanism yet, but the infrastructure is forming upstream. (MidnightBSD, a desktop BSD, shipped the first base-system age verification daemon in March 2026 — though it is purely self-declared and does not satisfy statutes requiring identity checks.) systemd merged a birthDate field into user records on March 18, 2026. An xdg-desktop-portal PR defines the application-facing API. The original freedesktop.org D-Bus proposal has been closed; the portal approach is the path forward. Here is where every project stands.

DISTRIBUTION
STATUS
AGELESS RESPONSE
systemd (upstream)
PR #40954 merged March 18, 2026: adds birthDate field (YYYY-MM-DD) to JSON user records. Explicitly cites AB 1043, CO SB 26-051, and Brazil Lei 15.211. A community revert attempt (PR #41179) was rejected by Lennart Poettering, who called the field “optional” and stated systemd “enforces zero policy.” The conversation was locked after 945+ comments. Coordinates with xdg-desktop-portal PR #1922 (open, age range portal API). This is the data layer for the emerging age verification stack. Affects all systemd-based distributions.
MERGED
Ubuntu / Canonical
Canonical published a clarification (Mar 4, 2026): "reviewing internally with legal counsel" but "no concrete plans on how, or even whether, Ubuntu will change."
WATCHING
Debian
Active discussion on debian-legal and debian-devel mailing lists. Aaron Rainbolt (Kicksecure/Whonix) proposed org.freedesktop.AgeVerification1 D-Bus interface. Community member FloofyWolf responded with satirical systemd-censord counter-proposal. No official project position.
DISCUSSING
Fedora / Red Hat
Fedora Project Leader Jef Spaleta proposed a measured approach: local file in /etc/ populated during account creation, local D-Bus API, no telemetry. No mechanism shipped or formally adopted.
EXPLORING
System76 / Pop!_OS
CEO Carl Richell published a blog post opposing mandates as technically ineffective. Met with Colorado co-author Sen. Matt Ball — senator suggested excluding open source software from SB 26-051. Actively lobbying.
OPPOSED
Arch Linux
No official response. Arch has no account setup, no installer-driven user creation workflow, and no centralized app store. The law's requirements have no obvious attachment point.
SILENT
Arch Linux 32
The community-maintained 32-bit fork blocked access from Brazilian and California IPs on March 17, 2026 — the day Lei 15.211 took effect. Website, downloads, package repositories, and forums all return a notice citing Lei 15.211 and AB 1043. A volunteer project with no user database and no corporate backing, it characterized the block as "preventive compliance."
EXCLUDING CA + BR
Kicksecure / Whonix
Aaron Rainbolt started work on a compliance path, but this has been put on hold following public discussion. Most recent public statement is that "Kicksecure and Whonix are currently unlikely to implement an age API. This may later be updated to 'highly unlikely' or 'no changes planned'." Original plans were to store only age bracket data, not birthdates, with user-triggered updates when they crossed bracket boundaries. Privacy researchers have questioned whether any age verification mechanism is compatible with privacy-focused operating systems.
WATCHING
MidnightBSD
Merged PR #302 on March 9, 2026: a complete base-system age verification stack. The aged daemon stores per-user age and date of birth in an SQLite database (/var/db/aged/aged.db), exposed over a Unix socket, enabled by default in rc.conf, and started before LOGIN. The agectl CLI sets and queries age data. Three C functions added to libutil (agev_get_age_bracket(), agev_set_age(), agev_set_dob()) give any compiled application access to age brackets. Age-based Unix groups (age4p, age13p, age16p, age18p) gate package installation via mport. Purely self-declared: root sets age via CLI, no external verification, no network calls. The PR body states this “will not comply with Brazil or the proposed law in New York. (they require ID checks)” The geographic COPYRIGHT exclusion of California and Brazil remains in place alongside the new daemon. First operating system to ship a base-system age verification daemon.
COMPLYING
Omarchy Linux
Rejected compliance outright. No plans to implement anything in response to age verification mandates.
REFUSED
Adenix GNU/Linux
Declared it will not implement age checks.
REFUSED
NixOS
No official response. Declarative configuration model has no imperative installer flow for age prompts. Copyright held by "NixOS Contributors" — under § 1798.500(g), every contributor is arguably an OS provider.
SILENT
Artix Linux
Developer nous: "We'll NEVER require any verification or identification from the user." Systemd-free fork of Arch — the userdb birthDate field does not exist on Artix systems.
REFUSED
GrapheneOS
Public statement: “GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.” Android/AOSP-based, not Linux — but the stance applies to the same statutes.
REFUSED
SteamOS / Valve
No public response. Steam already has age-gated content and account age fields. SteamOS on the Steam Deck is likely the highest-profile consumer Linux device affected.
SILENT
Ageless Linux
Flagrantly noncompliant. Ships a machine-readable REFUSAL notice. Provides no age collection interface. Provides no age bracket API. Plans to distribute physical devices to children at school STEM fairs. Invites enforcement.
REFUSED

Detailed distro analysis →

The Emerging Standard

systemd userdb + xdg-desktop-portal

The original D-Bus proposal (org.freedesktop.AgeVerification1) by Aaron Rainbolt was closed at freedesktop.org after community pushback. Rainbolt himself now recommends the xdg-desktop-portal approach as the likely path forward. The standard that is actually forming has two layers:

Data Layer: systemd userdb birthDate Merged

systemd PR #40954 (merged March 18, 2026) adds a birthDate field to JSON user records. Stores exact dates (YYYY-MM-DD), not brackets. Readable by any process querying userdb. This is the storage layer that the application API reads from.

API Layer: xdg-desktop-portal age range Open PR

PR #1922 (opened by David Edmundson, KDE) adds an age range portal. Applications submit age thresholds and receive ranges, not exact dates. Desktop environments implement the backend; the portal defines the contract.

Understanding both layers is essential. The original D-Bus interface specification below remains relevant as context for the broader ecosystem discussion.

Proposed Interface

<interface name="org.freedesktop.AgeVerification1">
  <method name="SetAge">
    <arg type="s" name="User" direction="in"/>
    <arg type="u" name="YearsOfAge" direction="in"/>
  </method>
  <method name="SetDateOfBirth">
    <arg type="s" name="User" direction="in"/>
    <arg type="s" name="Date" direction="in"/>
  </method>
  <method name="GetAgeBracket">
    <arg type="s" name="User" direction="in"/>
    <arg type="u" name="AgeBracket" direction="out"/>
  </method>
</interface>

Brackets: 1 = under 13, 2 = 13-15, 3 = 16-17, 4 = 18+. Returns AgeUndefined error if no age has been set. Runs on the system bus as root. Age data stored root-owned, not world-readable.

Ageless Linux Response: When This Ships, We Ship a Replacement

When any distribution ships an implementation of org.freedesktop.AgeVerification1, Ageless Linux will provide:

1. A drop-in replacement daemon that implements the interface but always returns AgeUndefined
2. A package that masks/disables the real daemon via systemd
3. An unattended install preseed/kickstart/cloud-init snippet that skips age collection
4. A post-install script that removes or neuters the age verification stack

The goal is not to break applications that query the interface. The goal is to ensure they receive a consistent "age unknown" response. Applications that cannot function without age data are applications that have chosen to require surveillance as a prerequisite for use. We will not help them.

Reversion Guides

How to Remove What They Add

As distributions implement age verification, this section will provide step-by-step reversion instructions for each one. Currently, there is nothing to revert — but we're ready.

Ubuntu / GNOME (anticipated)

If Canonical adds age collection to the Ubuntu installer or GNOME Initial Setup, the likely mechanism will be either an AccountsService extension or the proposed D-Bus daemon. Reversion: 

# Anticipated — will be updated when implementation ships
# Mask the age verification daemon
sudo systemctl mask ageverification.service

# Or replace with Ageless stub
sudo apt install ageless-ageverification-stub

# Remove age data from AccountsService
sudo rm -f /var/lib/AccountsService/users/*.age

# Verify
dbus-send --system --print-reply \
  --dest=org.freedesktop.AgeVerification1 \
  /org/freedesktop/AgeVerification1 \
  org.freedesktop.AgeVerification1.GetAgeBracket \
  string:"$(whoami)"
# Should return: Error AgeUndefined

Status: Speculative. No implementation exists yet. This section will be updated with tested instructions when a real implementation ships.

Debian Installer (anticipated)

If Debian adds an age question to d-i (debian-installer), it will likely be a new udeb component. Reversion for unattended installs: 

# Preseed to skip age collection (anticipated)
d-i ageverification/skip boolean true
d-i ageverification/age string undefined

# Post-install removal
apt purge ageverification-daemon
echo "AGELESS_AGE_VERIFICATION_STATUS=refused" >> /etc/os-release

Fedora / Anaconda (anticipated)

# Kickstart snippet to skip age verification
%packages
-ageverification-daemon
ageless-stub
%end

%post
systemctl mask ageverification.service
%end

Any Distro, Right Now

No distro has shipped age verification yet. For the moment, the only thing you need: 

# Preview what the script will do:
curl -fsSL https://agelesslinux.org/become-ageless.sh | sudo bash -s -- --dry-run

# Convert:
curl -fsSL https://agelesslinux.org/become-ageless.sh | sudo bash -s -- --accept --flagrant

# Revert (undo everything):
curl -fsSL https://agelesslinux.org/become-ageless.sh | sudo bash -s -- --revert

This installs the Ageless Linux identity, neutralizes the systemd userdb birthDate field, and installs a REFUSAL notice. Every action is logged and fully reversible. When there is something real to remove, this script will be updated to remove it.

The Commitment

What Ageless Linux Promises

As long as any Linux distribution ships age verification infrastructure mandated by state law, Ageless Linux will maintain tools to remove, replace, or bypass that infrastructure. We will track every compliance mechanism across every major distribution. We will provide tested, documented, one-command reversion for each one. We will maintain forked packages, replacement daemons, installer preseeds, and post-install scripts.

There will always be a Linux distribution that treats its users as people of indeterminate age.

Read the evidence →