Statement about age verification laws

We have no plans to introduce mandatory age or ID verification into Zorin OS.

As privacy and security are core values of Zorin OS, we're closely monitoring the unfortunate trend of new OS-level age verification laws and evaluating how we could avoid them infringing on our users' rights.

California age attestation law

We're aware of the elephant in the room that's been making headlines over the past few weeks, namely the California age attestation bill, which has already been signed into law.

As we're based in Ireland (both our company and ourselves personally) and don't have any physical presence or nexus in California, there's a possibility that this law may not be realistically enforceable on Zorin OS. However, I'm not a lawyer, so I can't give a concrete appraisal of how this law would work or its real level of enforceability.

Nevertheless, we've read the law ourselves to try to understand it. From our interpretation, the California age attestation law appears to require operating systems to do the following 2 things:

• Allow the user to input their age or date of birth when creating a local user account. This age only needs to be self-declared (like when you visit an alcohol brand's website), so the user could conceivably lie about it.
• Provide the user's rough age bracket to any apps that request it through an API. These age brackets would be one of the following:
  • Under 13
  • 13 to 15
  • 16 to 17
  • 18 or older

The law does not appear to do any of the following:

• Ask users to upload a photo ID, face scan, or any other personal information to verify their real age.
• Require users to honestly input their real age.
• Share the user's age/date of birth with any external entity. In fact, when an app queries the age signal API, the OS can only expose the user's rough age bracket (see above) and is prohibited from exposing their raw age/date of birth data to protect their privacy.
• Allow app developers to share the user's age signal their app received from the OS with a third-party for a purpose not explicitly required by the law.
• Require the OS to report any data to the government.

In summary, this seems to function like a parental control feature that the user could easily circumvent by lying about their age.

The fact that California is trying to force operating systems to implement this feature isn't ideal, but this isn't the heavy-handed privacy invasion it could have been. However, it's a slippery slope, and the proposed laws in some other jurisdictions aren't as promising.

Proposed laws in other jurisdictions

We're aware that other jurisdictions are also trying to put OS-level age attestation into law. For example, Colorado's proposed law appears to be identical to the one in California. There’s even a possibility that Open Source software (like Zorin OS) may be exempted from this law entirely.

However, the biggest threat to privacy comes from some other proposed bills that would require full age verification – instead of attestation – like the ones in Texas and New York. It appears that they would force users to upload personal information (like an actual ID or face scan) proving their real age before allowing full use of their own devices. This would be a significant invasion of privacy.

If these invasive laws are allowed to pass unchallenged, more jurisdictions may choose to adopt them. And if these laws will be actively enforced, we may have no choice but to formally pull out of the affected jurisdictions.

All is not lost

We're currently at a pivotal inflection point for this trend of age verification laws. The issue is now prominent enough for the public to recognise the risk to human rights, but it's too early to accept this as an inevitability around the world.

If you live in a democracy, it is possible to fight against overreaching laws and win. For instance, Louisiana's proposed online age verification law was successfully overturned in December:

While our team isn't able to single-handedly challenge every government under the sun about these laws, the broader Linux community still has a chance to turn the tide if we act collectively.

If you're concerned about these laws, I would encourage you to take a few minutes out of your day to contact your local representatives and ask them to oppose invasive operating system-level age verification.

This is vital to do now, even if your jurisdiction hasn't yet proposed an age verification law. By voicing these privacy concerns en masse, your lawmakers can be better informed about the public's opinion of these laws before they vote on them.

The more of us who make our voices heard now, the less likely we all will have to live with the consequences.

Thanks for releasing a statement on the official stance of Zorin OS. I would recommend consulting a lawyer at some point to make sure the US or other countries cannot sue Zorin OS or to see if Zorin OS will need to block states or countries that require age verification.

This might be a theoretically Question (at least for now), but what if the EU should bring a Law like this?

Another Thing related to the Ubuntu Base: When Ubuntu itself will implement an Age Verification - independently in which Form - will You then remove that for Zorin?

We're aware of rumours going around that Ubuntu is planning to implement age verification based on some misunderstandings. The reality is that a representative from Canonical (the Ubuntu developers) has officially announced that they don't have any plans to introduce it at the moment, so it's a matter of "if", not "when".

If any age verification features are implemented in Ubuntu that we deem to be too invasive, we may remove them in Zorin OS. Nevertheless, we will need to assess the situation based on the facts and details, if it ever materialises.

We aren't able to speculate on how to react to any theoretical laws that aren't currently on the table, so I can't give you a firm answer to that question. Once again, we will need to assess the situation based on the facts and details, if it ever materialises.

In the worst-case scenario that the EU brings in laws that are too egregious and cannot be challenged, we might have to consider relocating Zorin OS to another more privacy-respecting jurisdiction. However, this would very much be the nuclear option and we don't envisage the situation getting that dire in reality.

It's important to recognise that these age verification laws aren't that widespread right now, so there's still time to fight against them before they're implemented in more jurisdictions. That's why we encourage everyone who is concerned about privacy to contact their local representatives and ask them to oppose invasive operating system-level age verification.

I hope for all of us that all distributions can hold their own.

And we can contribute and help:

This line says the most out of the entire statement.

I also agree that enforcing such laws on decentralized GnuLinux is problematic for governments.
Primarily: Artyom has openly stated "We will not comply" even if Ubuntu does.
So this answers the vast majority of User Questions for this forum.

I've already done this via email but my representative (and I don't vote) is just a self-fulfilling prophecy (follow me on) ...

No thanks. If I were in charge I would abolish all social media or any trending social apps, then there would be no need for any legislation around this.

I am reminded of a clip from a Simpson's episode where a lawyer tells them to imagine a world without lawyers ... the screen changes to the garden of Eden which is abruptly cut short with the lawyer saying "Scratch that thought".

[26.03.2026: The end of the song is appropriate to this too:

Enigma | PYLOT]

Glad to hear that!
Thanks for releasing a statement about it.

Its rare that we get a response from the dev's in anything. On this matter however, ir was the response I was hoping to see.

Startreker Signature700×342 112 KB

same here glad @AZorin took the time to settle all of our nerves Thank you sir....

Artyom, this is an excellent and well-written post. Thank you for posting about this topic. I currently do not use Zorin OS, but many people use Zorin, and so of course when it comes to stuff like this that has wide implications everywhere, it's good to know where different distributions stand. Really wish you and Kyrill would post more like this. The community wants to hear from you. Thank you again.

@AZorin

I'm a new Zorin Pro user. I'm a little confused about what I've been hearing elsewhere online. I apologize if this is a silly question.

How is Zorin currently planning to avoid age verification that comes thru regardless via systemd? Are they considering alternate init systems in the future?

What they're mostly saying via these posts is that they aren't currently looking at adding any verification methods, and IF there are any forced into upstream, they will have to take a look and decide at that point what their next course of action would be.

So the answer they're giving right now is that they themselves are not looking to force anything onto users, and IF some is presented in the future, they will have to take a look at that point. But since (at this point in time) nothing is actually being forced, they can't say whether they also would be forced to implement those features as well.

I highly doubt they would consider a change from systemD, unless absolutely necessary. While systemD remains contentious, there are many valid and good reasons to use it, and sometimes even required in certain situations.

This is just the first step. When they realise that isn't working, step two is uploading documents.

Respect Zorin, you showed the authorities their crooked laws.
I completely believe that federal specialists who will sign confidentiality agreements should work with the documents.
documents are important information!!
then no one excludes that the server will be hacked or information will be leaked and no one immediately says anything while the investigation is ongoing, how many units were found and how many were not found are kept silent!

The response I was hoping to see. Glad you're sticking to your guns!

I joined with Zorin about a month and a half ago with Pro, and glad to see you guys hold fast to your core principles of privacy first.

I think this is a good take on the shortcomings of systemd:

One of his comments on 'progress' could also be applied to Wayland.

I'm glad I live in a free country so far.

Thank you so much for standing against these mad laws!

After years of rumbling, looking for a good, stable, powerful, and beautiful distro, I found Zorin and never looked back.

I will buy the Zorin Pro version to support the project after this decision to stand with your principles.