Age verification: a threat to the open-source ecosystem

This session will explore the specific consequences for the Open Source community arising from the EU's policy agenda on protecting children online. While there is a very real need to ensure reasonable child safety measures, many lawmakers favour blunt 'solutions' that can have serious consequences for privacy and data protection, and can particularly impact free and open source software projects.

For example, the draft CSA Regulation (sometimes referred to as "chat control") contains provisions that could make the use of age verification tools effectively mandatory for many online communications providers (messages, emails etc.) and app stores. Whilst a final law has not yet been agreed, negotiations are likely to be in their final stage by FOSDEM 2026.

In addition, calls from lawmakers for a minimum age for the use social media are getting increasing traction. Proposals range from implementing such age gating at the level of online platforms, app stores or operating systems.

This could not only impact code collaboration platforms, which could inadvertently be classified as social media. Mandatory age verification at the OS level could pose insurmountable problems for open source operating systems. Furthermore, projects that now rely heavily on a distributed system to offer software downloads and collect as little data as possible from their users would be forced to either thoroughly test every application they offer in advance or, even worse, completely centralize for the sake of age verification. Finally, age verification could threaten users’ ability to install apps outside of proprietary app stores. For all these reasons, open source developers should raise their voices in the age verification debate.