The US isn't really a nation state (or "nation-state") and California certainly isn't. You could argue the UK isn't, the state absolutely doesn't want it to be.
--Stephen On Tue, Mar 10, 2026 at 10:54:55PM -0400, [email protected] wrote: > Yes, it can be intimidating to have a nation-state threaten you. It > can also be a politically-motivated decision with Imgur hoping for > more providers to go down this route, resulting in political pressure > against the government incentivizing it to back down. Such a strategy > would be most effective with coordination between various major > open-source projects. > > I would be surprised if you were able to find an exmaple of the U.K. > successfully enforcing a fine against a foreign non-E.U. company with > no physical exposure to the region, as opposed to merely threatening > a company into compliance. > > > On Mar 10, 2026, at 22:24, [email protected] wrote: > > > > "Imgur does not have operations or assets in the UK, and it has explicitly > > stated that it does not operate in the UK to avoid compliance with UK laws, > > including the Online Safety Act." > > > > They were still threatened with fines by the UK government (ICO), and still > > blocked UK users via IP. > > > > I didn't use ChapGPT. The result was a summary of everything else I've read > > via a much better AI ;) > > > > For example, an operating system for a pocket calculator has simply changed > > its license to > > ban Californian users. > > > > DB48X, an open-source calculator firmware project, has announced it will > > ban users from California starting January 1, 2027, due to California's new > > law requiring operating systems to collect and share user age data. This > > decision stems from the project's refusal to implement age verification, > > which it views as incompatible with its open-source principles and privacy > > values. > > > > > > > > MidnightBSD have put this similar wording in their terms: > > > > "Residents of any countries, states or territories that require age > > verification > > for operating systems, are not authorized to use MidnightBSD. This list > > currently includes > > Brazil, effective March 17, 2026, California, effective January 1, 2027, and > > will include Colorado, Illinois and New York provided they pass their > > currently > > proposed legislation. We urge users to write their representatives to get > > these laws repealed or replaced." > > > > Clearly you can be impacted by these new laws if you are an entity in a non > > US country. > > > >> However, this is much the same, like I pointed out earlier, as some > >> foreign state purporting to place an internationally-applicable ban on > >> 2SLGBTQIA+ materials–while under its own laws the ban can certainly apply > >> worldwide in theory, in practice, there would be no real enforcement > >> mechanism. > > > > No, thats not the same. A foreing state can't blanket ban something > > worldwide, as the world is outside its jurisdiction. They can ban within > > their own country, or attempt to fine someone outside their own country for > > continuing to supply or distribute a product or service. > > > > Whether its enforceable wasn't the main point anyway. It was to rubbish > > this notion from Kevin et al that simply being in Canada is enough to avoid > > the law - it isn't plain and simple. > > > > Despite the numerous facts and historic evidence of their "notions" not > > being true they will still argue black is white I guess. The fact is, > > being in an entity in Canada will not prevent California pursuing a company > > distributing an OS if California decides they want to. Whether they will > > legally achieve a fine or an enforcement will be a legal test if it comes. > > But simply stating Openbsd is in Canada therefore it doesn't apply is just > > not true. > > > > > > > > 11 Mar 2026, 01:53 by [email protected]: > > > >> Well, yes and no. Protection mainly arises due to a lack of physical > >> exposure to the claiming jurisdiction. > >> > >> In the case of Facebook and Apple, they maintain significant assets in the > >> EU. Therefore, the EU is able to enforce fines even if they originated as > >> a result of activity conducted abroad. > >> > >> In the case of OpenBSD, there’s certainly nothing preventing California or > >> the EU from attempting to issue a fine against it. However, it would be > >> rather difficult to enforce this fine since (I assume) OpenBSD does not > >> maintain any significant assets in the U.S./EU that these jurisdictions > >> could attempt to come after. > >> > >> For some people/corporations, the risk of an attempted foreign fine ia > >> something they’re so unwilling to take that they simply block users from > >> that jurisdiction so that the jurisdiction itself does not attempt to > >> issue fines. This is what Imgur did. However, ultimately, if Imgur did not > >> maintain any assets in the U.K., it would be quite difficult for the U.K. > >> to attempt to enforce a fine against Imgur. > >> > >> I am of the opinion that if a foreign nation is interested in preventing > >> its people from accessing certain services, that’s its own problem and it > >> can work out if it wants to block websites associated with the service or > >> something else. OpenBSD as a Canadian project with presumably no/minimal > >> exposure to the U.S. shouldn’t cooperate with such power grabs. > >> > >> ChatGPT is not a reliable source of law. With that said, the response > >> given you by ChatGPT appears to be mostly correct in accordance with > >> California law. However, this is much the same, like I pointed out > >> earlier, as some foreign state purporting to place an > >> internationally-applicable ban on 2SLGBTQIA+ materials–while under its own > >> laws the ban can certainly apply worldwide in theory, in practice, there > >> would be no real enforcement mechanism. > >> > >>> On Mar 10, 2026, at 21:37, [email protected] wrote: > >>> > >>> Doubt it. Where an entity is domiciled or incorporated doesn't protect > >>> you. > >>> 3 pieces of information. > >>> > >>> 1) The EU regularly fines US companies (much to the annoyance of the US > >>> administration) > >>> The company "operates" globally, and services EU customers. However the > >>> company like Facebook or Apple being fined is American. The EU is in > >>> er... the EU :) > >>> > >>> 2) The UK government has a similar Age Verifcation law. They tried to > >>> force Imgur to apply it, > >>> or be fined. Imgur said they would not comply, and simply blocked UK > >>> users from accessing > >>> their platform. See here: > >>> https://help.imgur.com/hc/en-us/articles/41592665292443-Imgur-access-in-the-United-Kingdom > >>> UK law. US company. Being in the US did not allow them to evade UK law. > >>> > >>> 3) I asked the AI: "does the California age verification law apply to > >>> companies or entities outside the US" > >>> > >>> Answer: > >>> > >>> The California age verification law, specifically AB 1043 (Digital Age > >>> Assurance Act), applies to any entity that makes a digital service > >>> available to California residents, regardless of where the company is > >>> headquartered. This means companies or entities outside the U.S. are > >>> subject to the law if their services are accessible to users in > >>> California. > >>> > >>> Key points: > >>> > >>> The law targets digital services (including apps, operating systems, and > >>> online platforms) used by California residents. > >>> Jurisdiction is based on user location, not company location. If a > >>> company offers services to users in California, it must comply with the > >>> law’s age verification requirements. > >>> The law does not require photo IDs or facial recognition—users can > >>> self-report their age during device or account setup. > >>> While the law is enforced by California’s Attorney General, its reach > >>> extends globally due to the “California effect,” where companies often > >>> apply compliance standards nationwide or worldwide to avoid managing > >>> multiple systems. > >>> However, enforcement against foreign entities may be challenging, and > >>> some experts suggest companies might respond by blocking California IP > >>> addresses or adding disclaimers like “Not for use in California” to avoid > >>> liability. > >>> > >>> > >>>>> As many have pointed out, with varying levels of eloquence, I would > >>>>> imagine that being incorporated in Canada might be of help here, in a > >>>>> similar fashion to the issue of exporting encryption software, which > >>>>> is illegal in the US, but not in Canada. > >>>>> > >>>>> Also in what way does the bill violate the constitution? Not > >>>>> disagreeing, just wanting to meet you where you are here. > >>>>> > >>>>> On Thu, Mar 5, 2026 at 9:45 AM Gabe Bauer <[email protected]> wrote: > >>>>> > >>>>>> > >>>>>> Hello! > >>>>>> > >>>>>> I assume that somebody has likely already informed Theo about the new > >>>>>> operating system level age verification law that takes effect in > >>>>>> California starting January 1st of next year? > >>>>>> > >>>>>> There are also similar efforts making their way through Colorado and > >>>>>> New York at the moment. > >>>>>> > >>>>>> Most pressingly, a bill with hefty fines for non compliance (about 9.6 > >>>>>> million USD), which is enough to completely sink the OpenBSD > >>>>>> Foundation and project, and it takes effect starting thirteen days > >>>>>> from now. > >>>>>> > >>>>>> Are there any proposed solutions to this? > >>>>>> > >>>>>> I believe the Brazilian law is more stringent on what is required to > >>>>>> comply with the measure, including, correct me if I am wrong, actual > >>>>>> government ID submission, which is likely not feasible for a default > >>>>>> OpenBSD installation. > >>>>>> > >>>>>> Does the OpenBSD project plan to implement the necessary measures to > >>>>>> comply with these laws, or will they take the route of MidnightBSD, by > >>>>>> simply stipulating in the license that people in these areas are not > >>>>>> allowed to use the software? > >>>>>> > >>>>>> This is VERY important to me as I am sure it is to you, too, as I am > >>>>>> sure all of us would like to see projects like this one to continue to > >>>>>> exist. > >>>>>> > >>>>>> I am fairly certain that the California law likely violates the US > >>>>>> constitution, but may go unchallenged. > >>>>>> > >>>>>> I am less certain about the constitutionality of the Brazilian law > >>>>>> within its own borders. > >>>>>> > >>>>>> I hope this project does not suffer an unkind fate. Thank you for your > >>>>>> attention to this matter!! > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Aaron Mason - Programmer, open source addict > >>>>> I've taken my software vows - for beta or for worse > >>>>> > >>>>> > >>>> > >>>> > >>> > >>> > >> > >> > > > > >
