California has pulled back from one of the most sweeping age-verification proposals in the United States. On July 16, 2026, state lawmakers stripped from bill A.B. 1856 the language that would have forced every web browser and website to check users' ages - a plan that critics warned amounted to an age tracker for the entire open web. It is a genuine privacy win. But the core of California's age-gating machine survives untouched, and for anyone who values anonymity online, that is the part that still matters.
What was cut, and what survived
To understand the retreat, you need the two bills behind it. A.B. 1043, passed in 2025, is the foundation: from January 2027 it requires operating systems and app stores to collect each user's age, sort people into age brackets, and expose that bracket to app developers. A.B. 1856 was an amendment meant to extend that logic - and its most dangerous version would have dragged browsers and websites into the same regime.
That extension is what the legislature just abandoned. Browsers and websites are out. An earlier amendment had already exempted open-source operating systems, which is why the digital-rights group EFF dropped its opposition to A.B. 1856 specifically. What remains fully intact is A.B. 1043 itself: the operating systems and app stores on your phone will still have to know how old you are.
Why the "core" is the real problem
On paper, A.B. 1043 does not explicitly demand hard ID verification. In practice, it creates liability of up to 7,500 dollars per affected child - and that price tag is a powerful incentive to over-collect. Faced with that risk, platforms tend to reach for the most defensible option: real identity checks, document uploads, biometrics. A law that claims to avoid mandatory verification ends up nudging the whole industry toward exactly that.
EFF's objection is blunt and constitutional: "no one should have to provide or verify their age to access the internet." The mechanism is also trivially circumvented - a user can simply lie about their age, with no penalty for the developer - which means it burdens honest adults while barely slowing anyone determined to get around it. This is the same operating-system-level approach we examined in Illinois HB 5511, the law that would make your phone know your age: the age check migrates from individual sites down into the device itself, where it is far harder to escape.
The pattern across the states
California's partial reversal is one data point in a chaotic national picture. Where these laws take effect, they reliably push people toward VPNs: when Missouri's age-verification law came into force, VPN demand surged almost overnight, as adults refused to hand their IDs to every website. Where courts get involved, the laws often stumble - a federal judge blocked Nebraska's social-media age-verification law on free-speech grounds. California now adds a third outcome: a legislature voluntarily narrowing its own bill under pressure.
Taken together, the message is that age verification is neither settled nor inevitable. It is being fought line by line, state by state - and each rollback, block or narrowing buys time and preserves a little more of the anonymous internet.
For everyday users, the lesson is the one these fights keep teaching: as more of the age-checking apparatus sinks into the operating system and the app store, the ability to reach the internet without broadcasting your identity becomes something you have to actively protect. A trustworthy VPN does not exempt anyone from the law, but it remains a core privacy tool for keeping your location and browsing out of the hands of every service that would rather demand your ID than respect your anonymity.