Let us be honest about what is really happening here: a bit of quietly merged code in systemd's user database has triggered something deeper than a technical debate. Pull request #40954 adds a birthDate field to systemd's JSON user records to comply with age verification laws in California, Colorado, and Brazil. The field itself is optional; only a system administrator can set it. And yet the community is watching closely. Why?
The fundamental question is not whether systemd should store a date of birth. It is whether legislation that demands this, and the corporate machinery pushing it, actually serves the stated goal of protecting children.
California's Digital Age Assurance Act (AB 1043), signed in October 2025, requires every operating system provider in California to collect age information during setup and transmit it to app developers via a real-time API. The legislation is designed to protect minors from age-inappropriate content. The mechanism, however, shifts compliance burden to operating system makers—not to the social media platforms where the harm actually occurs.
Here is where the scrutiny sharpens: recent investigative research documents that Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86 lobbyists across 45 states, and covertly funded a group called the Digital Childhood Alliance (DCA) to advocate for age verification laws. The investigation, published through public records analysis by The TBOTE Project, reveals that Meta funded what appears to be a grassroots child safety group to push the App Store Accountability Act.
The counter-argument deserves serious consideration. Developers of systemd, including project creator Lennart Poettering, argue they have simply created a data field that other projects can build upon. Poettering has clarified that the birthDate field is "an optional field in the userdb JSON object. It's not a policy engine, not an API for apps. We just define the field, so that it's standardized iff people want to store the date there, but it's entirely optional". The actual age gating, they say, happens elsewhere: in portal layers and application sandboxes. Systemd itself does no verification.
Yet this distinction raises its own questions. Meta stands to benefit because it absorbs none of the compliance costs, since it is a social media platform and not an app store; meanwhile, Meta profits from collecting user data while legislation requires operating systems to gather this age data and send it to applications. The asymmetry is stark. Age verification laws would require Apple and Google to verify ages before anyone downloads any app from their stores, facing new checks and costs, while Meta's apps would be exempt, shifting a huge compliance burden onto app stores while Meta avoids the same rules.
The open-source community is fragmenting in response. Garuda Linux declared it will not implement any age verification measures, since its legal jurisdictions have no laws mandating it. Some projects have opted to restrict access for Californians and Coloradans when their laws come into effect, with one declaring "DB48X is probably an operating system under these laws. However, it does not, cannot and will not implement age verification". A forked systemd project (Liberated systemd) removes the birthDate field entirely; forks like this are meant to ignite conversation rather than become significant projects, but if age verification requirements tighten, the community forking its way out of an uncomfortable situation makes sense.
Strip away the talking points and what remains is a policy design question with genuine trade-offs. The legislation genuinely reflects concern about minors' online safety. But critics note that self-declaration of age at the root negates the entire verification process; the effectiveness of such a system appears to be based on an honour system. Meanwhile, the California and Colorado laws were agreed in concert with major operating system providers, raising the question of whose interests the process truly served.
Voters deserve better than corporate-funded advocacy disguised as grassroots child safety work. The investigation into Meta's lobbying reveals not malice in systemd developers, but rather how political pressure and regulatory architecture create perverse incentives. When a company stands to gain competitive advantage from shifting compliance costs to rivals, its funding of supporting advocacy groups warrants scrutiny. When Meta spent $26.3 million on federal lobbying in 2025 and deployed over 86 lobbyists across 45 states, it also spent approximately €10 million annually lobbying in Europe, the question is not whether age verification laws reflect grassroots demand.
The systemd decision itself is reversible; the code can be removed or alternative distributions can refuse it. But the political momentum behind age verification legislation appears durable. The real task ahead is ensuring that future design choices in this space follow transparent democratic processes rather than corporate-led campaigns masquerading as child protection. Reasonable people can disagree on where that line should be. But first, we need to see who is drawing it.