Yes, it can be intimidating to have a nation-state threaten you. It can also be a politically-motivated decision with Imgur hoping for more providers to go down this route, resulting in political pressure against the government incentivizing it to back down. Such a strategy would be most effective with coordination between various major open-source projects.
I would be surprised if you were able to find an exmaple of the U.K. successfully enforcing a fine against a foreign non-E.U. company with no physical exposure to the region, as opposed to merely threatening a company into compliance. > On Mar 10, 2026, at 22:24, [email protected] wrote: > > "Imgur does not have operations or assets in the UK, and it has explicitly > stated that it does not operate in the UK to avoid compliance with UK laws, > including the Online Safety Act." > > They were still threatened with fines by the UK government (ICO), and still > blocked UK users via IP. > > I didn't use ChapGPT. The result was a summary of everything else I've read > via a much better AI ;) > > For example, an operating system for a pocket calculator has simply changed > its license to > ban Californian users. > > DB48X, an open-source calculator firmware project, has announced it will ban > users from California starting January 1, 2027, due to California's new law > requiring operating systems to collect and share user age data. This > decision stems from the project's refusal to implement age verification, > which it views as incompatible with its open-source principles and privacy > values. > > > > MidnightBSD have put this similar wording in their terms: > > "Residents of any countries, states or territories that require age > verification > for operating systems, are not authorized to use MidnightBSD. This list > currently includes > Brazil, effective March 17, 2026, California, effective January 1, 2027, and > will include Colorado, Illinois and New York provided they pass their > currently > proposed legislation. We urge users to write their representatives to get > these laws repealed or replaced." > > Clearly you can be impacted by these new laws if you are an entity in a non > US country. > >> However, this is much the same, like I pointed out earlier, as some foreign >> state purporting to place an internationally-applicable ban on 2SLGBTQIA+ >> materials–while under its own laws the ban can certainly apply worldwide in >> theory, in practice, there would be no real enforcement mechanism. > > No, thats not the same. A foreing state can't blanket ban something > worldwide, as the world is outside its jurisdiction. They can ban within > their own country, or attempt to fine someone outside their own country for > continuing to supply or distribute a product or service. > > Whether its enforceable wasn't the main point anyway. It was to rubbish this > notion from Kevin et al that simply being in Canada is enough to avoid the > law - it isn't plain and simple. > > Despite the numerous facts and historic evidence of their "notions" not being > true they will still argue black is white I guess. The fact is, being in an > entity in Canada will not prevent California pursuing a company distributing > an OS if California decides they want to. Whether they will legally achieve a > fine or an enforcement will be a legal test if it comes. But simply stating > Openbsd is in Canada therefore it doesn't apply is just not true. > > > > 11 Mar 2026, 01:53 by [email protected]: > >> Well, yes and no. Protection mainly arises due to a lack of physical >> exposure to the claiming jurisdiction. >> >> In the case of Facebook and Apple, they maintain significant assets in the >> EU. Therefore, the EU is able to enforce fines even if they originated as a >> result of activity conducted abroad. >> >> In the case of OpenBSD, there’s certainly nothing preventing California or >> the EU from attempting to issue a fine against it. However, it would be >> rather difficult to enforce this fine since (I assume) OpenBSD does not >> maintain any significant assets in the U.S./EU that these jurisdictions >> could attempt to come after. >> >> For some people/corporations, the risk of an attempted foreign fine ia >> something they’re so unwilling to take that they simply block users from >> that jurisdiction so that the jurisdiction itself does not attempt to issue >> fines. This is what Imgur did. However, ultimately, if Imgur did not >> maintain any assets in the U.K., it would be quite difficult for the U.K. to >> attempt to enforce a fine against Imgur. >> >> I am of the opinion that if a foreign nation is interested in preventing its >> people from accessing certain services, that’s its own problem and it can >> work out if it wants to block websites associated with the service or >> something else. OpenBSD as a Canadian project with presumably no/minimal >> exposure to the U.S. shouldn’t cooperate with such power grabs. >> >> ChatGPT is not a reliable source of law. With that said, the response given >> you by ChatGPT appears to be mostly correct in accordance with California >> law. However, this is much the same, like I pointed out earlier, as some >> foreign state purporting to place an internationally-applicable ban on >> 2SLGBTQIA+ materials–while under its own laws the ban can certainly apply >> worldwide in theory, in practice, there would be no real enforcement >> mechanism. >> >>> On Mar 10, 2026, at 21:37, [email protected] wrote: >>> >>> Doubt it. Where an entity is domiciled or incorporated doesn't protect you. >>> 3 pieces of information. >>> >>> 1) The EU regularly fines US companies (much to the annoyance of the US >>> administration) >>> The company "operates" globally, and services EU customers. However the >>> company like Facebook or Apple being fined is American. The EU is in er... >>> the EU :) >>> >>> 2) The UK government has a similar Age Verifcation law. They tried to force >>> Imgur to apply it, >>> or be fined. Imgur said they would not comply, and simply blocked UK users >>> from accessing >>> their platform. See here: >>> https://help.imgur.com/hc/en-us/articles/41592665292443-Imgur-access-in-the-United-Kingdom >>> UK law. US company. Being in the US did not allow them to evade UK law. >>> >>> 3) I asked the AI: "does the California age verification law apply to >>> companies or entities outside the US" >>> >>> Answer: >>> >>> The California age verification law, specifically AB 1043 (Digital Age >>> Assurance Act), applies to any entity that makes a digital service >>> available to California residents, regardless of where the company is >>> headquartered. This means companies or entities outside the U.S. are >>> subject to the law if their services are accessible to users in California. >>> >>> Key points: >>> >>> The law targets digital services (including apps, operating systems, and >>> online platforms) used by California residents. >>> Jurisdiction is based on user location, not company location. If a company >>> offers services to users in California, it must comply with the law’s age >>> verification requirements. >>> The law does not require photo IDs or facial recognition—users can >>> self-report their age during device or account setup. >>> While the law is enforced by California’s Attorney General, its reach >>> extends globally due to the “California effect,” where companies often >>> apply compliance standards nationwide or worldwide to avoid managing >>> multiple systems. >>> However, enforcement against foreign entities may be challenging, and some >>> experts suggest companies might respond by blocking California IP addresses >>> or adding disclaimers like “Not for use in California” to avoid liability. >>> >>> >>>>> As many have pointed out, with varying levels of eloquence, I would >>>>> imagine that being incorporated in Canada might be of help here, in a >>>>> similar fashion to the issue of exporting encryption software, which >>>>> is illegal in the US, but not in Canada. >>>>> >>>>> Also in what way does the bill violate the constitution? Not >>>>> disagreeing, just wanting to meet you where you are here. >>>>> >>>>> On Thu, Mar 5, 2026 at 9:45 AM Gabe Bauer <[email protected]> wrote: >>>>> >>>>>> >>>>>> Hello! >>>>>> >>>>>> I assume that somebody has likely already informed Theo about the new >>>>>> operating system level age verification law that takes effect in >>>>>> California starting January 1st of next year? >>>>>> >>>>>> There are also similar efforts making their way through Colorado and New >>>>>> York at the moment. >>>>>> >>>>>> Most pressingly, a bill with hefty fines for non compliance (about 9.6 >>>>>> million USD), which is enough to completely sink the OpenBSD Foundation >>>>>> and project, and it takes effect starting thirteen days from now. >>>>>> >>>>>> Are there any proposed solutions to this? >>>>>> >>>>>> I believe the Brazilian law is more stringent on what is required to >>>>>> comply with the measure, including, correct me if I am wrong, actual >>>>>> government ID submission, which is likely not feasible for a default >>>>>> OpenBSD installation. >>>>>> >>>>>> Does the OpenBSD project plan to implement the necessary measures to >>>>>> comply with these laws, or will they take the route of MidnightBSD, by >>>>>> simply stipulating in the license that people in these areas are not >>>>>> allowed to use the software? >>>>>> >>>>>> This is VERY important to me as I am sure it is to you, too, as I am >>>>>> sure all of us would like to see projects like this one to continue to >>>>>> exist. >>>>>> >>>>>> I am fairly certain that the California law likely violates the US >>>>>> constitution, but may go unchallenged. >>>>>> >>>>>> I am less certain about the constitutionality of the Brazilian law >>>>>> within its own borders. >>>>>> >>>>>> I hope this project does not suffer an unkind fate. Thank you for your >>>>>> attention to this matter!! >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Aaron Mason - Programmer, open source addict >>>>> I've taken my software vows - for beta or for worse >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
