[ndriscoll]

Because consumer devices are barely if at all capable of even setting policy, are basically incapable of enforcing it, and are generally adversarial. It's also easy to apply different policies to different clients at the network level.

[pocksuppet]

The new California and Colorado laws force consumer devices to be capable of setting and enforcing policy.

[ndriscoll]

They do not. Here's the California bill[0]. Here's the Colorado bill[1]. They're short. Nowhere is there something about letting me set policy (e.g. blocking applications/services, presenting plaintext traffic to filtering software, setting time-of-use restrictions, etc.). In fact, it requires my operating system to give any application developer PII about me and requires the application to collect it, even when it's irrelevant (functionality is not age-restricted).

Or did you have some other laws in mind?

[0] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

[1] https://leg.colorado.gov/bill_files/112795/download