[kakwa_]

IMHO, the law tries to target the last entity which has practical control over the OS design and implementation aka the final developer/integrator.

For example in the Linux world, it's the distributions.

Where it gets murky is with Android (and to a lesser extent Windows).

IMHO, the entities which should be responsible are Google and Microsoft.

But since vendors, specially in the Android world, can heavily tweak the OS, there is a case that it's more the device manufacturers like Samsung which are responsible.

The relevant interpretation in practice will usually happen naturally, and the most ambiguous stuff will be set by jurisprudence if necessary.

[AnthonyMouse]

> IMHO, the entities which should be responsible are Google and Microsoft.

So let's say someone in e.g. South America publishes an Android ROM. >99% of the code was written by Google but the author isn't using Google Play or any form of Google service for updates, it's only using the base Android code with their own updater.

If someone in California uses this ROM and the person in the other jurisdiction made modifications so that it doesn't comply with this law, who is in trouble? It's pretty unreasonable to claim that it's Google, but then is it no one, since the party responsible is outside the jurisdiction?

[kakwa_]

That one is murky.

I would argue it falls more on a case like the Linux distributions one and the guy in South America is responsible.

Google, in my opinion, can be held accountable for Android because they deeply control the ecosystem (App Store, APIs, Services) and de-facto prevents significant modifications, specially when they deal with Android security framework & mechanisms (if you modify this stuff too deeply, the Apps could break).

But if a distribution cuts ties with that, then it's the author or the entity behind it who is responsible, and if it's deemed illegal, downloading his ROM should be blocked in the US.

In truth, if I were a defender of this law (which I'm not), I would not worry too much about it. This text is here to force mainstream OS vendors to provide an API for age verification. The micro-subset of people flashing custom roms onto their phone or recompiling a piece of OSS software with some flag disabled is in practice so small that it's not really an issue.

While I do agree that this law could be better written, properly categorizing in it the cases of MS, Apple, Google and maybe entities like Linux Distribution honestly is kind of a nightmare.