(This is a translated version of my original text on Medium, where I discuss a huge fake news being spread about brazilian laws and how parental control work on Linux)
The misinformation about Brazil's Law 15.211/2025 and Linux is a textbook case of how a legitimate concern becomes panic when nobody reads the source material.
On March 8, 2026, MidnightBSD (a niche BSD system most people have never heard of ) proactively blocked Brazilian users. The message was blunt: "Residents of Brazil are not authorized to use MidnightBSD."
Right on cue, a week later, my timeline was flooded with alarmist posts about how Brazil's "Felca Law" was going to ban Linux. Videos with all-caps titles, apocalyptic threads, people who never installed a distro in their lives sharing that "the Brazilian government is banning Linux." The full misinformation cycle, start to finish, in less than ten days, fueled by artificial panic and clickbait content.
Look, I've been using Linux since the late '90s. I've contributed to open source projects, spoken at conferences about it, and even interviewed Linus Torvalds. Using Linux is second nature to me. A good chunk of my day, even for personal projects like my home server, is spent in a terminal running native Linux commands. So it's pretty obvious that when the flood of "Linux is banned" posts started showing up, I went to look for myself.
Meaning, I read the law.
What Law 15.211/2025 actually says
Law 15.211, signed in September 2025 and effective as of March 17, 2026, is officially Brazil's Digital Statute for Children and Adolescents. The nickname "Felca Law" comes from a YouTuber by the same handle, whose video about child exploitation on social media accelerated the bill's passage in Congress. The video has over 50 million views today.
Article 1 defines the scope: it applies to "all information technology products or services directed at children and adolescents in Brazil or likely to be accessed by them." Article 2, item I, lists examples: internet applications, computer programs, software, operating systems for terminals, app stores, and electronic games.
Yes, operating systems are mentioned. And this is where most people stop reading and start panicking.
But here's the thing: at least in Brazil, laws don't exist in isolation. They depend on, limit, and build upon other laws. If a law mentions "family," there needs to be a legal definition of family, or it references an existing one, to avoid ambiguity. Everything depends on context, not on isolated words in a single article.
With that in mind, Article 12 is where the confusion was born. It says that providers of app stores and operating systems must take proportional, auditable, and technically secure measures to verify user age, allow parents to configure parental supervision, and enable age signaling via a secure API.
The keyword there is "proportional."
It shows up again in Article 39, which reinforces that obligations must be applied according to the "characteristics, functionalities, size, and degree of interference of the provider." And Article 12, §3 explicitly states that an Executive branch regulation will define minimum requirements.
In other words, the regulation isn't even finished yet. And even when it is, it still relies on other existing laws. People in Brazil are debating the worst-case scenario of a law whose practical application hasn't been defined and that doesn't exist in a vacuum.
It gets worse (for the panic narrative)
When the "Linux ban" discussion started gaining traction on the few networks I follow, I noticed that virtually nobody was mentioning three provisions from the same law that dismantle the whole narrative:
Article 2, §2 excludes from scope "essential functionalities for the operation of the internet, such as open and common technical protocols and standards." The Linux kernel runs on over 96% of the world's web servers. It is the essential functionality for the operation of the internet. I don't know how to make this clearer.
Article 14, sole paragraph, states that "regardless of the measures adopted by operating systems and app stores, providers [of applications] must implement their own mechanisms to prevent improper access." The primary responsibility lies with the applications, not the operating system. If Instagram needs to verify age, that's Instagram's job. The operating system plays a complementary role, not a central one. Pretty obvious, if you think about it for a second.
And Article 37, sole paragraph, prohibits the regulation from resulting in "massive, generic, or indiscriminate surveillance mechanisms" and explicitly protects freedom of expression and privacy. Blocking access to an entire operating system fits squarely into "generic and indiscriminate."
Three articles. Same law. That most people who shared the "Linux is banned" story either didn't read or cherry-picked to promote panic. And this is getting traction, even internationally.
How clickbait became panic
So here we go.
Between August and September 2025, when Brazil's president signed the bill, the first analyses emerged. A political columnist posted on Twitter that a "possible ramification" of the law would be "banning Linux." A tech columnist from TecMundo (a major Brazilian tech outlet) started threads analyzing Article 12 and asking what the chances were that Linux distros would implement age verification. On TabNews (a Brazilian dev community), the topic was discussed under the headline "END OF LINUX IN BRAZIL⁉️"
In December 2025, Brazil's National Data Protection Authority (ANPD) published its list of companies subject to oversight, which included Canonical (Ubuntu).
Now, being on an oversight list is radically different from being banned. I'm on the income tax registry. That doesn't mean paying taxes is illegal, or that I'm automatically going to jail. It means the tax authority knows I'm a minimally (emphasis on minimally) functional adult and I need to comply with my obligations. Once those obligations are met, nothing happens.
Finally, in March 2026, everything blew up. MidnightBSD blocked Brazilians preemptively (the project's own decision, not a legal mandate), TecMundo published an article presenting the most pessimistic scenario as plausible, and the whole thing went viral.
The misinformation spread along two axes. On the political side, right-wing sectors framed the law as "censorship" and "state control," using Linux as an example of regulatory overreach. Standard playbook: when there's nothing real to present, create panic. Content like that goes viral fast, and not always organically.
On the technical side, members of the tech community turned "could affect" into "will ban." Well, I could walk to the bakery and get hit by a Boeing 737 that lost control and crashed specifically on my head. Something having a chance of happening doesn't mean it will.
And since sharing an alarmist headline is easier than reading 37 articles of a law, here we are.
What the law can't do (and why)
No fluff, let's get to the legal arguments:
Proportionality is the central principle. Banning an entire operating system because it doesn't have native age verification would be like shutting down a highway because one of the cars on it doesn't have a seatbelt. Article 5, §3 requires the ANPD to consider "regulatory asymmetries" and "technological evolution" when issuing guidelines. Volunteer-maintained Linux distributions don't have the same implementation capacity as Microsoft or Apple. The law acknowledges this.
Applications bear the primary responsibility. I already cited Article 14, but it's worth reinforcing: the law distributes responsibility across the entire digital chain. The operating system is just one layer, not the bottleneck.
Brazil's Internet Bill of Rights protects open technologies. Remember what I said about laws not existing in isolation? Article 24, V of Law 12.965/2014 (Brazil's "Marco Civil da Internet," essentially our Internet Bill of Rights) establishes as a guideline the "preferential adoption of open and free technologies, standards, and formats." Any interpretation of Law 15.211 that results in banning free software directly conflicts with this guideline.
The "Felca Law" itself references the concepts from the "Marco Civil" law. One doesn't exist without the other, and neither exists separately from the rest of the legal framework, including the original Child and Adolescent Statute (ECA).
The Constitution protects free enterprise. Article 170 of the 1988 Constitution enshrines free enterprise. Banning Linux distribution, used by thousands of Brazilian companies and by the federal government itself, would violate this principle.
Suspension and prohibition require a court order. Article 35, §5 specifies that warnings and fines are applied by the ANPD, but suspension and prohibition of activities can only be imposed by the Judiciary. There is no scenario where the ANPD simply "bans" Linux by administrative decree. A court order would be required, with full due process.
The law itself prohibits mass surveillance. I already mentioned Article 37, but it deserves emphasis: the law prohibits the regulation from compromising "the fundamental rights to freedom of expression" and privacy. Blocking an operating system falls under that prohibition.
Technological neutrality is a principle of Brazilian regulatory law. The law doesn't differentiate between proprietary and free software. Interpreting it so that only Windows and macOS can operate would create an unconstitutional market monopoly that makes no sense whatsoever. You can have a Linux-based OS that's almost 100% nationally developed. You can't say the same for Windows or macOS.
Law firms that have formally analyzed the law treat it as imposing compliance obligations, not technology bans. No formal legal opinion supports the thesis that Linux would be banned.
I'll say it again, in bold this time: None.
"But Linux doesn't have parental controls"
For the love of sweet baby Tux, have you ever actually used Linux? This is the part that annoys me the most, because it shows that whoever pushes this argument doesn't use Linux. Or, if they do, they never looked beyond the basics.
GNOME has integrated Malcontent since version 3.38, back in 2020. It's a native parental control system that lets you restrict apps per user account, block web browsers, prevent software installation, and filter apps by age rating using the OARS (Open Age Ratings Service) standard. It's part of the desktop environment that millions of people use.
Flathub, the largest Linux app repository, mandates OARS classification for all published apps. Classification by violence, drugs, sex, language, social interaction, mapped to age ranges. The same kind of thing you find on the App Store and Play Store.
For screen time control, Timekpr-nExT offers daily, weekly, and monthly limits, time windows, per-app control, and automatic logout. Works with GNOME, KDE Plasma, XFCE, Cinnamon, Budgie, and Deepin, on both X11 and Wayland. It's been in Ubuntu's official repositories since version 20.10 — that's the year of our Lord 2020.
And there's more: CTparental, a French open source solution, combines web filtering by category, forced SafeSearch, time controls, download blocking by file extension, and a web admin interface.
At the system level, Linux offers controls that simply don't exist on Windows or macOS: PAM can restrict login by time of day directly at the kernel level; iptables/nftables can block internet access per user ID; AppArmor and SELinux implement mandatory access control. Every Unix-like system, no exception, has the foundations to meet these requirements by design.
I'd go as far as saying that if the "Felca Law" actually forced operating systems to implement age controls, Linux would probably be more suitable than Windows and macOS. If someone wants to argue that Linux can't comply with this law, they'll need better arguments. Because the facts disagree.
The debate that actually matters
Look, I'm not saying the law is perfect. No law is, by definition. Society changes, technology advances, and laws rarely keep up.
In the case of the "Felca Law", the wording is broad, as is typical of Brazilian legislation. And unfortunately, there are legitimate ambiguities that need to be resolved during the ANPD's regulatory process.
The real question is: how do we make sure that regulation recognizes the specifics of free software? Decentralized governance models, community-driven development, the impossibility of having a single "provider" responsible in the traditional sense. There are viable technical solutions, like system-level age signaling APIs, that can be implemented without compromising the open nature of the code. Ideally, APIs that aren't tied to big tech companies or other services that could misuse this information.
I'm in favor of regulation that protects children and teenagers online. I've written on LinkedIn about how platforms profit from child exploitation while treating reports as a joke. I've reported 18+ content in supposedly child-friendly videos on Instagram, and the response was always "no violations found." The Felca Law tries to solve a real problem that big tech seems to treat as a "necessary evil" for their bottom line.
The path forward is participating in the public regulatory consultation with constructive contributions. Not sharing that "Linux will be banned" without having read a single article of the law or knowing how Linux works.
Installing Linux in Brazil was legal in the '90s. It's legal today. And it will be legal tomorrow.
Staying informed is important. The panic, as usual, is optional.
Top comments (0)