You might have seen Linux quietly blocking Brazilian users recently and wondered what was going on. The answer lies in a brand new Brazilian federal law that just came into force this week — and its implications for the open-source world are bigger than most people realize.

What Is the “Lei Felca”?

Brazil just enacted Law 15.211/2025, nicknamed the “Lei Felca” after a popular local influencer who helped push the issue into the national spotlight. The law is broadly aimed at protecting children and teenagers in digital environments — think mandatory age verification, parental supervision requirements, and a ban on loot boxes in games accessible to minors.

On paper, it sounds reasonable. In practice, it’s creating some unexpected collateral damage for the open-source and Linux community.

Why Is Linux Getting Caught in the Middle?

Here’s where things get tricky. The law requires that any platform or software service likely to be accessed by minors must implement age verification mechanisms. That requirement works fine for large corporations like Riot Games, Rockstar, or Roblox — they have the infrastructure and legal teams to adapt quickly.

But open-source projects? That’s a completely different story.

Arch Linux 32-bit already made the call to block Brazilian users entirely rather than risk being in violation of the law. And this likely won’t be the last open-source project to face the same dilemma. The core problem is simple: free and open-source software is built on the principle of open, unrestricted access. Implementing government-mandated age verification goes against the very foundation of how these projects operate.

What the Law Actually Says

Two key articles are driving most of the chaos:

Article 10 requires that any tech product or service likely to be accessed by minors must adopt mechanisms to ensure age-appropriate experiences.

Article 24 goes further, requiring that accounts belonging to users under 16 be linked to and supervised by a legal guardian’s account.

The phrase “likely to be accessed by minors” is doing a lot of heavy lifting here — and it’s broad enough to potentially cover almost anything on the internet, including Linux distribution mirrors and package repositories hosted in Brazil.

What’s Already Changing

The ripples are already being felt across the tech space in Brazil. Riot Games changed the age ratings of League of Legends and Valorant to 18+, effectively locking out underage accounts — with progress saved but gameplay suspended until users turn 18. Rockstar pulled its games from the Brazilian launcher altogether. Roblox introduced a strict age verification system. Even Nexus Mods started requiring age checks due to adult content accessible through the platform.

For age verification itself, Brazilian adults are expected to prove their age by providing a CPF number (Brazil’s individual taxpayer ID), payment card details, scanned identity documents, or facial recognition-based age estimation.

The Open-Source Problem Isn’t Going Away

The fundamental tension here is that open-source software cannot easily comply with these kinds of legal requirements without fundamentally changing what it is. You can’t bolt age verification onto a Linux distro mirror or a package manager without breaking the open, decentralized model that makes these projects work.

Brazil is not alone in moving in this direction — the Netherlands, Spain, Belgium, the United States, and Australia are all exploring similar regulations around loot boxes and digital child protection. But Brazil’s law is one of the broadest and most immediately enforced, and the open-source community is now caught in its crossfire.

For now, the situation remains fluid. But if you’re a Linux user in Brazil, or you maintain an open-source project with Brazilian users, this is a law worth watching very closely.