California passes 'Stop Killing Games' bill — publishers must preserve access

4 min read 1 source clear_take
├── "California's bill is a landmark consumer-protection win that finally treats game shutdowns as repossession rather than a contractual footnote"
│  └── TechTechTech (Hacker News, 213 pts) → read

Frames the Assembly vote as the first major U.S. jurisdiction treating server shutdowns as a consumer-protection issue rather than an EULA matter. Argues that because California is the world's fifth-largest economy, publishers cannot realistically geofence around the law, making this a de facto national standard.

├── "The EULA-as-license model has outlived its legitimacy and needs a statutory floor"
│  └── top10.dev editorial (top10.dev) → read below

Argues the industry has spent twenty years operating on the premise that customers license rather than own games, and that publishers can revoke access at will. The Protect Our Games Act asserts that consumer-protection law sets a floor the EULA cannot override — if a publisher sold a thing, they cannot unilaterally repossess it when live-ops economics sour.

├── "The technical and architectural implications for always-online game design are larger than the legal ones"
│  └── top10.dev editorial (top10.dev) → read below

Suggests the bill's most consequential effect is forcing publishers to design always-online titles with an exit ramp from day one — private-server binaries, offline patches, or source escrow. This reshapes engineering decisions during development rather than just adding a compliance checkbox at end-of-life.

└── "Industry opposition has already lost the political fight"
  └── top10.dev editorial (top10.dev) → read below

Notes the bill drew bipartisan support and a CFA endorsement, while the ESA's leaked lobbying letter read as panicky rather than persuasive. With a Senate vote expected before the September recess, the political cover for passage is already in place and the trade group's usual playbook isn't landing.

What happened

The California State Assembly passed the Protect Our Games Act, the most concrete legislative win to date for the *Stop Killing Games* movement that's been organizing since Ubisoft pulled the plug on The Crew in 2024. The bill requires game publishers selling to California consumers to provide a means of continued access — a private-server release, an offline patch, source escrow, or a refund — when they shut down the backend that makes a purchased game functional.

This is the first time a major U.S. jurisdiction has treated 'we turned off the server' as a consumer-protection problem rather than an EULA footnote. The European Citizens' Initiative version of the same campaign crossed 1.4 million signatures last summer, and the UK government issued a non-committal response in early 2025. California moving first is what changes the math: the state is the fifth-largest economy on the planet, and nobody ships a AAA title that geofences out San Francisco.

The Assembly vote isn't the end of the road — the Senate still has to concur, and the governor still has to sign — but the political cover is already there. The bill picked up bipartisan support, the CFA (Consumer Federation of America) filed in favor, and the ESA's lobbying letter leaked early and read as panicky rather than persuasive. Industry sources expect a Senate vote before the September recess.

Why it matters

For twenty years the games industry has operated on a simple premise: you don't *own* the game, you license access to it, and that access can be revoked at any time for any reason. The EULA you click through at install says so in plain English. What the Protect Our Games Act does is assert that the EULA cannot override a basic consumer-protection floor — if you sold the customer a thing, you can't unilaterally repossess it just because your live-ops P&L stopped working.

The technical implications are larger than the legal ones. An always-online game built today has authentication, matchmaking, anti-cheat, telemetry, asset streaming, microtransaction validation, and progression state all hard-wired into a single proprietary backend. Designing a graceful end-of-life path means separating the authoritative server logic from the entitlement check from the social layer from the storefront — exactly the kind of architectural discipline most live-service codebases skip because they don't have to. The bill makes them have to.

The community reaction on the HN thread is unusually unified for a regulatory story. The 213-point ranking is being driven by senior engineers who've actually shipped live-service backends and who recognize that the *Stop Killing Games* framing is technically reasonable: nobody is demanding publishers run servers forever. They're demanding publishers ship the keys when they're done. Ross Scott, the YouTuber who kicked off the movement, has been explicit that a private-server SDK release satisfies the spirit of the campaign. The ask is portability, not perpetuity.

Compare this to the music industry's DRM capitulation in 2007, when Apple and the labels finally agreed that selling someone a song and then preventing them from playing it on the wrong device was indefensible. That fight took five years and ended when one large market — the EU, in that case — made it cheaper to comply than to litigate. California is now positioned to play the same role for games. The Big Tech playbook of 'comply in one jurisdiction, ship the same thing everywhere' is what makes a single state bill into a de facto national standard.

What this means for your stack

If you ship a game or any 'live' software product to consumers — and 'consumer software with a server dependency' is a much bigger category than just games — the architectural question to ask this quarter is: what does graceful degradation look like when our backend goes dark? Not in a disaster-recovery sense. In a *we shut the company down and the product still works* sense.

Concretely, that means three things. First, decouple entitlement from execution — the check that says 'this user paid' should not be the same code path that runs the game loop. Second, document your server-side game logic well enough that a community could reimplement it — even if you never release source, the data formats, the protocol, and the state machine should be specified somewhere other than in the heads of three engineers who left in 2024. Third, maintain an offline fallback build as a CI target, not a heroic end-of-life project. The studios that get blindsided by this bill will be the ones who treat the server-shutdown scenario as something to deal with later. The studios that handle it gracefully will be the ones who designed for it on day one.

The deeper lesson for any backend engineer: 'the server is always up' is a runtime assumption that's now legally suspect. If your product's value to the customer evaporates the moment your AWS bill stops getting paid, you've built something the regulator is starting to call defective.

Looking ahead

The Senate vote is the next gate, and the governor's desk after that. Assume it passes — the political incentives are aligned and the industry's counter-narrative is weak. The interesting question is what the implementation regulations look like: does CFA-style 'reasonable end-of-life plan' language get teeth, or does it get watered down to 'publish a blog post when you sunset.' Either way, the precedent is set. Stop Killing Games went from a YouTube video to a California statute in under three years, and every live-service product manager who ignored it just got handed a new line item on their architecture review.

Hacker News 232 pts 235 comments

The California State Assembly Has Passed the 'Protect Our Games Act'

→ read on Hacker News

// share this

// get daily digest

Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.