TL;DR
I do not think FreeBSD should necessarily do anything at this moment in time besides some form of malicious compliance if/where feasible. FreeBSD is not aimed toward kids/teens, and the Brazilian law text is too broad and too poorly written in order to even gauge if its usage by kids/teens is "probable enough"; furthermore, the text seems to foresee further regulation and the possibility of different requirements for distinct platforms, so things could change.
I do not know if/when this will get posted (though I am not new to FreeBSD, I am new to the forums). Also, I'd like to apologize to the reviser of this wall of text beforehand. I'm sorry 
Context
Just to contextualize a little: in 2025, a major Brazilian influencer by the name of Felca randomly decided to upload an explosive video exploring (in the sense of "reporting the dangers of") the concept of "adultization" of minors. The video depicted very strong (and thus censored) footage that included Brazilian minors (specially teenager girls), half or even fully naked, lying in bed with adults or doing sensual dances and poses for videos and pictures to be uploaded to social networks or sold otherwise. The video also showed how adults had been profiting out of child/teen sexualization and exposition, and even accused some of the most blatant wrongdoers, presenting names and faces of such exploiters to the public. Safe to say it left the whole country horrified, and so a state of moral panic ensued along an outcry for "blood". Some high-profile personalities got arrested for exploitation of minors, and politicians scrambled to make an emergency law in order to "protect our children and teenagers". Thus was born Law 15.221/25, a.k.a. "The Digital ECA", a.k.a. "The Felca Law", approved on September/2025 and set to take effect starting on March 17, 2026 (Art. 41-A). The law was clearly created in a haphazard way (just out of curiosity, even the name of the Brazilian president is written wrongly at the end of the law's official text, missing a starting 'L'), and also clearly written by people unfamiliar with digital systems and platforms, as politicians and lawmakers tend to be.
How much probable/likely is "probable/likely enough"?
Among its many problems, one is the generality of the text: it refers to safeguards that need to be implemented by systems/platforms that are
aimed at children and teenagers, but then adds the very generic "or which are probable/likely to be accessed" by them. But how probable, and how to measure such probability? That is up to interpretation. Considering the internet and its nature, I conceive every single system/platform has a non-zero probability of being accessed by children/teenagers. Is that probable enough for the law to apply? Also up to interpretation.
Age signals and some current implementations/responses
Among its many devices, one that is of particular concern is located under Chapter IV, more precisely Art. 12-III, where it is established that systems/platforms will need to provide an API which will be responsible for
managing (i.e. generating, saving, providing accessors such as getters and setters for) what is called an "age signal". The idea is that this signal will need to be used for the purposes of identifying an age bracket for the user of a digital system/platform in order to determine whether said user can access that particular system/platform or not. This is where the law mainly expects most systems to take action in order to provide such API (though there are many more requirements that might demand action under Articles 24 through 33). In Android, we are already having to do age signaling via Google's Play Age Signal API. M$ is expected to start rolling something out soon, possibly making its chaotic usage of the TPM, which will then store user IDs alongside age signals. Others, like Apple and Steam, are trying to bypass this hellscape by using the (possibly already provided) credit card information of a user: the idea is that, if you have a credit card in your name, then you are a legal adult and that's it. And, since it seems to be a possibility nowadays, if a child/teen has a credit card in his/her name, then there needs be a legal guardian (e.g. a parent) associated with that card, and apparently a backend can be used for such verification without the need for any additional information. Some Linux distros, such as Omarchy, have already issued "no-comply" statements, not specifically to the Brazilian law, but to the "retarded California law" (their words). I do not expect their response to be different regarding the Brazilian one. And, as for huge Linux distros like Ubuntu, the latest information seems to be that they are analyzing, along with legal counsel, the texts that are popping all over the U.S and the world in order to decide what course of action to take.
What about FreeBSD?
As for FreeBSD, in what concerns the Brazilian law, I personally
think that it should not need to do anything at the moment, or at least not anything
concrete, at most some sort of malicious compliance if/when/where feasible. My opinion is that the text in its current form is just too broad and poorly written in order to even gauge if and where FreeBSD
should take any action in the first place. FreeBSD is certainly not something that would be improper for minors, so it does not fit under Art. 9º (which is the only article that explicitly vets autodeclaration in the official text). It also certainly is not children/teenagers oriented, though there does exist a non-zero probability that it could be used by minors. But, as already discussed, would it be "probable enough" to warrant action? Plus, Art. 34 already states that complementary norms may be issued to regulate the devices presented by the text, which strikes me as some sort of self-awareness that the text is very poorly written (or maybe a backdoor to make it even worse in the future). And Art. 34, § 2º foresees the possibility of regulatory authorities adopting distinct requirements that are proportional to each service's nature, risk and business model. Meaning, things can change, though if to alleviate or even radicalize some of the devices presented therein is unknown.
Just my two cents (or lots of cents). Sorry for the text wall.
