I watched the vote tally blink across the chamber and felt the current shift. You could almost hear phones lower and whispers begin: 69-22. Then Governor Tony Evers signed a veto that pushed the whole debate back into public view.
I’ll walk you through what happened, why it matters for your privacy, and where this fight over online IDs is headed.
At the Capitol, the Assembly passed AB 105 with a 69-22 vote.
The text would have forced sites hosting “material harmful to minors” to run a reasonable age verification method. In practice, that means adults would have had to submit government IDs, biometric scans, or financial proof to prove their age before viewing certain websites.
Legislators in more than 25 states have approved near-identical measures, according to the Age Verification Providers Association, and a handful of others are actively debating versions of the same law. The intent—protecting kids—reads clean. The mechanics get messy fast.
What did Governor Tony Evers do about the age verification bill?
He vetoed it. In his letter to lawmakers, Evers said the bill’s intrusion into personal privacy was unacceptable and that adults trying to access constitutionally protected material should not have to hand sensitive data to third parties.
I agree with the principle: you shouldn’t be forced to feed a vendor your ID or bank details just to view content. You also shouldn’t have to bet your private data on the vendor’s competence.
At his desk, Governor Evers rejected the bill because of privacy and risk.
Evers pointed to the obvious hazard: verification vendors collect the same documents hackers want. You only have to remember the Discord episode—more than 70,000 IDs leaked after a third-party breach—to see how fast trust evaporates.
He didn’t close the door on device-based approaches; he asked lawmakers to work with tech companies on on-device age checks. That approach avoids some third-party handoffs, but it creates a different danger: a permanent digital ID tied to your hardware.
At the data level, past breaches show why many civil-liberty groups push back.
Vendors that store scans of faces, photos of licenses, or card numbers create centralized targets. Those repositories are magnets for attackers and temptation for misuse.
On-device verification removes the vendor middleman, but it also risks turning phones and computers into persistent identity stamps. One solution can become a Trojan horse of data collection if companies or governments repurpose the mechanism.
Could digital IDs become mandatory nationwide?
Federal momentum exists. The Kids Online Safety Act and related proposals are moving through Congress with bipartisan sponsors. Simultaneously, states keep passing their own laws and the U.K. has pushed its own verification frameworks.
If you live in Wisconsin, the border provides relief for now—digital ID requirements stop at the state line. But policy tends to ripple: one state’s standard can become a national norm when large platforms design systems to accommodate the strictest rules.
At the platform level, companies and tools are already being dragged into the debate.
Platforms that host adult content, verification providers, VPN vendors, and browser makers are all part of the supply chain now. Lawmakers tried and failed to ban VPNs from bypassing checks in this version, but the mere idea shows how forceful regulations can become.
Some vendors pitch device-based SDKs that promise privacy. I remain skeptical: a single ID layer that touches every app behaves like a digital bouncer at the velvet rope, and once it exists, every venue asks for it.
At the consumer level, the trade-offs are personal and immediate.
You can value child safety and still worry about surveillance and data leakage. Those concerns are not mutually exclusive. They’re political choices and technical designs wrapped together.
I’ll tell you plainly: if you hand over scans and biometric checks routinely, you change the threat model around your life. You also shift power toward whoever collects and monetizes that data.
Wisconsin’s veto buys time. It forces another round of questions: who should hold sensitive verification data, what guarantees protect it, and how will vendors be audited? Those are debates you should follow, and weigh with care.
Do you trust companies and governments to build a single sign-on for adulthood without turning it into a surveillance architecture?