New York's Budget Hides a Surveillance Mandate for Every 3D Printer
Buried in New York's 2026-2027 budget is a provision that would require every 3D printer sold in the state to run state-maintained censorware on every print job. California has its own version. This is not about guns.
Buried in Part C of New York's proposed 2026-2027 state budget — bill numbers S.9005 and A.10005 — is a provision that received almost no attention outside of maker communities and the EFF. It would require every 3D printer and CNC machine sold in New York State to include software that analyzes every print job and blocks any output the algorithm identifies as a firearm component. The state would maintain a "library of forbidden files." Distributing design files capable of producing those components to someone without the right licenses would be a felony.
California has its own version. Washington State has one too.
I want to be precise about what this actually is, because the framing matters: this is a mandate for continuous surveillance of every manufacturing job you run on hardware you own, enforced by a government-maintained blacklist, with felony criminal liability attached to information.
That's not a slippery slope argument. That's the text of the bill.
What New York's S.9005 Actually Requires
Part C, Subpart B of the budget provision requires three things of every 3D printer and CNC machine sold in New York:
First, the device must include "algorithms that scan your design files and block prints" that the algorithm identifies as producing major firearm components. This isn't a flag-and-review system — it's a block at the hardware level before the job runs.
Second, New York State will "create and maintain a library of forbidden files with tightly restricted access." The state government will maintain the list. A working group will define the technical requirements after the bill passes — and the EFF notes there are no peer review requirements built into that process. The people writing the standards after-the-fact will include manufacturers with obvious commercial incentives.
Third, all 3D printer sales must occur face-to-face. Online sales are prohibited.
The criminal liability provisions are in sections 2.10 and 2.11. Making it a felony to sell or distribute design files for major firearm components to someone who is not a federally and New York-licensed gunsmith. Also a felony to possess such files if you intend to print an illegal firearm, or to share them with someone you believe is ineligible.
Those definitions are doing a lot of work. "Intent" is hard to prove but easy to allege. And "major firearm components" is exactly the kind of term that expands over time.
The budget vote could happen within days. It's not a standalone gun-control bill with hearings and amendments — it's buried in an appropriations document.
California's AB-2047 Is Worse
New York's provision at least leaves the technical standards vague. California's AB-2047 is more specific, which makes it more alarming.
AB-2047 requires that California 3D printers run algorithms certified by the California Department of Justice. The DOJ sets the technical standards, certifies which algorithms are compliant, and maintains a database of banned blueprints that every printer must check against.
That's a federal-agency-certified surveillance system with a real-time query mechanism. Every time your printer evaluates a job, it's checking against a DOJ-maintained blacklist.
The enforcement provision is what distinguishes California's version from New York's. AB-2047 makes it a misdemeanor for device owners to disable, deactivate, or otherwise circumvent these mandated algorithms. That means using open-source firmware on your own printer is a crime. Flashing a different operating system to a device you bought and own is now a criminal act, because the DOJ-certified algorithm must remain in place and running.
The EFF describes this as "the most troubling" of the three state bills currently advancing. I agree, but for a reason the EFF is too polite to say directly: California's bill is a mechanism for giving a single state agency the permanent authority to decide what you are allowed to manufacture on hardware in your own home, with misdemeanor liability for anyone who modifies their machine to remove that authority.
Why the Technology Cannot Work
Here's the part that every lawmaker claiming to understand these bills should be forced to answer: how does the censorware distinguish between a 3D-printed lower receiver for an AR-15 and a 3D-printed guitar bridge?
Both are roughly rectangular objects with holes. Both are made from the same materials. The difference is intent and context, which a pattern-matching algorithm running on a file before print cannot determine.
The EFF puts it bluntly: "design files are trivially easy to modify, split into segments, or otherwise alter to evade pattern detection." Any number of post-print tricks can also defeat detection — you print something that looks like one thing and is assembled into another. AI-based detection would produce rapid increases in false positives, blocking lawful prints of legitimate objects, while the people actually trying to print illegal components would route around it within hours of the law taking effect.
This is not a theoretical vulnerability. It's how all pattern-based file detection works. People who make illegal firearms already know how to use hand tools, pipe fittings, and hardware-store parts — methods that predate 3D printing by a century and would continue working the day after this law passes.
What you're left with is a system that surveils everyone and stops no one with actual intent to do harm.
What the Surveillance Infrastructure Actually Creates
I want to be clear that my objection is not primarily to the ineffectiveness of the censorware. My objection is to the surveillance infrastructure itself, independent of whether it works.
If this legislation passes in New York, every print job you run on a compliant machine gets analyzed by an algorithm against a state-maintained list. That analysis happens. That data exists. The legal framework for state visibility into your manufacturing activity has been created.
What gets added to the forbidden list in 2027? In 2030? The working group that writes the standards after passage has "no peer review requirements." Manufacturers have commercial incentives to expand restrictions that force users toward proprietary filament, proprietary software, proprietary service contracts. That working group, created to write standards with no external accountability, is exactly the kind of regulatory capture setup that expands lists over time.
Once you have the infrastructure, the question of what belongs on the list becomes a political and commercial question rather than a technical one.
Makers will feel this first. Commercial prototyping operations second. Eventually anyone running a small manufacturing workflow on prosumer hardware. The chilling effect doesn't require prosecution — it requires uncertainty about what counts as a "major firearm component" and whether your design file for a receiver brace or a trigger guard happens to pattern-match against a prohibited design.
The California Problem Goes Deeper
California's criminalization of open-source firmware is the long-term threat I think is being underreported.
The right to run the software you choose on hardware you own is foundational to the right-to-repair movement, to security research, to hobbyist communities, to the entire culture of modifiable consumer electronics that produced most of the computing innovation of the last 30 years.
When you mandate that a device must run certified government-approved software and make it a crime to replace or modify that software, you are not just addressing 3D printers. You are establishing the legal principle that the government has the authority to mandate specific software on consumer devices and criminalize modification.
That principle, once established in California for 3D printers, is not going to stay there. The same logic applies to CNC mills, laser cutters, plasma cutters, metal lathes. Apply it upstream to the electronics that control those machines, and you have a framework for mandating government-certified firmware on any device that can be used to manufacture anything.
I am not predicting that California will immediately expand this to other categories of tools. I am saying that the legal precedent created by AB-2047 is far more dangerous than the bill itself, because it answers the question "can government mandate specific certified software on consumer manufacturing hardware and criminalize alternatives?" with yes.
What You Can Do
1. Contact your representative if you're in New York or California. The EFF has action tools at eff.org/action for both bills. The NY budget is moving fast — the vote could happen within days. A message from a constituent takes five minutes and matters more during an appropriations process than a form letter during a scheduled hearing.
2. If you use a 3D printer professionally or as a maker, document it. Public comment periods matter when agencies write implementation standards after bills pass. The strongest public comments come from people describing concrete, specific use cases — prototyping engineers, prosthetics designers, artists, small manufacturers — that would be directly affected by vague definitions of "major firearm components" or mandatory DOJ-certified firmware.
3. Know that this is a multi-state push, not a one-off bill. New York, California, and Washington are all advancing 3D printer restriction bills in 2026. The coordination suggests a national policy push. If it doesn't affect your state this year, watch for it next year.
4. Understand what criminal liability for information means. Section 2.11 of NY's S.9005 creates felony liability for possessing design files. A design file is information — the same kind of information as a written description, a diagram, a recipe. Criminal liability for possessing information is a meaningful departure from how the law has treated information, and the specific application here (3D printing) is the testbed for how far it can extend.
The Thing Nobody Wants to Say
New York and California cannot stop gun violence by surveilling 3D printers, because the people committing gun violence with illegal firearms are not primarily using 3D printers to make them. They are using stolen guns, trafficked guns, and converted semiautomatic weapons — supply chains that exist independent of desktop manufacturing technology.
The policy problem being addressed (ghost guns, illegal firearm components) is real. The mechanism being proposed (censorware on consumer hardware) does not address it. What it creates instead is a surveillance infrastructure covering an entire category of legal manufacturing equipment, a precedent for government-mandated certified software on consumer devices, new felony liability for information, and a forced migration of legitimate users toward proprietary locked-down hardware.
That's a lot to ask makers, engineers, and small manufacturers to accept in exchange for a policy that the government's own advisors would have to acknowledge, if pressed, has no credible enforcement path against the actual problem.
The people who write these bills know this. They're not stupid. What they're building is deniability — the ability to say they did something — plus infrastructure that outlasts the current political moment and will be inherited by whoever controls those agencies in ten years.
You own the hardware. For now, you also own what you run on it.
Sources: EFF — Stop New York's Attack on 3D Printing, EFF — Dangers of California's AB-2047, EFF — Print Blocking Won't Work, National Today / NYC — NY 3D Printer Surveillance Proposal, EFF — Stop New York's Censorware Mandate (Action Page)