Beginning 1 September, we will need to geoblock Mississippi IPs

Is there even such a thing as a "Mississippi IP?"

I.E. Are US ISPs, particularly big ones like Comcast, required to geolocate ISPs to the state where the person is actually in? What about mobile ones?

Where I live (not US), it is extremely common to get an IP that Maxmind geolocates to a region far from where you actually live.

GeoIP services are not 100% accurate, but that doesn't mean they're completely useless.

The law in question requires "commercially reasonable efforts"

I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?

Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.

It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.

If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.

Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.

Completely agree. If someone starts, says a whiskey tasting club, they can easily weed out minors by checking for a government issued ID at the door. It is free, scalable and provided by the government. If the government want hobbyists to do age verification online then they should provide a solution that is 100% free AND easy to implement.