The TAKE IT DOWN Act has now come into effect, imposing a requirement on online platforms to remove nonconsensual intimate imagery, including AI-generated deepfakes, within 48 hours of receiving a valid report.
This new deadline turns what has become one of the most pervasive forms of online abuse into a test of website operators’ compliance response times.
The Federal Trade Commission (FTC) began enforcing the law’s notice-and-removal requirement on May 19, 2026. Covered platforms are responsible for providing users with a process to request that intimate photos or videos shared without their consent be taken down.
Once a platform receives a valid request, it must remove the offending content and any known identical copies within 48 hours. The law covers real images and videos, digitally altered images, and deepfakes created with artificial intelligence.
In a press release announcing enforcement of the new law, FTC Chairman Andrew Ferguson said, “In the age of AI, anyone can be targeted, and that becomes even more appalling if children are involved. The TAKE IT DOWN Act empowers families and provides the FTC with an effective tool to protect minors against this form of abuse.”
What the TAKE IT DOWN Act Requires From Platforms
The TAKE IT DOWN Act applies to platforms that host user-generated content, including social media, messaging, and image or video-sharing apps and sites.
The FTC says those platforms must give their users a clear way to ask for the removal of nonconsensual intimate imagery. When a platform receives a valid request, it must act within the 48-hour window. If a platform violates the law by failing to act, it may face FTC enforcement and civil penalties of $53,088 per violation.
Users can report websites that fail to respond to removal requests or don’t give users a way to submit them at TakeItDown.ftc.gov.
In guidance posted on its Business Blog, the agency says it is “actively monitoring compliance, investigating violations, and holding platforms accountable when they fail to protect people—especially children—from this harmful abuse.”
As platforms begin to make changes to comply with the new law, they’ll have to do more than just delete a single post. They’ll need to create intake forms, conduct consent reviews, handle internal escalations, track deadlines, detect duplicates, and maintain records showing they’ve acted on requests in a timely manner.
Since websites haven’t been required to have these processes in place until now, these deepfake takedowns are likely to be a product and operations challenge for them. That’s because the law won’t work if platforms hide the removal process behind confusing help menus, ask for unclear documentation, or route urgent requests to a generic moderation queue.
The 48-Hour Deepfake Deadline Changes the Platform Incentive
Before the TAKE IT DOWN Act gave websites a deadline to scrub their platforms of nonconsensual intimate imagery, a slow response could expose them to public criticism, user distrust, and, in some cases, state-level legal pressure.
A 2024 audit study of deepfakes on X showed how uneven the response was before the new federal deadline. Researchers uploaded 50 AI-generated nude images of fictional personas and reported half through X’s nonconsensual nudity process and half through copyright claims under the Digital Millennium Copyright Act.
All 25 DMCA reports led to successful removal within 25 hours, while none of the 25 nonconsensual nudity reports led to removal during the three-week observation period. The researchers said their findings showed a need for targeted legislation regulating nonconsensual intimate media removal online.
With a federal 48-hour clock in place, things could change because platforms now face a much more direct compliance risk. If they receive a valid request and don’t act, that delay could turn into a federal enforcement issue. Websites can no longer treat deepfake takedown requests as routine complaints for staff to review whenever they get around to them. They now need systems that flag cases quickly, send them to trained reviewers, and track the deadline from the moment they receive a valid request.
The takedown process will become much more predictable for victims whose images can spread across accounts, group chats, forums, repost pages, and image-hosting services before they even know what’s happening. A platform’s vague promise to review a victim’s report isn’t enough when harm can multiply so quickly. The deadline changes that, giving victims a clear timeline for when a platform is expected to act and a way to report them if they don’t.
Deepfake Takedowns Get Messier Once Images Spread
The law’s known-identical-copies requirement addresses one of the most frustrating parts of image-based abuse: the same content can appear over and over again after the first post is taken down. Under the new law, if platforms know about identical copies, they must remove those, too.
However, things can get complicated when the image isn’t an exact copy. That’s because deepfake abuse rarely stays in a neat package. A deepfake can be cropped, compressed, screenshotted, captioned, or regenerated in a slightly different form, leaving platforms to decide whether the new version is close enough to the original abuse to remove.
AI tools can generate new versions that look a lot like the original deepfake without producing an identical file. If a platform’s system is built to detect exact duplicates, altered versions that cause harm could still fall through the cracks.
That makes the test for websites much harder than the law’s language suggests. It may be easy to remove the first reported item, but finding copies across a large platform will require content-matching tools, moderator coordination, and a way to connect new reports to earlier removals. Handling near-duplicates requires more judgment, as platforms must decide when an altered image is close enough to count as the same abuse pattern.
Smaller platforms that don’t have the trust-and-safety staff and technical resources of larger websites may receive fewer reports, but they may have a harder time responding quickly and documenting compliance.
False Positives Are the Risk With a Tight Deadline
The same deadline that victims can use to push platforms to take down content shared without their consent could also encourage over-censorship on those platforms, free speech groups argue.
When companies face penalties for leaving illegal content online, they may decide that removing any material that seems questionable is less risky than taking the time to verify it. That incentive is even bigger when there’s a short deadline and stiff penalties for noncompliance.
Public Knowledge, a digital rights advocacy group, said the Act addresses a “real and urgent problem” involving nonconsensual intimate imagery, including synthetic and AI-generated content, but warned that its takedown system “lacks essential safeguards to prevent abuse and censorship.”
The Electronic Frontier Foundation raised similar concerns, saying “Although this provision is designed to allow NCII [nonconsensual intimate imagery] victims to remove this harmful content, its broad definitions and lack of safeguards will likely lead to people misusing the notice-and-takedown system to remove lawful speech.”
The law requires platforms to balance the needs of victims who need a fast takedown process that doesn’t force them to fight the same image repeatedly with those of other users who need safeguards against mistaken or abusive requests.
The TAKE IT DOWN Act has put platforms on a 48-hour clock. How effective it is will depend on design choices users may only notice when something goes wrong. That includes where the report button appears, how the form explains consent, how quickly the platform responds, and whether the system can find copies before the content spreads again.
Deepfake safety now has a deadline, but it’ll be up to individual platforms to prove they can meet it without creating a takedown system that infringes on users’ rights.
