The Federal Trade Commission activates enforcement of the TAKE IT DOWN Act on May 19, 2026, marking the end of the one-year grace period granted to digital platforms after the law was signed by President Donald Trump. As of today, websites and online services are required to remove nonconsensual deepfake media within 48 hours after a victim’s notice, or risk fines and FTC investigation.
The law, formally titled the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act, represents the first federal framework in the United States directly targeting the distribution of non-consensual intimate imagery, including AI-generated deepfakes. Congress passed the legislation on April 28, 2025, and the President signed it into law on May 19, 2025, with criminal prohibitions taking effect immediately and platforms receiving one year to establish the required notice-and-removal process.
What the Law Requires
The compliance obligations now active are specific and operationally demanding. Upon receiving a valid takedown request, platforms must remove the content within 48 hours and make reasonable efforts to remove known copies. A valid request must include the individual’s signature, sufficient information to locate the content, a good-faith statement confirming the depiction was not consensual, and the individual’s contact information.
A covered platform is defined as a website, online service, online application, or mobile application that serves the public and either primarily provides a forum for user-generated content or publishes, curates, hosts, or makes available content of nonconsensual intimate visual depictions in the regular course of trade or business. Providers of broadband access, email services, and platforms whose content is primarily preselected and not user-generated are excluded.
The scope of criminal liability under the Act is broad. The Act makes it unlawful for an individual to use an interactive computer service to knowingly publish either an intimate visual depiction or a digital forgery of an identifiable individual. Violators may face fines and imprisonment of up to three years.
FTC Signals Aggressive Enforcement Posture
In the days leading up to today’s compliance deadline, the FTC moved to put the industry on notice. FTC Chairman Andrew Ferguson sent formal warning letters to more than a dozen major platforms, including Meta, Apple, Microsoft, TikTok, Reddit, Snapchat, and X, signaling the agency’s intent to actively investigate and enforce the law.
The FTC is also recommending that companies implement hashing technologies to prevent the reappearance of intimate content already removed from their platforms and share their findings with nonprofits like the National Center for Missing and Exploited Children and StopNCII.org to track content across other parts of the internet.
Civil penalties are not nominal. Violations are treated as unfair or deceptive trade practices under the FTC Act, with civil penalties of up to $53,088 per violation. Given that content of this nature can proliferate across multiple platforms rapidly, per-violation exposure could accumulate to material sums for non-compliant operators.
An Unresolved Landscape
Despite the law’s passage with near-unanimous Congressional support, early monitoring of platform behaviour has revealed gaps. Researchers observed that some platforms had yet to provide a protocol to handle requests under the Act, while others added instructions for removal requests but showed little evidence of substantial deletions.
Civil liberties groups have also flagged structural risks in the enforcement model. Organizations including the Electronic Frontier Foundation have pointed out that malicious actors could weaponize takedown requests as a tool to suppress legitimate speech, similar to problems observed with Digital Millennium Copyright Act enforcement. The law requires that takedown requests be made in good faith but provides limited mechanisms to challenge improper requests.
The FTC’s posture in its first round of enforcement actions will set the tone for how the industry sizes its compliance obligations going forward. Platforms that have not yet implemented functional notice-and-removal systems now face the immediate risk of investigation, civil penalty proceedings, and reputational exposure.
Global Implications
For multinational technology companies operating across jurisdictions including South Africa and the broader African continent, the TAKE IT DOWN Act adds a further compliance layer to an already complex content moderation environment. Platforms operating in African markets typically route through US-incorporated entities and will be required to extend TAKE IT DOWN compliance to their global moderation pipelines. This intersects directly with South Africa’s Protection of Personal Information Act and emerging regulatory expectations from the Information Regulator, which has been increasing scrutiny of how platforms handle harmful and non-consensual content involving South African users.
Parallel to US efforts, the UK began enforcement of the Online Safety Act in March 2025, tightening the compliance corridor for global platforms from both sides of the Atlantic simultaneously. African regulators watching both frameworks are likely to draw on enforcement precedents as they develop their own digital content obligations.
The compliance window is now closed. Platforms that treated the May 19, 2026 deadline as a distant planning target will spend the coming weeks in reactive mode, while those that built functioning systems will define the new operational standard.
