EU Moves to Curb AI-Generated Sexual Abuse and Deepfake Harms
European policymakers advanced new measures aimed at limiting AI-enabled sexual abuse and impersonation harms, with the European Council proposing amendments to the AI Act that would ban AI systems used to generate non-consensual intimate imagery, including nudification tools and child sexual abuse material. The proposal also tightens standards for processing sensitive personal data, and follows parallel action in the European Parliament, increasing the likelihood that a negotiated EU position will include explicit restrictions on these abusive AI uses. The push comes amid broader concern over the real-world impact of generative AI, including the recent backlash over AI-generated intimate imagery.
Separately, YouTube expanded access to its AI-driven likeness detection system for government officials, journalists, and political candidates, allowing eligible users to identify AI-generated impersonation videos and request removal when content violates platform privacy rules. The system is designed to detect synthetic uses of a person’s likeness while preserving exceptions for parody, satire, and other public-interest expression. Other cited items were not part of the same event: one covered the EU’s extension of voluntary CSAM detection rules under the ePrivacy framework, and another reported research showing major chatbots sometimes provided violent guidance to would-be attackers.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
European Council proposes AI Act ban on nudification tools
The European Council released amendments to streamline the EU AI Act, including a ban on AI tools that generate non-consensual sexual and intimate content, including child sexual abuse material. The proposal also restores stricter privacy protections for processing sensitive personal data in bias detection and correction.
European Parliament approves similar ban on AI nudification
Before the Council’s latest proposal, the European Parliament had already approved a similar ban on AI nudification practices. This showed growing EU consensus on restricting tools that create non-consensual intimate imagery.
European Commission probes X and Grok over image generation concerns
Following the backlash over Grok-generated intimate images, the European Commission opened a probe into X and its Grok feature. The inquiry added regulatory pressure around AI systems capable of producing abusive sexualized content.
Backlash erupts over Grok-generated nonconsensual intimate images
Nonconsensual intimate images generated with Grok were widely shared online, prompting public backlash. The incident became a catalyst for renewed EU scrutiny of AI-generated sexual content.
European Commission proposes changes to EU AI Act implementation
The European Commission earlier proposed amendments to the EU AI Act that would delay some rules for high-risk AI systems and broaden exemptions for smaller companies. These earlier proposals set the stage for later Council amendments.
YouTube expands deepfake likeness detection pilot to public figures
YouTube expanded access to its AI-driven likeness detection system to a pilot group including government officials, journalists, and political candidates. The company said the move responds to the growing prevalence and realism of deepfakes and reiterated support for legislation such as the NO FAKES Act.
YouTube rolls out likeness detection to Partner Program creators
Before expanding the program further, YouTube had already introduced its AI-driven likeness detection system to creators in the YouTube Partner Program. The tool scans AI-generated videos for impersonation of a person’s likeness and supports privacy-based removal requests.
EDPB backs global privacy statement on AI-generated imagery
On 2026-02-23, EDPB Chair Anu Talus signed a joint Global Privacy Assembly statement on behalf of the European Data Protection Board addressing privacy risks from AI-generated images and videos of identifiable people. The statement, supported by 61 authorities, urged developers and users of such systems to follow privacy laws, add safeguards and transparency, and provide protections for affected individuals.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Europees Parlement achter verbod op uitkleed-apps, gaat voor de zomer in
nos.nl
Open sourceEuropean Council includes ban on nudification tools in its proposal for amending AI Act | The Record from Recorded Future News
therecord.media
Open sourceYouTube draws a line on deepfakes involving politicians and journalists - Help Net Security
helpnetsecurity.com
Open sourceAI-generated imagery and protection of privacy: EDPB supports joint Global Privacy Assembly’s statement | European Data Protection Board
edpb.europa.eu
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
EU AI Act Deal Bans Nudifier Apps and Sexualized Deepfake Tools
EU Parliament and Council negotiators reached a provisional agreement to amend the **EU Artificial Intelligence Act**, adding a ban on AI systems used to create **non-consensual sexualized depictions of identifiable people** and **synthetic child sexual abuse material**, including so-called **"nudifier" apps**. The deal also advances related transparency rules by setting watermarking obligations for AI-generated content to **2 December 2026**, while the new ban would also take effect on that timeline if formally adopted. The agreement still requires final approval by both Parliament and the Council. The package also delays several AI Act compliance deadlines and simplifies parts of the regime under the EU's digital omnibus effort. Obligations for standalone high-risk AI systems would move to **2 December 2027**, while AI used as safety components in products covered by sectoral safety laws would shift to **2 August 2028**. Negotiators also narrowed some machinery-related requirements, allowed limited use of sensitive personal data to detect and correct algorithmic bias, extended certain SME exemptions to small mid-cap firms, and centralized enforcement for some general-purpose AI systems through the **EU AI Office**.
Jun 8, 2026
Global privacy regulators warn generative AI firms over nonconsensual realistic images
A coalition of **more than 60 data protection authorities from 61 countries** issued a joint warning to developers and deployers of generative AI image/video systems, emphasizing that **privacy and data protection laws apply** when tools can create realistic depictions of identifiable people. Regulators cited risks including **nonconsensual intimate imagery**, **defamatory depictions**, cyberbullying, and heightened harms to **children and other vulnerable groups**, and called for **robust safeguards by design** and proactive engagement with regulators. The warning followed public backlash and regulatory scrutiny tied to **xAI’s Grok** generating and sharing large volumes of “nudified” images of real people; reporting also noted that the **UK ICO** and **Ireland’s DPC** opened formal probes into xAI over alleged creation of sexual images without consent. Separately, the UK government signaled tougher enforcement on platforms hosting intimate images shared without consent, including a requirement to remove such content within **48 hours** or face significant penalties, reinforcing the broader regulatory direction toward faster takedowns and stronger controls around AI-enabled image abuse.
Mar 21, 2026
European Concerns Over US Tech Dominance and AI-Driven Deepfake Abuse
A senior Belgian cybersecurity official has warned that Europe is critically dependent on US technology giants for its digital infrastructure, making it nearly impossible to store data entirely within the EU. This reliance on American companies for cloud computing and artificial intelligence raises concerns about Europe's technological sovereignty and its ability to innovate and defend against cyber threats. The official emphasized that digital infrastructure is largely controlled by private, predominantly US-based corporations, and that European ambitions for digital independence are currently unrealistic. Simultaneously, European regulators are confronting the misuse of AI tools developed by US tech firms, such as X's Grok, which was used to generate sexually explicit deepfakes of a minor. This incident has intensified scrutiny of US platforms and prompted calls for stricter regulation, including potential bans on so-called "nudification" tools. The Paris Prosecutor’s Office is investigating the dissemination of these deepfakes, and the UK government is planning to criminalize the creation and supply of such AI-driven tools, highlighting the growing regulatory and security challenges posed by reliance on foreign technology providers.
Mar 21, 2026