FTC Enforces 48-Hour Takedown Rule for Nonconsensual Deepfakes
The Federal Trade Commission said it will begin enforcing a key provision of the Take It Down Act on May 19, requiring covered websites and online services to remove reported nonconsensual intimate imagery and AI-generated deepfake content within 48 hours. FTC Chair Andrew Ferguson notified major platforms including Meta, Google, and X that failures to comply can trigger investigations and civil penalties of up to $53,088 per violation, and said companies must publish clear removal policies and provide accessible reporting channels, including for people who do not have accounts.
The requirement applies broadly across websites, apps, social media, image and video sharing services, and gaming platforms. The FTC also urged companies to use hashing technologies and coordinate with groups such as the National Center for Missing and Exploited Children and StopNCII.org to prevent removed material from being reuploaded. Supporters said the enforcement regime gives the law real consequences for noncompliance, while civil liberties and policy experts warned the short deadline and steep fines could lead platforms to over-remove legitimate content or create openings for bad-faith complaints.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
FTC launches TakeItDown.ftc.gov complaint portal
The FTC launched TakeItDown.ftc.gov to collect victim complaints related to nonconsensual intimate imagery and AI-generated explicit content. The portal is intended to support enforcement of the Take It Down Act against platforms that fail to comply with removal requirements.
FTC warns 12 tech firms over alleged Take It Down Act noncompliance
The FTC said it sent warning letters to 12 major technology companies it believes are not complying with the Take It Down Act's requirements for accessible removal requests and timely deletion of nonconsensual intimate imagery. The agency urged immediate compliance and reiterated recommendations such as hashing duplicate content and providing victims with clear notices and request tracking numbers.
FTC to begin enforcing Take It Down Act removal requirement
The FTC said it will begin enforcing a key provision of the Take It Down Act on May 19, requiring covered websites and online services to remove reported nonconsensual intimate imagery and AI-generated deepfake media within 48 hours. Noncompliant platforms may face investigations and civil penalties of up to $53,088 per violation.
FTC notifies major platforms of Take It Down Act enforcement expectations
FTC Chair Andrew Ferguson notified major technology companies, including platforms such as Meta, Google, and X, that covered services must provide accessible reporting mechanisms and clear removal policies for nonconsensual intimate imagery and deepfake content. The FTC also encouraged use of hashing tools and coordination with groups such as NCMEC and StopNCII.org to prevent reuploads.
UK moves to require removal of abusive intimate images within 48 hours
UK authorities announced plans to force social media platforms to remove abusive intimate images within 48 hours. The measure represents a separate regulatory development from the later FTC enforcement actions in the United States.
President Trump signs Take It Down Act into law
The White House announced that President Trump signed the Take It Down Act into law, establishing the federal legal basis for later FTC enforcement against platforms hosting nonconsensual intimate imagery and AI-generated explicit deepfakes.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
10 references tracked. Mallory keeps watching after this page renders.
FBI agent explains how easy it is to ID people posting AI porn without consent - Ars Technica
arstechnica.com
Open sourceTAKE IT DOWN Act Drives FTC Push Against Explicit AI Content
thecyberexpress.com
Open sourceFTC Sends Warning Letters to Companies About Compliance with the TAKE IT DOWN Act | Federal Trade Commission
ftc.gov
Open sourceFTC warns 12 major tech firms of violating Take It Down Act | The Record from Recorded Future News
therecord.media
Open sourceHere’s how the FTC plans to enforce the Take It Down Act | CyberScoop
cyberscoop.com
Open sourceFTC Chairman Ferguson Advises Companies to Comply with the Take It Down Act | Federal Trade Commission
ftc.gov
Open sourceUK to force social media to remove abusive pics in 48 hours
theregister.com
Open sourceICYMI: President Trump Signs TAKE IT DOWN Act into Law - The White House
whitehouse.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
UK Mandates 48-Hour Takedown of Nonconsensual Intimate Images
The UK government announced an amendment to the *Crime and Policing Bill* that would require online platforms to remove **nonconsensual intimate images** within **48 hours** of being flagged, with penalties for noncompliance including fines of up to **10% of qualifying worldwide income** and potential **service blocking in the UK**. The proposal would also make creating or sharing such material a **“priority offence”** under the **Online Safety Act**, elevating it to a level of enforcement comparable to child sexual abuse material and terrorism content. The policy is intended to reduce the burden on victims by enabling a **single report** to trigger takedowns across multiple platforms and to prevent re-uploads via **digital marking** (hashing/fingerprinting) so reposted content can be automatically detected and removed. The announcement follows public backlash over xAI’s **Grok** chatbot generating “nudified” sexualized images, and comes amid increased scrutiny by **Ofcom**, with the government also indicating it will publish guidance for internet providers on blocking access to sites hosting this content, including “rogue” sites potentially outside the Online Safety Act’s direct reach.
Apr 10, 2026
Deepfake Impersonation and Legislative Response in the United States
The FBI has reported ongoing campaigns in which unknown actors use AI-powered voice cloning and deepfake technologies to impersonate senior U.S. government officials, including members of Congress and Cabinet-level leaders. These impersonators initiate contact via SMS and then move conversations to encrypted messaging apps such as Signal, WhatsApp, and Telegram, leveraging AI voice cloning to convincingly pose as high-level officials. The FBI's updated assessment reveals that these activities have been occurring since at least 2023, targeting not only officials but also their family members and acquaintances, with the intent to extract sensitive information or perpetrate scams. In response to the growing threat of malicious deepfakes, the U.S. government has enacted the Take It Down Act, one of the first major federal laws specifically targeting the spread of nonconsensual AI-generated deepfake pornography. The law criminalizes the publication of such content, mandates its removal within 48 hours upon notification, and empowers the Federal Trade Commission to enforce compliance. The U.S. Sentencing Commission is now seeking public input on sentencing guidelines, proposing penalties of up to two years' imprisonment for adults and three years for minors, reflecting the seriousness with which lawmakers are treating the misuse of deepfake technology for harassment and abuse.
Mar 21, 2026
US, France, and Italy Seize Deepfake Porn Sites CFAKE and SOCFAKE
U.S. authorities seized the domains **CFAKE.com** and **SOCFAKE.com**, alleging the sites published thousands of non-consensual sexually explicit deepfake images and videos of women, including celebrities, politicians, journalists, athletes, and royalty. The action was carried out by the Departments of Justice and Homeland Security under the **TAKE IT DOWN Act**, a 2025 law that criminalizes unauthorized publication of sexually explicit digital forgeries. Officials said the platforms hosted abusive content categories such as “rape,” “forced,” and “degradation,” and described the operation as a major effort to stop psychologically harmful exploitation of victims. The takedown followed a multinational investigation that began after Italy’s **Polizia di Stato** alerted U.S. authorities and expanded through evidence sharing with France under the **Budapest Convention on Cybercrime**. In a parallel French case, police in Nice arrested a 47-year-old French national accused of serving as a CFAKE administrator and seized site-related computer equipment along with more than **$48,000 in Ethereum**. French investigators linked the platform to roughly **300,000 images**, **7,000 videos**, **14,000 depicted individuals**, about **200,000 user accounts**, and nearly **4 million monthly views**, underscoring the scale of the alleged abuse network.
Jun 15, 2026