Full Report
U.S. legislation to criminalize non-consensual intimate images, videos and deepfakes has passed Congress with the overwhelming support of both parties, and even social media companies have voiced support for the bill. The Take It Down Act – short for the bill’s full title, “Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act” – also creates processes and requirements for removing non-consensual intimate imagery (NCII) within 48 hours of notification by victims. But some critics say the legislation, while well intended, doesn’t do enough to ensure that it won’t be misused to suppress lawful speech. The bill is awaiting President Donald Trump’s signature, but as both he and First Lady Melania Trump have voiced support for the bill, it is expected to become law. Take It Down Act Provisions The bill, which takes aim at revenge porn and other malicious or harmful uses of intimate images, would make it a federal crime to knowingly share – or threaten to share – non-consensual intimate images, including deepfakes generated by AI. Penalties include fines and imprisonment of up to two years for offenses involving adults, and imprisonment of up to three years for those involving minors. Online platforms would be required to remove NCII within 48 hours of notification by victims. In an effort to restrict abuses of the law, it excludes content that is a “matter of public concern,” commercial pornography, and materials used for legitimate purposes such as medical uses, law enforcement, national security and legal cases. Some Say Law Needs More Protections Against Misuse Some advocacy groups fear the law as written could be abused to remove lawful speech, among other concerns. The Electronic Frontier Foundation (EFF) said the law gives “the powerful a dangerous new route to manipulate platforms into removing lawful speech that they simply don't like.” “The takedown provision in TAKE IT DOWN applies to a much broader category of content—potentially any images involving intimate or sexual content—than the narrower NCII definitions found elsewhere in the bill,” EFF said in a statement. “The takedown provision also lacks critical safeguards against frivolous or bad-faith takedown requests. Services will rely on automated filters, which are infamously blunt tools. They frequently flag legal content, from fair-use commentary to news reporting. The law’s tight time frame requires that apps and websites remove speech within 48 hours, rarely enough time to verify whether the speech is actually illegal. As a result, online service providers, particularly smaller ones, will likely choose to avoid the onerous legal risk by simply depublishing the speech rather than even attempting to verify it.” EFF said the law “pressures platforms to actively monitor speech, including speech that is presently encrypted. The law thus presents a huge threat to security and privacy online.” The Cyber Civil Rights Initiative (CCRI) welcomed the criminalization of non-consensual distribution of intimate images (NDII), but echoed EFF’s concerns about the takedown provisions. “While we welcome the long-overdue federal criminalization of NDII, we regret that it is combined with a takedown provision that is highly susceptible to misuse and will likely be counter-productive for victims,” CCRI said. CCRI also took exception to a provision “that would seemingly allow a person to disclose intimate images without consent” if the disclosing person also appears in the image. The group said it has “serious concerns about the constitutionality, efficacy, and potential misuse” of the Act’s notice and removal provision: “While we wholeheartedly support the expeditious removal of nonconsensual intimate content and have long called for increased legal accountability for tech platforms that choose to distribute unlawful content, CCRI objects to the notice and removal provision because it is (1) unlikely to accomplish these goals and (2) likely to be selectively and improperly misused for political or ideological purposes that endanger the very communities most affected by image-based sexual abuse.” Unlike the Digital Millennium Copyright Act (DMCA), the Take It Down Act fails to include safeguards against false reports, CCRI said.
Analysis Summary
# Regulation/Compliance: Take It Down Act (Proposed Legislation)
## Overview
The "Take It Down Act" is proposed legislation focused on enabling the expedited removal of non-consensual intimate images (NDII) and potentially other objectionable content from online platforms. A major concern surrounding the bill is that its broad scope and lack of safeguards (like those in the DMCA) may pressure platforms into over-censoring or monitoring encrypted content to avoid legal risk, threatening user privacy and security. The Act is also criticized for a provision that might allow the disclosure of intimate images even without consent if the disclosing person also appears in the image.
## Key Details
- Issuing Authority: Likely **U.S. Federal Government/Congress** (as it is an "Act" expected to become law).
- Effective Date: **Not specified** in the provided text, but it is **Expected To Become Law**.
- Jurisdiction: **U.S. jurisdiction** (implied by the context of federal legislation and existing U.S. law references like the DMCA).
- Status: **Proposed** (Expected to become law).
## Requirements
### Mandatory Requirements
1. **Expedited Content Removal:** Platforms will likely be mandated to remove non-consensual intimate images (NDII) upon receipt of a valid notice, mirroring requirements seen in other takedown regimes.
2. **Criminalization of NDII Distribution:** The Act criminalizes the non-consensual distribution of intimate images (a separate but paired element mentioned).
### Recommended Practices
*Note: The text details significant concerns rather than established best practices, as the law is still pending. The following reflect actions required to avoid legal scrutiny under the draft mandate.*
1. **Review Takedown Policy for False Reports:** Organizations should proactively develop internal procedures to mitigate risks associated with false reporting, as the Act reportedly *fails to include safeguards against false reports* (unlike the DMCA).
2. **Assess Liability for Encrypted Content:** Organizations must determine their monitoring obligations regarding speech contained within encrypted communications, as the law is stated to *pressure platforms to actively monitor speech, including speech that is presently encrypted*.
## Affected Organizations
- Industries: **Online Platforms and Technology Companies** that host, distribute, or transmit user-generated content.
- Organization Size: Concerns are particularly raised about the impact on **smaller platforms** who might choose content removal ("depublishing") over verifying content to avoid legal risk.
- Geographic Scope: **U.S. entities** subject to federal legislation, and potentially international platforms hosting U.S. users' content.
## Compliance Timeline
- **Compliance Timeline:** Not explicitly detailed in the excerpt. Compliance will be mandatory upon the Act's enactment and subsequent effective date. Organizations are advised to prepare immediately due to implementation concerns.
## Implementation Guidance
### Assessment Phase
- **Review Current Takedown Procedures:** Compare existing notice and removal provisions against the known goals of the Take It Down Act, specifically focusing on NDII handling.
- **Evaluate Encryption Policy:** Assess the risk exposure related to monitoring or removing content distributed over presently encrypted channels.
### Implementation Phase
- **Establish NDII Handling SOPs:** Develop and implement standard operating procedures for the swift resolution of NDII complaints.
- **Address Constitutional Concerns:** Determine the organization's stance regarding a potential provision that "would seemingly allow a person to disclose intimate images without consent" if they also appear in the image.
### Validation Phase
- **Internal Audits:** Conduct mock reviews of the takedown process to ensure compliance with expedited removal mandates.
- **Legal Review:** Have terms of service and policies vetted against potential constitutional challenges or misuse susceptibility noted by civil rights groups.
## Technical Requirements
*The provided article does not list specific technical controls, but implies requirements related to content identification and removal.*
1. **Content Identification/Hashing:** Need mechanisms to swiftly identify and remove prohibited intimate material, although the lack of DMCA-style safeguards complicates this.
2. **Monitoring (Controversial):** The legislation pressures platforms to monitor speech, which inherently requires technical capabilities to probe or analyze content, including *encrypted* communications, posing severe security and privacy challenges.
## Penalties & Enforcement
- Fines: **Not specified** in the excerpt.
- Other Consequences: **Legal Risk/Liability** for distributing unlawful content; potential pressure leading to **over-censorship and depublishing** of lawful speech.
- Enforcement: Implied enforcement through **legal accountability for tech platforms** distributing unlawful content.
## Related Standards
- **DMCA (Digital Millennium Copyright Act):** Explicitly referenced as a contrast; the Take It Down Act *fails to include safeguards against false reports* found in the DMCA.
## Resources
- Official Documentation: The **Take It Down Act (S. 146)** (Reference link provided in CCRI statement: `cybercivilrights.org/ccri-statement-on-the-passage-of-the-take-it-down-act-s-146/`).
- Guidance Documents: Statements from the **EFF** and **CCRI** regarding privacy, security, and misuse concerns.
- Tools: Not specified.
## Practical Recommendations
1. **Advocate or Prepare for Due Process:** Since civil rights groups are concerned about misuse and lack of safeguards against false reports, organizations should actively lobby for balancing amendments or prepare robust internal appeals/verification processes.
2. **Prioritize Privacy by Design:** Given the threat to monitoring encrypted speech, organizations relying heavily on end-to-end encryption must urgently review how the Act might force fundamental changes to their security architecture.
3. **Harm Prevention Focus:** While criminalizing NDII is welcomed, organizations must adopt policies that aggressively protect victims while simultaneously guarding against legitimate speech being suppressed due to fear of ambiguous liability.