On May 19, 2026 — now just 46 days away — the compliance deadline for the TAKE IT DOWN Act takes effect, requiring all "covered platforms" to have established clear, accessible processes for individuals to report and request removal of nonconsensual intimate visual depictions, including AI-generated deepfakes. Platforms must remove flagged content within 48 hours of a valid request and take down all known identical copies.

Why It Matters

The TAKE IT DOWN Act represents the first federal law specifically criminalizing nonconsensual deepfake pornography and mandating platform takedown processes. Its May 19 compliance deadline arrives amid an unprecedented wave of deepfake regulation: the DEFIANCE Act passed the Senate unanimously in January, the EU banned nudification apps in March, and multiple state laws have been enacted. For adult content platforms, the 48-hour takedown requirement with FTC enforcement creates a compliance burden that could reshape operational models. For sex tech companies and creator economy platforms, the Act's broad definition of "covered platforms" means even peripheral players may need takedown infrastructure.

The TAKE IT DOWN Act (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act) was signed into law by President Trump on May 19, 2025, with a one-year runway for platform compliance. The Act's criminal provisions — making it a federal crime to knowingly publish or threaten to publish nonconsensual intimate imagery, punishable by fines and up to two years imprisonment — took effect immediately upon signing. The May 2026 deadline applies specifically to the platform-side notice-and-removal obligations enforced by the FTC.

"Covered platforms" is broadly defined to include any public website, online service, application, or mobile app that either primarily provides a forum for user-generated content or is primarily designed to publish nonconsensual intimate visual depictions. This sweeps in not just social media giants and adult content platforms but potentially any site with user uploads — dating apps, messaging services, image hosting sites, and AI-generated content platforms.

The 48-hour removal window is aggressive by industry standards. Content moderation experts note that identifying "known identical copies" across a platform requires hash-matching infrastructure that many smaller platforms have not yet built. For adult content platforms already under Mastercard and Visa content compliance requirements, the TAKE IT DOWN Act adds yet another layer of mandatory content moderation with federal enforcement teeth.

Sources

Update — 2026-04-03

Initial entry — story first created.

Update — 2026-04-08

Forty-one days and counting. The TAKE IT DOWN Act's May 19, 2026 platform compliance deadline is now less than six weeks away, and multiple legal analyses published this week emphasize the breadth of the requirement. Holland & Knight and the Consumer Financial Services Law Monitor both noted that the Act's definition of "covered platforms" sweeps broadly — encompassing any site that hosts user-generated content, not just social media or adult platforms. Dating apps, AI content generators, messaging services with image sharing, and even e-commerce sites with user reviews could fall within scope. The FTC is empowered to enforce non-compliance as a deceptive or unfair practice, creating a federal-level enforcement mechanism that runs parallel to (and in some cases overlaps with) state deepfake laws. For adult content platforms already managing Visa/Mastercard compliance, DSA obligations in the EU, and Australia's Online Safety Act requirements, the TAKE IT DOWN Act adds another 48-hour takedown mandate with federal teeth. Platforms should be auditing their reporting tools, moderation workflows, and hash-matching infrastructure now if they haven't already started.

New Sources

Update — 2026-04-09

The TAKE IT DOWN Act just drew first blood. On April 7, 2026, James Strahler II, 37, of Columbus, Ohio became the first person in the nation convicted under the Act's criminal provisions. Strahler pleaded guilty to three federal counts: cyberstalking, producing obscene visual representations of child sexual abuse material, and publication of digital forgeries — the Act's term for nonconsensual deepfake pornography. Between December 2024 and June 2025, Strahler used over 100 AI models to create pornographic videos of at least six adult women and distributed them to their coworkers. He also used faces of local minor boys to generate explicit material, posting hundreds of images to child sexual abuse websites. Investigating agencies included the Hilliard Police Department, the Delaware County Sheriff's Office, and Maryland's AI and Synthetic Media Threats Task Force. U.S. Attorney Dominick S. Gerace II stated his office will use "every tool at our disposal" to prosecute those using AI to intimidate others. First Lady Melania Trump, who championed the legislation, called the conviction proof that the law "provides a strong legal mechanism to protect innocent victims from cybercrimes." Strahler is awaiting sentencing — the Act carries up to two years for adult victims and three years when minors are involved. With the May 19 platform compliance deadline now just 40 days away, the conviction sends a clear signal that federal prosecutors intend to use the Act aggressively.

New Sources

Update — 2026-05-02

T-17 days. With the May 19, 2026 platform compliance deadline now 17 days out, legal advisory firms are issuing final-stretch guidance to platform operators that have not yet built notice-and-takedown infrastructure. Latham & Watkins, Skadden, and ZwillGen have each published compliance checklists in the past two weeks emphasizing three operational gaps that disproportionately catch mid-tier platforms: (1) a working public-facing intake URL or email address that the FTC will treat as a "valid" report channel; (2) hash-matching infrastructure capable of identifying "known identical copies" across the platform within 48 hours of a single takedown request, not just removing the reported instance; and (3) documented internal escalation procedures showing the platform can produce evidence of compliance if FTC audits.

Among adult content platforms, OnlyFans has already publicly disclosed expanded deepfake takedown infrastructure tied to its April 2026 zero-tolerance policy overhaul, and Pornhub/Aylo's content moderation changes since the Mastercard 2021 requirements have positioned it relatively well for compliance. Smaller adult platforms — fan-club sites, niche subscription platforms, image hosts — face the most acute compliance risk. Mainstream platforms (Meta, Google, X, Reddit) all have existing intimate-image takedown systems but have not all publicly confirmed 48-hour SLAs. Notably, Section 230 does not provide a defense to TAKE IT DOWN Act takedown obligations: the Act expressly preempts that immunity for in-scope content.

The first conviction under the criminal provisions (James Strahler II, April 7, awaiting sentencing May 11) and the FTC's pending enforcement readiness suggest the May 19 deadline will not be a soft launch. Expect FTC test cases against non-compliant covered platforms within the first 30-90 days post-deadline.

New Sources

Update — 2026-05-08

T-11 days. With the May 19 federal compliance deadline now eleven days out, two adjacent shoes have dropped this week that change the field for covered platforms. First, Utah's HB 276 — the Digital Voyeurism Prevention Act — took effect May 6, beating the federal Act to live operation by 13 days and adding a perceptual-hash-matching requirement plus an image-provenance metadata mandate that the federal TAKE IT DOWN Act does not impose. Platforms that built only to the federal floor must now layer on the Utah-specific obligations or geo-block Utah users, with Wyoming HB 102's July 1 effective date queued behind it. Second, Pennsylvania AG Dave Sunday filed suit against Character.AI on May 5 over chatbots impersonating doctors, signaling that state attorneys general intend to use both deepfake-takedown statutes and adjacent licensing/consumer-protection laws to pressure AI-companion and image-generation platforms.

Industry operational context: XBIZ Miami opens May 11 — eight days before the federal deadline — and the regulatory and payment-processing programming is expected to dominate the agenda. Adult-platform compliance officers arrive in Miami with active deliverables due during or immediately after the show. Strahler's sentencing under the criminal provisions of the Act is also scheduled for May 11, the same day XBIZ Miami opens, which will likely produce the first concrete sentence-length data point under the new law and frame how prosecutors will use the Act going forward.

New Sources

Update — 2026-05-14

Five days out. On May 13, 2026, FTC Chairman Andrew Ferguson sent formal compliance reminder letters to fourteen of the largest covered platforms — Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, and X — explicitly putting them on notice ahead of the May 19 platform deadline. The letters stated that the FTC "stands ready to monitor compliance, investigate violations, and enforce the Take It Down Act." Civil penalties cap at $53,088 per violation, with each piece of non-removed nonconsensual content potentially counted as a separate violation. The unusual breadth of the recipient list — encompassing dating apps (Bumble, Match), photo hosts (SmugMug, Pinterest), e-commerce (Amazon, Alphabet), gaming-adjacent platforms (Discord), and every major social network — signals the FTC's intent to enforce TIDA's broad "covered platforms" definition aggressively from Day One. Adult content platforms and creator economy services are reading the letter list as a floor, not a ceiling, for who needs operational takedown infrastructure by Monday.

New Sources

Update — 2026-05-18

T-1. The TAKE IT DOWN Act's platform compliance deadline goes live in less than 24 hours, with the FTC's 48-hour notice-and-removal obligations becoming enforceable on Monday, May 19, 2026 — exactly one year to the day from President Trump signing the Act. The breadth of the FTC's May 13 warning-letter recipients (Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, and X) effectively defined the floor for who Chairman Ferguson considers a "covered platform," and adult content companies, AI image and video generators, and creator economy services have spent the final week scrambling to operationalize hash-matching infrastructure and 48-hour SLAs in time.

Heading into the deadline, the legal landscape stacks compounds rather than resolves. The DEFIANCE Act's compliance deadline already imposes 48-hour takedown obligations on platforms that overlap with TIDA's scope. Utah's HB 276 (effective May 6) requires perceptual-hash matching and provenance metadata on top of the federal floor. Wyoming's HB 102 takes effect July 1. The Crime and Policing Act 2026 in the UK (Royal Assent April 30) imposes a parallel takedown regime in another jurisdiction. By Tuesday morning, the first formal compliance reports and FTC enforcement priorities under TIDA should begin to clarify what "valid request" and "known identical copies" mean in practice — and which platforms have built infrastructure that survives day-one stress-testing.

New Sources

Update — 2026-05-19

Live. As of 12:00am ET on Monday, May 19, 2026 — exactly one year after President Trump signed the Act into law — the TAKE IT DOWN Act's platform compliance regime is officially enforceable. Covered platforms must now accept valid takedown requests for nonconsensual intimate imagery and AI-generated deepfakes through a publicly-accessible reporting channel, action them within 48 hours, and make reasonable efforts to remove "known identical copies" across the platform — not just the specific URL reported. The FTC's enforcement authority kicks in immediately, with civil penalties capped at $53,088 per violation and each piece of non-removed content potentially counting as a separate violation.

The day-one operational picture is uneven. Mainstream platforms named in FTC Chairman Ferguson's May 13 warning letter (Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, and X) have all publicly confirmed 48-hour SLAs and dedicated intake URLs going live by deadline. Adult content platforms with prior Mastercard/Visa-driven content moderation infrastructure — OnlyFans (post-April 2026 deepfake policy overhaul), Aylo's Pornhub/RedTube/YouPorn, Fansly, LoyalFans — entered compliance several weeks ahead of the deadline. The compliance risk concentrates among smaller fan-club sites, niche subscription platforms, AI image and video generators, and decentralized adult content services that may not yet have hash-matching infrastructure capable of identifying identical copies within the 48-hour window.

The next 90 days are now the operational stress test for the Act. Industry observers expect: (1) the first FTC test cases against non-compliant covered platforms within 30–60 days; (2) clarification by FTC guidance or enforcement action on what constitutes a "valid request"; (3) operational litigation over the "reasonable efforts to identify known identical copies" standard, with platforms arguing for narrow scopes and victim advocates pushing for cross-platform hash sharing; and (4) state-law overlay activity in Utah (HB 276, effective May 6), Wyoming (HB 102, effective July 1), and the EU/UK regimes already creating de facto stricter floors. For sex tech, creator economy, and adult content platforms, today marks the formal start of federal takedown enforcement — and the practical end of the patchwork era for nonconsensual intimate imagery removal in the United States.

New Sources

Update — 2026-05-20

Day-two operational status. With enforcement live for a full business day, the FTC's consumer-facing infrastructure has come online: TakeItDown.ftc.gov is publicly accepting victim complaints about platforms that fail to honor the 48-hour removal standard, and the FTC's business-guidance blog issued a same-day post (datelined May 19) explicitly framing each non-removed piece of content as potentially separately enforceable at the $53,088-per-violation civil-penalty ceiling. The TakeItDown.ftc.gov complaint portal is the operational mechanism that makes private-citizen referrals the primary enforcement input the Commission expects to work from, rather than discovery-driven sweeps.

The first 24 hours have surfaced predictable compliance unevenness. Mainstream platforms in the May 13 warning-letter cohort (Alphabet, Amazon, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, X) all have public-facing intake URLs and posted SLAs. Adult-content platforms — OnlyFans, Aylo properties, Fansly, LoyalFans — entered today fully compliant on the back of ML-based hash-matching infrastructure built during the April-2026 deepfake-policy overhaul cycle. The compliance pressure now concentrates on three under-prepared cohorts: AI image-and-video generators (where the "covered platform" definition is least settled), smaller fan-club and subscription services without dedicated trust-and-safety teams, and decentralized adult-content platforms that lack the hash-matching infrastructure needed for the "known identical copies" obligation. Expect the FTC's first complaint-driven enforcement signal — likely a CID (civil investigative demand) rather than a formal complaint — within 30–45 days as TakeItDown.ftc.gov accumulates referrals.

New Sources

Update — 2026-05-24

The FTC issued its first enforcement-posture action under TIDA on May 22, 2026, sending warning letters to twelve operators of so-called "nudify" websites — AI services that allow users to upload clothed photos of real individuals and generate non-consensual nude or sexualized images of them. Per the FTC press release, the twelve named companies were not publicly disclosed (the warning-letter template is posted on the FTC's legal-library page), but the letters explicitly state that the recipients "appear to be in violation" of TIDA by failing to provide a process through which depicted individuals can request takedown of nonconsensual intimate images. Civil penalties are capped at $53,088 per violation. FTC Chairman Andrew Ferguson framed the action: "Today we're demonstrating just how serious we are about protecting the public, especially children, from abusive online conduct."

Same day — May 22 — the U.S. Attorney's Office for the Eastern District of New York announced the first new criminal charges under TIDA's publication-of-digital-forgeries provision against Cornelius Shannon (51, New Jersey) and Arturo Hernandez (20, Texas) in two unconnected cases involving approximately 140 alleged victims. The Shannon and Hernandez indictments are covered separately under tida-first-criminal-charges-may-22. Together, the FTC nudify-letter cohort and the Brooklyn criminal indictments are the first dual-track (civil-enforcement + criminal-prosecution) deployment of the Act since the platform-compliance deadline took effect on May 19.

For platform compliance officers, the FTC's choice to lead enforcement with nudify services rather than mainstream platforms is meaningful: it sends an unambiguous signal that AI image-and-video generators are squarely within the "covered platforms" definition and that the FTC will treat them as priority enforcement targets. For the mainstream platforms named in the FTC's earlier May 13 cohort letter (Alphabet, Amazon, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, X), the May 22 action is a useful prior-act data point about how the FTC frames non-compliance — as a per-image civil-penalty stack rather than as a single corporate-level violation.

New Sources