privacy compliance

What is the US Take It Down Act?

by

reviewed by

Malcolm Burrows

The Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (Take It Down Act ) is a United States (US) federal law enacted on 19 May 2025.[1]

The Take It Down Act amends 47 U.S. Code § 223 (Code) of the Communications Act 1934 (US) (Communications Act) by establishing new criminal offences and removal procedures related to non-consensual intimate imagery (Non-Consensual Intimate Images)[2] and digitally generated forgeries (Digital Forgeries).[3]  The effect of this Act is to expand the scope of what is prohibited in regard to generative artificial intelligence.

This article provides an overview of the amendments made to the Code and includes an introduction to the new criminal offences and procedures for the removal of such content from interactive computer services or communication platforms that provide access to user generated content (Covered Platform).

Summary of the key provisions of the Code

The Take It Down Act amends the Code and introduces new section, 47 U.S. Code § 223a, to the Communications Act 1934 (US), broadening the scope of prohibited conduct involving the distribution of Non-Consensual Intimate Images and Digital Forgeries.  The law targets non-consensual explicit content such as revenge porn, deepfakes, and other harmful AI-generated material.  Key provisions include:

  • a 48-hour takedown requirement (platforms must remove explicit content within 48 hours of receiving a valid complaint);
  • penalties (those who upload or distribute this content may face up to three (3) years imprisonment);
  • focus (the law aims to protect individuals, especially women and minors, from harmful or misleading AI-generated material); and
  • connection to Digital Millenium Copyright Act of 1998 (US) (DMCA) (much like the DMCA, which mandates platforms to take down copyright-infringing material upon receiving a formal complaint, the Take It Down Act uses a similar notice-and-takedown system for explicit content.  The key difference being the focus on harmful, explicit content rather than copyright violations.  Both laws give Covered Platforms a safe harbour from liability if they act quickly and appropriately to remove content).

Introduction of criminal offences

Under the amended Code, it is now a Federal offence to knowingly use any interactive computer services to publish[4] or threaten to publish[5] an intimate visual depiction of an identifiable individual where:

(i)   the intimate visual depiction was obtained or created under circumstances in which the person knew, or reasonably should have known, that the identifiable individual had a reasonable expectation of privacy;

(ii)   what is depicted was not voluntarily exposed by the identifiable individual in a public or commercial setting;

(iii)   what is depicted is not a matter of public concern; and

(iv)   publication of the intimate visual depiction –

(I)   is intended to cause harm; or

(II) causes harm, including psychological, financial, or reputational harm, to the identifiable individual.[6]

This also applies to Digital Forgeries.[7]  Violations are punishable by a fine under title 18 of the Code, imprisonment for up to two (2) years, or both.[8]  Offences involving minors carry increased penalties, including fines and imprisonment for up to three (3) years, or both.[9]

Notice and removal of Non-Consensual Intimate Images

The Take It Down Act creates a notice and removal requirement in which Covered Platforms are required to establish a process whereby an identifiable individual can notify the platform about an intimate visual depiction published without their consent.[10]  An identifiable individual can request that the depiction be removed.  Covered Platforms have until 19 May 2026 to establish this system.[11]

For a removal request to be valid (Valid Removal Request), it must include the following written information:

  • a physical or electronic signature of the identifiable individual (or an authorized person acting on behalf of such individual);
  • an identification of, and information reasonably sufficient for the covered platform to locate, the intimate visual depiction of the identifiable individual;
  • a brief statement that the identifiable individual has a good faith belief that any intimate visual depiction identified under clause (ii) is not consensual, including any relevant information for the covered platform to determine the intimate visual depiction was published without the consent of the identifiable individual; and
  • information sufficient to enable the covered platform to contact the identifiable individual (or an authorized person acting on behalf of such individual).[12]

[Bold is our emphasis]

Upon receiving a Valid Removal Request, the Covered Platform must, as soon as possible but no later than forty-eight (48) hours after receipt, “remove the intimate visual depiction; and make reasonable efforts to identify and remove any known identical copies of such depiction.[13]  An intimate visual depiction is defined as a visual depiction, including undeveloped film and videotape, and data capable of conversion into a visual image,[14] containing sexually explicit content of an identifiable individual.[15]

A Covered Platform’s failure to reasonably comply with these obligations is deemed an unfair or deceptive act or practice under section 18(a)(1)(B) of the Federal Trade Commission Act (FTC Act).[16]  Accordingly, the Federal Trade Commission (FTC) is granted the authority to enforce this section using the full range of its existing powers and procedures.[17]  This includes investigating violations, pursuing enforcement actions, and imposing penalties, as if the relevant provisions of the FTC Act were fully incorporated into the Take It Down Act.

Intersection with DMCA

The DMCA is a United States law that addresses copyright issues in relation to advancements in technology and reflects similar takedown processes as the Take It Down Act, requiring online service providers and platforms to remove harmful content to avoid liability.  Under both Acts, there are obligations to act quickly to avoid liability, however, the Take It Down Act includes a stricter 48-hour timeline for removal of harmful content, in comparison to the more general “reasonable time” obligation under the DMCA.

Extraterritorial application

Does this Act apply outside the USA?

Although the Take It Down Act makes references to ‘interstate’ or ‘foreign’ communications, United States law generally operates under a presumption against extraterritoriality – meaning unless explicitly stated, its provisions are not intended to apply outside United States borders.  How, or whether, the Take it Down Act will be interpreted or enforced internationally remains uncertain – only time will tell.

Has the Australian eSafety Commissioner considered similar legislation?

The Online Safety Act 2021 (Cth) (Online Safety Act) Part 6 Division 3 provides a similar framework to the Take It Down Act.  It empowers the eSafety Commissioner to issue removal notices for non-consensual intimate images, requiring platforms, particularly those operating within or accessible from Australia, to take down the offending content.  While the jurisdictional scope differs, both laws reflect a growing international effort to combat image-based abuse and enhance protections for victims online.

Concluding remarks about the Take It Down Act

The Take It Down Act targets harm that can be caused by generative artificial intelligence, such as deepfakes, with an aim to protect US citizens.  This measure balances the need for regulation in the digital space (to protect individuals from harmful content) with a push for innovation and competition in AI development, all while leveraging existing frameworks like the DMCA to ensure platforms take responsibility for the content they host.  It seems likely that in the coming years, more countries will release similar legislation to reflect the evolving nature of AI technology.

Links and further references

Legislation

Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act 2025 (US)

The Digital Millenium Copyright Act of 1998 (US)

Online Safety Act 2021 (Cth)

47 U.S. Code § 223

47 U.S. Code § 223a

Communications Act 1934 (US)

Further information about privacy compliance for businesses

If your business needs advice on compliance with the Take it Down Act, please contact us for a confidential and obligation-free discussion:

Doyles Recommended TMT Lawyer 2024

[1]     Congressional Research Service, The TAKE IT DOWN Act: A Federal Law Prohibiting the Nonconsensual Publication of Intimate Images (Legal Sidebar No LSB11314.1, 20 May 2025) https://www.congress.gov/crs_external_products/LSB/PDF/LSB11314/LSB11314.1.pdf.

[2]     47 USC § 223(2)(a) (2018).

[3]     47 USC § 223(3)(a) (2018).

[4]     47 USC § 223(3)(a) (2018).

[5]     47 USC § 223(6) (2018).

[6]   47 USC § 223(2)(a) (2018).

[7]   47 USC § 223(3)(a) (2018).

[8]   47 USC § 223(4)(a) (2018).

[9]   47 USC § 223(4)(b) (2018).

[10] 47 USC § 223a (a)(1)(A) (2018).

[11] 47 USC § 223(4)(b) (2018).

[12] 47 USC § 223a (a)(1)(B) (2018)

[13] 47 USC § 223a (a)(1)(B)(3) (2018).

[14] 18 USC § 2256(5).

[15] 15 USC § 6851(5)(A) (2022).

[16] 47 USC § 223a (b)(1) (2018); 15 U.S. Code § 57a.

[17] 47 USC § 223a (b)(2)(A) (2018).


Related insights about privacy compliance

  • OAIC Notifiable Data Breaches report – July 2020

    OAIC Notifiable Data Breaches report – July 2020

    The OAIC’s Notifiable Data Breaches Report reveals 518 data breaches reported by eligible entities in the first half of 2020. Learn more about the types of personal information involved, the highest reporting sector, and the key takeaways from the report to protect your data.

    Read more …

  • Revisiting software as a service agreement

    Revisiting software as a service agreement

    Discover the legal considerations of commercialising a SaaS (Software-as-a-Service) Agreement as a business model. Uncover the key issues to consider when going to market with a SaaS offering, such as subscription terms, service levels, data handling, intellectual property (IP) in customizations, and more.

    Read more …

  • Data breaches: what is serious harm?

    Data breaches: what is serious harm?

    This article looks at the notifiable data breaches scheme, and the factors to consider when determining if an eligible data breach would likely result in serious harm. It also provides an in-depth look at the Office of the Australian Information Commissioner observations in its ‘Notifiable Data Breaches Statistics Report’.

    Read more …

  • Abhorrent violent content prohibited

    Abhorrent violent content prohibited

    Organizations hosting abhorrent violent material, such as terrorism, murder, torture, rape and kidnapping, now face hefty fines under the Criminal Code Amendment Act 2019 (Cth), up to 50,000 penalty units or 10% of annual turnover.

    Read more …

  • Use of competitor’s confidential information

    Use of competitor’s confidential information

    Many businesses try to increase market share by employing a competitor’s member of staff who may bring with them relationships and information acquired over the years.  Employees owe fiduciary duties to their employers meaning, among other things, that an employee cannot make a personal gain by using confidential information acquired in the course of their…

    Read more …

  • De-encryption Bill currently before Joint Committee

    De-encryption Bill currently before Joint Committee

    The much awaited Telecommunications and other Legislation Amendment (Assistance And Access) De-encryption Bill 2018 (De-encryption Bill) has been referred to the Parliamentary Joint Committee on Intelligence and Security (Joint Committee).  The Joint Committee has allowed three (3) weeks for submissions.  It is a very short time-frame for submissions considering the controversial nature of the Bill.…

    Read more …

  • De-encryption laws: compelling tech giants to cooperate with law enforcement

    De-encryption laws: compelling tech giants to cooperate with law enforcement

    The Australian Government is introducing encryption-related legislation that could have significant implications. Get the full scoop on what this Bill could mean for companies and citizens before it is officially announced.

    Read more …

  • Artificial intelligence – introductory thoughts on the legal issues

    Artificial intelligence – introductory thoughts on the legal issues

    Technology lawyers are grappling with the complex legal issues associated with Artificial Intelligence (AI), such as liability, competition, consumer issues, intellectual property, data ownership, security, and privacy. This article explores these topics and examines the approach taken in the European Union.

    Read more …

  • What is a data breach response plan and how do you obtain one?

    What is a data breach response plan and how do you obtain one?

    Organizations must now comply with the Notifiable Data Breaches Scheme. Learn how to create a Data Breach Response Plan and why it is so important for compliance.

    Read more …

Send this to a friend