Trust & SafetyJun 1, 2026

The TAKE IT DOWN Act: What online platforms need to do

Ruud Visser

Ruud Visser

Founder & CEO

The TAKE IT DOWN Act requires platforms to remove non-consensual intimate imagery within 48 hours of a victim report. Most platforms don't have infrastructure that can do that reliably at scale.

  • 48 hours is the hard deadline. After receiving a valid NCII report, platforms must remove the content within 48 hours. There's no size threshold. Any platform hosting user-submitted images or video is in scope.
  • AI-generated deepfakes are explicitly covered. The law extends beyond authentic imagery to synthetic content depicting real, identifiable people. Deepfake detection is a direct compliance requirement.
  • Duplicate removal is a separate legal obligation. Removing the originally reported item isn't enough. Platforms must make reasonable efforts to find and remove known copies too.
  • Enforcement is already active. The first criminal conviction under the Act occurred in April 2026, less than 12 months after signing.
  • FTC platform rules have taken effect May 19, 2026. Civil penalties of up to $53,088 per violation apply to non-compliant platforms (FTC's 2025 inflation-adjusted cap under 15 U.S.C. § 45(m), unchanged in 2026).

Table of Contents

By the numbers

The TAKE IT DOWN Act in three numbers

48 hrs
Removal window
Deadline to remove NCII after a valid victim report.
$53,088
Per violation
FTC civil penalty cap under 15 U.S.C. § 45(m), unchanged in 2026.
1,325%
YoY growth
AI-generated CSAM reports to NCMEC, 2023 to 2024.

What the TAKE IT DOWN Act requires

The TAKE IT DOWN Act is the first US federal law addressing non-consensual intimate imagery (NCII). Signed on May 19, 2025, it prohibits publishing intimate visual depictions without consent and creates mandatory removal obligations for any platform that hosts user-submitted content.

The core platform obligations are straightforward:

  • Report intake. You must provide a mechanism for individuals to submit NCII removal reports.
  • 48-hour removal. After receiving a valid report, you must remove the reported content within 48 hours.
  • Duplicate removal. You must make reasonable efforts to identify and remove known copies of the reported content. This is a separate obligation from removing the original item.
  • Scope. The law covers both authentic intimate imagery and AI-generated content, including deepfakes depicting real, identifiable people.

Non-compliance may result in FTC enforcement action. Publishing or threatening to publish NCII is a federal criminal offense.

Who it applies to

The law applies to any online platform that allows users to publish content. There's no size threshold. If your platform can receive and display user-submitted images or video, you're in scope.

Scope check

Does the TAKE IT DOWN Act apply to your platform?

Social platforms and community apps
Feeds, profiles, public posts, comments. In scope.
Dating apps
Profile photos, in-app messaging with images and video. In scope.
Messaging with image or video sharing
Group chats, DMs, channels. In scope wherever media can be shared.
Gaming platforms with user uploads
Profile avatars, in-game art, clan banners, screenshots. In scope.
Adult content platforms
Consent verification does not exempt user-submitted content from the Act.
Marketplaces with user-submitted content
Listing photos, seller avatars, review images. In scope.

The two content categories it covers

The TAKE IT DOWN Act draws a distinction between adult victims and minor victims, with different thresholds for each.

For adults: The law covers publishing intimate imagery of an identifiable individual where the publication is intended to cause harm or does cause harm. For authentic imagery, it also covers content obtained where the person had a reasonable expectation of privacy.

For minors: The law covers publishing intimate imagery of a minor where the intent is to abuse, harass, or sexually exploit the child, including AI-generated depictions.

Both authentic and AI-generated content fall within scope for both categories.

Platform Guide

Want to see how Lasso handles NCII compliance?

Lasso's AI image moderation, deepfake detection, and image fingerprinting map directly to the Act's removal and duplicate obligations. Book a demo to see the pipeline in action.

Book a Demo

The duplicate removal obligation

This requirement gets less attention than the 48-hour window, but it's a distinct technical challenge. When a victim reports a piece of NCII, removing that specific item isn't enough. You must make reasonable efforts to find and remove known copies across your platform.

In practice, this means identifying re-uploads of the same image, including versions that have been renamed or lightly modified. Manual search isn't feasible at any meaningful scale. Image fingerprinting and similarity detection are the standard technical approach: these systems create a signature of the reported image and scan for matches across existing and newly uploaded content automatically.

What compliance infrastructure looks like

The 48-hour clock starts the moment a valid report is received. Meeting that window reliably requires automation across several distinct steps.

Compliance Workflow

Six steps to compliant infrastructure

1

Report intake

Structured submission, timestamped on receipt. Easy to find, fast to complete. The 48-hour clock starts here.

2

Detection and classification

NSFW classification, deepfake detection, and face recognition locate the reported content automatically.

3

Removal execution

Auto-remove on high confidence. Escalate ambiguous cases to human review fast enough to clear the window.

4

Duplicate scanning

Image fingerprinting matches known copies platform-wide, including newly uploaded content. Separate legal obligation.

5

Audit trail

Full timestamped record: report received, content located, action taken, party responsible. Your FTC compliance record.

6

Ongoing monitoring

Proactive scanning for re-uploads of flagged content. NCII frequently returns after initial removal.

In more depth:

1. Report intake. Reports come from people who have just discovered intimate imagery of themselves online. The 48-hour clock starts as soon as a report is valid. Intake needs to be easy to find and fast to complete. Platforms need a structured way for victims to submit NCII reports. Capture what content to flag, where it appears, and who is submitting. It doesn't need to be complex, but it needs to exist and log every report with a timestamp.

2. Detection and classification. AI locates and evaluates the reported content. This means NSFW classification, deepfake detection for AI-generated imagery, and face recognition to identify the person depicted. Manual search of a content library isn't a 48-hour workflow at scale.

3. Removal execution. Auto-remove where AI confidence is high. Escalate to human review for ambiguous cases. Your review queue needs to be fast enough to meet the deadline even for escalated items.

4. Duplicate scanning. Image fingerprinting creates a signature of the reported content and scans for matches platform-wide, including newly uploaded content. This is how you meet the duplicate removal obligation without manual search.

5. Audit trail. Document the full chain: report received, timestamp, content located, action taken, system or moderator responsible. This is your compliance record if you face an FTC enforcement review or a legal challenge.

6. Ongoing monitoring. NCII is frequently re-uploaded after initial removal. Proactive scanning for re-uploads of flagged content is a practical necessity for any platform with an active user base, even if it's not explicitly named in the law.

How Lasso addresses each requirement

Lasso's AI handles 99% of content moderation tasks automatically. That speed is exactly what the 48-hour window requires.

Here's how Lasso's capabilities map to each TAKE IT DOWN Act obligation:

Compliance requirement Lasso capability
Report intake Supports user reporting
NCII and explicit content detection AI image moderation: NSFW and explicit content classification
AI-generated and deepfake detection AI-generated image detection: identifies synthetic and deepfake images
Face matching across submissions Face recognition: matches faces to detect re-uploads and identity misuse
48-hour removal window
Core 		Automated pipeline: real-time AI classification with auto-remove. 99% of tasks handled without human delay.
Human review for edge cases Review queues: escalation workflow for ambiguous content
Duplicate removal
Core 		Image similarity detection: fingerprints reported images and matches copies platform-wide
Audit trail Audit logs and data exports: full timestamped record of all actions
Scale Auto-scaling infrastructure: handles volume spikes without degradation

Enforcement: the first conviction

The TAKE IT DOWN Act was signed in May 2025. By April 2026, the first federal conviction had already occurred.

James Strahler of Columbus, Ohio was convicted for using AI platforms to generate explicit images of real women and children. He continued producing content after his arrest. The conviction was publicly highlighted by the White House, the FBI Director, and members of Congress.

Criminal liability under the Act falls on the individual who publishes NCII, not on the platform. But platforms that can't demonstrate compliant removal infrastructure face a different kind of exposure: FTC enforcement attention follows where content circulates. The first conviction arrived within 12 months of the law being signed. Enforcement isn't theoretical. The underlying volume backs this up: AI-generated CSAM reports to NCMEC rose from 4,700 in 2023 to roughly 67,000 in 2024, which is a ~1,325% increase in one year.

International context

The TAKE IT DOWN Act is a US law, but part of a broader regulatory pattern. The United Kingdom adopted comparable legislation with a matching 48-hour removal requirement for non-consensual intimate content. Similar frameworks are under development in other jurisdictions.

Platforms operating across markets should treat NCII removal obligations as an emerging global standard. The infrastructure you build to comply with the TAKE IT DOWN Act is the same infrastructure that positions you for compliance elsewhere as those requirements come into force.

FAQ

What does the TAKE IT DOWN Act require from platforms?

Platforms must provide a mechanism for victims to report non-consensual intimate imagery. After receiving a valid report, they must remove the reported content within 48 hours and make reasonable efforts to remove known duplicates. The law applies to both real and AI-generated content.

Does the TAKE IT DOWN Act apply to AI-generated images and deepfakes?

Yes. The law explicitly covers AI-generated intimate imagery depicting real, identifiable people. This applies regardless of whether the victim is an adult or a minor.

When do platform obligations under the TAKE IT DOWN Act take effect?

The law was signed on May 19, 2025. FTC platform removal obligations take effect May 19, 2026.

Which platforms are in scope?

Any platform that allows users to publish images or video. The law doesn't include a size threshold. Social platforms, dating apps, gaming platforms, adult content sites, marketplaces, and messaging apps with image sharing are all in scope.

What is the duplicate removal requirement?

After removing reported NCII, platforms must make reasonable efforts to identify and remove known copies of that content elsewhere on the platform. Image fingerprinting and similarity detection are the standard technical approach for meeting this at scale.

Who enforces the TAKE IT DOWN Act?

The FTC has enforcement authority over platform compliance obligations. Criminal prosecution of individuals who publish or threaten to publish NCII is handled by the Department of Justice.

What happens if a platform doesn't remove content within 48 hours?

Platforms that fail to meet the removal requirement are subject to FTC enforcement action. The first criminal conviction under the Act occurred in April 2026, within 12 months of the law being signed.

How does deepfake detection help with compliance?

AI-generated NCII is within the law's scope. Deepfake detection identifies synthetic explicit images at upload time and during report review, allowing platforms to evaluate and act on reports involving AI-generated content within the 48-hour window.

Building for compliance

The TAKE IT DOWN Act creates concrete, time-bound infrastructure requirements for any platform hosting user content. The 48-hour removal window and the duplicate removal obligation together require automated detection, fast review workflows, and a documented audit trail.

Lasso provides all of these in one platform. Setup takes hours, not months.

See it in Action

Ready to see how Lasso supports TAKE IT DOWN Act compliance?

AI image moderation, deepfake detection, image fingerprinting, review queues, and audit logs. All in one platform. Setup takes hours, not months.

Book a Demo

How Lasso Moderation Can Help

At Lasso, we believe that online moderation technology should be affordable, scalable, and easy to use. Our AI-powered moderation platform allows moderators to manage content more efficiently and at scale, ensuring safer and more positive user experiences. From detecting harmful content to filtering spam, our platform helps businesses maintain control, no matter the size of their community.

Book a demo here.

Want to learn more about Content Moderation?

Learn how a platform like Lasso Moderation can help you with moderating your platform. Book a free call with one of our experts.

Protect your brand and safeguard your user experience.

TSPA Logo

© 2026. All rights reserved.

Status Page - Privacy Policy - Terms & Conditions
Twitter Logo