Original Pictures
US TAKE IT DOWN Act takedown workflow

US TAKE IT DOWN Act: NCII and Deepfake Takedown by 19 May 2026

Definition: The US TAKE IT DOWN Act (S.146) is a federal notice-and-takedown law for non-consensual intimate imagery and digital forgeries, signed 19 May 2025, with the platform takedown obligation effective 19 May 2026.

TL;DR: Covered platforms must establish a notice-and-takedown process and remove reported NCII, including AI forgeries, within 48 hours. The FTC enforces under its UDAP authority, with per-violation penalties reaching $53,088. On 11 May 2026 the FTC sent warning letters to 15 major platforms.

What platforms must build

A covered platform needs a clear reporting path and must remove validated NCII, including digital forgeries, within 48 hours of a valid request, plus make reasonable efforts to remove copies. The clock and the copy-removal duty are the operational teeth. Verification and provenance help a platform distinguish authentic from forged content and document why an item was removed or retained.

Who the FTC is watching

On 11 May 2026 the FTC sent warning letters to fifteen companies: Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, and X. The letters signal that the agency expects working takedown systems by the 19 May 2026 deadline.

Where provenance reduces risk

A forgery has no valid first-party manifest. A platform that verifies media at intake can flag unsigned or manifest-broken intimate imagery for faster review and keep an audit trail of takedown decisions, which is the kind of record the FTC will expect to see.

The incident behind this

AI-generated NCII of Taylor Swift spread across X in January 2024, reaching more than 47 million views in roughly 17 hours before takedown. The episode became a reference point for the TAKE IT DOWN Act's 48-hour requirement.

Regulatory mapping

RegimeEffectiveBiteWhy it applies
TAKE IT DOWN Act (S.146)Takedown duty 19 May 2026FTC UDAP, up to $53,088/violationNotice-and-takedown for NCII and forgeries

FAQ

What counts as a digital forgery?

An AI-generated or manipulated depiction of an identifiable person in intimate content. The Act covers these alongside authentic NCII.

How fast is the takedown clock?

48 hours from a valid request, plus reasonable efforts to remove identical copies.

Where Original Pictures stands today

Original Pictures ships three things today: a Sign API, a Verify API, and the SDKs that wrap them. One POST /v1/sign attaches a C2PA-format manifest, an invisible TrustMark watermark, and an OpenTimestamps anchor. The open-source verifier checks any of it without calling us.

Two things are on the near roadmap, and we name them as roadmap, not as shipped: C2PA Conformance Program recognition (target Q3 2026, until then our manifests use the published C2PA v2.2 format and any C2PA-aware validator can read them, but third-party validators will show our signer as not-yet-listed), and a consumer capture app (Q3 2026). We do not sell a capture SDK, and we do not claim Trust-List membership we do not yet hold.

Bottom line: Build the takedown pipeline now. Verify intimate-image reports against provenance, remove within 48 hours, and keep an audit trail the FTC can read.

Related


Original Pictures is progressing through the C2PA Conformance Program; our signing certificate is not yet on the official C2PA Trust List. Target: Q3 2026. We will not describe ourselves as "C2PA-certified" until it is true.

Original Pictures provides content-provenance infrastructure. It does not by itself constitute legal compliance with the EU AI Act or any other regime; compliance depends on how you deploy it, your disclosures, and your governance. Figures are drawn from public reporting, verify against primary sources before citing in regulated materials. Nothing here is legal advice.

Last verified 2026-05-25. Author: Mahdi Kazempour, Founder, Original Pictures.