Legal landscape · Updated 2026

The law is catching up.

Governments worldwide are passing laws to protect individuals from unauthorized AI-generated deepfakes and biometric identity abuse.

This is a reference to the legislation that matters — what it requires, who it protects, and how Veyon's workflows are built to align with each framework.

🇺🇸 TAKE IT DOWN Act 🇪🇺 EU AI Act 🇪🇺 GDPR 🇬🇧 UK Online Safety Act 🌐 Global & Emerging
🇺🇸
United States · Federal Law

TAKE IT DOWN Act

● Effective May 1, 2026
Key Provisions
  • Criminalizes non-consensual intimate deepfakes at the federal level — first such law in the US
  • Platforms must remove flagged non-consensual intimate AI-generated images within 48 hours of a valid takedown notice
  • Covers both real and AI-generated (deepfake) intimate imagery — no distinction between synthetic and authentic content
  • Victims can submit takedown requests directly; platforms face liability for non-compliance
  • Civil and criminal penalties for individuals who knowingly publish such content
How Veyon Helps
  • Veyon's one-click takedown workflow generates compliant notices formatted to TAKE IT DOWN Act requirements
  • Automated delivery to platforms' designated removal channels — within hours, not days
  • Continuous monitoring detects violating content so you can act within the 48-hour window
  • Every takedown is logged with timestamps and reference numbers for legal follow-through
🇪🇺
European Union · AI Regulation

EU AI Act

● In Force  August 2024 — rolling enforcement through 2026
Art. 4 — AI Literacy Art. 50 — Transparency Obligations Annex III — High-Risk AI
Key Provisions
  • Article 50: AI-generated content — including deepfakes — must be clearly labeled as synthetic. Providers and deployers bear the obligation
  • Deepfake systems classified as high-risk or prohibited-use depending on context; emotional recognition and biometric categorization face strict limits
  • Platforms and deployers must implement technical measures to detect and disclose AI-generated audio, video, and images
  • Fines up to €35M or 7% of global turnover for prohibited AI system violations
  • Article 4 mandates AI literacy training for operators handling AI systems that affect individuals
How Veyon Helps
  • Veyon's identity certificates serve as verifiable proof of authentic identity — directly countering unlabeled deepfakes
  • Continuous monitoring flags synthetic content bearing your likeness that lacks required disclosure labels
  • Evidence packages include metadata and detection results suitable for regulatory complaints under Art. 50
  • Your verified identity record creates a defensible baseline for enforcement authorities
🇪🇺
European Union · Data Protection

GDPR

● In Force  Since May 2018
Art. 9 — Biometric Data Art. 17 — Right to Erasure Art. 18 — Restriction of Processing Art. 20 — Data Portability Art. 82 — Right to Compensation
Key Provisions
  • Article 9: Biometric data — including facial geometry and voice prints — is a special category requiring explicit consent for processing
  • Article 17 (Right to Erasure): Individuals can demand deletion of personal data, including AI-generated content derived from their biometrics, where no lawful basis exists
  • Article 18: Processing can be restricted pending a legal challenge — a powerful interim remedy while takedown disputes are resolved
  • Article 82: Individuals can sue data controllers for damages — including non-material harm — from unlawful biometric processing
  • No consent = no lawful basis for deepfake creation from biometric data. Period.
How Veyon Helps
  • Veyon's takedown notices invoke Art. 17 (erasure) and Art. 18 (restriction) directly, citing the specific GDPR basis for removal
  • Your Veyon identity certificate provides proof of biometric ownership — essential for Art. 82 compensation claims
  • Every detection event is logged with the data required to substantiate a formal GDPR complaint to a supervisory authority
  • Evidence packages export in formats suitable for Data Protection Authority submissions
🇬🇧
United Kingdom · Online Safety

Online Safety Act 2023

● Enforced  2024 — deepfake provisions phased in through 2025
Key Provisions
  • Sharing intimate deepfakes without consent is a criminal offence — up to two years imprisonment for creation with intent to cause distress
  • Platforms are required to proactively identify and remove illegal content, including non-consensual intimate deepfakes
  • Ofcom (the UK regulator) has powers to fine platforms up to £18M or 10% of global turnover for non-compliance
  • The Act also covers cyberflashing and other forms of technology-facilitated abuse — broad coverage of AI-enabled harm
  • UK users can escalate non-compliant platforms directly to Ofcom with formal complaints
How Veyon Helps
  • Veyon generates takedown notices citing the Online Safety Act's specific illegal content provisions for UK-regulated platforms
  • Detection logging provides the evidence trail required for an Ofcom complaint if platforms fail to act
  • Reference numbers and timestamped records document your compliance attempts — necessary if escalation is required
  • One workflow handles both UK and EU platforms, routing notices to the correct regulatory framework automatically
🌐
Global

Emerging & Regional Legislation

● Rapidly evolving

Beyond the landmark frameworks above, jurisdictions across the world are moving on AI identity and deepfake legislation. Enforcement timelines vary, but the direction is uniform: unauthorized use of someone's likeness is becoming illegal everywhere.

🇦🇺
Australia — Criminal Code Amendment

Proposed amendments would criminalize non-consensual creation and sharing of intimate deepfakes. State-level laws in NSW and Victoria already provide civil remedies. Federal legislation expected to pass 2026.

🇰🇷
South Korea — Act on Special Cases

South Korea enacted sweeping deepfake legislation in 2020, amended in 2024. Creating non-consensual sexual deepfakes carries penalties up to 7 years. Platforms must detect and remove violating content within 24 hours.

🇨🇳
China — Deep Synthesis Regulations

In force since January 2023. Requires explicit consent before generating deepfakes. AI-generated content must be labeled. Providers must verify user identity before allowing synthesis of others' likenesses.

🇺🇸
US State Laws — 40+ Jurisdictions

States including California, Texas, Georgia, and New York have enacted biometric privacy laws (BIPA-style) and deepfake election/pornography statutes. State law fills gaps while federal law catches up.

🇧🇷
Brazil — Lei Geral de Proteção de Dados

Brazil's LGPD mirrors GDPR in treating biometric data as sensitive. The ANPD (national authority) is developing AI-specific guidance that will cover deepfake consent requirements.

🌍
More Coming

Canada (AIDA), India (DPDP Act), Japan (AI governance guidelines), and the G7 are all developing frameworks. The global consensus is clear: identity protection is a fundamental right.

Act now

Don't wait for the law to catch up.
Your identity is already at risk.

The world is acting. Protect your identity now — before someone else does it for you.

Protect my identity