The Take it Down Act Arrives: A US-First in AI-Specific Federal Legislation

As of today, May 19, 2026, the United States Take it Down Act (TiDA) becomes enforceable law—marking the first significant federal legislation specifically targeting AI-generated non-consensual intimate imagery. The law criminalizes the knowing publication or threat to publish intimate images without consent, including AI-generated deepfakes, and mandates that covered platforms remove such content within 48 hours of receiving victim notice.

What the Law Actually Does

TiDA establishes three core obligations:

Criminal Liability: Individuals who knowingly publish or threaten to publish non-consensual intimate depictions face federal charges, with penalties scaling based on intent and harm.

Platform Removal Requirements: Covered platforms—broadly defined to include social media, messaging services, and hosting providers—must remove flagged content within 48 hours of receiving notice from a victim, or face enforcement action.

Deepfake Specificity: Unlike many state-level laws that preceded it, TiDA explicitly covers AI-generated intimate imagery alongside photographs and videos, directly addressing the technology that enabled the Grok scandal that produced an estimated 3 million non-consensual sexualized images in eleven days.

Why This Matters for Ireland and Europe

While TiDA is US legislation, it has immediate relevance for Irish and European stakeholders:

Multi-Jurisdictional Enforcement: US platforms—including Meta, X, Google, Discord, and others—operate across the EU and must now comply with both TiDA’s 48-hour removal requirement and the EU’s new non-consensual deepfake prohibition set for December 2, 2026, under the EU AI Omnibus Amendment. This creates a compliance overlap that Irish platforms and developers must navigate.

Regulatory Convergence: TiDA represents the first major alignment point between US and EU AI governance. Both jurisdictions are now criminally prohibiting non-consensual intimate deepfakes, suggesting a potential blueprint for future transatlantic coordination on high-harm AI use cases.

Platform Responsibility Escalation: The 48-hour removal mandate is more aggressive than EU AI Act requirements, which don’t specify removal timelines. Platforms may adopt TiDA’s standard globally to simplify compliance, effectively raising the bar for Irish and European services.

Practical Implications for Irish Developers and Platforms

Irish-headquartered services and those hosting EU users should prepare for:

  • Detection System Investment: Building or licensing automated detection systems that can identify non-consensual deepfakes within 48 hours of report
  • Notice Processing Protocols: Establishing rapid victim notification pathways that meet US legal standards while respecting EU GDPR data minimization principles
  • Evidence Preservation: Maintaining audit trails of removal decisions for potential US legal discovery
  • Policy Harmonization: Aligning community standards with both TiDA requirements and the December 2026 EU deepfake prohibition

The Timing Question: Why December 2026 Still Matters

The EU’s non-consensual deepfake ban—taking effect December 2, 2026—remains distinct from TiDA. Where TiDA criminalizes the actor, the EU prohibition focuses on the AI systems and platforms enabling distribution. Irish enterprises must prepare for both frameworks operating in parallel, not sequentially.

Open Questions

Victim Identification: How will platforms verify claims under the 48-hour window without violating privacy? TiDA lacks guidance on victim authentication mechanisms.

AI Detection Accuracy: What liability exists if platforms remove genuine content mistaken for deepfakes? TiDA remains silent on false positive consequences.

Cross-Border Coordination: Will the EU formally align its December 2026 enforcement timeline with US TiDA implementation, or will divergent timelines create compliance friction?

Source: US Federal Legislature