United States 
Canada (EN) 
México 
France 
Deutschland 
United Kingdom 
Quick Hits
- Businesses operating websites, online services, or applications primarily providing a forum for user-generated content may qualify as “covered platforms” subject to the TAKE IT DOWN Act’s notice-and-takedown requirements.
- The act’s platform obligations can carry significant civil fines of up to $53,088 per violation.
- Even employers that are not covered platforms may want to familiarize themselves with the act’s requirements in the event an employee reports that nonconsensual intimate images—whether authentic or AI-generated—have been posted online.
The TAKE IT DOWN Act raises two distinct questions for employers: first, whether their business qualifies as a “covered platform” that must comply with the act’s notice-and-takedown obligations, and second, if not, what they should do if an employee reports that nonconsensual intimate images (NCII) of them have been posted online.
TAKE IT DOWN Act Provisions: NCII Bans and Takedown Requests
The TAKE IT DOWN Act contains two main provisions. First, the act prohibits using in interstate or foreign commerce an “interactive computer service to knowingly publish an intimate visual depiction of an identifiable individual,” if:
- the depiction was obtained or created under circumstances in which the person knew or should have known the identifiable individual had a reasonable expectation of privacy;
- what is depicted was not voluntarily exposed by the identifiable individual in a public or commercial setting;
- what is depicted is not of public concern; and
- publication of the depiction is either intended to cause harm or actually causes harm to the identifiable individual, including psychological, financial, or reputational harm.
Critically, the act applies to visual depictions of an individual, whether the material is real, AI-generated, or another computer-generated recreation of a person’s likeness. Additional rules apply if the individual depicted is a minor.
Second, the TAKE IT DOWN Act requires covered platforms to establish a process whereby an identifiable individual (or the individual’s authorized agent) may submit a notification to the covered platform of the existence of an intimate visual depiction and request removal. A covered platform must provide clear and conspicuous notice of its notice-and-removal process that is easy to read and in plain language, and that provides information regarding the responsibilities of the covered platform under the act.
A valid notice and request for removal must include, in writing, (i) the identifiable individual’s physical or electronic signature; (ii) identification of, and information reasonably sufficient for the covered platform to locate, the intimate visual depiction of the identifiable individual; (iii) a brief statement that the identifiable individual has a good faith belief that the depiction is nonconsensual; and (iv) information sufficient to enable the covered platform to contact the identifiable individual. Upon receiving a valid request, a covered platform must remove the intimate visual depiction and make reasonable efforts to identify and remove any known copies of such depiction as soon as possible, but not later than forty-eight hours after receiving such a request. If the depiction is not removed, the identifiable individual may make a complaint to the FTC.
Covered Platforms
The TAKE IT DOWN Act defines a “covered platform” broadly as any website, online service, online application, or mobile application that serves the public and either primarily provides a forum for user-generated content—such as messages, videos, images, games, and audio files—or regularly publishes, curates, hosts, or makes available nonconsensual intimate visual depictions.
This definition clearly covers social media platforms but may also extend to other businesses that host messaging, image or video sharing, gaming, cloud computing, and other online service functionalities with user-generated content features. Due to the act’s broad definition of a covered platform, businesses that operate customer-facing digital platforms where users can post content may want to evaluate whether their platforms meet the act’s definition.
Statutory Exclusions and Safe Harbor
Certain categories of businesses are excluded, however, including broadband internet access providers, email services, and online services that consist primarily of content preselected by the provider, where any interactive functionality is incidental to that content. Excluded platforms may also lose their statutory exclusion if they make nonconsensual intimate visual depictions available in the ordinary course of business.
Notably, the act also provides a safe harbor for platforms that remove content in good faith, even if the content is ultimately determined not to be unlawful. There is no corresponding safe harbor for refusing to honor a removal request on the grounds that the content may not be unlawful, so platforms may want to take a conservative approach that favors early content removal. Additionally, to take advantage of the safe harbor, covered platforms may want to implement internal processes that document good-faith compliance efforts, including a record of all takedown actions.
What the TAKE IT DOWN Act Means for Employers
Businesses that qualify as covered platforms will need to establish notice-and-takedown processes and be prepared to process and honor valid requests according to the act’s strict timelines. But even businesses that are not covered platforms may want to note how the act can implicate workplace anti-harassment policies, particularly if a victim’s coworker is responsible for the publication or threats to publish the nonconsensual intimate images. If an employee reports that authentic nonconsensual intimate images or AI-generated deepfakes of them have been posted online without their consent, employers should take the complaint seriously and be aware of the tools available to remove the content. The act thus reinforces the need for employers to maintain clear policies addressing workplace harassment and acceptable use of AI tools and digital technologies. The FTC has also advised that businesses can help stop intimate images shared without consent from spreading further by using technologies such as hashing to prevent the reappearance of intimate content that has previously been identified and removed.
Additionally, employers may want to familiarize themselves with similar notice-and-takedown procedures for nonconsensual intimate imagery under state laws, which the TAKE IT DOWN Act does not preempt.
FTC Enforcement Priority
The FTC signaled its intent to enforce the act when, on May 11, 2026, it sent letters to major platforms reminding them of their obligation to comply fully with the TAKE IT DOWN Act. The FTC also launched TakeItDown.ftc.gov, a website where victims can submit complaints about platforms that have failed to act on valid requests for the removal of nonconsensual intimate images, or that have failed to create a process for people to request the removal of these images altogether.
Underscoring this warning, at the International Association of Privacy Professionals Global Privacy Summit 2026, FTC officials, including Commissioner Mark R. Meador, made clear that the commission views the TAKE IT DOWN Act as a priority for 2026. This should come as no surprise, given that the FTC has long focused on the heightened risks presented by AI deepfakes in the context of phishing scams and other forms of consumer deception.
Ogletree Deakins’ Cybersecurity and Privacy Practice Group will continue to monitor developments and will provide updates on the Cybersecurity and Privacy, Technology, and Workplace Violence Prevention blogs as new information becomes available.
This article and more information on how the Trump administration’s actions impact employers can be found on Ogletree Deakins’ Administration Resource Hub.
Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts
