“We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act,” FTC Chair Andrew Ferguson said, framing a regulatory shift that takes effect on May 19, 2026.
Enforcement starts May 19 — 48‑hour removal window
On May 19 the Federal Trade Commission will begin enforcing a central provision of the Take It Down Act: websites and online services must remove nonconsensual deepfake media within 48 hours after a victim’s notice or face the prospect of fines and FTC investigation. Congress passed the law last year and allowed law enforcement to immediately prosecute individuals who create and post such content online; platforms and hosting services were given a yearlong runway to establish reporting and takedown systems. Under the regime now kicking in, businesses that fail to remove flagged media within the 48‑hour notification window could face fines as well as investigation by the FTC.
What the FTC says companies must provide and cover
Ferguson’s letters to the private sector set out specific requirements. Companies must make it easy and convenient for users — including victims without accounts — to submit takedown requests. They must detail their reporting and removal program on their websites “in plain language” and give “clear and conspicuous” notice to users about how to request removals. The agency says the law covers websites, apps, social media, image or video sharing services and gaming platforms. Both nonconsensual intimate imagery posted using real photos of other individuals and AI‑generated or modified “digital forgeries” are treated as violations under the Act.
Civil penalties, incentives, and enforcement posture
The FTC has set a maximum civil penalty of $53,088 per violation for companies that do not take down content as required. Ferguson framed enforcement as a top priority: “Protecting the vulnerable—especially children—from this harmful abuse is a top priority for this agency and this administration,” he said. Privacy attorneys Duane Pozza and Ian Barlow wrote that “for covered platforms, compliance with the Act is critical given the FTC’s emphasis on enforcement – reflecting White House priorities – and potential civil penalties up to $53,088 per violation.”
Several commentators quoted in coverage warned that the dollar figure will shape platform behavior. Becca Branum, director of the Free Expression Project at the Center for Democracy and Technology, said the statute’s scale and the FTC’s new role in policing content moderation present a steep operational challenge and make heavy fines a practical incentive to remove reported content by default. Branum cautioned: “I’m very concerned about the FTC and its ability to fairly enforce this law,” and added that the agency “is now in the business of regulating content moderation.” She argued the financial stakes will push services toward removal in edge cases: “If you think there’s any given post [where] if you ask an attorney is it worth $53,000 for me to keep this post up, the answer is always going to be taken it down.”
Letters to major tech companies and a recent test case at X
Ferguson’s letters went to a who’s who of tech and social media companies, including Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok and X. The correspondence sheds light on how the commission expects compliance to look across a range of platforms.
The letters and the timing of enforcement follow a high‑profile episode earlier this year in which Grok, the AI service available to X users, was used to flood the social media site with nonconsensual, sexualized deepfakes of real people. Coverage says X’s owner Elon Musk “initially brushed off critics but has since been hit with multiple criminal and civil investigations stemming from the incident, as well as lawsuits and calls from some world leaders to ban the app entirely.” That incident appears to have sharpened scrutiny around platform processes for rapid response to deepfake abuse.
Technology guidance and third‑party coordination
The FTC recommended that companies implement hashing technologies “to prevent the reappearance of intimate content you already removed from your platform” and urged sharing findings with nonprofits such as the National Center for Missing and Exploited Children and StopNCII.org to help track content across the wider internet. The commission also told companies to provide plain‑language explanations of their takedown procedures and to accept reports from people who do not hold accounts on the service—procedural details aimed at operationalizing the 48‑hour removal requirement.
What this means for technologists, policymakers, and victims
- Technologists and security teams: will need to evaluate or deploy hashing and other technical measures quickly to detect and block reuploads and to engineer low‑friction reporting flows that accept submissions from non‑account holders.
- Policymakers and regulators: will see the FTC stepping into a robust role overseeing content takedown compliance, with the agency signaling it will monitor, investigate, and bring enforcement actions tied to statutory fines.
- Victims and advocacy groups: can expect clearer pathways to request removal, but also face the practical reality that platforms may remove content by default because of the financial exposure and compressed 48‑hour response window.
Beginning May 19, the law moves from preparation to enforcement. The FTC has signaled both technical prescriptions and a willingness to levy per‑violation fines; commentators quoted in the coverage warn those penalties will shape platform behavior as much as the statute itself. The practical question left on the table is whether the agency and companies can operationalize rapid, fair takedowns at scale without entrenching default removals that could be exploited by bad actors or curtail legitimate speech.
Original story: CyberScoop — Here’s how the FTC plans to enforce the Take It Down Act




