Summary
I have been following several experts in the Deepfake, Synthetic Media, and Fraud Prevention industry on LinkedIn, and I’ve noticed a significant increase in discussions and activities related to the TAKE IT DOWN (Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks) Act in the U.S. over the past month, even though the Act was officially passed on May 19, 2025.
For two years, the conversation around deepfakes in the U.S. was mostly theoretical. Lots of headlines, very little enforcement. That changed in May 2026.
Four major things changed in the U.S. deepfake and AI regulation space over the past two weeks and they matter for any company operating in or serving the U.S. market.
1) The TAKE IT DOWN Act is now being enforced.
As of May 19, 2026, platforms that host user-generated content must provide victims with a clear way to report non-consensual intimate images, including AI-generated deepfakes, and remove the content within 48 hours of a valid request. Companies that fail to comply can face civil penalties of up to $53,088 per violation. You can report from the official TAKE IT DOWN platform https://takeitdown.ftc.gov/
2) The Federal Trade Commission (FTC) has already started taking action.
On May 20, 2026, the FTC sent warning letters to 12 “nudify” tool providers and reminder notices to major tech platforms including Meta, Google, Apple, Microsoft, TikTok, Reddit, Discord, Snapchat, X, Amazon, and others. The agency made it clear that enforcement has officially begun.
3) The NO FAKES Act is back with strong industry support.
The bill was reintroduced on May 21, 2026, by a bipartisan group of senators. If passed, it would create federal protections for a person’s voice and visual likeness, making it easier to take action against unauthorized AI-generated replicas and impersonations.
The bill is backed by major organizations and companies including SAG-AFTRA, RIAA, MPA, YouTube, and OpenAI, giving it significant momentum in Congress.
4) State-level deepfake laws are expanding fast.
Today, 46 U.S. states have some form of deepfake-related law, and 31 states specifically regulate political deepfakes. While there are ongoing federal discussions around limiting certain state AI regulations, child safety and non-consensual imagery protections remain largely protected from federal preemption.
The bigger picture is becoming clear: the U.S. is moving from debating AI harms to actively regulating and enforcing against them.
For small to medium size business owners
Most coverage of this law has focused on Meta, TikTok, and the big social media companies. That's misleading. The law applies to any online service that "primarily provides a forum for user-generated content."
That's a wide net. Based on the FTC's own guidance and legal analysis from major firms, this could include:
A SaaS company with a customer community forum
A small marketplace where users post photos
A dating app or any platform with messaging and image-sharing
A fitness or coaching app where members share progress photos
A gaming community
A nonprofit running an online forum for members
There is no small-business carve-out. There is no nonprofit carve-out. Government actually went out of its way to extend the FTC's authority to nonprofits specifically for this law.
The $53,088-per-violation penalty that applies to Meta applies to a 30-person company running a community feature. If your business has any kind of platform where users can post content, you need a clear way for people to report harmful images, and you need to remove flagged ones within two days.
Three Practical Steps You Can Implement This Quarter
1. Figure out if you're a "covered platform" under TAKE IT DOWN and write it down. If your business has any user-generated content, ask your lawyer for a written opinion. Don't guess. If the answer is "we're not sure," treat yourself as covered until proven otherwise.
2. Set up a simple way for people to report harmful content. Even if you're not technically covered, having a clear reporting channel with a tracking number for the person reporting protects you. It needs to be easy to find on your site, not buried in the terms of service.
3. Make a list of every AI-generated voice, face, or avatar your company uses. Marketing videos, training content, product demos, customer service. For each one, confirm you have written consent from the real person whose voice or face was used. If you can't find the paperwork, either get it or pull the content.
Conclusion
For a long time, the U.S. approach to deepfakes was "we'll figure it out later." That's over. Federal enforcement is live. Criminal cases are open. Forty-six states have their own laws. A new federal bill on AI voice and likeness has serious momentum.
If you run a business of any size in the U.S., three things are true right now:
You probably have more legal exposure than you realize, especially if you host user content or use AI-generated voices and faces in your marketing.
You are very likely to be targeted by deepfake fraud in the next 12 months, the tools are now cheap, fast, and widely available.
The most useful protections cost almost nothing, a written policy on AI-generated content, a callback verification rule for finance, a clear takedown process for user-generated platforms.
You don't need to become an expert in AI law. You need to make a few decisions, write them down, and train your team. Companies that do this in 2026 will spend the next year working normally. Companies that don't will spend it dealing with an incident.