Act Now to Stop AI Exploitation: Enforcement, Image Rights, and Platform Accountability

"The time to act is now": Legal changes needed to address AI exploitation

AI-driven image manipulation has crossed a line. Tools are being used to sexualize and undress photos of women and children-often from ordinary, innocuous images. As one Senior Counsel put it, "People are taking innocuous images of public figures, children, or regular people, and using AI to undress them or pose them in sexualized ways. It's a form of exploitation that's evolving in real-time."

This isn't a moderation debate. It's a safety problem that exposes gaps in enforcement and liability. The law has catch-up to do, but regulators already have levers they can pull today.

The current legal framework (and where it stalls)

In the EU, the Digital Services Act (DSA) gives regulators meaningful tools to act against systemic risks and harmful design choices. Very large platforms can be compelled to assess risks, implement mitigations, and open their systems to audits. There is also a path to impose fines and, in extreme cases, suspend features or access.

The issue is pace and will. We have seen decisive action before-such as blocking launches over privacy deficiencies-yet enforcement on AI misuse has lagged while abuse accelerates. Trust and safety rollbacks on major platforms have widened the gap.

In the U.S., platforms are still insulated by Section 230, keeping them largely shielded from liability for user content. That leaves victims with narrow, slow remedies while tools spread at scale.

What can be done immediately

There is enough evidence of harm for interim measures. Regulators can order platforms to disable or restrict image-altering features that enable sexualized deepfakes, especially where minors are at risk. They can require risk mitigations, audits, and transparent reporting on model behavior and abuse rates.

Non-compliance should carry real consequences: escalating fines, API gating, feature suspensions, and-if needed-temporary access restrictions. "If a child can be exposed to sexualized content within minutes of opening the app, that's not free speech, it's a safety issue."

Free speech vs. safety: draw the line clearly

Speech protections do not extend to the sexual exploitation of minors or non-consensual sexualized depictions. Deepfake nudification of children is not expression-it is abuse. For adults, non-consensual sexual deepfakes should be treated as image-based abuse with swift takedown and liability for repeat failures.

Policy teams should codify this boundary in terms of service and enforcement playbooks, then back it with technical guardrails.

Legislative reform priorities

• EU: Clarify personality and image rights across borders and explicitly prohibit non-consensual sexual deepfakes. Tie safe harbor to proven risk mitigations, documented audits, and fast takedown for exploitative content. Require provenance signals and watermarking by default for synthetic media.
• U.S.: Create a federal image-rights statute covering deepfakes and nudification. Introduce targeted carve-outs to Section 230 for non-consensual sexualized content and synthetic content involving minors, with a duty of care and an abuse-reduction standard.
• Global: Impose design-duty obligations on tools marketed for image manipulation-age gating, default-off risky features, friction prompts, and abuse-detection pipelines before release.

Section 230 and platform accountability

As long as platforms are fully insulated, deterrence is weak. Lawmakers should condition safe harbor on verifiable compliance: rapid notice-and-action, repeat-offender controls, and effective product-level risk mitigations. No more blanket immunity where harm is predictable and preventable.

Reference texts: the EU's DSA framework and the U.S. safe harbor regime provide clear starting points for calibrated reform, not overreach.

Who should police this-and how

• Regulators (EU Commission, Digital Services Coordinators, DPAs): Issue interim measures, mandate risk assessments, require feature suspensions, and conduct audits. Use access-to-data powers to verify claims and quantify harm.
• Platforms: Default-off nudification and sexualization features; block minors' exposure through strict gating; deploy detection for non-consensual sexualized content; keep immutable audit logs; and publish enforcement metrics.
• App stores and payment processors: Treat exploitative features as policy violations and enforce at distribution and monetization layers.
• Civil society and trusted flaggers: Provide structured evidence bundles that meet evidentiary thresholds regulators can act on quickly.

A practical checklist for legal and compliance teams

• Prohibit non-consensual sexualized content in clear terms, with specific coverage for AI-altered images and minors.
• Gate or disable image manipulation features that enable nudification; add friction (prompts, just-in-time warnings) and high-sensitivity classifiers before output.
• Build a fast track for reports involving minors; measure and publish median removal times and recurrence rates.
• Log model prompts and outputs related to sexualization in a protected audit pipeline for regulatory review.
• Adopt provenance tech (e.g., C2PA-like signals) and disclose synthetic media labels to users.
• Contractual controls: require API customers to implement equivalent safeguards; suspend access for abuse.
• Law enforcement cooperation: maintain escalation protocols for suspected child exploitation with documented SLAs.

Evidence standards and enforcement playbook

Focus on systemic risk. Collect representative samples, classifier performance reports, abuse volumes, and product design choices that foreseeably enable harm. Tie each evidence strand to a clear remedy: feature suspension, labeling requirements, ranking demotions, or geographic restrictions.

Pair orders with verification: data-access requests, independent audits, and quarterly compliance attestations signed by senior leadership.

What "good" looks like for platforms

• Default-deny for sexualized image manipulation; adults can opt in under strict controls, minors are fully blocked.
• High-precision detection for synthetic sexual content plus human review for edge cases.
• Clear redress: verified victims get priority takedowns, suppression of re-uploads, and notification when copies appear.
• Public metrics: prevalence, response times, and impact of mitigations-allowing regulators to verify progress.

The tools to act exist. Use interim measures now; legislate clarity next. Waiting only scales the harm and rewards the slowest mover.

Further reading
EU Digital Services Act (official text)
47 U.S.C. § 230 (Cornell LII)

If your legal team needs structured upskilling on AI risk and governance practices, see Complete AI Training - courses by job.