All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
Starting May 19, the apps you use every day are legally required to remove intimate images within 48 hours of a report — and privacy experts are worried.
That’s the Take It Down Act (TIDA) kicking into full enforcement. President Trump signed it into law a year ago, but the platform requirements only take effect now. That will mean platforms are now on the hook if they can't meet the 48-hour period, with civil penalties of up to $53,088 per violation if they don’t comply.
The law’s goal is real and urgent: protect victims of "revenge porn" and AI deepfakes from having explicit images spread online. But the Electronic Frontier Foundation (EFF) and more than 20 other advocacy organizations say the way it’s written creates serious problems for everyone, not just the people it’s meant to target.
If you scroll social media, send private messages, or earn money creating content online, here’s what’s about to change.
The TIDA's criminal prohibition took effect immediately upon signing, making it a federal crime to knowingly publish nonconsensual intimate imagery. But platforms had a one-year grace period to build out their takedown systems. That window closes May 19, 2026.
On May 11, 2026, FTC Chairman Andrew Ferguson sent letters to more than a dozen major platforms — including Amazon, Apple, Meta, Microsoft, Snapchat, TikTok, X, and Discord — reminding them of their obligation to comply.
"We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act," Ferguson said in the announcement.
Platforms that fail to establish a clear complaint process and honor the 48-hour removal window could face civil penalties of up to $53,088 per violation.
The Take It Down Act's goal is straightforward: stop people from sharing intimate images of others without their consent, including AI-generated deepfakes.
While nearly 40 states already had some version of this protection, the TIDA makes it federal, with criminal penalties of up to two years in prison for adult victims and three years when minors are involved.
On the other hand, free speech advocates and digital privacy experts are concerned that the bill leaves too much room for interpretation, and this bill appears to be more of a way to conceal government censorship under the guise of “protecting children.”
Instead, this new law echoes Putin’s meme ban, which was enacted over a decade ago, making it illegal to represent any public figure online in a mocking fashion.
Trump himself made that tension hard to ignore in his address to Congress: “The Senate just passed the Take It Down Act…. Once it passes the House, I look forward to signing that bill into law. And I’m going to use that bill for myself too if you don’t mind, because nobody gets treated worse than I do online, nobody.”
For a law that lets anyone file a complaint with no real accountability, that’s not reassuring.
The idea behind the TIDA is something most Americans can agree on: Making it illegal to post illicit images of someone else online without their consent. However, digital rights groups believe the poorly worded and broad piece of legislation also gives leeway to many abuses and the potential for false reporting. Additionally, there is the concern that how it’s written could lead to censorship of adult, LGBTQ, and government criticism content.
Platforms will need to develop a system where every individual takedown request, no matter how many arrive in a day, must be evaluated and acted on within 48 hours. At scale, across platforms with millions of users, that pace makes thorough human review almost impossible. Automated tools fill the gap, and automated tools get it wrong.
While proponents of the legislation have argued that it will help keep children safe by quickly removing nonconsensual intimate images (NCII), the actual language is much broader. Anyone can report images they see online, and there are no guidelines as to what happens to someone making a false report or acting maliciously toward a creator they simply dislike.
This means that any intimate image, no matter how mild, has the potential to be flagged simply because the person viewing it doesn’t like it. Now, consider the comments section of anything on the internet, and think if at least one person has a problem with the image they’re commenting on. It’s pretty easy to find at least one disgruntled person, and now that person has the power to upend an entire account.
Per the Take It Down Act, the report is only required to provide:
“[A] brief statement that the identifiable individual has a good faith belief that any intimate visual depiction identified under clause (ii) is not consensual, including any relevant information for the covered platform to determine the intimate visual depiction was published without the consent of the identifiable individual.”
In other words, “I promise I’m not lying, and I don’t like this image.”
The entire premise of reporting hinges on people on the internet acting selflessly and morally. If someone randomly reports an image that is consensual or approved by the subject of the image, there are no repercussions outlined in the legislation for the reporting person.
Since there are no provisions for how a platform will police its images, we don’t yet know how reporting will be handled. There are two approaches to take, and the most efficient alternative to human evaluation is an increased dependence on AI and automated filters. The problem with AI and automated filters is that they scan for specifics, such as a percentage of exposed skin or two people kissing, rather than considering the context of the piece.
This has the potential to include fan art of your favorite book characters sharing their first kiss, or a content creator showcasing the newest swimwear line by your favorite designer. Yes, that is how broad the definitions are in the bill. And that’s why privacy advocates are concerned.
Once implemented, online platforms will have 48 hours to remove reported images. This deadline is extremely tight, and since there’s no actual verification required to report an image, it will lead to broad content deletion across every site. At scale, across platforms with millions of users, that pace makes thorough human review almost impossible. Automated tools fill the gap, and automated tools get it wrong.
The TIDA's 48-hour removal requirement creates a direct problem for encrypted apps: to act on a reported image, a platform has to be able to see it. End-to-end encryption, by design, means it can't.
The Center for Democracy and Technology (CDT) warned the law effectively pressures platforms to monitor "presently encrypted" speech, calling it a direct threat to private messaging.
Instagram made that trade explicit. On May 8, 2026, Meta removed end-to-end encryption from Instagram DMs, eleven days before TIDA enforcement begins. Meta attributed the change to "low user adoption," but the timing is suspicious.
Instagram may not be the last. As enforcement starts, any platform with encrypted messaging faces the same pressure: preserve encryption and risk federal penalties, or open up your users' messages to comply. Some platforms may quietly roll back encryption rather than explain the tradeoff publicly.
As we’ve stated, the potential for misusing this new law is far-reaching. From dishonest reporting to government surveillance of previously encrypted messaging and beyond, the lack of specific language in the TIDA leaves room for widespread abuse. Only time will tell how America’s online landscape will be reformed by this law. Still, until it’s refined and provides stronger provisions to address its gaps, there is potential for censorship and free speech violations.
While there aren’t any rules written into the TIDA specifically fining individuals, there are legal repercussions for anyone whose image is removed. This has the potential to shake up ad revenue and payment structures on a variety of social media platforms. Whether a platform needs to hire additional staff or uses demonetization as a punishment for violating the law, both stand to be an issue.
Let’s say, for example, a BookTok reviewer shares a piece of fan art from a favorite book they’ve just read. The fan art may be suggestive in nature — two people sharing a kiss or an intimate, steamy scene from a book. If even one person who views the image gets upset and reports it, the platform could demonetize the creator’s post or even their account.
Another possibility would be the need for platforms to hire more actual humans to evaluate reported images. While we don’t think this will be the case, it could hinder the amount of money the platform allocates toward creators. Creator funds could plummet significantly if the platform needs to reallocate funds to new employees.
Yes, online security experts and digital rights groups contend that the TIDA will threaten free expression, user privacy, and due process. Given the narrow window for removing content, companies will need to develop a system that streamlines the process of evaluating content to determine if it actually violates terms and conditions.
The 48-hour window is too tight for meaningful human review at scale. Realistically, the job falls to automated tools and AI filters that can't reliably distinguish harmful content from authorized images, the exact problem critics flagged at signing.
What you can do right now: expect platforms to update their terms of service in the coming days — read them. Know that you have the right to submit a takedown request if your intimate imagery is shared without your consent, and that platforms are now legally obligated to act on verified requests within 48 hours.
Digital privacy software, such as virtual private networks (VPNs), encrypts data, which can help mitigate some of the encryption and security losses resulting from this new law.
#1 rated VPN with 9,300+ servers in 130+ countries
Reliably unblock popular streaming services like Netflix with a single click
All-in-one security product with antivirus, ad blocker, password manager, and more
/images/2023/12/05/aura-vs.-lifelock.png)
/images/2023/09/08/lifelock_alternatives.jpg)
/images/2026/05/22/aerial_panoramic_helicopter_city_view_on_lower_manhattan_district_and__pezbO1O.jpg)
/images/2026/05/20/professional_psychologist_using_tablet_during_therapy_session_with_pat_BdMpQBJ.jpg)
/images/2026/05/14/red_netflix_logo.jpg){kind=logo}
/images/2026/05/13/national_health_service_logo_on_blue_background.jpg){kind=logo}
/images/2026/05/12/hacker_in_data_security_concept._hacker_using_laptop._hacking_the_inte_q9rPpHH.jpg)
/images/2026/05/08/new-utah-age-verification-law-header.png)
/authors/mary-james_allaboutcookies-author.jpg){kind=small}
/authors/kalleigh-lane-new.jpg){kind=small}
/authors/kate-quinlan-new.jpg){kind=small}
/images/2022/05/26/logo-nordvpn.png){kind=logo}
/authors/mary-james_allaboutcookies-author.jpg)
/authors/kalleigh-lane-new.jpg)
