FTC Chairman Andrew Ferguson sent advisory letters to 15 major UGC platforms on May 11, 2026, eight days before Section 3 of the TAKE IT DOWN Act1 activates on May 19. Signed as Public Law 119-12 on May 19, 2025,2 the law gave covered platforms one year to implement compliant nonconsensual intimate imagery (NCII) takedown flows. That year is over.
The Fifteen Platforms on Notice
According to the FTC press release,3 the letters went to Amazon, Alphabet, Apple, Automattic, Bumble, Discord, Match Group, Meta, Microsoft, Pinterest, Reddit, SmugMug, Snapchat, TikTok, and X. Ferguson’s statement: “We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act.”
The list is notable for what it includes. Automattic (WordPress.com) and SmugMug sit alongside the expected social platforms. The statute’s coverage definition1 reaches any website, online service, online application, or mobile application that serves the public and primarily provides a forum for user-generated content. ISPs, email providers, and services where UGC is incidental are explicitly excluded. “Primarily” is the operative word, and it will matter for mixed-function platforms.
48 Hours, Including Identical Copies
Section 3(a)(3)1 requires platforms to make reasonable efforts to identify and remove “any known identical copies” within 48 hours of receiving a valid removal request. The clock starts from receipt of a valid request, not from the end of an initial review.
The “identical copies” clause is where trust and safety teams will feel the most pressure. A single piece of reported NCII can propagate across dozens of accounts before a reviewer opens the first ticket. Clearing the originally reported URL without sweeping for duplicates does not satisfy the statutory obligation.
AI-Generated NCII Is Explicitly Covered
The Act defines “digital forgery”1 to include imagery created through software, machine learning, artificial intelligence, or any other computer-generated or technological means. This definition was not retrofitted by interpretation; it was written into the statute to settle a question state laws had been circling for years: whether a synthetic image of a named individual triggers the same platform obligations as a photograph.
For operational purposes, the answer is yes. Content moderation teams cannot route AI-generated NCII reports to a slower review queue on the theory that synthetic material sits in legal grey territory. A deepfake is in scope, the clock runs the same, and the identical-copies sweep applies equally.
Enforcement: Civil and Criminal, Independently
Non-compliance is treated as an unfair or deceptive act under Section 18 of the FTC Act,1 giving the agency civil enforcement authority over covered platforms. Section 2 creates separate federal criminal liability for individuals who publish NCII: up to two years when the depicted person is an adult, three years when the person is a minor, plus forfeiture and restitution.
The Compliance Problem Is Operational, Not Technological
The 48-hour window is tight enough that standard content moderation queues will not hold without dedicated intake routing for NCII requests. A valid request arriving Friday at 11 PM must be actioned by Sunday at 11 PM. General-purpose abuse ticket workflows, built for lower-urgency reports, are not adequate to that cadence.
The identical-copies sweep adds a search obligation that must complete inside the same window, not after the initial takedown. Platforms with cross-account or cross-group search infrastructure have a structural advantage here. Smaller UGC hosts, including those served through Automattic’s publishing infrastructure, often do not.
State Laws Will Use the Same Template
Washington SB 5886,4 which passed the Senate 47-0 and the House 85-9, was signed by the governor on March 16, 2026, and takes effect June 11, 2026. The bill addresses personality rights, including AI-generated likenesses, and arrives less than a month after the federal enforcement window opens.
The pattern is what matters. The TAKE IT DOWN Act’s operational architecture, verified intake, hard 48-hour removal, identical-copy sweeps, no safe harbor for delay, is the template every subsequent state deepfake law will be measured against. Platforms that build the infrastructure for federal compliance will face immediate pressure to apply it uniformly when state laws activate, because the same users, the same content types, and increasingly the same regulators are involved.
The cost asymmetry is the second-order problem. Compliance burden scales with content volume and platform sophistication. The cost of generating deepfake NCII scales with GPU prices. One side of that equation is heading toward zero; the other is not.
Frequently Asked Questions
Did the TAKE IT DOWN Act face opposition in Congress?
Virtually none. Senator Ted Cruz (R-TX) introduced S.146 on January 16, 2025; the Senate passed it unanimously on February 13, and the House followed 409-2 (Roll 104) on April 28. That bipartisan margin is rare for federal internet regulation and makes future enforcement funding or scope expansion politically feasible.
How does TIDA’s liability regime differ from Section 230 immunity?
Section 230 broadly shields platforms from liability for user-generated content. TIDA inverts that model: inaction creates affirmative liability, and only good-faith removal earns limited protection. The statute deliberately fills the gap between Section 230’s blanket immunity and DMCA 512’s conditional safe harbor with a mandatory duty to act — the most aggressive federal content-removal regime targeting platforms to date.
What happens when NCII is re-uploaded after the 48-hour sweep closes?
The statute requires identical-copy removal within the initial 48-hour window but does not impose an explicit standing monitoring obligation for re-uploads after the window expires. A determined re-poster can circumvent the sweep by re-uploading under a new URL once the clock runs out. Whether repeated re-upload cycles trigger an ongoing duty will depend on FTC enforcement discretion and future case law.
Does the FTC’s 15-platform advisory list define who is legally covered?
No. The letters are advisory notices directed at the highest-traffic UGC services, not an exhaustive definition of covered entities. Any service that “primarily provides a forum for user-generated content” and “serves the public” must comply regardless of whether it received a letter. Niche forums, emerging platforms, and smaller UGC hosts that were not on the FTC’s mailing list are equally subject to enforcement.