Nonconsensual Intimate Images Online: Take It Down Act Enforcement In Full Swing

On May 19, 2026, the FTC began enforcement of the Take It Down Act (“TIDA” or “the Act”), which prohibits the publication of nonconsensual intimate images (“NCII”) – often called “revenge porn” – and requires online platforms to allow individuals^[1] to report NCII and request that it be removed. Upon receipt of a valid request, the platform must remove the image and duplicates within 48 hours. Individuals who post NCII can face criminal penalties, and “covered platforms” that fail to comply with TIDA face civil penalties of $53,088 per violation.

A “covered platform” broadly covers websites, apps and online services that provide a forum for user-generated content. Social media, messaging, image or video sharing, and gaming platforms are likely to be considered “covered platforms” by enforcement authorities.

Requirements

A valid removal request must include:

1. A signature (including e-signatures) of the subject individual or an authorized person;
2. Information reasonably sufficient for the platform to locate the NCII;
3. A brief statement of good faith belief that the image is nonconsensual, and
4. Contact information sufficient to enable the platform to contact the requestor.

The FTC has published guidance for online for platforms (Complying With the Take It Down Act). But some aspects remain uncertain. For example, the law requires covered platforms to make reasonable efforts to find and remove known identical copies of reported NCII, but what “reasonable efforts” means is unclear.

Enforcement

The U.S. federal government has signaled its intent to vigorously enforce TIDA as a “top priority.”

• On May 11, the FTC sent letters to at least 15 leading tech and platform companies reminding them of the need to comply with TIDA by May 19.
• On May 19, the FTC launched www.TakeItDown.ftc.gov to solicit reports of noncompliance from platforms.
• On May 20, the FTC issued warning letters to a dozen unidentified companies of apparent non-compliance, though stopping short of a formal determination.
• The U.S. Attorney’s Office for the Eastern District of New York also announced the arrest of two individuals for violations of the Act.

Recommendations

1. The 48-hour removal window is short. Proactive detection to block and remove NCII – and the accounts that post them – will reduce risk. Consider what internal or third-party automated tools can be deployed and scaled within your existing content moderation and new TIDA compliance workflows. Develop clear processes for training and implementation, and check for effectiveness over time.
2. Consider how to make it easy for individuals to request removal of NCII, such as allowing users to submit a TIDA request directly from the photo or video; also allow non-account holders to submit requests.
3. Especially if your platform has multiple services with separate teams for content moderation and TIDA compliance, offer instructions and appropriate disclosures so users understand the correct channels they need to use to report NCII.
4. When designing TIDA removal request intake processes or forms, seek to collect app- or service-specific identifiers (e.g., Post IDs, URLs, user handles, etc.) to facilitate both locating the NCII and for further investigation of copies and violative accounts.
5. Consider whether the tools you have to identify NCII and duplicates, such as hashing tools (including perceptual hashing that can detect altered copies), and/or access to known NCII hash databases are reasonably sufficient to assist in content moderation and TIDA workflows.
6. Integrate your TIDA workflows with your workflows regarding detection of Child Sexual Abuse Material (CSAM) where NCII involves minors, including sharing information with the National Center for Missing & Exploited Children (NCMEC) and StopNCII.org.
7. Allow users to track the status of their requests – which will also help you document compliance. Use identifying numbers for requests, document efforts to identify NCII and remove duplicates, and provide notice to both requestor and poster on the ultimate removal decisions.
8. Maintain records of all requests, and actions taken as a result of requests, including efforts to identify and remove duplicates.
9. Visible investments in safety and trust can be a differentiator and strengthen your brand with consumers and advertisers. Include reference to the policies concerning TIDA and NCII into your Customer Support pages, Terms of Service, Community Standards, and other public-facing content.