UK Regulator Mandates Tech Firms to Detect & Remove Deepfakes and Non‑Consensual Intimate Images
What Happened — Ofcom announced that, pending UK parliamentary approval, it will update its codes of practice this autumn to require online platforms and apps to actively detect and delete non‑consensual intimate images and AI‑generated deepfakes. The regulator is pushing for broader use of hash‑matching technology and a two‑day removal deadline, with heavy fines and possible service blocking for non‑compliance.
Why It Matters for TPRM —
- Regulatory non‑compliance can trigger substantial financial penalties and service disruption for vendors.
- New obligations increase the operational burden on SaaS, social‑media, and cloud‑hosting providers, affecting contract risk assessments.
- Failure to meet the two‑day takedown window may expose third‑party customers to reputational damage and legal liability.
Who Is Affected — Technology platforms (social media, content‑hosting, cloud services), SaaS providers, and any third‑party vendors that host user‑generated media.
Recommended Actions —
- Review existing vendor contracts for clauses on content‑moderation and compliance with UK law.
- Verify that vendors have or are implementing hash‑matching or comparable detection tools.
- Update risk registers to reflect potential fines, service‑blocking risk, and reputational impact.
Technical Notes — The regulator is not prescribing a specific CVE but is urging the adoption of hash‑matching fingerprinting to flag previously identified illicit media. Enforcement will be tied to the UK Online Safety Bill, which imposes fines up to £18 million and possible blocking of non‑compliant services. Source: The Record