What the TAKE IT DOWN Act Is
The TAKE IT DOWN Act is federal legislation signed into law in 2025 that imposes a 48-hour removal obligation for non-consensual intimate imagery (NCII) — including AI-generated deepfakes depicting identifiable real people — across every platform, producer, and publisher operating in the United States.
Enforcement runs through the Federal Trade Commission with civil penalties for non-compliance. The statute is broad: it covers platforms, producers, hosting services, and individual creators with published content.
For adult content producers and platforms, the act now sets the federal floor for NCII removal — paralleling and reinforcing the requirements already imposed by Mastercard AN 5196 and Visa VIRP.
What the Statute Requires
1. An Unauthenticated Reporting Intake
Every covered platform and producer must provide a clearly disclosed, public-facing intake for NCII removal requests. The intake must:
- Be accessible from every page where covered content is published
- Accept submissions without requiring account creation, login, or payment
- Capture sufficient information to identify the content and the claim
- Provide a confirmation receipt to the requester
2. The 48-Hour Removal SLA
Once a valid NCII report is received, the covered entity has 48 hours to:
- Remove or disable access to the reported content
- Take reasonable steps to identify and remove identical re-uploads of the same content
- Notify the requester of the outcome
The 48-hour clock starts when the report is received, not when it is reviewed. Operational systems must be built around continuous availability.
3. Notice-and-Action, Not Notice-and-Comment
Unlike DMCA, TAKE IT DOWN Act removal does not have a counter-notice period built into the removal SLA. The removal happens within 48 hours; disputes are handled afterward through the platform's appeals process or in civil court.
4. Coverage of AI-Generated Content
The act explicitly covers AI-generated content depicting identifiable real people without their consent — synthetic imagery, deepfakes, and morphed content. The 48-hour SLA applies equally to AI-generated NCII as to traditionally-produced NCII.
5. CSAM Routing
Any reported content that appears to depict a minor must be immediately routed to NCMEC (the National Center for Missing & Exploited Children) per existing federal CSAM reporting law (18 U.S.C. § 2258A). The TAKE IT DOWN Act reinforces this routing as part of the broader takedown workflow.
Who Is Covered
The act applies broadly. Covered entities include:
- Adult content platforms — OnlyFans, Fansly, ManyVids, Clips4Sale, IWantClips, Loyalfans, and equivalents
- Hosting services for adult content
- Solo creators publishing direct — your own site, your own checkout, your own publication channels
- Studios and producers with their own distribution
- Camsites and live-streaming services
- Tube sites and aggregators
- AI-generation services producing or hosting deepfake content
Individual creators selling exclusively through a covered platform may be functionally covered by the platform's intake. The moment you publish direct anywhere, the obligation attaches to you.
How the Act Interacts with AN 5196 / VIRP
The card-network requirements (AN 5196, VIRP) already required unauthenticated removal intakes and defined SLAs. The TAKE IT DOWN Act federalizes the NCII portion with civil enforcement teeth — and adds explicit coverage of AI-generated content.
In practice, a single intake and removal workflow can satisfy all three frameworks. The differences are in scope:
| TAKE IT DOWN | AN 5196 | VIRP | |
|---|---|---|---|
| Enforcement | FTC civil penalty | Loss of Mastercard processing | Loss of Visa processing |
| Coverage | NCII specifically | Adult content removal generally | Adult content removal generally |
| SLA | 48 hours NCII | 7 business days general / 48h NCII | 48h NCII / 7bd general |
| AI-generated content | Explicit | Implicit | Implicit |
| Intake | Required | Required | Required |
| Account-free intake | Required | Required | Required |
A compliant removal workflow built for VIRP and AN 5196 covers TAKE IT DOWN Act obligations as well.
Operationalizing the 48-Hour SLA
The 48-hour SLA is the operational pain point. Two requirements drive the design:
- Continuous availability of the intake — the form must be reachable 24/7
- Continuous availability of the removal workflow — the team or system that acts on reports must be able to act within hours, including nights, weekends, and holidays
Easy2257 enforces the SLA at the software level: the intake is always-on, reports route to producer + admin queues, the SLA timer starts on submission, and automatic escalation fires as the breach window approaches. CSAM-flagged reports route to NCMEC automatically.
How Easy2257 Handles TAKE IT DOWN
- Unauthenticated intake at
/report/removal— no account, no login, no payment - 48-hour NCII SLA enforced automatically at the software level
- SLA monitoring cron every 15 minutes with automatic escalation
- NCMEC routing for any CSAM-flagged report
- Producer notification with breach-warning highlighting
- Admin triage with full audit trail
- Annual compliance archive includes every removal request, decision, and resolution time — ready for FTC inquiry
The intake is included on every paid plan — solo creator through enterprise.
Solo Creator plan: $9.95/month or $107.40/year.
See pricing · How it works · Get started free
Related: Complete 2257 compliance guide (2026) · Visa VIRP guide · Mastercard AN 5196 guide
Informational only — not legal advice.