LondonThe UK’s Online Safety Act gendered-harm clause now covers deepfakes and nudification apps.
Ofcom imposed takedown duties on platforms hosting non-consensual intimate imagery, the first use of the clause against AI-generated content.
Platforms that fail to remove flagged content face enforcement under the act.
Sources: The Record
THE LEGAL SHIFT
Until recently, UK law required prosecutors to prove intent to cause distress before charging someone for sharing intimate imagery. The 2023 Online Safety Act flipped this — sharing non-consensual intimate images is now an offence regardless of motive, and creating them was criminalised in 2024.
WHAT NUDIFICATION APPS ACTUALLY DO
These tools use diffusion models fine-tuned on nude imagery to inpaint clothed photos. The underlying technology is identical to mainstream image generators — the difference is the training data and the removal of safety filters. A single app can process thousands of images per day at near-zero marginal cost.
WHY OFCOM AND NOT THE POLICE
Criminal prosecution targets the perpetrator, one case at a time. Ofcom's duty-of-care regime targets the platform — forcing it to build systems that detect and remove content at scale. The theory: you cannot arrest your way out of a problem that produces millions of images; you have to make hosting them uneconomic.
THE EXTRATERRITORIAL REACH
The Online Safety Act binds any platform with UK users, regardless of where it is incorporated. This mirrors the EU's Digital Services Act and the GDPR — Brussels and London have converged on the principle that jurisdiction follows the user, not the server.
THE VICTIMS
Studies of deepfake imagery consistently find that the overwhelming majority — roughly 95% or more — depicts women, with a disproportionate share targeting schoolgirls and public figures. The Online Safety Act's gendered-harm clause was written specifically to name this asymmetry rather than treat it as incidental.
THE PRECEDENT
South Korea criminalised deepfake pornography in 2020 after the Nth Room scandal exposed industrial-scale exploitation rings on Telegram. Convictions followed but the platforms — Telegram in particular — proved nearly impossible to compel. The UK's approach learns from this: hold the accessible intermediaries (app stores, hosting providers, search engines) liable, not just the elusive source platforms.