AI-generated content disclosure, watermarking, election integrity protections.
Abstract
Deepfake governance — disclosure, watermarking, and election-integrity protections for AI-generated media — is among the more widely addressed topics in the catalogue. Several instruments impose a direct disclosure or labelling duty, led by the EU AI Act's Article 50(4) transparency obligation and China's labelling rules, alongside a cluster of voluntary codes; others reach it only implicitly or are silent. Policy Window records the empirical consensus as contested: jurisdictions have largely converged on requiring disclosure, yet the field is split on whether watermarking survives adversarial removal at scale. This article maps each instrument's treatment with primary-source citations.
Definition & scope
The cross-jurisdiction picture below shows how each of 45 tracked instruments treats this topic. The patterns vary substantially — and 31 regimes are silent, leaving gaps that future policy work could address.
Regulatory approaches: four distinct mechanisms
Although the coverage matrix records eight instruments as governing deepfakes, they reach the topic through markedly different legal modalities, and the verdict labels alone obscure these design choices. Four mechanisms recur. (1) Deployer disclosure: the EU AI Act, Art. 50(4) obliges the deployer of a system generating deepfake image, audio or video to disclose that the content is artificial, with carve-outs for law-enforcement and for artistic, satirical or fictional work (AI Act, Art. 50(4)). (2) Machine-readable marking at the provider level: AI Act Art. 50(2) separately requires providers to mark synthetic outputs in a robust, machine-readable, state-of-the-art format — a technical-provenance duty distinct from the human-facing label (AI Act, Art. 50(2)). (3) Labelling plus distribution-platform verification: China's Measures for Labeling of AI-Generated Synthetic Content (effective 1 Sept 2025) mandate perceptible explicit labels and metadata-embedded implicit labels, and uniquely place a verification-and-flagging duty on content-distribution platforms, not only generators (Measures, Art. 6). (4) Notice-and-takedown: the US TAKE IT DOWN Act requires covered platforms to remove notified non-consensual intimate imagery, including digital forgeries, within 48 hours, enforced by the FTC (TAKE IT DOWN Act, Pub. L. 119-12 (2025), §3). These statutory choices sit atop a fragmented sub-national layer: a thematic analysis of 319 US state deepfake bills (2019-2024) finds a patchwork concentrated on political and sexually-explicit content rather than a coherent federal scheme 1. Takedown-style regimes are themselves contested as insufficient: the UK Online Safety Act 2023 has been read as inadequately addressing non-consensual intimate deepfakes as image-based sexual abuse, leaving enforcement and removal gaps 2. Voluntary provenance commitments (G7 Hiroshima Code §5; White House Voluntary Commitments §5) layer atop these but lack binding force. The mechanisms are not interchangeable: a labelling regime governs honest disclosure; a takedown regime governs removal of identified harm. China's labelling regime in fact predates the 2025 Measures: the 2022 Provisions on the Administration of Deep Synthesis already required deep-synthesis providers to place conspicuous labels on face-generation, face-swapping, face-manipulation and pose-manipulation outputs that significantly alter identity features (Deep Synthesis Provisions, Art. 17). India layers a takedown-and-advisory approach onto data-protection law, with MEITY's March-2024 advisory and the IT Rules 2021 §3(1)(b)(v) deepfake-takedown obligations directing intermediaries to remove synthetic impersonations (MEITY Mar-2024 Advisory + IT Rules 2021 §3(1)(b)(v)). Singapore's non-binding Model AI Governance Framework for Generative AI similarly addresses synthetic media through its content-provenance and synthetic-content-disclosure dimension (Framework Dimension 7).
Definitional contestation: what counts as a deepfake
A recurring fault line precedes enforcement: the term "deepfake" lacks a settled legal meaning, and the boundary it draws determines which content is regulated. The EU AI Act offers the most consequential statutory definition — Art. 3(60) defines a deepfake as AI-generated or manipulated image, audio or video content "that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful" (AI Act, Art. 3(60)). Each qualifier is contested. Łabuz (2025, Policy & Internet) argues that a literal reading of "existing" risks excluding wholly fabricated but realistic personas — synthetic faces of no real individual — from the Art. 50(4) transparency duty, and urges a teleological, purpose-based interpretation to avoid that gap 3. Meding and Sorge (2024) press a complementary problem: the line between "legitimate processing" (routine retouching, colour correction, denoising) and regulated "manipulation" is underspecified, leaving the threshold of artificiality indeterminate 4. The definitional choice has downstream effects: a narrow scope under-includes harmful synthetic media, while a broad scope sweeps in ordinary edits and burdens benign use. US instruments sidestep the abstraction by defining narrowly around harm — the TAKE IT DOWN Act targets "digital forgeries" of intimate imagery rather than deepfakes generally (Pub. L. 119-12 §2). The field has therefore not converged on whether deepfake regulation should key on technique, resemblance, deceptive intent, or downstream harm.
Key fault lines: where jurisdictions and experts diverge
Beyond definition, governance is divided on several structural questions. First, the durability of technical provenance. Policy has converged on watermarking and content credentials, yet the technical literature questions whether they survive adversarial conditions: Zhao et al. (2024, NeurIPS) prove that invisible pixel-level watermarks are removable via diffusion-based regeneration attacks 5, and provenance manifests under the C2PA standard — adopted by Adobe, Google, Meta, OpenAI and camera makers — are stripped by routine re-encoding and screenshotting, recording asserted history rather than verifying authenticity (NSA/CISA, "Content Credentials," 2025). Detection fares no better as a backstop: Harris (2024) argues detector-based solutions depend on scarce institutional trust and risk undermining epistemic autonomy, so purely technological fixes are dim 6. Second, the point of obligation: the EU splits duties between provider (marking) and deployer (disclosure); China additionally conscripts distribution platforms to verify and surface labels on redistributed content (Measures 2025, Art. 6); the US TAKE IT DOWN model loads the duty onto hosting platforms post-publication — a focus on intermediaries that critics say still misses upstream foundation-model providers, the "landlords of creativity" who escape audio-deepfake liability across all three regimes 7. The active US federal lever has also narrowed: Executive Order 14110's §4.5 content-authentication and watermarking directive — which the coverage matrix still records as a (now historical) governing provision — was rescinded on 20 January 2025 by EO 14148, and the successor EO 14179 is silent on synthetic media, leaving the statutory TAKE IT DOWN Act and persisting NIST provenance guidance (rather than a binding federal labelling mandate) as the operative US instruments. Third, transparency versus prohibition: critics argue the AI Act's placement of deepfakes in the limited-risk transparency tier leaves no ban and no victim remedy, treating an information harm as a labelling problem 3. Pending US federal bills — the NO FAKES Act (S.1367, 119th Cong.) on digital replicas and the DEFIANCE Act on non-consensual intimate deepfakes — would instead create property-like and civil-remedy rights, signalling an unresolved divergence over whether deepfakes are best governed as disclosure failures or as actionable wrongs.
Coverage across jurisdictions
Historical primacy & cross-jurisdiction tension
First addressed by Provisions on the Administration of Deep Synthesis of Internet Information Services on (governs). Subsequent regimes have either codified, diverged from, or remained silent on this baseline.
- Forum-shoppingEU AI Act↔Executive Order 14179 — Removing Barriers to American Leadership in AI
- Forum-shoppingExecutive Order 14110 on Safe, Secure, Trustworthy AI↔UK Pro-Innovation Approach to AI Regulation (White Paper)
- Forum-shoppingInterim Measures for Generative AI Service Management↔OECD AI Principles (Recommendation)
Compare jurisdictions: EU vs US · EU vs UK · EU vs CN
Enforcement & impact
Silent regimes — gap signal
Instruments that do not address Deepfakes / Synthetic Content — candidates for future policy work.
- Executive Order 14179 — Removing Barriers to American Leadership in AIUS
- UK Pro-Innovation Approach to AI Regulation (White Paper)UK
- OECD AI Principles (Recommendation)OECD
- Council of Europe Framework Convention on AIcouncil_of_europe
- Bletchley Declaration on AI Safetyglobal
- Seoul Declaration on Safe, Innovative and Inclusive AIglobal
- California SB-1047: Safe and Secure Innovation for Frontier AI Models ActUS
- Brazil AI Bill (PL 2338/2023)BR
- ASEAN Guide on AI Governance and EthicsASEAN
- African Union Continental AI StrategyAfrican_Union
- Anthropic Responsible Scaling Policy (RSP) v2US
- OpenAI Preparedness FrameworkUS
- Google DeepMind Frontier Safety FrameworkUS
- Meta Frontier AI FrameworkUS
- UK-US AI Safety Institute Memorandum of Understandingglobal
- Japan METI AI Guidelines for BusinessJP
- General Data Protection Regulation (GDPR)EU
- EU General-Purpose AI Code of PracticeEU
- OMB Memorandum M-24-10 (Advancing Governance, Innovation, and Risk Management for Agency Use of AI)US
- GSA Generative AI and Specialized Computing Infrastructure Acquisition Resource GuideUS
- DoD Responsible AI Strategy and Implementation PathwayUS
- FedRAMP AI Cloud Procurement GuidanceUS
- DFARS Subpart 252.204 (Safeguarding Covered Defense Information and Cyber Incident Reporting)US
- California SB-53: Transparency in Frontier Artificial Intelligence Act (TFAIA)US
- California SB 243: Companion ChatbotsUS
- Revised Product Liability Directive (Directive (EU) 2024/2853)EU
- UNESCO Recommendation on the Ethics of Artificial IntelligenceUNESCO
- Directive (EU) 2024/2831 on improving working conditions in platform workEU
- New York RAISE Act: Responsible AI Safety and Education ActUS
- Japan AI Promotion Act (Act on the Promotion of Research, Development and Utilization of AI-Related Technologies)JP
- UN Global Digital CompactUN
See also
Further reading
16 academic & grey-literature sources bearing on this topic — catalogued metadata with a primary link; one-line findings are ✦ AI-generated summaries, labeled as such (charter §7.9). Browse the full literature index.
- The Current Landscape of Deepfake Legislation in the United States Peer-reviewed✦ AIThematic analysis of 319 state deepfake bills (2019-2024) finds a fragmented patchwork concentrated on political and sexually-explicit content.
- Reimagining U.S. Tort Law for Deepfake Harms: Comparative Insights from China and Singapore Peer-reviewed✦ AIArgues fragmented US tort doctrines (defamation, publicity, IIED) are ill-suited to deepfake harms and draws remedial lessons from Chinese and Singaporean law.
- A Teleological Interpretation of the Definition of DeepFakes in the EU Artificial Intelligence Act—A Purpose-Based Approach to Potential Problems With the Word 'Existing' Peer-reviewed✦ AIWarns a narrow reading of 'existing' in the AI Act's deepfake definition could exclude synthetic media from transparency duties, urging a teleological interpretation.
- Audio deepfakes and the regulation of the landlords of creativity Peer-reviewed✦ AIArgues US, EU and Chinese regimes fail to assign audio-deepfake liability to 'landlords of creativity' (foundation-model providers) and proposes holding them accountable.
- Human detection of political speech deepfakes across transcripts, audio, and video Peer-reviewed✦ AIExperiments show "audio and visual information enables more accurate discernment than text alone" — humans rely more on how something is said than on transcript content.
- When non-consensual intimate deepfakes go viral: The insufficiency of the UK Online Safety Act Peer-reviewed✦ AIArgues the UK Online Safety Act 2023 inadequately addresses non-consensual intimate deepfakes as image-based sexual abuse, leaving enforcement and takedown gaps.
- AI or Your Lying Eyes: Some Shortcomings of Artificially Intelligent Deepfake Detectors Peer-reviewed✦ AIArgues detector-based solutions depend on scarce institutional trust and risk undermining epistemic autonomy, so purely technological fixes for deepfakes are dim.
- The Liar's Dividend: Can Politicians Claim Misinformation to Evade Accountability? Peer-reviewed✦ AIFive survey experiments (>15,000 US adults) show false 'it's a deepfake/fake news' claims can help politicians retain support, evidencing the liar's dividend.
- Deep fakes and the Artificial Intelligence Act—An important signal or a missed opportunity? Peer-reviewed✦ AICritiques the EU AI Act's placement of deepfakes in the 'limited risk' tier, leaving transparency obligations as the only direct safeguard without bans or victim remedies.
- Non-Consensual Synthetic Intimate Imagery: Prevalence, Attitudes, and Knowledge in 10 Countries Peer-reviewed✦ AISurvey of >16,000 respondents across 10 countries finds NSII victimization/perpetration persists even where specific laws exist, suggesting current laws under-deter.
- Deepfakes and the epistemic apocalypse Peer-reviewed✦ AIArgues deepfake threat to recordings is overstated once social norms are recognised and that policy has been overly focused on technological interventions.
- The Epistemic Threat of Deepfakes Peer-reviewed✦ AIArgues deepfakes pose an epistemic threat because they "reduce the amount of information that videos carry to viewers", undermining knowledge acquired from video evidence.
- Deepfakes and Disinformation: Exploring the Impact of Synthetic Political Video on Deception, Uncertainty, and Trust in News Peer-reviewed✦ AIExperiment finds people "are more likely to feel uncertain than to be misled by deepfakes, but this resulting uncertainty, in turn, reduces trust in news on social media".
- Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security Peer-reviewed✦ AIMaps deepfake harms across privacy, democracy, and national security and evaluates civil, criminal, and regulatory responses as fakes grow "increasingly resistant to detection".
- OECD AI Incidents Monitor, an evidence base for trustworthy AI - OECD.AI Incident database✦ AIOECD tracker of real-world AI incidents and hazards.
- One Hundred Year Study on Artificial Intelligence (AI100) Research institute✦ AIStanford's standing century-long study of AI's societal impact.
References
Sources cited inline in the analysis (linked from the superscript markers), then the primary instrument sources behind the classifications.
- Valentine Ugwuoke and Madelyn Rose Sanfilippo (2025) The Current Landscape of Deepfake Legislation in the United States, Journal of Information Policy. 10.5325/jinfopoli.15.2025.0004 — Thematic analysis of 319 state deepfake bills (2019-2024) finds a fragmented patchwork concentrated on political and sexually-explicit content. ↩
- Beatriz Kira (2024) When non-consensual intimate deepfakes go viral: The insufficiency of the UK Online Safety Act, Computer Law & Security Review. 10.1016/j.clsr.2024.106024 — Argues the UK Online Safety Act 2023 inadequately addresses non-consensual intimate deepfakes as image-based sexual abuse, leaving enforcement and takedown gaps. ↩
- Mateusz Łabuz (2025) A Teleological Interpretation of the Definition of DeepFakes in the EU Artificial Intelligence Act—A Purpose-Based Approach to Potential Problems With the Word 'Existing', Policy & Internet. 10.1002/poi3.435 — Warns a narrow reading of 'existing' in the AI Act's deepfake definition could exclude synthetic media from transparency duties, urging a teleological interpretation. ↩
- arXiv:2412.09961 ↩
- arXiv:2306.01953 ↩
- Keith Raymond Harris (2024) AI or Your Lying Eyes: Some Shortcomings of Artificially Intelligent Deepfake Detectors, Philosophy & Technology. 10.1007/s13347-024-00700-8 — Argues detector-based solutions depend on scarce institutional trust and risk undermining epistemic autonomy, so purely technological fixes for deepfakes are dim. ↩
- Bao Kham Chau and George He (2025) Audio deepfakes and the regulation of the landlords of creativity, Cambridge Forum on AI: Law and Governance. 10.1017/cfl.2025.10011 — Argues US, EU and Chinese regimes fail to assign audio-deepfake liability to 'landlords of creativity' (foundation-model providers) and proposes holding them accountable. ↩
- EU-AIA-2024: Art. 50(4) (disclosure obligation for deep fakes)
- US-EO-14110: §4.5 (content authentication, watermarking) — rescinded 20 Jan 2025 by EO 14148; successor EO 14179 is silent on deepfakes, leaving only NIST provenance artifacts
- CN-GENAI-2023: Art. 12 (labelling) + Deep Synthesis Rules
- G7-HIROSHIMA: Code §5 (content provenance + watermarking)
- UN-RES-2024: References disinformation broadly
- NIST-AI-RMF: GenAI Profile addresses synthetic content
- NIST-AI-RMF-GENAI: NIST AI 600-1 §3.11 Confabulation + §3.10 Information Integrity (synthetic content)
- IN-DPDP-2023: MEITY Mar-2024 Advisory + IT Rules 2021 §3(1)(b)(v) deepfake takedown obligations
- WH-VOLUNTARY-2023: Commitments §5 (watermarking + content provenance for AI-generated content)
- SG-MODEL-AI-2024: Framework Dimension 7 — content provenance + synthetic-content disclosure
- CA-SB-942: 'Deepfake' appears only in the SB 942 Legislative Counsel's Digest (a recital about a separate law), never in operative §§ 22757.1–22757.4; a deepfake produced by a covered provider's GenAI system is nonetheless a subset of the AI-generated image/video/audio reached by the § 22757.3(b) latent-disclosure and § 22757.2 detection duties
- CN-DEEPSYN-2022: Art. 17
- US-TAKEITDOWN-2025: Pub. L. 119-12 — criminalizes nonconsensual intimate 'digital forgeries' (AI deepfakes) of adults and minors and requires covered platforms to remove them within 48 hours; the statute names 'artificial intelligence' in its operative digital-forgery definition
- IT-AILAW-2025: Art. 26(1)(c) inserts new Criminal Code Art. 612-quater: illicit dissemination of AI-generated or altered images/video/voices, without consent, apt to deceive and causing unjust harm — 1 to 5 years' imprisonment (querela-based; ex officio in aggravated cases).
Cite this article 8 formats · BibTeX, RIS, APA, Chicago, … · 1-click copy
Persistent identifier: https://policywindow.org/wiki/deepfakes — committed-stable URL with content-versioning via ?asOf= (rollout pending per methodology §7). DOIs via Zenodo are on the roadmap.
Article tools — track changes, suggest an edit
View history — every captured revision of this article · What links here
14 instruments tracked.
Does governance work? — the social-science evidence
What the peer-reviewed social science shows: whether the harm this topic addresses is empirically real, and whether governance of it works. The badge is the epistemic status of the evidence(not the policy debate) — “thin” or “absent” efficacy evidence is itself a finding (the “second silence”). Each epistemic-status label is Policy Window's editorial assessment of the cited evidence base (a structured classification), not a verdict any single source issues.
The flagship harm — non-consensual sexual deepfakes — is empirically real and sharply gendered: content audits find ~96-98% of deepfake videos online are non-consensual pornography overwhelmingly depicting women, and a pre-registered 10-country survey (>16,000 people) found 2.2% reporting victimization and 1.8% perpetration of synthetic intimate imagery, with documented mental-health, career, and participation harms. By contrast, the parallel claim that political/informational deepfakes UNIQUELY deceive is contested-to-refuted: experiments find deepfakes about as (not more) credible than equivalent text/audio fakes, and a 56-paper meta-analysis (k=137, N=86,155) puts unaided human detection near chance — implying a detection problem more than an exceptional-persuasion one.
Sources: Umbach, Henry, Beard & Berryessa 2024 (CHI '24, 'Non-Consensual Synthetic Intimate Imagery ... in 10 Countries'); Diel et al. 2024 (Computers in Human Behavior Reports 16:100538, deepfake-detection meta-analysis of 56 papers); Barari, Lucas & Munger 2025 (Journal of Politics 87(2), 'Political Deepfakes Are as Credible as Other Fake Media'); Flynn et al. 2022 (British Journal of Criminology, multi-country image-based sexual abuse study)
Direct impact evidence that deepfake governance reduces the targeted harm is sparse and, where it exists, discouraging: the one quasi-experimental evaluation (Cuevas & Horta Ribeiro 2025, synthetic-control across three platforms) found the U.S. TAKE IT DOWN Act's passage plus the MrDeepfakes shutdown did NOT suppress synthetic non-consensual imagery — posting rose above counterfactual baselines and displaced elsewhere. Technical enforcement is likewise unreliable: detectors fail to generalize to unseen generators (notably diffusion models) and are vulnerable to adversarial evasion, with in-the-wild accuracy well below benchmark figures. No rigorous evaluation yet shows a deepfake-specific law, takedown mandate, or watermarking scheme producing a sustained reduction in prevalence or harm.
Sources: Cuevas & Horta Ribeiro 2025 ('Deepfake Pornography is Resilient to Regulatory and Platform Shocks', arXiv:2602.02754); 'Adversarial Reality for Evading Deepfake Image Detectors' (ICCVW 2025); TAKE IT DOWN Act, S.146 / Pub. L. 119-12 (2025); CRS Legal Sidebar LSB11314