Published On: July 13, 2026
Authored By: Malehlohonolo Msibi
Regenesys Business School
Introduction
In 2025, a finance employee in Singapore transferred millions of dollars after participating in a video conference populated entirely by AI-generated deepfake avatars of company executives. The incident illustrated the increasing sophistication of synthetic media and demonstrated how deepfakes can undermine trust in digital communication, democratic institutions, and financial systems. Deepfakes are AI-generated or AI-manipulated audio, visual, or video content designed to realistically imitate real individuals, events, or speech patterns. Despite the rapid escalation of harms associated with synthetic media, global regulatory responses remain fragmented, inconsistent, and largely reactive. Existing cyberlaw frameworks were developed before the rise of generative AI and now struggle to address deepfakes effectively, especially where harmful content spreads rapidly across borders and online platforms.
This article compares regulatory approaches in the European Union, China, the United States, and India, while arguing that existing cyberlaw frameworks remain structurally inadequate for addressing large-scale synthetic media harms.
The Rise of AI-Generated Harm
Misinformation and Electoral Manipulation
The increasing accessibility of generative AI has significantly intensified concerns regarding electoral misinformation and democratic interference. During elections held throughout 2025 and 2026, AI-generated political videos and manipulated audio recordings circulated widely across digital platforms, often depicting candidates making fabricated statements or engaging in fictional conduct. European policymakers warned that deepfakes could undermine democratic participation by distorting public discourse and weakening trust in electoral processes.[1] The speed and realism of synthetic media present particular regulatory challenges because manipulated content frequently spreads faster than verification systems or fact-checking mechanisms can respond. Unlike traditional misinformation, deepfakes create highly convincing fabricated realities capable of influencing public perception before falsity can be established. Governments increasingly view synthetic political media as a threat to democratic trust itself.
Non-Consensual Explicit Content
One of the most damaging uses of deepfake technology has been the proliferation of non-consensual intimate imagery. In 2025, the United States enacted the TAKE IT DOWN Act, criminalising the publication of AI-generated intimate images without consent and imposing takedown obligations upon digital platforms.[2] The legislation followed growing public concern regarding the circulation of fabricated explicit images involving women, celebrities, and minors. Cases involving AI-generated sexual content have demonstrated severe psychological and reputational harm, particularly where victims experience harassment, blackmail, or long-term digital exposure. Although some platforms have strengthened moderation systems, researchers continue to observe the rapid migration of synthetic explicit content to alternative online spaces following enforcement actions or website closures.[3] The continued spread of this material illustrates the limits of reactive legal remedies and the need for preventative regulatory strategies.
Identity Fraud and Reputational Harm
Deepfakes increasingly facilitate sophisticated forms of identity fraud and reputational manipulation. Financial institutions and cybersecurity experts reported dramatic increases in AI-generated impersonation scams throughout 2025, including voice cloning schemes, fraudulent employment interviews, and synthetic executive communications. In one widely publicised incident, criminals used deepfake technology to impersonate senior corporate officials during a virtual meeting, convincing an employee to authorise substantial financial transfers.[4] Beyond financial fraud, deepfakes also threaten reputational integrity by enabling fabricated media portraying individuals engaging in criminal, unethical, or offensive conduct. Existing legal remedies, such as defamation, fraud, or identity theft laws, often fail to provide timely protection because victims face difficulties identifying anonymous perpetrators, securing rapid takedowns, or proving damages after viral dissemination has already occurred. Traditional cyberlaw frameworks were not designed for harms that can now be generated and distributed at this scale.
Emerging Legal Responses: Comparative Analysis
The European Union’s AI Act
The European Union has adopted one of the most comprehensive approaches to AI governance through the EU AI Act. The legislation establishes a risk-based regulatory framework and imposes transparency obligations on AI-generated content, including deepfakes. Article 50 of the AI Act requires deployers of AI systems generating manipulated image, audio, or video content to disclose that the material has been artificially generated or altered.[5] Several provisions became enforceable in February 2025, while additional transparency obligations relating specifically to synthetic media are expected to become fully operational by August 2026.[6]
The EU framework prioritises preventative governance through accountability, transparency, and risk mitigation obligations. The AI Act also interacts with the Digital Services Act (“DSA”), which requires large online platforms to assess and mitigate systemic risks associated with harmful AI-generated content.[7] However, implementation challenges remain significant. Critics argue that watermarking technologies and disclosure obligations may prove technically unreliable, particularly as generative AI systems become increasingly sophisticated.[8] Furthermore, exemptions for artistic, satirical, or fictional content may create regulatory loopholes capable of exploitation by malicious actors seeking to evade compliance requirements.
China’s Deep Synthesis Regulations
China has adopted a significantly stricter and more centralised approach through its Deep Synthesis Provisions and related cybersecurity regulations. Chinese regulators require AI-generated content to contain visible labels and embedded metadata identifying synthetic origin. In 2025, the Cyberspace Administration of China strengthened enforcement obligations by mandating clearer disclosure standards across AI-generated text, audio, video, and virtual environments.[9] Platforms and AI providers must additionally verify user identities, maintain traceability systems, and prevent synthetic content that threatens national security or social stability.
China’s approach is comparatively effective in enforcement because it imposes direct obligations on technology companies rather than relying solely on post-harm litigation. However, the Chinese model raises substantial concerns regarding censorship, surveillance, and state control over digital expression. Critics argue that broad governmental oversight powers may enable authorities to suppress political speech under the justification of combating synthetic misinformation. Consequently, while China demonstrates strong regulatory capacity, its governance framework prioritises state security and information control over individual freedoms and open digital expression.
The United States’ Fragmented Approach
Unlike the EU and China, the United States lacks a unified federal framework governing deepfakes. Regulation remains fragmented across state legislation, platform policies, and sector-specific laws. States such as California, Texas, and New York have introduced legislation targeting election-related deepfakes and non-consensual synthetic pornography, while Congress enacted the TAKE IT DOWN Act in 2025 to address AI-generated intimate imagery.[10] Despite these developments, no comprehensive federal AI law currently regulates deepfake technologies.
Much of the US approach is shaped by First Amendment protections around political speech, including satire, parody, and artistic expression. California’s AB 2655 illustrates this tension, as state-level attempts to regulate election-related deepfakes have already faced constitutional scrutiny. Legislators remain cautious about imposing broad restrictions capable of infringing political speech, satire, parody, or artistic creativity. Consequently, US regulation tends to address harms after they occur rather than imposing preventative obligations upon AI developers or platforms. This reactive structure creates substantial enforcement gaps concerning misinformation, impersonation fraud, and synthetic manipulation. The absence of consistent federal standards additionally generates uncertainty for courts, technology companies, and victims seeking legal remedies.
India’s Emerging Response under the IT Rules
India has begun responding to deepfake harms through amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. In 2025, the Ministry of Electronics and Information Technology (MeitY) issued an advisory requiring AI models and deepfake-generating platforms to label synthetic content with permanent metadata and visible identifiers. Furthermore, Rule 3(1)(b)(vii) of the IT Rules now restricts intermediaries from hosting content involving impersonation or deceptive identity use intended to cause harm, harassment, or reputational damage. This reflects India’s broader attempt to regulate synthetic media through intermediary obligations rather than standalone AI legislation.[11]
Despite these developments, India’s framework remains limited. The Information Technology Act, 2000 was enacted before generative AI emerged and lacks provisions specifically addressing synthetic media. Intermediary safe harbour provisions under Section 79 continue to shield platforms unless they receive actual knowledge from a court or government order, a threshold too slow for viral deepfakes. Civil remedies for deepfake victims remain uncertain because Indian courts have not yet established clear precedents on AI-generated defamation or non-consensual intimate imagery. Consequently, India faces tensions similar to those of other jurisdictions: balancing rapid takedown obligations against freedom of expression while operating within an outdated statutory framework.
Platform Liability and Content Moderation
Platform liability remains one of the most contentious issues within deepfake governance. In the European Union, the DSA imposes proactive obligations upon large online platforms to identify and mitigate systemic risks associated with harmful AI-generated content.[12] Conversely, US platforms continue to benefit substantially from Section 230 of the Communications Decency Act, which broadly shields intermediaries from liability for user-generated content.[13] Critics argue that Section 230 allows platforms to avoid accountability despite algorithmically amplifying manipulated content for engagement and profit.
However, imposing excessive liability upon platforms may incentivise over-censorship and threaten legitimate forms of artistic, political, or journalistic expression. Platforms also face technical difficulties accurately identifying AI-generated media, particularly as generative systems become increasingly realistic. These tensions demonstrate the broader challenge of balancing digital safety with freedom of expression and open internet principles.
Constitutional and Structural Limitations of Existing Frameworks
Deepfake regulation creates significant tensions between freedom of expression and digital safety. Governments increasingly confront the challenge of regulating deceptive synthetic media without undermining legitimate political speech, satire, journalism, or artistic creativity. In the United States, First Amendment protections complicate efforts to prohibit deepfakes broadly because certain forms of manipulated content may constitute protected expression. Similarly, the EU acknowledges that excessive moderation or disclosure obligations may interfere with creative freedom and democratic participation.[14]
Existing cyberlaw frameworks are additionally limited because they primarily regulate the consequences of digital harms rather than the generative systems producing them. India’s Information Technology Act, 2000, for example, was developed before the emergence of generative AI and therefore struggles to regulate deepfake impersonation, synthetic misinformation, and AI-generated explicit imagery effectively.[15] Traditional legal remedies concerning fraud, defamation, obscenity, or harassment remain relevant but often fail to provide sufficiently rapid intervention before harmful content spreads widely online.
These limitations raise an important legal question: should deepfakes be governed through AI-specific legislation or incorporated into broader AI governance frameworks? AI-specific regulation allows lawmakers to target unique harms associated with synthetic media through watermarking obligations, provenance requirements, and disclosure mandates. Broader AI governance frameworks may provide greater coherence but could inadequately address the distinctive social and psychological harms associated with deepfake abuse.
Recommendations for a Rights-Based Global Governance Framework
A rights-based global governance framework should combine technological accountability, victim protection, and international cooperation.
First, governments should implement mandatory watermarking and provenance disclosure obligations for AI-generated content. Such measures would improve transparency and assist journalists, platforms, and users in identifying manipulated media. The EU AI Act’s transparency obligations may provide a useful model for international harmonisation.[16]
Second, states should establish cross-border enforcement mechanisms addressing the transnational nature of synthetic media harms. Deepfakes frequently circulate across jurisdictions, making purely domestic enforcement ineffective. International cooperation through the United Nations and UNESCO could facilitate standardised reporting systems, investigative collaboration, and interoperable regulatory standards.[17]
Third, lawmakers should establish accessible victim redress mechanisms, including expedited takedown procedures, psychological support services, and compensation funds for victims of non-consensual synthetic abuse. Existing legal systems frequently impose excessive procedural burdens on victims while harmful content continues circulating online.
Finally, platform governance obligations should require major technology companies to adopt transparent moderation systems, conduct algorithmic risk assessments, and cooperate with independent oversight bodies. Nevertheless, such obligations must remain proportionate to avoid unjustified restrictions upon freedom of expression and legitimate digital creativity.
Conclusion
Deepfakes have exposed major weaknesses in legal systems developed before the rise of generative AI. Comparative analysis demonstrates that jurisdictions continue to balance digital safety, platform accountability, and freedom of expression in different ways. While the EU emphasises transparency and preventative governance, China prioritises enforcement and state control, and the United States remains constrained by constitutional free speech protections. India has taken initial regulatory steps but still operates within an outdated statutory framework. As synthetic media technologies become increasingly accessible, effective regulation will depend upon internationally coordinated, rights-based governance mechanisms capable of responding to rapidly evolving digital harms.
References
[1] European Parliamentary Research Service, Generative AI and Disinformation Risks in Elections (European Parliament 2025).
[2] TAKE IT DOWN Act 2025 (US).
[3] Vera Schmitt and others, ‘Transparency as Architecture: Structural Compliance Gaps in EU AI Act Article 50 II’ (2026) arXiv <https://arxiv.org/abs/2603.26983> accessed 12 May 2026.
[4] Reuters, ‘AI Deepfake Fraud Cases Increase Globally in 2025’ (Reuters, 18 February 2025) <https://www.reuters.com> accessed 12 May 2026.
[5] Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence [2024] OJ L 2024/1689, art 50.
[6] European Commission, ‘AI Act Timeline and Enforcement Provisions’ (2025) <https://artificialintelligenceact.eu> accessed 12 May 2026.
[7] Regulation (EU) 2022/2065 of the European Parliament and of the Council on a Single Market for Digital Services [2022] OJ L277/1.
[8] Schmitt and others (n 3).
[9] Cyberspace Administration of China, ‘Measures for the Labelling of Artificial Intelligence Generated Synthetic Content’ (CAC 2025).
[10] TAKE IT DOWN Act 2025 (US).
[11] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (India), Rule 3(1)(b)(vii).
[12] Regulation (EU) 2022/2065 of the European Parliament and of the Council on a Single Market for Digital Services [2022] OJ L277/1.
[13] Communications Decency Act, 47 USC § 230 (1996).
[14] European Parliamentary Research Service (n 1).
[15] Information Technology Act 2000 (India).
[16] Regulation (EU) 2024/1689, art 50 (n 5).
[17] UNESCO, Recommendation on the Ethics of Artificial Intelligence (UNESCO 2025) <https://unesco.org/ai-ethics> accessed 12 May 2026.
