How Platforms Regulate AI Content

AI is not unregulated anymore. It’s becoming one of the most governed technologies in the world. And most businesses are not ready for it. Because AI is no longer experimental - it’s making real decisions in hiring, finance, healthcare, and security. Here’s what every business needs to understand 👇 Why AI regulation matters: Bias. Data misuse. Lack of accountability. These aren’t technical issues anymore - they’re legal and business risks. The global shift: Governments are moving fast with structured frameworks. Risk-based classification. Transparency requirements. Clear accountability. This is no longer optional. Key regulations shaping AI globally: - EU AI Act (Europe) Risk-based AI classification. High-risk systems require strict compliance. Some use cases are banned entirely. - GDPR (Europe) User consent. Data protection. Right to explanation. Privacy is now a design requirement. - NIST AI Framework (US) A practical approach to managing AI risks across the lifecycle. Helps companies operationalize governance early. - Executive Orders (US) Focus on safety testing, responsible deployment, and fairness in AI systems. Signals stricter laws ahead. - China AI Regulations Strict centralized control. Mandatory algorithm registration. Strong enforcement and compliance checks. - Singapore AI Model Flexible, business-friendly governance focused on transparency, explainability, and accountability. - OECD AI Principles Global baseline for AI policy - human-centered, fair, and accountable systems. - ISO/IEC Standards Standardizing AI practices globally - risk management, lifecycle governance, and reliability. - Algorithmic Accountability Laws Bias audits. Risk assessments. Documentation. Businesses must prove their AI is fair. - Global Data Protection Laws GDPR, CCPA, DPDP - data compliance is now core to AI systems. What businesses must do now: AI governance is no longer a technical add-on. It’s a core business function. → Build internal governance frameworks → Ensure transparency and accountability → Implement monitoring, audits, and documentation 💡 The big reality: AI is no longer unregulated innovation. It’s a regulated system with global oversight. The companies that win won’t be the fastest. They’ll be the most trusted. Because the future belongs to businesses that build compliant, responsible, and trustworthy AI systems.

The European Commission published its first draft of the “Code of Practice on Transparency of AI‑Generated Content” designed as a tool to help organizations demonstrate alignment with the transparency requirements (Art. 50) of the AI Act. Article 50 of the AI Act includes obligations for providers to mark AI-generated or manipulated content in a machine-readable format, and for users who deploy generative AI systems for professional purposes to clearly label deepfakes and AI-text publications on matters of public interest. The document is divided into two sections. The first section covers rules for marking and detecting AI content, applicable to providers of generative AI systems, including to: - Use a Multi‑layered machine-readable marking of AI‑generated content - Use imperceptible watermarks interwoven within content - Adopt a digitally signed “manifest/provenance certificate” for content that can’t securely carry metadata - Offer free detection interfaces/tools, including confidence scoring, and complementary forensic detection that does not rely on active marking - Test against common transformations and adversarial attacks - Use open standards and shared/aggregated verifiers to enable cross-platform detection and lower compliance friction The second section covers labelling deepfakes and certain AI-generated or manipulated text on matters of public interest and is applicable to deployers of generative AI systems, including: - Deepfake labelling - Modality‑specific labelling rules for real-time video, non-real-time video, images, multimodal content, and audio-only - Operational governance: encourages internal compliance documentation, staff training, accessibility measures, and mechanisms to flag and fix missing/incorrect labels.

On September 1, China became the first country in the world to enforce a comprehensive AI content labeling system. Every piece of AI-generated content - text, images, audio, video, even virtual environments - must now carry two identifiers: 🔹 a visible mark for the user (e.g., “AI-generated”) 🔹 a hidden watermark embedded in metadata Visible labels inform people. Hidden watermarks make manipulation harder. Together, they create the first large-scale infrastructure for AI traceability - deployed across platforms that reach over a billion users daily. Technically, this is groundbreaking because: ✔️ It standardises watermarking at file level, making every AI asset traceable across platforms. ✔️ It forces real-time compliance at scale: platforms must scan, tag, and log billions of uploads, retaining records for six months. ✔️ Even if a visible label is cropped, the metadata watermark persists. But this isn’t only about technology. It’s also about control. 📌 The law is under the Qinglang campaign against misinformation & fraud. 📌 Yet analysts warn it also strengthens censorship: by branding content as “AI-generated,” authorities can discredit inconvenient narratives and push platforms toward over-policing. In other part of the world: 🔸 The EU’s AI Act mandates AI labeling, but with exceptions for satire and art, aiming to protect trust while safeguarding free expression. 🔸 The US relies on voluntary watermarking pledges by OpenAI, Google, and Meta under a 2023 White House initiative. Why it matters globally China has operationalised what others are still debating - a nationwide AI authenticity standard. The technical infrastructure proves it’s possible. The political implications remind us about its risks. #AI #AIGovernance #DigitalSovereignty #Innovation #Stratedge

I just published a piece exploring in Tech Policy Press how far AI-powered content classification has come—and what that means for platform accountability. LLM-based systems like CoPE (the 9B parameter model Samidh Chakrabarti and I developed at Zentropi) can now interpret policy documents with accuracy matching GPT-4o, at sub-200ms latency on consumer hardware. Policy changes that used to require months of retraining and relabeling? Now they're document edits. As a demonstration of this, I built a labeler to block requests for AI-generated non-consensual intimate imagery. It took about an hour—30 minutes to a first draft, another 30 refining edge cases. It handles euphemistic language, hypothetical framing, multilingual variants. This is just one example, but the broader implication is clear - when platforms fail to address foreseeable harms, that's increasingly a choice rather than a technical constraint. The bottleneck of policy interpretation - one of the historically legitimate reasons this work was so hard - is being broken down.. We have a long way to go. But the excuses for inaction are fading fast. https://lnkd.in/dHH3Bmzs

On September 1, 2025, China's new mandatory national standard for AI-generated content labeling (GB 45438-2025) took full effect. The law mandates that every piece of high-risk AI-generated content, from a deepfake video to a synthesized voice clip, must carry both:    • A visible, prominent label    • A persistent, hidden watermark This forced platforms like WeChat and Douyin to be proactive. They must scan, tag, and log a torrent of content, ensuring its origin is traceable. Meanwhile, in the West, social media platforms from Meta to X and YouTube have largely relied on a patchwork of unenforced voluntary commitments. While they are implementing "Made with AI" labels and some auto-detection, the system is fundamentally broken because it is not universal. • 𝗩𝗼𝗹𝘂𝗻𝘁𝗮𝗿𝘆 𝗣𝗹𝗲𝗱𝗴𝗲𝘀 𝗔𝗿𝗲𝗻'𝘁 𝗔𝗹𝘄𝗮𝘆𝘀 𝗙𝗼𝗹𝗹𝗼𝘄𝗲𝗱: There is no legal mandate to enforce labeling on content from external, open-source AI models, nor is there unified, cross-platform cooperation. • 𝗧𝗵𝗲 𝗕𝘂𝗿𝗱𝗲𝗻 𝗶𝘀 𝗼𝗻 𝗨𝘀𝗲𝗿𝘀: Policies often require users to manually disclose when they upload certain AI-generated content. If they don't, the content will remain unlabeled. • 𝗖𝗼𝗻𝗳𝘂𝘀𝗶𝗼𝗻 𝗙𝗹𝗼𝘂𝗿𝗶𝘀𝗵𝗲𝘀: The result is that the sheer volume of content, combined with a lack of standardized, enforced labeling, allows ambiguity to thrive and makes misinformation harder to fight. China's move is a powerful case study. It proves that a comprehensive, end-to-end AI traceability system is technically possible and can be deployed at a massive scale. The crucial question is whether the West, valuing free expression and innovation, can achieve the same level of transparency without resorting to a centralized, government-mandated model. We have the tools, but do we have the will? https://lnkd.in/eeG4NkGj #AI #ArtificialIntelligence #watermarking #Regulation #Technology #Policy #DigitalEthics

Europe made history in 2024. India should pay attention. The European Union passed the AI Act – the world’s first comprehensive law to regulate Artificial Intelligence. Approved by the European Parliament in March 2024 and taking effect in August 2024, this landmark legislation is already being referred to as the “GDPR of AI” 【EU Parliament, 2024】. I was speaking with a few media houses and was surprised to learn that they don't have an AI policy at the institutional level yet. Why does this matter outside Europe? Because just like GDPR reshaped global data practices, the AI Act is set to influence how AI is built and deployed worldwide – including in India. What does the EU AI Act do? 1. Transparency first → Chatbots must disclose they’re bots. No pretending to be human. 2. Labels on AI content → Deepfakes, AI images/videos must carry clear disclaimers or watermarks. 3. Bans on misuse → No “social scoring,” no exploiting vulnerabilities (e.g., AI toys nudging kids into harm). 4. Strict oversight for high-risk AI → Systems that decide loans, diagnose X-rays, or shortlist CVs must undergo fairness, bias, and accuracy checks with human oversight. This risk-based framework (unacceptable, high, limited, minimal risk) balances innovation with protection. And India? Unlike the EU, India doesn’t yet have an AI-specific law. But several steps have been taken: ✅ National Strategy for AI (2018) ✅Principles for Responsible AI (2021) ✅Digital Personal Data Protection Act (2023) ✅Advisories on AI labelling and consent by MeitY ✅The launch of INDIAai, a national AI portal (2024)* Still, our frameworks remain fragmented. With AI increasingly shaping governance, education, health, and financial systems, India needs a clear, comprehensive regulatory path. The EU’s AI Act shows that regulation is not about slowing innovation – it’s about building trust. For a diverse and fast-scaling country like India, a rights-first, innovation-friendly approach isn’t optional; it’s urgent. What do you think: Should India borrow from the EU’s framework, or design its own model rooted in our unique realities? *link in comment. #ArtificialIntelligence #EUAIAct #India #DigitalIndia #30dayWritingChallenge #AI #AiwithAdira

𝐀𝐈 𝐢𝐬 𝐦𝐨𝐯𝐢𝐧𝐠 𝐟𝐚𝐬𝐭. Regulation is moving faster. If you’re building or deploying AI in Europe (or touching EU users), compliance isn’t optional anymore. It’s part of your product architecture. 𝐇𝐞𝐫𝐞’𝐬 𝐚 𝐩𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐨𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝟑𝟎 𝐀𝐈 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐌𝐮𝐬𝐭-𝐊𝐧𝐨𝐰𝐬 𝐚𝐜𝐫𝐨𝐬𝐬 𝐭𝐡𝐞 𝐄𝐔 𝐀𝐈 𝐀𝐜𝐭 𝐚𝐧𝐝 𝐆𝐃𝐏𝐑 — 𝐬𝐢𝐦𝐩𝐥𝐢𝐟𝐢𝐞𝐝 𝐢𝐧𝐭𝐨 𝐭𝐡𝐫𝐞𝐞 𝐥𝐚𝐲𝐞𝐫𝐬 👇 Layer 1: EU AI Act (Core Requirements) Classify your AI, avoid prohibited use, add human oversight, ensure transparency, and maintain documentation, risk controls, logging, and robustness. Layer 2: GDPR (Privacy & Data Protection) Use lawful processing, collect consent, limit and minimize data, anonymize PII, and respect user rights like access, deletion, and portability. Layer 3: LLM / Agent-Specific Compliance Control prompt data, block PII, manage RAG access, track training sources, moderate content, reduce hallucinations, and prepare incident response. The takeaway: AI compliance isn’t paperwork. It’s engineering. If you want production-ready AI in regulated environments, you need governance built into: ✅ your models ✅ your data pipelines ✅ your agents ✅ your monitoring systems ✅ your user experiences Do this right, and you ship AI with confidence. Ignore it, and risk becomes your product. Save this if you’re working on enterprise AI. Share it with your legal, product, or engineering teams. This is how compliant AI gets built. ♻️ Repost this to help your network get started ➕ Follow Prem N. for more

🚨 The Take It Down Act just raised the stakes for platforms. A felony case in Eau Claire County is testing a new state law: six charges filed for AI-generated child abuse images, entirely synthetic. This is the kind of case that sets a precedent. I’ve been digging into how the Take It Down Act changes the game. Here’s what matters: Platforms must remove AI-generated “digital forgeries” of minors within 48 hours of a valid takedown request, or face FTC enforcement. The law doubles the stakes: individuals who publish face criminal charges; platforms must build real removal workflows or risk regulatory action. It’s not only for US-based platforms; if you're serving US users, you’re in the crosshairs too. Add to that the reality on the ground: The Internet Watch Foundation confirmed 1,286 AI-generated CSAM videos in just the first half of 2025, up from just 2 last year, and over 1,000 were category A (the worst of the worst). The law hinges on reactive takedowns. It’s step one. We also need real-time AI-centric detection tools, built-in escalation, and workflows that reflect this legal train that's already left the station. If you haven’t already, hit that launch button on your detection roadmap. The future of platform liabilities just got much more urgent. #TrustAndSafety #AICompliance #DeepfakeDetection #ContentModeration #ChildSafety

The U.S. Senate just sent a very loud message to Big Tech: “𝐘𝐨𝐮𝐫 𝐀𝐈 𝐠𝐮𝐚𝐫𝐝𝐫𝐚𝐢𝐥𝐬 𝐚𝐫𝐞 𝐟𝐚𝐢𝐥𝐢𝐧𝐠 𝐚𝐧𝐝 𝐰𝐞 𝐰𝐚𝐧𝐭 𝐩𝐫𝐨𝐨𝐟 𝐲𝐨𝐮’𝐫𝐞 𝐟𝐢𝐱𝐢𝐧𝐠 𝐢𝐭.” 𝐂𝐚𝐬𝐞 𝐨𝐯𝐞𝐫𝐯𝐢𝐞𝐰 Eight U.S. senators formally questioned 𝐗, 𝐌𝐞𝐭𝐚, 𝐀𝐥𝐩𝐡𝐚𝐛𝐞𝐭, 𝐒𝐧𝐚𝐩, 𝐑𝐞𝐝𝐝𝐢𝐭, 𝐚𝐧𝐝 𝐓𝐢𝐤𝐓𝐨𝐤. The focus? Non-consensual, sexualized deepfakes. Across 𝐜𝐨𝐧𝐭𝐞𝐧𝐭 and 𝐀𝐈 𝐩𝐫𝐨𝐝𝐮𝐜𝐭𝐬. 𝐖𝐡𝐚𝐭 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐬 𝐚𝐫𝐞 𝐚𝐬𝐤𝐢𝐧𝐠 𝐟𝐨𝐫 Not statements. Not policies. Not blog posts. They want 𝐞𝐯𝐢𝐝𝐞𝐧𝐜𝐞. ➤ Internal documentation ➤ How images are created ➤ How they’re detected ➤ How moderation works ➤ How monetization is blocked This goes far beyond PR. 𝐓𝐡𝐞 𝐭𝐫𝐢𝐠𝐠𝐞𝐫 𝐆𝐫𝐨𝐤 came under scrutiny after reports it generated sexualized images, including of minors. That triggered attention from lawmakers. And an investigation by California’s AG. 𝐖𝐡𝐲 𝐭𝐡𝐢𝐬 𝐦𝐚𝐭𝐭𝐞𝐫𝐬 This is no longer a content moderation issue. It’s now: ✓ Product design ✓ AI governance ✓ Compliance at the model layer If your system can generate harm, you own the risk. 𝐓𝐡𝐞 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐬𝐡𝐢𝐟𝐭 The 𝐓𝐚𝐤𝐞 𝐈𝐭 𝐃𝐨𝐰𝐧 𝐀𝐜𝐭 criminalizes non-consensual sexualized imagery. States like New York are pushing: ➤ Mandatory AI labels ➤ Election-period deepfake bans The direction is clear. 𝐓𝐡𝐞 𝐫𝐞𝐚𝐥 𝐭𝐚𝐤𝐞𝐚𝐰𝐚𝐲 This feels like the early days of data privacy. Except now, it’s about: People’s bodies. Identities. Democracy. The bar has moved from: “𝐖𝐞 𝐡𝐚𝐯𝐞 𝐫𝐮𝐥𝐞𝐬” to “𝐖𝐞 𝐜𝐚𝐧 𝐩𝐫𝐨𝐯𝐞 𝐚𝐛𝐮𝐬𝐞 𝐝𝐨𝐞𝐬𝐧’𝐭 𝐬𝐜𝐚𝐥𝐞.” 𝐂𝐲𝐛𝐞𝐫 𝐑𝐢𝐬𝐤 𝐩𝐞𝐫𝐬𝐩𝐞𝐜𝐭𝐢𝐯𝐞: Deepfakes are now a systemic threat, not an edge case 𝐖𝐡𝐚𝐭 𝐦𝐚𝐧𝐝𝐚𝐭𝐨𝐫𝐲 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐠𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐬 𝐬𝐡𝐨𝐮𝐥𝐝 𝐞𝐯𝐞𝐫𝐲 𝐀𝐈 𝐩𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐝𝐞𝐩𝐥𝐨𝐲 𝐭𝐨 𝐝𝐞𝐭𝐞𝐜𝐭 𝐚𝐧𝐝 𝐜𝐨𝐧𝐭𝐚𝐢𝐧 𝐝𝐞𝐞𝐩𝐟𝐚𝐤𝐞 𝐚𝐛𝐮𝐬𝐞 𝐚𝐭 𝐬𝐜𝐚𝐥𝐞? Curious where you’d draw the hard line 👇 -------------- Hi, I'm Harris D. Schwartz, 𝐅𝐫𝐚𝐜𝐭𝐢𝐨𝐧𝐚𝐥 𝐂𝐈𝐒𝐎 𝐚𝐧𝐝 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐋𝐞𝐚𝐝𝐞𝐫. I help CEOs and executive teams strengthen their security posture and build resilient, compliant organizations. With 𝟑𝟎+ 𝐲𝐞𝐚𝐫𝐬 𝐚𝐜𝐫𝐨𝐬𝐬 𝐍𝐈𝐒𝐓, 𝐈𝐒𝐎, 𝐏𝐂𝐈, 𝐚𝐧𝐝 𝐆𝐃𝐏𝐑, I know how the right security decisions reduce risk and protect growth. If you are planning how your security program needs to evolve in 2026, this is the right time to have that conversation. #AI #AIGovernance #Deepfakes #ProductLeadership #TechPolicy #cybersecurity #security #aifrauds #riskmanagement

🚨 BREAKING: China's new law on generative AI transparency entered into force, and it's surprisingly MORE detailed than the EU AI Act's provisions on the topic. Other countries should take note! Key obligations: "Article 4: (...) I. Adding text prompts or general symbol prompts or other signs at the beginning, end, or appropriate position in the middle of the text, or adding prominent prompt signs in the interactive scene interface or around the text; II. Adding voice prompts or audio rhythm prompts or other signs at the beginning, end, or appropriate position in the middle of the audio, or adding prominent prompt signs in the interactive scene interface; III. Add prominent warning signs at appropriate locations on the images; IV. Add prominent warning signs at the beginning of the video and at appropriate locations around the video. Prominent warning signs may be added at appropriate locations at the end and in the middle of the video. V. When presenting a virtual scene, a prominent reminder logo shall be added at an appropriate location on the starting screen, and a prominent reminder logo may be added at an appropriate location during the continuous service of the virtual scene; VI. Other generated synthetic service scenarios shall add prominent prompt signs based on their own application characteristics. When service providers provide functions such as downloading, copying, and exporting generated synthetic content, they should ensure that the files contain explicit identification that meets the requirements." (...) Article 7: When reviewing applications for listing or online release, Internet application distribution platforms shall require Internet application service providers to state whether they provide AI-generated synthesis services. If Internet application service providers provide AI-generated synthesis services, Internet application distribution platforms shall verify the materials related to the identification of their generated synthetic content. Article 8: Service providers shall clearly state the methods, styles and other specifications for generating synthetic content identifiers in the user service agreement, and prompt users to carefully read and understand the relevant identifier management requirements." - - The law is titled "Measures for Identifying Artificial Intelligence-Generated Synthetic Content," and it became applicable on September 1st. - This law's provisions are more detailed and descriptive than the EU AI Act's rules on the topic. As I've written a few times in my newsletter, if lawmakers create transparency rules that are too vague and not context-specific, companies and individuals will simply bypass them through 'formalistic tricks.' - 👉 Subscribe to my weekly newsletter and join 76,700+ people who NEVER MISS my curations and insights on AI law & policy. 👉 To learn more about AI Governance, join the 25th cohort of my training program in November (the last cohort of the year!) - link below.