Deepfakes ignite a policy sprint for online harm

Deepfakes are no longer lab toys; they’re policy flashpoints. In a Lawfare interview, Melissa Hutchins, founder and CEO of Certifi AI, explains how synthetic media is changing the threat landscape for individuals, platforms, and policymakers alike. The conversation centers on non-consensual sexually explicit imagery, the rising urgency to detect and govern synthetic abuse, and how a patchwork of laws across states complicates a unified response. Hutchins speaks from both professional and personal experience, noting her own cyberstalking ordeal as a reminder that policy must translate into real protections.

The scene Hutchins sketches is a battlefield of scale and speed. As synthetic media tools grow more accessible, the volume and variety of abuse proliferate. Deepfakes can be created quickly, distributed at scale, and tailored to target individuals in ways that are hard to counter without rapid, reliable detection and swift takedown. The mounting risk is personal for victims, but it also stretches the resources and obligations of platforms that host user content and the policymakers who oversee safety standards. The takeaway, she suggests, is not just technical prowess but a coherent governance playbook that can work across jurisdictions and business models.

A central pillar of the debate is the Take It Down Act, a policy proposal discussed in the interview, which signals a move toward clearer platform obligations to remove abusive synthetic content. The proposal sits against a broader challenge: a fragmented patchwork of state AI laws that creates a risky compliance maze for any platform operating in multiple states. For compliance teams and tech leaders, the practical implication is simple but uncomfortable: the rulebook is evolving, and the clock is ticking on how quickly platforms can adapt across regions with different standards for detection, verification, and removal.

Seattle is an unlikely cradle for a global AI governance push in Hutchins' telling. She notes that building an AI company outside the traditional Silicon Valley orbit brings different pressures and incentives, from talent pools to regulatory climates, and that this geography can shape how products are designed, tested, and brought to market. The point is not where a company sits, but how quickly its tooling can scale to identify synthetic abuse while respecting users' rights and privacy.

Two to four practitioner-focused threads emerge from the discussion. First, the tension between effective detection and false positives. If moderation tools sweep too aggressively, legitimate content can be harmed and user trust can erode; if they miss deepfakes, victims remain exposed. Second, the enforcement question. What penalties or takedown mechanisms apply, who bears the responsibility for verification, and how can cross-border cooperation be coordinated when content travels instantly across jurisdictions? Third, the operational burden on platforms. Compliance deadlines, ongoing risk assessments, and transparent reporting become core parts of product roadmaps rather than afterthoughts. Finally, the broader incentives for industry players. A coherent regulatory path can drive investment in better detection, standardized reporting, and safer user experiences, but only if policymakers align on definitions and consequences.

The interview underscores a central truth for compliance officers and tech leaders: the governance of synthetic abuse requires both technical capability and policy clarity. The path forward will demand scalable detection tools, predictable enforcement, and a governance rhythm that can keep pace with advances in generation capabilities. Hutchins’ experience and insight push the field toward a more principled, faster-acting framework that protects victims while giving platforms a workable playbook for risk management.