Executive Summary

The UK Government is taking a significant legislative step to combat the rise of abusive AI-generated content. On February 6, 2026, Section 138 of the Data (Use and Access) Act 2025 will come into force, officially making it a criminal offense to create or request the creation of a 'purported intimate image' of an adult without their consent. This law directly targets the creation of so-called 'deepfake' pornography, where AI is used to realistically map a person's face onto an explicit image or video. This amendment to the Sexual Offences Act 2003 is a landmark move to adapt existing laws to the challenges posed by modern AI technologies.

Regulatory Details

• Legislation: Data (Use and Access) Act 2025 (Section 138)
• Amends: Sexual Offences Act 2003
• Effective Date: February 6, 2026
• Jurisdiction: United Kingdom

Key Provisions: The law criminalizes the act of creating, or even requesting someone else to create, an image that appears to be an intimate picture of an adult, where that adult has not consented to its creation. This is a crucial distinction, as it targets the creation itself, not just the distribution. It addresses the harm caused by the very existence of such an image, regardless of whether it is widely shared.

The term 'purported intimate image' is used to cover images that look real but are entirely fabricated by AI.

Affected Organizations

This law primarily affects individuals who create or solicit such content. However, it also has implications for:

• Technology Companies: Platforms and services that could be used to generate or distribute deepfake content may face increased pressure to implement technical safeguards and content moderation policies.
• Law Enforcement: Police and prosecutors will now have a specific legal instrument to charge individuals involved in creating this type of abusive material.

Compliance Requirements

For individuals, the compliance requirement is simple: do not create or solicit the creation of non-consensual intimate images of others. For technology platforms, while not directly regulated by this specific section, there is an implicit expectation to cooperate with law enforcement and take proactive steps to prevent their services from being abused for these illegal purposes, in line with broader regulations like the UK's Online Safety Act.

Implementation Timeline

The Data (Use and Access) Act 2025 (Commencement No.5) Regulations 2026 were made on January 15, 2026, and they stipulate that Section 138 will come into force on February 6, 2026.

Impact Assessment

This law is a significant step towards protecting individuals, particularly women who are disproportionately targeted, from a modern form of sexual abuse and harassment. The psychological harm, reputational damage, and distress caused by the creation and spread of non-consensual deepfake images can be profound. By criminalizing the act of creation, the law aims to create a strong deterrent. It provides a clear legal pathway for victims to seek justice and holds perpetrators accountable for their actions, recognizing that the use of AI to fabricate abusive content is a serious offense.

Enforcement & Penalties

As an amendment to the Sexual Offences Act 2003, individuals found guilty under this new provision will face criminal penalties, which could include fines and imprisonment, depending on the severity and circumstances of the offense.