The European Union Bans AI Systems That Generate Non-Consensual Intimate Imagery
The European Union has agreed to ban AI systems that generate non-consensual intimate imagery, adding nudifier apps to its list of prohibited AI practices under the Digital Omnibus on AI. Companies have until 2 December 2026 to comply. The move represents a rare instance of regulatory speed matching the velocity of harm.
For those tracking how Europe navigates the tension between innovation and protection, this conversation continues at Human x AI Europe in Vienna, where the architects of these frameworks will be in the room.
Stand in front of a screen displaying one of these images and notice what happens to the room. There is no room. There is only the person depicted, stripped of consent, stripped of context, stripped of the boundary between what is real and what has been fabricated to look real. The technology that produced this image took less than 25 minutes. The person in it may never know it exists.
This is the landscape the European Union is now attempting to regulate.
What Gets Banned, and Why It Matters
On 7 May 2026, the European Parliament and Council reached a provisional agreement to prohibit AI systems that generate non-consensual intimate imagery. The ban, part of the Digital Omnibus on AI, targets what the industry euphemistically calls nudifier apps, undressers, or clothes removers. These tools use generative AI to synthesise sexually explicit images of real, identifiable people without their knowledge or consent.
The prohibition applies in three directions: placing such systems on the EU market with the purpose of creating this content; placing them on the market without reasonable safety measures to prevent such creation; and deployers using these systems to generate such content. Companies have until 2 December 2026 to bring their systems into compliance.
The scope is deliberately broad. The content in question can be images, video, or audio. The ban also covers AI-generated child sexual abuse material (CSAM), a category that UNICEF has called child sexual abuse material regardless of whether it depicts a real child, because there is nothing fake about the harm it causes.
The Scale of What's Being Addressed
The numbers are difficult to absorb. Deepfake files surged from 500,000 in 2023 to a projected 8 million in 2025. According to research cited by Euronews, deepfake pornography accounts for 98 per cent of all deepfake videos online, with 94 per cent of targets being women.
A 2025 survey by Thorn found that 1 in 17 young people aged 13 to 20 have been targets of deepfake nude imagery themselves. One in 8 personally know someone who has been targeted. Seventy-one per cent of respondents who created deepfake imagery of others said they found the technology to do so on social media.
The accessibility is the point. What previously required powerful tools can now be done with free mobile apps and limited digital skills. One in three deepfake tools can create free, non-consensual pornographic material in under 25 minutes, according to Security Hero research cited in the Euronews reporting.
The Regulatory Gap That Existed
Prior to this agreement, EU law addressed deepfakes indirectly, treating them as violations of privacy and transparency under frameworks like the General Data Protection Regulation (GDPR), the Digital Services Act (DSA), and the AI Act's general provisions. But there was no specific prohibition.
MEP Michael McNamara from Renew Europe
There was perceived to be a lacuna in the law in addressing them. That's why the Omnibus was seen as an opportunity to address that.
The gap was not merely technical. It was conceptual. Existing frameworks struggled to categorise a harm that sits at the intersection of image manipulation, sexual violence, and identity theft. The victim's body is not touched, but their image is violated. The content is fabricated, but the damage is real.
The Broader Omnibus Context
The nudifier ban arrives within a larger package of AI Act amendments. The Digital Omnibus on AI also delays the application of rules for high-risk AI systems: stand-alone high-risk systems (those used in biometrics, critical infrastructure, education, employment, law enforcement, and border management) will now face obligations from 2 December 2027, while AI systems embedded in products will follow from 2 August 2028.
The delay has drawn criticism. MEP Sergey Lagodinsky of Germany's Greens described the non-retroactive nature of the rules as a loophole and a weak spot in the law, noting that systems placed on the market before the new deadlines may never need to comply unless significantly modified.
But the nudifier ban moves in the opposite direction: faster, not slower. The 2 December 2026 deadline gives companies roughly six months from formal adoption. This is regulatory urgency, applied selectively to a harm deemed immediate and severe.
What the Ban Actually Requires
The prohibition operates on multiple levels. For providers, it means AI systems cannot be placed on the EU market if their purpose is generating non-consensual intimate imagery. But it also means systems cannot be placed on the market without reasonable safety measures to prevent such misuse.
This second requirement is where implementation becomes complex. What constitutes a reasonable safety measure? The text suggests that systems with effective safeguards preventing such misuse may be exempt from the ban. The boundary between a general-purpose image generation tool and a nudifier app may depend on the guardrails built into it.
For deployers, the prohibition is clearer: using any AI system to generate such content is banned, regardless of whether the system was designed for that purpose.
Legal analysis from Taylor Wessing notes that the new rules target AI systems capable of generating or manipulating NCIM [non-consensual intimate material] and CSAM, suggesting enforcement will focus on capability as well as intent.
The Enforcement Question
Belgian MEP Assita Kanko called the ban a clear red line against digital sexual exploitation through AI. But red lines require enforcement mechanisms.
The Digital Omnibus strengthens the powers of the EU's AI Office and improves coordination between member states. The European Commission's announcement notes that the AI Office's enforcement powers will be strengthened to support oversight of certain AI systems, including those built on general-purpose models and those embedded in very large online platforms and very large search engines.
The challenge is jurisdictional. Many nudifier tools operate through Telegram bots, offshore websites, and open-source models that can be run locally. The EU can regulate what enters its market, but the technology itself is distributed, borderless, and increasingly embedded in consumer devices.
What This Signals About European AI Governance
The nudifier ban represents something specific about how Europe is choosing to regulate AI: not through abstract principles alone, but through targeted prohibitions on concrete harms.
The AI Act already bans certain practices outright: social scoring, manipulation of vulnerable groups, untargeted facial recognition scraping. The nudifier prohibition extends this logic to a harm that emerged after the Act's initial drafting. It demonstrates that the framework can adapt, that new categories of unacceptable risk can be added as they become visible.
This is regulatory architecture designed to evolve. Whether it evolves fast enough to match the technology it governs remains the open question.
The Phenomenology of the Harm
Return to that screen. The image displayed is not a photograph. It is a fabrication, a synthesis of training data and algorithmic inference, a body invented to match a face. The person depicted did not consent to this image. They may not know it exists. They may discover it years from now, or never.
The harm is not hypothetical. Research from the American Academy of Pediatrics documents the psychological impacts: humiliation, shame, anger, violation, self-blame. Withdrawal from family and school. Challenges with sustaining trusting relationships. In some cases, self-harm and suicidal thoughts.
The content is fake. The trauma is not.
What the EU has done is name this harm and draw a line around it. The line is imperfect. Enforcement will be difficult. The technology will continue to evolve. But the naming matters. It makes visible what was previously treated as an unfortunate side effect of innovation.
Interfaces always have an ideology. The question is whether that ideology includes the people who never consented to appear in them.
Frequently Asked Questions
Q: What are nudifier apps and why is the EU banning them?
A: Nudifier apps are AI tools that generate sexually explicit images by digitally "undressing" real people in photographs without their consent. The EU is banning them because they constitute a form of digital sexual abuse, with 98% of deepfake content being pornographic and 94% of victims being women.
Q: When does the EU ban on nudifier apps take effect?
A: Companies have until 2 December 2026 to comply with the ban. The prohibition was agreed on 7 May 2026 as part of the Digital Omnibus on AI and still requires formal adoption by the European Parliament and Council.
Q: Who does the nudifier ban apply to?
A: The ban applies to three categories: providers placing such systems on the EU market with intent to create non-consensual intimate imagery; providers placing systems without reasonable safety measures to prevent misuse; and deployers using any AI system to generate such content.
Q: How does this ban relate to the broader AI Act timeline changes?
A: While the Digital Omnibus delays high-risk AI system obligations to December 2027 and August 2028, the nudifier ban moves faster with a December 2026 deadline, reflecting the EU's view that this harm requires immediate action.
Q: What penalties exist for violating the nudifier ban?
A: The AI Act's penalty framework applies, with fines up to €35 million or 7% of global annual turnover for prohibited practices. The EU AI Office's enforcement powers have been strengthened under the Digital Omnibus agreement.
Q: Does the ban cover AI-generated child sexual abuse material?
A: Yes. The prohibition explicitly covers AI systems that generate child sexual abuse material, regardless of whether the content depicts a real child. UNICEF has stated that such AI-generated content constitutes child sexual abuse material because "there is nothing fake about the harm it causes."