Sixty‑one data protection authorities from around the world have issued a joint statement raising serious concerns about the privacy risks posed by artificial intelligence systems capable of generating realistic images and videos of identifiable individuals without their consent.
Published on 23 February 2026, the statement highlights the rapid growth of AI image and video generation tools—particularly those embedded in social media platforms—and warns that they are increasingly being used to create non‑consensual intimate imagery, defamatory depictions and other harmful content. Regulators say they are “especially concerned about potential harms to children”.
William Malcolm, the UK ICO’s Executive Director for Regulatory Risk & Innovation, said people “should be able to benefit from AI without fearing that their identity, dignity or safety are under threat”. He added that “public trust is foundational to the successful adoption and use of AI”, and that regulators “will take action to protect the public” where obligations are not met.
Global expectations for organisations developing AI
The statement reminds organisations that AI content‑generation systems must comply with existing data protection and privacy laws. It also notes that creating non‑consensual intimate imagery is a criminal offence in many jurisdictions.
The authorities set out a series of expectations for developers and deployers of AI systems, including:
- implementing “robust safeguards” to prevent misuse of personal information
- ensuring “meaningful transparency” about system capabilities and safeguards
- providing effective mechanisms for individuals to request removal of harmful content
- introducing enhanced protections for children, including age‑appropriate information for young users, parents and educators
Call for coordinated regulatory action
The signatories warn that the harms arising from non‑consensual AI‑generated content “are significant and call for urgent regulatory attention”. They commit to sharing information on enforcement, policy and education approaches “to the extent that such sharing is consistent with applicable laws”.
The statement frames the issue as a global risk requiring a coordinated response, emphasising that regulators are united in their concern about the misuse of AI‑generated imagery.
The joint statement was coordinated by the Global Privacy Assembly’s International Enforcement Cooperation Working Group and includes signatories from Europe, the UK, Canada, Latin America, Africa, Asia‑Pacific and the Middle East.
Authorities signing the statement include the European Data Protection Board, the European Data Protection Supervisor, the UK Information Commissioner’s Office, and regulators from jurisdictions such as Argentina, Brazil, Hong Kong, Israel, New Zealand, Singapore, South Korea and Switzerland.
The regulators call on organisations to “engage proactively with regulators, implement robust safeguards from the outset, and ensure that technological advancement does not come at the expense of privacy, dignity, safety, and other fundamental rights”.
