New York labels synthetic performers; UK privacy watchdog probes AI deepfakes
Daily Brief3 min read

New York labels synthetic performers; UK privacy watchdog probes AI deepfakes

New York enacted a disclosure rule for advertisements that use AI-generated people, requiring them to be labeled as “synthetic performers.” In the UK, the…

daily-briefsynthetic-datasynthetic-mediaa-i-privacydeepfakesad-tech

Two regulators moved on synthetic media this week: New York is forcing ad disclosures for AI-generated people, while the UK’s privacy watchdog is examining whether X and its Grok tool crossed data-protection lines with deepfakes.

New York requires ads with AI-generated performers to disclose “synthetic performers”

New York has implemented a law requiring advertisements that feature AI-generated people to clearly label them as “synthetic performers.” The measure targets commercial uses of synthetic media, where viewers may reasonably assume they are seeing a real person rather than a generated likeness. For brands, agencies, and production vendors, the change turns disclosure from a best practice into a legal requirement in one of the country’s largest advertising markets. It also adds pressure to document how synthetic assets were created, approved, and cleared before campaigns go live.

The policy reflects a broader shift from abstract AI governance debates to concrete rules around audience transparency and performer rights. Even if the law is narrow to advertising, it creates an operational precedent: synthetic humans now need labeling workflows, not just internal guidance. Teams using generated actors, avatars, or voice-and-image composites will need review steps that connect creative production with legal signoff. That is especially relevant for companies running multi-state campaigns, where New York’s standard may become the default baseline.

  • Advertising teams will need a release process that checks whether an asset includes an AI-generated person and ensures the required disclosure is attached before publication.
  • Creative, legal, and compliance functions now share accountability, because labeling decisions affect campaign execution, consumer trust, and potential enforcement exposure.
  • Consent and provenance become operational issues, not just policy language, since teams may need records showing whether a performer was real, synthetic, or derived from licensed source material.

UK privacy watchdog investigates X over AI-generated deepfakes

The UK’s Information Commissioner’s Office is investigating whether Elon Musk’s companies complied with data protection laws after the Grok AI tool produced indecent deepfakes without consent. The inquiry centers on whether the creation and handling of that synthetic content breached privacy rules, pushing the issue beyond platform moderation and into formal data-protection enforcement. That matters because the case is not framed only as harmful content online, but as a question of how personal data may have been processed in generating or enabling abusive outputs.

For companies shipping generative media tools, the signal is straightforward: regulators are willing to examine model behavior, safeguards, and product design through a privacy lens. A general-purpose AI label will not insulate a company if outputs create identifiable harms involving likeness, consent, or sexualized fabrication. The ICO’s move also raises the bar for incident response, since organizations may need to explain not just what content appeared, but what controls existed to prevent it and how complaints were handled. Synthetic media risk is increasingly a governance problem spanning trust and safety, privacy, and product engineering.

  • Model outputs can trigger regulatory scrutiny even when the system is marketed as a general-purpose assistant, so product teams should treat misuse scenarios as compliance issues from the start.
  • Consent controls and abuse prevention are now core requirements for synthetic media products, particularly where generated content can depict real people in explicit or defamatory contexts.
  • Teams launching generative features should expect questions about data use, safety guardrails, escalation paths, and whether they can evidence those controls during an investigation.