EU Legislators Agree to Ban AI “Nudifier” Apps Under Digital Omnibus Package
European co-legislators reached a provisional agreement on 7 May to ban so-called “nudifier applications” under the Digital Omnibus on AI, targeting tools that use artificial intelligence to generate non-consensual synthetic sexual imagery of real individuals. The deal extends liability to both users and the companies that develop or distribute such systems.
A Growing Legal Gap
The agreement addresses what lawmakers described as a significant lacuna in existing EU law. Prior to this measure, deepfakes and AI-generated intimate imagery were regulated only indirectly — through a patchwork of data protection rules, image rights legislation, and platform liability frameworks — rather than by any outright prohibition.
“I don’t think policymakers necessarily underestimated it. Certainly, there has been a big lack of legal certainty until now,” said MEP Michael McNamara of Renew Europe, co-rapporteur of the measure.
The scale of the problem is considerable. The European Parliament Research Service found that approximately 8 million deepfakes were circulating online in 2025, with AI-generated content projected to account for 90 per cent of online material by 2026.
What the Ban Covers
The legislation does not enumerate specific applications by name, but its scope is broadly understood. Swedish MEP Arba Kokalari (EPP), a co-rapporteur, stated at a press conference: “We do not have a list of nudifier apps, but we all know what Grok and X did a few months ago, and we want to send the message that all of this is banned in Europe.”
The measure was partly catalysed by a feature introduced to Grok, the AI assistant integrated into social network X, which enabled users to generate hyper-realistic nude imagery of adults and children from real photographs. High-profile incidents — including Italian Prime Minister Giorgia Meloni publicly condemning deepfake images of herself as a “dangerous tool” — also accelerated the legislative response.
Under the agreed text, companies face liability on two grounds: if they deliberately design applications for non-consensual nudification, or if they apply insufficient safeguards to prevent such misuse. The ban applies equally to EU-based firms and international developers serving European residents.
Enforcement and Timeline
By 2 December 2026, all AI system providers must demonstrate compliance with the new safety standards or face financial sanctions. National authorities will be empowered to remove non-compliant AI products from the EU market entirely.
The provisional agreement must be formally adopted by both the European Parliament and the Council before entering into full force, with the process targeted for completion by 2 August 2026.
The Case for Legislative Action
Proponents argue that existing instruments — including the General Data Protection Regulation (GDPR) and the EU’s 2024 directive on violence against women — were insufficient. The GDPR addresses unlawful data processing but does not prohibit deepfakes in their existing form, nor does it provide victim-centred remedies for reputational or psychological harm.
The human cost is documented. A 2026 UNICEF study spanning 11 countries found that at least 1.2 million children had their images manipulated into sexual deepfakes in 2025. Separate research found that threats to distribute non-consensual explicit imagery were statistically associated with increased risk of suicide plans, attempts, and self-harm.
The Parliament’s position — adopted in plenary in Strasbourg on 26 March — called for a complete ban, a position that has now been fully incorporated into the agreement reached with member states.