Deepfake Laws: How are Regulators Approaching Them and What Should You Do?
“Recently, I was made aware that AI of ‘me’ falsely endorsing Donald Trump’s presidential run was posted to his site. It really conjured up my fears around AI and the dangers of spreading misinformation. It brought me to the conclusion that I need to be very transparent about my actual plans for this election as a voter. The simplest way to combat misinformation is with the truth.”
Global pop star Taylor Swift’s recent Instagram post caused quite a political stir. Keeping the politics aside, it’s more interesting to look at what prompted her to put up such a post in the first place.
An AI-generated image of Taylor Swift was used to endorse a candidate she didn’t approve of, and given her celebrity status and influence, it was only natural that she had to come out and clarify the matter. It was an instance of fake content that had the capability to influence its viewers deeply. It was a case of deepfake content.
The Rise of Deepfakes and Regulatory Landscape
Deepfakes, a term coined in 2017, are highly convincing and realistic synthetic digital media created through AI, machine learning (ML) techniques, diffusion models, and generative adversarial networks.
The rise of deepfakes poses a multi-layered challenge for financial institutions and regulators, particularly around trust, fraud, compliance, and enforcement. In 2019, an AI firm identified over 15,000 deepfake videos online. That was before the introduction of generative AI in day-to-day use!
As these AI-generated forgeries become more sophisticated, they undermine trust, enabling new forms of fraud, especially in the financial sector. From impersonating executives to manipulating market information, deepfakes can expose banks to serious financial and reputational risks.
Regulators are beginning to respond, but progress is uneven. While some countries have enacted early deepfake laws, most regulatory frameworks are still catching up. The challenge lies in balancing the need to combat malicious deepfakes without stifling innovation or infringing on free speech. As governments and financial regulatory bodies develop new policies, financial institutions must be prepared to navigate these emerging laws and implement strategies to protect themselves from the risks posed by this technology.
How Regulators Are Working Towards Deepfake Laws
Global Regulatory Frameworks Around Deepfakes
Regulators worldwide are beginning to take action against the growing threat of deepfakes, though responses vary by region. Most regulations focus on specific use cases, such as election interference or fraud, but a comprehensive global framework is still developing.
In the US, some states have enacted deepfake-specific laws, such as California’s ban on politically motivated deepfakes before elections and Texas’s restrictions on deepfakes used for fraud. At the federal level, proposed bills like the Deepfake Accountability Act aim to enforce labeling requirements for synthetic media and impose penalties for harmful use. However, much of the legal focus is on specific cases, with broader protections in areas like fraud and cybercrime still under development.
On the other hand, the EU addresses deepfake threats primarily through broader legislation like the Digital Services Act (DSA), which requires online platforms to monitor and remove harmful deepfake content. The General Data Protection Regulation (GDPR) also provides a basis for action if deepfakes misuse personal data, such as someone’s image or voice. However, there is no single deepfake-specific law yet, and enforcement largely relies on the context in which the technology is used.
The Need for Deepfake Laws
Gaps in Existing Laws
Despite the growing risks posed by deepfakes, many regions have not fully addressed the concerns surrounding this technology. Current regulations, particularly in areas like data protection, fraud, and cybercrime, often fail to cover the sophisticated use of AI-generated content. Legal frameworks are often reactive, focusing on specific harms like misinformation, but lack the breadth to address the broader risks of deepfakes, especially in financial services.
Democratization of AI
The democratization of generative AI—the widespread availability of powerful AI tools to the public—has worsened the deepfake problem. What was once a highly technical and resource-intensive process is now accessible to virtually anyone with an internet connection. As a result, bad actors no longer need extensive resources to create convincing deepfakes, increasing the potential for their misuse in fraud, phishing, and other cyberattacks.
Risks for Financial Institutions
Cybercriminals can now impersonate executives, employees, or customers with AI-generated video or audio that convincingly mimics their appearance or voice. This can be used for various illegal activities, such as authorizing fraudulent transactions by impersonating senior executives, launching phishing attacks using fake video or voice messages to deceive employees or bypassing traditional identity verification systems relying on biometric data like voice recognition.
The consequences of deepfake exploitation go beyond immediate financial losses:
- Brand Reputation: Clients and investors may lose trust in the institution’s ability to safeguard its operations and assets.
- Legal Liability: Financial institutions that fail to protect against deepfake risks could face lawsuits from customers or partners affected by deepfake scams.
- Customer Trust: Customers may become wary of engaging in digital transactions if they believe deepfakes could compromise the security of their interactions.
Complying with Deepfake Laws: What Should Financial Organizations Do?
1. Integrate AI-Powered Solutions
AI tools can leverage advanced ML algorithms to analyze signs of manipulation, such as inconsistencies in facial movements, unnatural voice modulations, or irregular pixel patterns. Integrating these solutions into the cybersecurity infrastructure can detect deepfakes before they cause damage, reducing the risk of fraudulent activities.
2. Ensuring Adherence to Current Regulations
As regulators introduce deepfake-related legislation, financial institutions must ensure compliance across jurisdictions. This means:
- Regularly reviewing and updating internal policies to align with emerging local, national, and international laws.
- Monitoring developments in regions with strict laws on AI-generated content.
- Ensuring that all digital interactions and communications meet current data privacy and cybersecurity standards, such as the GDPR in Europe and relevant cybercrime regulations in the US and other regions.
3. Preparing for Emerging Laws and Incorporating Best Practices
As deepfake laws continue to evolve, organizations must be proactive in preparing for new legal frameworks by adopting best practices. These include:
- Implementing AI identity verification tools that use multi-factor authentication
- Establishing AI-driven monitoring systems to continuously scan for potential deepfake threats across communication channels
- Staying updated on emerging technologies, laws, and guidelines that could impact the financial sector’s responsibilities in combating deepfakes.
4. Developing Clear Internal Policies
Financial institutions must develop comprehensive policies that outline how to handle deepfake incidents, ensuring they are equipped to avoid legal repercussions. These policies should include:
- Incident response protocols that detail the steps to take if a deepfake is detected.
- Clear guidelines for employee training to help them recognize and react to deepfake-related threats.
- Legal and compliance safeguards to ensure the institution’s response to deepfakes complies with existing regulations.
5. Staying Proactive in Industry Collaborations
The financial sector can’t combat deepfakes alone. Financial institutions should engage in industry-wide collaborations on AI ethics and regulatory discussions. This involves:
- Partnering with industry associations, regulators, and technology providers to develop standardized guidelines for deepfake detection and mitigation.
- Participating in regulatory working groups, where financial institutions can contribute to shaping future deepfake laws that reflect the unique challenges faced by the sector.
- Collaborating with AI ethics bodies to ensure that any AI-powered solutions deployed for deepfake detection are used ethically and responsibly, preventing unintended consequences or misuse.
Conclusion
The rise of deepfakes poses a multifaceted challenge, crossing legal, ethical, and technological boundaries. Their potential for misuse—ranging from defamation and fraud to the spread of misinformation—showcases the pressing need for strong regulatory frameworks. Crafting such laws requires a careful balance between preventing harm and safeguarding free speech and innovation, demanding global collaboration and a thoughtful, nuanced approach.