23 February 2026

The co-signatories below are issuing this Joint Statement in response to serious concerns about artificial intelligence (AI) systems that generate realistic images and videos depicting identifiable individuals without their knowledge and consent.

While AI can bring meaningful benefits for individuals and society, recent developments - particularly AI image and video generation integrated into widely accessible social media platforms - have enabled the creation of non-consensual intimate imagery, defamatory depictions, and other harmful content featuring real individuals. We are especially concerned about potential harms to children and other vulnerable groups, such as cyber-bullying and/or exploitation.

Expectations for Organisations

The co-signatories remind all organisations developing and using AI content generation systems that such systems must be developed and used in accordance with applicable legal frameworks, including data protection and privacy rules.

We also highlight that the creation of non-consensual intimate imagery can constitute a criminal offence in many jurisdictions.

Whilst specific legal requirements vary by jurisdiction, fundamental principles should guide all organisations developing and using AI content generation systems, including:

• Implement robust safeguards to prevent the misuse of personal information and generation of non-consensual intimate imagery and other harmful materials, particularly where children are depicted.
• Ensure meaningful transparency about AI system capabilities, safeguards, acceptable uses and the consequences of misuse.
• Provide effective and accessible mechanisms for individuals to request the removal of harmful content involving personal information and respond rapidly to such requests.
• Address specific risks to children through implementing enhanced safeguards and providing clear, age-appropriate information to children, parents, guardians and educators.

Coordinated Response

The harms arising from non-consensual generation of intimate, defamatory, or otherwise harmful content depicting real individuals are significant and call for urgent regulatory attention.

To encourage the development of innovative and privacy-protective AI, the co-signatories of this statement are united in expressing their concern about the potential harms from the misuse of AI content generation systems. The co-signatories aim to share information on their approaches to addressing these concerns that can include enforcement, policy and education, as appropriate and to the extent that such sharing is consistent with applicable laws. This reflects our shared commitment and joint effort in addressing a global risk.

Conclusion

We call on organisations to engage proactively with regulators, implement robust safeguards from the outset, and ensure that technological advancement does not come at the expense of privacy, dignity, safety, and other fundamental rights - particularly for the most vulnerable of our global society.

Signatories

This Joint Statement has been coordinated by the Global Privacy Assembly's (GPA) International Enforcement Cooperation Working Group (IEWG) and is signed by the following co-signatories:

Albania

Information and Data Protection Office of the Republic of Albania
Besnik Dervishi, Information and Data Protection Commissioner

Andorra

Andorran Data Protection Agency
Agència Andorrana de Protecció de Dades
Jèssica Obiols, Head of the Andorran Data Protection Agency

Argentina

Agency of Access to Public Information - DPA Argentina
Agencia de Acceso a la Información Pública
Mg. Beatriz de Anchorena, Commissioner of the Agency to Access to Public Information

Autonomous City of Buenos Aires (Argentina)

Ombudsman's Office of the Autonomous City of Buenos Aires
Defensoría del Pueblo de la Ciudad Autónoma de Buenos Aires
María Rosa Muiños, Defensora del Pueblo / Ombudsman

State of Queensland (Australia)

Office of the Information Commissioner, Queensland
Joanne Kummrow, Information Commissioner
Alexander White, Privacy Commissioner

Basque (Spain)

Basque Data Protection Authority
Autoridad Vasca de Protección de Datos
Unai Aberasturi Gorriño, President

Belgium

Data Protection Authority
Autorité de la protection des données - Gegevensbeschermingsautoriteit
Koen Gorissen, Chairman of the Board
Alexandra Jaspar, Member of the Board
Peter Van den Eynde, Member of the Board

Bermuda

Office of the Privacy Commissioner of Bermuda
E. Angie Farquharson, Acting Privacy Commissioner

Brazil

National Data Protection Agency
Agência Nacional de Proteção de Dados
Waldemar Gonçalves Ortunho Junior, Director-President

Bulgaria

Commission for Personal Data Protection of the Republic of Bulgaria
Комисия за защита на личните данни
Borislav Bozhinov, Chairman

Burkina Faso

Commission for Information Technology and Freedoms
Commission de l'Informatique et des Libertés
Kouliga Désiré Yameogo, Director of Legal Affairs and Litigation

Canada

Office of the Privacy Commissioner of Canada
Philippe Dufresne, Commissioner

Province of Alberta (Canada)

Office of the Information and Privacy Commissioner of Alberta
Diane McLeod, Information and Privacy Commissioner

Province of British Columbia (Canada)

Office of the Information and Privacy Commissioner for British Columbia
Michael Harvey, Information and Privacy Commissioner for British Columbia

Province of Newfoundland and Labrador (Canada)

Office of the Information and Privacy Commissioner for Newfoundland and Labrador
Kerry Hatfield, Commissioner

Province of Quebec (Canada)

Commission on Access to Information of Quebec
Commission d'accès à l'information du Québec
Me Lise Girard, President and Member
Me Naomi Ayotte, Vice-President, Supervision Section and Administrative Judge
Me Steeven Plante, Member, Supervision Section and Administrative Judge

Republic of Cabo Verde

National Commission of Data Protection
Comissão Nacional de Proteção de Dados
Faustino Varela Monteiro, President

Catalonia (Spain)

Catalan Data Protection Authority
Autoritat Catalana de Protecció de Dades
Meritxell Borràs i Solé, Director

Colombia

Superintendence of Industry and Commerce of Colombia
Superintendencia de Industria y Comercio
Juan Carlos Upegui, Deputy Superintendent for the Protection of Personal Data

Croatia

Croatian Personal Data Protection Agency
Agencija za zaštitu osobnih podataka
Zdravko Vukić, Director

Cyprus

Commissioner for Personal Data Protection, Cyprus
Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα
Maria Christofides, Commissioner for Personal Data Protection

Ecuador

Superintendence of Personal Data Protection of Ecuador
Superintendencia de Protección de Datos Personales del Ecuador
Fabrizio Roberto Peralta Díaz, Superintendent of Data Protection

European Data Protection Board

European Data Protection Board
Anu Talus, Chair of the European Data Protection Board

European Data Protection Supervisor

European Data Protection Supervisor
Wojciech Wiewiórowski, European Data Protection Supervisor

France

National Commission for Information Technology and Civil Liberties
Commission Nationale de l'Informatique et des Libertés
Marie-Laure Denis, President

Germany

Federal Commissioner for Data Protection and Freedom of Information
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Andreas Hartl, Deputy Commissioner

Ghana

Data Protection Commission Ghana
Dr Arnold Kavaarpuo, Executive Director / Commissioner
Quintin Akrobotu, Director, Regulatory & Compliance
Abigail Tibuah Yeboah, Head of Administration

Gibraltar

Gibraltar Regulatory Authority
John Paul Rodriguez, Chief Executive Officer

Bailiwick of Guernsey

Office of the Data Protection Authority
Brent Homan, Data Protection Commissioner

Hong Kong, China

Office of the Privacy Commissioner for Personal Data
個人資料私隱專員公署
Ada Chung Lai-Ling, Privacy Commissioner for Personal Data

Iceland

The Icelandic Data Protection Authority
Persónuvernd
Helga Þórisdóttir, Data Protection Commissioner
Helga Sigríður Þórhallsdóttir, Head of International Affairs & Guidance

Ireland

Data Protection Commission
Coimisiún um Chosaint Sonaí
Dr. Des Hogan, Commissioner for Data Protection and Chairperson
Dale Sunderland, Commissioner for Data Protection
Niamh Sweeney, Commissioner for Data Protection

Isle of Man

Isle of Man Information Commissioner
Alexandra Delaney-Bhattacharya, Information Commissioner

Israel

Israeli Privacy Protection Authority
הרשות להגנת הפרטיות
Gilad Semama, Commissioner

Italy

Italian Data Protection Authority
Garante per la Protezione dei dati Personali
Pasquale Stanzione, President
Ginevra Cerrina Feroni, Vice-President
Agostino Ghiglia, Board Member

Bailiwick of Jersey

Jersey Office of the Information Commissioner
Paul Vane, Information Commissioner

Kenya

Office of the Data Protection Commissioner
Oscar Otieno, Deputy Data Commissioner

Kosovo

Information and Privacy Agency
Krenare Sogojeva Dërmaku, Commissioner for Information and Privacy

Malta

Office of the Information and Data Protection Commissioner of Malta
Ian Deguara, Information and Data Protection Commissioner

Mauritius

Mauritius Data Protection Office
Drudeisha Madhub, Data Protection Commissioner

State of Mexico and Municipalities (Mexico)

Institute for Transparency, Access to Public Information and Personal Data Protection of the State of Mexico and Municipalities
Instituto de Transparencia, Acceso a la Información Pública y Protección de Datos Personales del Estado de México y Municipios
Dr. José Martínez Vilchis, President Commissioner
Rosario Mejía Ayala, Commissioner
Sharon Cristina Morales Martínez, Commissioner
Luis Gustavo Parra Noriega, Commissioner
Guadalupe Ramírez Peña, Commissioner

State of Nuevo León (Mexico)

Institute for Transparency, Access to Public Information and Personal Data Protection of Nuevo León
Instituto de Transparencia, Acceso a la Información Pública y Protección de Datos Personales del Estado de Nuevo León
Brenda Lizeth González Lara, President Commissioner
Félix Fernando Ramírez Bustillos, Commissioner
María Teresa Treviño Fernández, Commissioner

Mexico

Personal Data Protection Unit of the Anti-Corruption and Good Government Secretariat
Unidad de Protección de Datos Personales de la Secretaría Anticorrupción y del Buen Gobierno

Monaco

Personal Data Protection Authority
Autorité de Protection des Données Personnelles
Agnès Lepaulmier, Secretary General

Netherlands

Dutch Data Protection Authority
Autoriteit Persoonsgegevens
Monique Verdier, Deputy Chair

New Zealand

Office of the Privacy Commissioner, New Zealand
Michael Webster, Privacy Commissioner

Nigeria

Nigeria Data Protection Commission
Dr. Vincent Olatunji, National Commissioner / Chief Executive Officer

Norway

Norwegian Data Protection Authority
Datatilsynet
Tobias Judin, Head of International

Panama

The National Authority for Transparency and Access to Information
Autoridad Nacional de Transparencia y Acceso a la Información
Licda. Sheyla Castillo de Arias, Director

Peru

National Authority for the Protection of Personal Data
Autoridad Nacional de Protección de Datos Personales
Eduardo Luna Cervantes, Director

Philippines

National Privacy Commission, Philippines
Atty. Johann Carlos S. Barcena, CESO III, Privacy Commissioner
Atty. Jose Amelito S. Belarmino, MSc, Deputy Privacy Commissioner
Atty. Juan Paolo F. Fajardo, Deputy Privacy Commissioner

Poland

Personal Data Protection Office
Urząd Ochrony Danych Osobowych
Mirosław Wróblewski, President of the Office

Portugal

Portuguese Data Protection Supervisory Authority
Comissão Nacional de Proteção de Dados
Prof. Dra. Paula Meira Lourenço, President

Singapore

Personal Data Protection Commission of the Republic of Singapore
Denise Wong, Deputy Commissioner

Slovenia

Information Commissioner of the Republic of Slovenia
Informacijski pooblaščenec
dr. Jelena Virant Burnik, Information Commissioner

Republic of Korea

Personal Information Protection Commission
개인정보 보호위원회
Kyung Hee Song, Chairperson

Switzerland

Federal Data Protection and Information Commissioner
Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter
Adrian Lobsiger, Federal Data Protection and Information Commissioner

Emirate of Abu Dhabi (United Arab Emirates)

ADGM Office of Data Protection
Sami Mohammed, Commissioner of Data Protection

Emirate of Dubai (United Arab Emirates)

Dubai International Financial Centre Authority
Lori Baker, Vice President - Data Protection & Regulatory Compliance

United Kingdom

UK Information Commissioner's Office
William Malcolm, Executive Director Regulatory Risk & Innovation

Uruguay

Regulatory and Control Unit for Personal Data
Unidad Reguladora y de Control de Datos Personales
Executive Council

For further information, please contact: [email protected]