Brazil's Multi-Agency Deepfake Mandate: First Coordinated LATAM Action on Adult AI
In 2025 Brazil's ANPD, prosecutors, and Consumer Secretariat ordered X/Grok to ship safeguards against non-consensual synthetic sexual content.
What the multi-agency mandate did
Three Brazilian federal agencies jointly issued the order against X/Grok in 2025: the ANPD (National Data Protection Authority, operating under the LGPD), the MPF (Federal Public Prosecutor's Office, operating under criminal law), and Senacon (National Consumer Secretariat, operating under consumer-protection law). The mandate required three deliverables from X/Grok: (1) generation-side safeguards preventing the creation of non-consensual synthetic sexual content; (2) a victim-reporting mechanism with documented response timelines; (3) compliance documentation submitted to all three agencies [Source: AtomicMail, global AI regulation news watchlist · verified 2026-05-23].
The structural novelty is the three-agency coordination. Most regulatory action on adult AI worldwide originates from a single agency, Ofcom in the UK, the FTC in the US, CNIL in France, eSafety in Australia. Brazil's coordination signals that LATAM regulators are treating NC-SSAM as a cross-cutting harm spanning data protection, criminal law, and consumer rights simultaneously. The combined leverage, ANPD fines up to 2 percent of revenue (50 million BRL cap), MPF criminal charges, Senacon consumer-protection sanctions, is materially greater than any single regulator could exert.
What the SIA framework adds
Separately from the X/Grok order, Brazil's National System for AI Development, Regulation and Governance (Sistema Nacional de Desenvolvimento, Regulamentação e Governança da IA, abbreviated SIA) was introduced to the Chamber of Deputies during 2025. The framework lays out a comprehensive AI governance structure including risk classification (low, moderate, high, prohibited), transparency requirements, and supervisory authority allocation. SIA is the LATAM analogue of the EU AI Act but with Brazilian regulatory architecture [Source: EU AI Act portal, parallel-jurisdiction reference · verified 2026-05-23].
As of May 2026 SIA is in legislative review and has not yet entered into force. The legislative window for full applicability is likely 2026-2027 depending on Congress prioritisation. When it lands, it will operate alongside the existing LGPD framework, producing a two-layer compliance burden for AI operators serving Brazilian users, similar to the UK Online Safety Act + UK GDPR coexistence pattern.
Why this is a template for LATAM
The three-agency coordination pattern is exportable. Mexico has parallel agencies (INAI for data protection, FGR for prosecution, Profeco for consumer protection); Argentina has AAIP, MPF Argentina, and Defensa del Consumidor; Chile has the Personal Data Protection Authority, the National Prosecutor, and Sernac. Each could apply the Brazilian model to their domestic AI operators during 2026-2027. The template lowers the political cost of adult-AI regulation by spreading the legitimacy burden across three agencies, each acting within its statutory mandate [Source: Wikipedia, General Personal Data Protection Law (LGPD, Brazil) · verified 2026-05-23].
The implication for our catalog is medium-term: platforms that ship robust consent-frame deployment (real-person prompt refusal, victim-reporting endpoints, compliance documentation) will pass the Brazilian bar and any future LATAM derivative bars with minimal incremental cost. Platforms that depend on operator opacity will face escalating per-jurisdiction friction.
What it means for our methodology
Our AI Companion methodology v1.0 Image Generation dimension (12% rubric weight) explicitly scores consent posture and real-person-prompt refusal as sub-criteria. The Brazilian-mandated safeguards align with our existing scope criteria, we do not promote platforms that fail real-person refusal testing. The methodology pre-dates the Brazilian order, so the alignment is convergent rather than reactive: regulators arrived at the same compliance bar we had already codified.
The NC-SSAM compliance framework (non-consensual synthetic sexual abuse material) is now operational in LATAM via the Brazilian template. We will be adding LATAM-specific compliance footnotes to the per-Review compliance sections during the next freshness cycle. Our Schema.org Review nodes carry mentions[] arrays that flag operator jurisdiction; LATAM-relevant operators will receive Brazilian-compliance signal entries.
What it means for readers
For Brazilian readers, the practical answer is that platforms in our promoted catalog already meet the bar the Brazilian agencies are setting, we do not promote platforms that allow real-person prompts or that lack victim-reporting endpoints. For non-Brazilian readers, the Brazilian model signals what LATAM-wide regulation will likely look like by 2027-2028. Bookmark the legal guide for rolling per-jurisdiction status.
Resources
- [Source: AtomicMail, AI regulation news global changes and watchlist · verified 2026-05-23]
- [Source: ANPD, Brazilian National Data Protection Authority official portal · verified 2026-05-23]
- [Source: Senacon, Brazilian National Consumer Secretariat · verified 2026-05-23]
- [Source: MPF, Brazilian Federal Public Prosecutor's Office · verified 2026-05-23]
- [Source: Wikipedia, General Personal Data Protection Law (LGPD, Brazil) · verified 2026-05-23]
- [Source: EU AI Act portal, parallel-jurisdiction reference · verified 2026-05-23]
- [Source: Wikipedia, Deepfake pornography legislative responses · verified 2026-05-23]
Frequently asked questions
What did the Brazilian agencies require?
In 2025 Brazil's National Data Protection Authority (ANPD), the Federal Public Prosecutor's Office (MPF), and the National Consumer Secretariat (Senacon) jointly mandated that X/Grok implement safeguards against the generation of non-consensual synthetic sexual content, plus a victim-reporting mechanism, plus compliance documentation. The order was coordinated across three agencies operating under different legal authorities.
Why does it matter that three agencies coordinated?
Most regulatory action on adult AI worldwide originates from a single agency. Brazil's three-agency coordination is the first time a Latin American jurisdiction has acted on adult AI through a multi-agency frame, and it sets a template that Mexico, Argentina, Chile, and Colombia may adopt during 2026-2027.
What is the SIA framework?
Brazil's National System for AI Development, Regulation and Governance (SIA) was introduced to the Chamber of Deputies in 2025. The framework lays out a comprehensive AI governance structure including risk classification, transparency requirements, and supervisory authority allocation. SIA is the LATAM analogue of the EU AI Act. As of May 2026 SIA is in legislative review.
Are AI girlfriend platforms in scope?
The X/Grok mandate targeted one specific operator and is not yet a general rule. However, the methodology bar it sets is a template that ANPD can apply to other operators including AI companion platforms. Our methodology already excludes platforms generating real-person likenesses without consent; Brazil-mandated safeguards align with our existing scope criteria.
What enforcement leverage does ANPD have?
ANPD operates under Brazil's LGPD which imposes fines up to 2 percent of revenue with a 50 million BRL cap per violation. The Federal Public Prosecutor can pursue criminal charges. Senacon can issue consumer-protection sanctions. Combined, the three-agency leverage is materially greater than any single regulator could exert.