Introduction: the problem of deepfakes in the age of generative artificial intelligence
The advent of generative artificial intelligence has democratized the creation of synthetic content with unprecedented realism. While this technology opens extraordinary creative opportunities, it also raises real concerns about protecting personal identity. Deepfakes—manipulated audiovisual content that realistically reproduces the faces, voices, and movements of real people—are now one of the most pressing challenges for contemporary legal systems.
The ability to generate videos or audio in which a person appears to say or do things they never said or did raises profound questions: how can citizens be protected from fraudulent, defamatory, or sexually explicit uses of their digital image? And above all, which legal instrument is best suited to this protection?
Denmark has proposed an innovative response, choosing to address the issue through an amendment to its copyright law. This choice deserves in-depth analysis, not only for its originality, but also for the implications it could have on the European regulatory debate.
The Danish proposal: a new personality right in copyright
In June 2025, the Danish Ministry of Culture published a draft bill (UDKAST Forslag til Lov om ændring af lov om ophavsret) that introduces a new perspective to the European landscape. Rather than creating separate legislation on deepfakes or relying solely on existing protections, the proposal inserts new personality rights into the copyright framework.
The content of the proposal
The draft bill provides for the introduction of an exclusive right for every person to authorize or prohibit the digital reproduction of their voice and image when generated by artificial intelligence. This right would apply regardless of whether the person is an artist or a public figure, thus extending to all citizens.
The key elements of the proposal include:
- Universal scope: the right applies to every individual, not just artists or performers already protected by traditional copyright
- Explicit consent required: the creation of digital reproductions of a person’s voice or image using AI requires prior authorization
- Limited exceptions: exceptions are provided for parody, criticism, journalistic reporting, and non-commercial personal use
- Post-mortem protection: protection would extend for a specific period after the person’s death, with rights exercisable by their heirs
The rationale behind Denmark’s choice
The decision to use copyright as a regulatory vehicle is not accidental. The copyright framework has significant operational advantages: it already has established enforcement mechanisms, rules on the liability of digital intermediaries, and procedures for removing illegal content.
Furthermore, European harmonization of copyright law, achieved through numerous directives, ensures a certain degree of uniformity in application, facilitating the possible adoption of similar solutions in other Member States.
The European context: a fragmented regulatory mosaic
The Danish initiative fits into a European context characterized by significant regulatory fragmentation. Currently, protection against harmful deepfakes is based on a heterogeneous set of legal instruments that vary considerably from state to state.
Existing instruments
Regulation (EU) 2016/679 (GDPR) offers a first line of defense. Facial images constitute personal data and, in specific contexts, may qualify as biometric data within the meaning of Article 9. Processing, therefore, requires a legal basis, which in cases of non-consensual deepfakes is challenging to identify.
However, the GDPR has structural limitations in this area. Its nature as a data protection regulation makes it more suited to regulating the processing of personal information than to protecting the integrity of the image as an attribute of personality. Furthermore, data protection supervisory authorities may not have the specific technical expertise to deal effectively with the phenomenon of deepfakes.
The AI Act (Regulation (EU) 2024/1689) introduces transparency requirements for deepfakes. Article 50(4) requires that artificially generated or manipulated content be labeled in a way that makes its synthetic nature apparent. This approach is primarily aimed at combating disinformation but does not directly address the issue of the person reproduced’s consent.
The Digital Services Act (Regulation (EU) 2022/2065) has strengthened online platforms’ obligations to moderate illegal content, potentially including deepfakes that violate other regulations. However, its effectiveness depends on the existence of a substantial regulatory basis that qualifies such content as unlawful.
At the national level, protection relies primarily on civil law on image rights, criminal provisions on defamation, harassment, or non-consensual pornography, and private law rules on non-contractual liability. This fragmentation results in uneven protection for European citizens and operational difficulties for victims seeking effective remedies.
The Dutch initiative: a significant parallel
Denmark is not the only country to have explored this avenue. In the Netherlands, a legislative proposal with similar objectives has been put forward, also based on amending the copyright law. This convergence suggests the emergence of a line of thought that views copyright as a potentially adequate framework for protecting digital identity.
However, as highlighted by Professor Bernt Hugenholtz in the Kluwer Copyright Blog, both proposals raise concerns about the systematic consistency of this approach. The scholar noted that the inclusion of personality rights in copyright law could be a technically effective but conceptually problematic solution.
Critical analysis: opportunities and risks of the Danish approach
The Danish choice has undoubtedly innovative elements, but it also raises significant questions that deserve in-depth consideration.
Strengths
The use of the copyright framework offers significant practical advantages:
Consolidated regulatory infrastructure: copyright law has well-established enforcement mechanisms, including notice-and-takedown procedures, digital rights management (DRM) systems, and decades of experience combating online piracy, which could be adapted to the fight against deepfakes.
European harmonization: the extensive body of European directives on intellectual property provides an everyday basis that would facilitate the adoption of coordinated solutions at the continental level.
Familiarity of operators: platforms, intermediaries, and operators in the digital sector are already familiar with copyright obligations and have systems in place to manage them.
Extended protection: the universal application of the law, not limited to artists or performers, represents a significant extension of the protection offered by traditional copyright.
Critical issues and open questions
Despite these advantages, the Danish approach presents problematic aspects that cannot be ignored:
Legal nature of identity: Copyright traditionally protects intellectual works as economically exploitable assets. Personal identity, on the other hand, pertains to personality rights, which are of a different nature and cannot be reduced to mere property rights. This mixture could generate systematic tensions.
Risk of commodification: framing image and voice as objects of rights similar to copyright could encourage a conception of digital identity as a commercial asset, with possible drifts towards problematic forms of economic exploitation.
Complexity of consent: the practical management of consent for each use of a person’s image or voice raises significant operational issues. Who would administer these rights? How would consent be managed for marginal or parodic uses?
Exceptions and balance: Exceptions for parody, criticism, and information must be carefully calibrated to avoid conflicting with freedom of expression and the right to report the news, which are fundamental values of the European legal system.
Competence of the authorities: Intellectual property authorities may not be best suited to handle disputes involving fundamental personal rights, dignity, and reputation.
Implications for the European debate
With Denmark holding the rotating presidency of the Council of the European Union in the first half of 2026, these issues are likely to take on greater relevance in the EU debate.
Possible scenarios
The European Union could follow several paths:
Sectoral approach via copyright: adoption of a directive incorporating provisions similar to those in Denmark into European copyright law, creating a harmonized right on digital reproduction of identity.
Standalone legislation on deepfakes: development of a specific legislative instrument, unrelated to the copyright framework, which addresses deepfakes as a separate phenomenon with dedicated rules.
Strengthening existing instruments: enhancement of the protections already provided by the GDPR, AI Act, and DSA through broad interpretations, guidelines, and enforcement practices, without new legislative intervention.
Hybrid approach: combining elements of the different options, with targeted interventions that exploit the advantages of each regulatory framework.
The role of the GDPR and data protection authorities
Whichever direction is chosen, the role of data protection authorities will remain central. Images and voices are unequivocally personal data, and their processing by artificial intelligence systems falls within the scope of the GDPR.
Articles 22 of the Regulation, which governs automated decisions, and 9, which protects special categories of data, already offer tools that could be applied to deepfakes. The challenge will be to effectively coordinate the various competent authorities and ensure consistent protection for European citizens.
Concluding thoughts
The Danish proposal represents a significant contribution to the debate on digital identity protection in the era of generative artificial intelligence. Its originality lies not so much in its purpose—protection against harmful deepfakes—as in its choice of legal instrument: copyright.
This approach raises a fundamental question that transcends technical and legal aspects: what conception of digital identity do we want to affirm as a society? If identity is an inalienable attribute of the person, reducing it to the property framework of copyright could be a risky simplification. If, on the other hand, a pragmatic view prevails, which prioritizes the effectiveness of protection over conceptual purity, the Danish approach could offer valuable operational solutions.
As a professional who has devoted years to the study of personal data protection, I believe that the answer to this question must be guided by certain essential principles: the centrality of human dignity, the effectiveness of protections for citizens, and the systematic consistency of regulatory solutions.
Europe faces a choice that will define how future generations conceive of their presence in the digital world.
The Danish proposal has the merit of framing the issue in concrete, operational terms. It is now up to the European institutions and the legal community to contribute to a debate that is commensurate with what is at stake.
2026 could be the year in which the European Union defines its position on deepfakes. The choices made will have lasting consequences for the protection of fundamental rights in the digital environment.
Sources
European Parliament Think Tank, The Danish approach to copyright and deepfakes: A model for the EU?, At a Glance, January 14, 2026, EPRS_ATA(2026)782611.
Danish Ministry of Culture, UDKAST Forslag til Lov om ændring af lov om ophavsret, June 26, 2025.
Hugenholtz, P.B., Deepfake Bills in Denmark and the Netherlands: Right idea, wrong legal framework, Kluwer Copyright Blog, 2025.
World Economic Forum, Deepfake legislation: Denmark takes action, July 2025.
Regulation (EU) 2024/1689 (AI Act), in particular Article 50.
Regulation (EU) 2016/679 (GDPR), Articles 9 and 22.
Related Hashtag
#Markdown #OpenSource #DigitalRights #DataPortability #PlainText #Writing #Privacy #AI #ArtificialIntelligence #Tech #Obsidian #Logseq #Hugo #DigitalSovereignty #KnowledgeManagement #GDPR #CommonMark