Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Brazil Steps Up Regulation of Violence Against Women in the Digital Environment

By Diego Bonomo, Jadzia Pierce, Gustavo Akkerman & Anna Sophia Oberschelp de Meneses on June 11, 2026
Email this postTweet this postLike this postShare this post on LinkedIn

Table of Contents

  • A broad, technology‑aware definition of digital violence
  • From notice-and-action to structured platform duties
  • Systemic liability and design‑level accountability
  • Rapid removal obligations for intimate content
  • Proactive duties and coordinated harassment
  • Targeted regulation of AI-generated harms
  • Enforcement and broader policy approach
  • Parallel reform of intermediary liability

On 20 May 2026, Brazil adopted Presidential Decree No. 12,976, establishing a comprehensive framework to address violence against women online. Adopted alongside a parallel decree (No. 12,975) reforming intermediary liability, it reflects a more assertive approach to regulating online harms, including those driven or amplified by AI. Together, these measures will require companies to reassess internal processes to ensure rapid content removal and more proactive monitoring, including for AI‑enabled services.

While framed as a gender‑based violence measure, the Decree reflects a broader shift in regulatory expectations from reactive moderation to proactive platform duties and systemic accountability. It also forms part of Brazilian President Luiz Inácio Lula da Silva’s administration’s broader efforts, ongoing since 2023, to regulate social media in the absence of comprehensive legislation. This approach has already triggered constitutional and policy debate, including regarding the use of presidential decrees to impose substantive obligations and potential implications for freedom of expression.

Link to A broad, technology‑aware definition of digital violence A broad, technology‑aware definition of digital violence

A key feature of the Decree is its expansive definition of “violence against women in the digital environment.” It goes beyond traditional offences such as harassment or threats to include conduct causing physical, psychological, political or economic harm, including where amplified by digital technologies.

The Decree expressly covers AI‑generated or manipulated content, such as synthetic intimate images and AI‑enabled harassment. This effectively integrates AI‑related harms into mainstream online safety rules rather than treating them separately. The framework is grounded in principles such as victim protection, privacy, and the prohibition of re‑victimisation.

Link to From notice-and-action to structured platform duties From notice-and-action to structured platform duties

The Decree introduces a more structured regime for platforms hosting user‑generated content. In particular, platforms must:

  • provide accessible reporting channels;
  • assess and respond to notifications promptly;
  • communicate decisions and reasoning to both notifier and user; and
  • direct users to appropriate support services.

Platforms may retain content where there is reasonable doubt as to its illegality, provided the decision is justified and communicated, preserving proportionality and procedural fairness.

These obligations should be read in light of a 2025 Brazilian Supreme Court decision that significantly limited the traditional “safe harbor” under Article 19 of the Marco Civil da Internet. Under that regime, platforms were generally only liable for third‑party content if they failed to comply with a court‑ordered takedown. The Court’s decision departs from this approach, indicating that platforms may be required to remove unlawful content directly, including upon user notice, without prior judicial intervention, and introducing a broader “duty of care” (dever de cuidado). While not expressly codified, the Decree clearly reflects and operationalizes this shift by embedding more structured notice-handling accountability requirements.

Link to Systemic liability and design‑level accountability Systemic liability and design‑level accountability

The Decree introduces a form of systemic liability, focusing on whether platforms implement adequate measures to prevent or limit harm at scale. The assessment shifts from individual moderation decisions to the effectiveness of systems, processes and safeguards.

Crucially, isolated incidents are unlikely to trigger liability on their own. Instead, the focus is on whether the platform’s systems, processes, and technical measures are sufficiently robust and effective.

Link to Rapid removal obligations for intimate content Rapid removal obligations for intimate content

The Decree imposes particularly strict requirements for non‑consensual intimate content. Platforms must:

  • remove the content within two hours of notification; and
  • ensure that the content is technically marked and blocked from re-upload across the service.

This combination of rapid response and forward-looking prevention is significant. It reflects an understanding that harm in the digital environment is not limited to initial publication, but is exacerbated by repeated dissemination. From an operational perspective, this may involve techniques such as automated detection, hashing technologies, and cross-platform content identification tools.

Link to Proactive duties and coordinated harassment Proactive duties and coordinated harassment

Another important departure from traditional models is the introduction of proactive monitoring obligations. Platforms are required to identify indicators of coordinated harassment campaigns and to take proportionate measures to reduce the reach and visibility of harmful content. Notably, these obligations apply even in the absence of a complaint from the victim. Platforms are therefore expected to act ex officio where they detect patterns suggesting coordinated abuse.

The Decree places particular emphasis on protecting women with public exposure, such as journalists or political figures, reflecting concerns around the use of online harassment to silence participation in public life.

Link to Targeted regulation of AI-generated harms Targeted regulation of AI-generated harms

The Decree also addresses certain risks associated with AI-generated content. It prohibits the generation or modification of intimate content involving third parties without consent and requires platforms offering AI-based functionalities to implement technical and procedural safeguards to detect and block harmful outputs. These safeguards must be deployed in a manner proportionate to the scale and risk profile of the service.

These provisions are particularly noteworthy in light of ongoing global debates around deepfakes and generative AI misuse. They signal an expectation that platforms will not only moderate harmful outputs, but also actively design their systems to prevent such outputs from being generated in the first place.

Link to Enforcement and broader policy approach Enforcement and broader policy approach

Enforcement of the Decree is entrusted to Brazil’s Data Protection Authority (ANPD), which reflects a broader trend toward regulatory consolidation with the ANPD increasingly positioned at the intersection of data protection, online safety, and, potentially, future AI governance. In parallel, the Decree provides for the development of a coordinated framework through which multiple public authorities would work together on prevention, protection, and victim support. It requires the Ministry of Justice and Public Security to establish an interministerial working group, which will be tasked with designing the structure and implementation of this framework.

Link to Parallel reform of intermediary liability Parallel reform of intermediary liability

The Decree was adopted alongside a separate measure (Decree No. 12,975) amending Brazil’s framework under the 2014 Civil Rights Framework for the Internet (Marco Civil da Internet), following the abovementioned 2025 Supreme Court decision that significantly limited the traditional court‑order‑based safe harbor for online platforms.

While the previous regime largely conditioned liability on failure to comply with a judicial takedown order, the new framework introduces more structured due diligence and organizational obligations. It clarifies that liability may arise in cases of systemic failure to prevent or address certain categories of illegal content, including terrorism, child exploitation, hate speech and gender‑based violence.

Platforms must, in particular, appoint a local legal representative, maintain notice‑and‑action mechanisms, implement ongoing risk monitoring and mitigation measures, and increase transparency around content moderation, advertising and systemic risks.

Taken together, these developments point to a broader shift toward a proactive, risk‑based model of platform accountability, moving beyond purely reactive or court‑driven enforcement. This approach shows clear parallels with developments in the EU, in particular under the Digital Services Act, which similarly emphasizes systemic risk management, transparency and proactive obligations for platforms, as well as ongoing discussions under the AI Act regarding AI‑generated content and safety‑by‑design requirements.

*              *              *

The Covington team continues to monitor developments in the area of digital services, content moderation and AI‑driven content closely and would be happy to assist companies in assessing the implications of this decree for their products, policies, and compliance strategies.

Tags: AI
Photo of Diego Bonomo Diego Bonomo

Diego Bonomo is a senior advisor in the firm’s London office. Diego, a non-lawyer, has more than 25 years of Brazil regulatory, trade, and foreign affairs experience at leading business associations, think tanks, companies, and academic institutions. Diego also served in the Brazilian…

Diego Bonomo is a senior advisor in the firm’s London office. Diego, a non-lawyer, has more than 25 years of Brazil regulatory, trade, and foreign affairs experience at leading business associations, think tanks, companies, and academic institutions. Diego also served in the Brazilian government.

Before joining the firm, Diego was Team Leader of the Brazil Trade Facilitation Program at Palladium and Executive Manager of International Affairs at Brazil’s National Confederation of Industry — CNI. At the U.S. Chamber of Commerce, he served as Senior Director of the International Division and Senior Director for Policy of the Brazil-U.S. Business Council. Diego also was Executive Director of the Brazil Industries Coalition — BIC, the leading Brazilian business coalition in the United States, and General Coordinator of Foreign and Trade Affairs at the Federation of Industries of the State of São Paulo — FIESP. He previously served in the Office of the President of Brazil as advisor to the Minister of Long-Term Planning.

Diego holds a bachelor’s and master’s degree in international relations from the Pontifical Catholic University of São Paulo.

Read more about Diego BonomoEmail
Show more Show less
Photo of Jadzia Pierce Jadzia Pierce

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior…

Jadzia Pierce advises clients developing and deploying technology on a range of regulatory matters, including the intersection of AI governance and data protection. Jadzia draws on her experience in senior in house leadership roles and extensive, hands on engagement with regulators worldwide. Prior to rejoining Covington in 2026, Jadzia served as Global Data Protection Officer at Microsoft, where she oversaw and advised on the company’s GDPR/UK GDPR program and acted as a primary point of contact for supervisory authorities on matters including AI, children’s data, advertising, and data subject rights.

Jadzia previously was Director of Microsoft’s Global Privacy Policy function and served as Associate General Counsel for Cybersecurity at McKinsey & Company. She began her career at Covington, advising Fortune 100 companies on privacy, cybersecurity, incident preparedness and response, investigations, and data driven transactions.

At Covington, Jadzia helps clients operationalize defensible, scalable approaches to AI enabled products and services, aligning privacy and security obligations with rapidly evolving regulatory frameworks across jurisdictions—with a particular focus on anticipating enforcement trends and navigating inter regulator dynamics.

Read more about Jadzia PierceEmail
Show more Show less
Photo of Gustavo Akkerman Gustavo Akkerman

Gustavo Akkerman advises clients in a broad range of domestic and cross-border merger and acquisition transactions, including public and private, ranging from strategic product acquisitions, division divestitures and joint ventures to large company sales and acquisitions.

Gustavo is a dual-licensed attorney in New…

Gustavo Akkerman advises clients in a broad range of domestic and cross-border merger and acquisition transactions, including public and private, ranging from strategic product acquisitions, division divestitures and joint ventures to large company sales and acquisitions.

Gustavo is a dual-licensed attorney in New York and Brazil, leveraging from his life experience growing up and previously practicing law in Brazil to counsel clients in navigating the Latin American business and legal environments.

Gustavo represents both U.S. and international clients, including in the life sciences, technology, media, energy, and financial services industries.

Best Lawyers has named Gustavo on its “Ones to Watch” list for M&A (2024 and 2025). He was also named as a Rising Legal Star by Latinvex (2021) and Latino Leaders Magazine (2023). and recognized in the Legal 500 for Corporate and M&A in Latin America (2020 and 2024).

Read more about Gustavo AkkermanEmail
Show more Show less
Photo of Anna Sophia Oberschelp de Meneses Anna Sophia Oberschelp de Meneses

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act…

Anna Sophia Oberschelp de Meneses advises on EU data protection, cybersecurity, and consumer law. Her practice covers the full range of Europe’s digital regulatory framework, including GDPR, ePrivacy, NIS2, the Cyber Resilience Act, the AI Act, the Digital Services Act, the Data Act, the European Health Data Space, and EU consumer protection law, including product safety, product liability, and consumer rights legislation. She focuses on the operational side of compliance — helping clients design policies and processes, draft documentation, and build the internal frameworks needed to meet regulatory requirements in practice.

She also advises on contentious matters, drawing on experience managing investigations before national regulators and proceedings before national courts and the Court of Justice of the European Union. She works closely with Covington’s disputes teams on matters at the intersection of regulatory compliance and litigation.

Read more about Anna Sophia Oberschelp de MenesesEmailAnna Sophia's Linkedin Profile
Show more Show less
  • Posted in:
    Privacy and Cybersecurity, Technology and AI
  • Blog:
    Inside Privacy
  • Organization:
    Covington & Burling LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo