The NO FAKES Act of 2025 promises to solve the deepfake crisis. Instead, it may execute open-source AI development in the United States. While headlines focus on Grok generating sexualized images of children at a rate of one per minute, the legislative cure could be far more destructive than the disease, at least for independent developers, researchers, and the entire ecosystem of open-source AI innovation.
When “Making Available” Becomes a Federal Crime
The bill’s core mechanism seems reasonable: create a federal “digital replica right” protecting voices and likenesses. The poison lies in Section 3, which imposes strict liability on anyone who “makes available” technology “primarily designed” to produce digital replicas. Violators face statutory damages of $5,000 to $25,000 per unauthorized replica, no proof of actual harm required.
For context, a single HuggingFace repository containing a voice cloning model could generate thousands of violations daily. Do the math: one model, one day, potential liability in the millions.
The legislation explicitly strips away Section 230 protections, meaning platforms cannot shield developers. If a teenager in Nebraska clones Taylor Swift’s voice using your open-source model posted on GitHub, you, not the user, not the platform, could be liable.
The MIT License Won’t Save You
Many developers believe open-source licenses offer protection. This is a dangerous misconception. As legal analysis in the developer community points out, an MIT or Apache license is merely a contract between you and the user. It cannot immunize you against federal statutory liability.
The critical distinction: those suing you under the NO FAKES Act wouldn’t be your users. They’d be third parties, record labels, estates, celebrities, who never agreed to your license terms. Your “AS IS” clause becomes legally meaningless when Sony Music comes knocking.
The “Primarily Designed” Trap
Bill proponents argue the language targets only malicious actors. The text specifies liability for tools “primarily designed to produce one or more digital replicas of a specifically identified individual.” An IP attorney reviewing the bill insists this means an “Arnold Schwarzenegger bot” would be illegal, but a general-purpose voice cloning tool would remain legal.
This interpretation collapses under real-world conditions. Consider Retrieval-based Voice Conversion (RVC), currently the most popular open-source voice tech. If 90% of RVC’s actual use involves cloning celebrities, a court can rule it’s “primarily designed” for that purpose based on usage patterns, not the developer’s intent.
The bill’s “actual knowledge” requirement offers no real shelter. IP law has long recognized “willful blindness” as equivalent to knowledge. If your GitHub issues fill with requests like “How do I clone Drake’s voice?” and you don’t aggressively moderate, you’ve demonstrated constructive knowledge. The law doesn’t require you to succeed at preventing misuse, only that you knew or should have known about it.
The Safe Harbor That Isn’t
Here’s where the legislation becomes technically absurd. Section 3 offers a safe harbor for platforms that implement “digital fingerprinting” to detect and block unauthorized replicas. Sounds fair, until you realize a repository hosting raw model weights cannot possibly fingerprint what those weights might generate.
Open-source distribution means providing .pth or .safetensors files, static mathematical representations. There’s no runtime, no API, no service layer where fingerprinting could occur. The output depends entirely on how users fine-tune and prompt the model. A repository maintainer cannot embed “this is fake” metadata into weights that might be used for legitimate speech therapy, audiobook narration, or yes, celebrity impersonation.
Result: GitHub repos and HuggingFace models are technically disqualified from safe harbor protection. Meanwhile, YouTube and Instagram, platforms with runtime control, get full immunity. The law punishes precisely those who lack the technical means to comply.
The Regulatory Capture Play
The developer community has identified what economists call a “Baptists and Bootleggers” coalition. Anti-AI activists (the Baptists) provide moral cover, while Big Tech companies (the Bootleggers) quietly support regulations that crush open-source competitors.
The logic is ruthless: OpenAI, Google, and Microsoft can afford compliance departments, fingerprinting infrastructure, and legal teams to fight lawsuits. A solo developer in Austin cannot. By raising the cost of legal risk, the NO FAKES Act builds a moat that only incumbents can cross.
This isn’t conspiracy theory. When developers contacted legislators, they found the bill’s language reflects input from major AI companies who know exactly what they’re doing: creating liability that only they can survive.
Innovation Flight Is Already Beginning
The chilling effects are immediate. Developers report self-censoring, removing voice models from public repositories, and migrating projects to jurisdictions with better safe harbors. One developer warned: “If this passes, the US effectively sanctions its own AI sector, and the bleeding edge moves to countries with better safe harbors. We become a digital backwater.”
Historical precedent exists. When Australia “outlawed” encryption by demanding backdoors, nothing changed, because developers ignored it and continued using standard cryptographic libraries. The law became a dead letter, existing only to make politicians look tough. But the difference here is extraterritorial liability: the NO FAKES Act can reach foreign developers if their tools are used in the US.
The UK, EU, and India are already investigating Grok’s outputs under existing laws like the Digital Services Act. International coordination could create a global liability web where developers face lawsuits in multiple jurisdictions for the same model.
What Actually Works (And What Doesn’t)
The voice cloning threat is real. Research shows 28% of UK adults encountered voice cloning scams last year, with 46% completely unaware the technology exists. Criminals cloned a company director’s voice to steal $51 million in the UAE. A Mumbai businessman lost ₹80,000 to a fake embassy call. Scammers even cloned Queensland’s Premier to push Bitcoin scams.
But the solution isn’t developer liability, it’s operator responsibility. Platforms that wrap models in user-friendly interfaces should bear the compliance burden. They control the runtime, can implement fingerprinting, and profit from usage. A raw Python script on GitHub does none of these things.
Jellyfin, an open-source media server, provides the correct model. Despite users potentially streaming pirated content, Jellyfin isn’t liable because it strongly moderates discussions and doesn’t facilitate infringement. The tool’s design matters, but so does the provider’s active role.
The Amendment Developers Need
The fix is simple but politically difficult: distinguish “Active Service Providers” from “Tool/Code Repositories.” Add a safe harbor for open-source distribution that doesn’t require impossible technical measures.
This means:
– Protecting repositories that distribute static model weights without a runtime
– Protecting research code that demonstrates techniques but isn’t a product
– Shifting liability to platforms that operationalize these tools for end users
Without this change, the US AI ecosystem will bifurcate: closed, proprietary systems controlled by Big Tech, and a shadow ecosystem of foreign-hosted open models that US developers can’t legally use.
Your Move, Developers
The developer who first flagged this issue has already contacted representatives. The template is simple: tell legislators this bill is an innovation killer pushed by corporate lobbyists. Senators hate being played by Silicon Valley.
Specific actions:
1. Contact your representatives via email and phone. Use the economic argument: “This hands AI leadership to China and Europe.”
2. Document your project’s legitimate uses: speech therapy, accessibility, creative tools. Make it harder to argue it’s “primarily designed” for infringement.
3. Migrate critical infrastructure to jurisdictions with safe harbors. Don’t wait for the law to pass.
4. Organize publicly. The “Baptists and Bootleggers” coalition works because it’s visible. Open-source developers need to be equally vocal.
The alternative is watching HuggingFace become a legal minefield, watching researchers leave the US, and watching the next generation of AI tools emerge from Shenzhen and Berlin instead of Silicon Valley.
The NO FAKES Act aims to stop deepfakes. Instead, it may fake out the entire open-source AI movement.
Call to action: The bill is currently in the Senate Judiciary Committee. Contact members here and demand a safe harbor for open-source code repositories.
