AB1705 creates a new statewide duty for operators of pornographic internet websites to exercise ordinary care and reasonable diligence to prevent sexually explicit content that depicts nonconsenting individuals or minors from being uploaded or displayed. The bill requires users who upload pornographic content to submit a sworn statement certifying that every person depicted was an adult, consented to being depicted, and consented to the upload, along with contact information; knowingly providing false information is an infraction.
The bill gives depicted individuals and public prosecutors a civil enforcement pathway with statutory damages up to $75,000 per violation (for private plaintiffs) and $25,000 per violation (for public enforcement), allows injunctive relief and fees, treats each day content remains accessible as a separate violation, and requires operators to retain uploader statements for seven years. The statutory scheme shifts evidentiary burdens toward operators, raises retention and verification requirements, and creates a set of implementation and preemption questions platforms will need to resolve.
At a Glance
What It Does
The bill requires operators of pornographic websites to exercise ordinary care and reasonable diligence to prevent nonconsensual or underage sexually explicit content from being uploaded or displayed. It mandates that uploaders submit a statement under penalty of perjury confirming age and consent, provides a $1,000 infraction for knowingly false statements, and creates private and public civil remedies with per‑day penalties.
Who It Affects
Commercial pornographic websites (sites that solicit or permit user uploads of sexually explicit content), users who upload such content, third‑party content moderators and verification vendors, and prosecutors and courts that will enforce the new civil causes of action.
Why It Matters
AB1705 shifts risk and document‑retention obligations onto operators and creates statutory damage exposures that can mount daily; it also relies on user-supplied certifications rather than mandated biometric or government ID checks, producing practical compliance choices and legal uncertainty about scope and federal preemption.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
AB1705 defines a "pornographic internet website" as any site that solicits or permits users to upload sexually explicit visual or audiovisual works, and it treats digitized or substantially altered imagery as covered content. The bill centers on the term "depicted individual," which captures people who are shown without consent, minors at the time the content was created, or people who did not consent to the content being uploaded.
The statutory definition excludes material that, taken as a whole, has serious literary, artistic, or scientific value.
Operationally, the bill imposes two linked duties on operators. First, operators must exercise "ordinary care" (the Civil Code 1714(a) negligence standard) and "reasonable diligence" to ensure sexually explicit content displayed on their site does not include depicted individuals.
Second, before permitting an upload, operators must obtain from the uploader a written statement, signed under penalty of perjury, certifying that every person depicted was an adult when the content was created, consented to being depicted, and consented to the upload; operators must also collect contact information and verify the uploader's email address. If an operator fails to secure that uploader statement, the operator is presumed to have violated the duty to exercise ordinary care.Evidence and remedies are front-and-center: knowingly providing false information in the uploader statement is an infraction punishable by a $1,000 fine.
A depicted individual may sue an operator (and a user who uploaded known offending content) for violations and recover actual damages or statutory damages (not greater than $75,000 per violation, whichever is greater), punitive damages, attorneys' fees, and injunctive relief. A public prosecutor may bring a civil enforcement action with a $25,000 civil penalty per violation and equitable relief.
The bill treats each full calendar day the offending content remains accessible as a separate violation, and it requires operators to retain uploader statements and contact information in an easily accessible format for at least seven years.Practical compliance will force operators to choose how far to go beyond the email verification the statute requires: the text permits operators to demand information through a specific mechanism, but it does not prescribe identity or age‑verification technologies. That leaves open whether operators will rely solely on the user certification and email checks, or adopt third‑party verification services, stronger onboarding hurdles, or automated detection systems to limit liability.
The statutory design also creates litigation leverage for plaintiffs through the presumption of operator fault when statements are missing and through the per‑day damages construct, which can multiply exposure quickly.
The Five Things You Need to Know
The bill presumes an operator violated its duty if it did not obtain the uploader's sworn certification before permitting sexually explicit uploads.
Operators must verify a user's email before permitting uploads and must retain the uploader's sworn statement and contact information for at least seven years.
Knowingly supplying false information on the uploader statement is an infraction punishable by a $1,000 fine.
A depicted individual who prevails may recover actual damages or statutory damages (not more than $75,000 per violation, whichever is greater), plus punitive damages, fees, and injunctive relief; each day content remains accessible is a separate violation.
A public prosecutor can bring a civil enforcement action with a civil penalty of $25,000 per violation, alongside injunctive relief and fees.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Key definitions — who and what the law covers
This section sets the scope by defining "pornographic internet website," "sexually explicit content," and "depicted individual." Importantly, it imports the Civil Code's definition of digitization and sexual conduct, so deepfakes and substantially altered imagery fall within scope. The "depicted individual" definition is outcome‑oriented (lack of consent, minor status, or lack of consent to upload), which drives both the operator duties and the civil causes of action that follow.
Operator duty for displayed content — ordinary care and reasonable diligence
This provision requires operators to exercise ordinary care (the negligence standard in Civil Code 1714(a)) and reasonable diligence to ensure content displayed on their site does not include a depicted individual. Because the statute ties liability to an objective negligence standard rather than strict liability, courts will interpret the contours of "ordinary care" in context — including what monitoring, workflow, or moderation processes are reasonable for particular sites and business models.
Uploader certification, operator presumptions, verification, and recordkeeping
Section 22614 creates the operational compliance framework. It requires a user to submit, before upload, a sworn statement certifying age and consent for every person depicted, plus contact information; operators must verify the user's email and may require submission through a specified mechanism. If an operator fails to collect the statement, the operator is presumed to have breached the duty in Section 22612, shifting evidentiary leverage to plaintiffs. The section also mandates seven‑year retention of statements, creating data‑storage, privacy, and records‑management obligations for operators. Finally, the statute criminalizes knowingly false certifications as an infraction with a $1,000 fine.
Enforcement — private and public civil remedies and per‑day violations
This section authorizes both private civil suits by depicted individuals and civil enforcement by public prosecutors. Private plaintiffs can seek actual or statutory damages (capped at $75,000 per violation in the statutory formula), punitive damages, attorneys' fees, and injunctions. Public prosecutors can seek a $25,000 penalty per violation, plus equitable relief and fees. The statute treats each full calendar day offending content remains accessible as a separate violation, which multiplies exposure and increases the stakes for rapid takedown and compliance processes.
Remedies are cumulative
This short provision clarifies that the bill's remedies do not preclude other remedies available under law. Practically, that means plaintiffs can pursue this statute alongside other causes of action (for example, existing civil claims for invasion of privacy or state criminal statutes), which affects settlement dynamics and total potential liability.
Fiscal note — reimbursement not required
The bill includes the standard constitutional finding that no state reimbursement is required because the only costs to local agencies arise from creating or modifying crimes or infractions. While not substantive to operator obligations, this language signals the drafters treated the $1,000 infraction and any criminalization aspects as the fiscal touchpoint for local entities.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Depicted individuals who did not consent or were minors: the bill creates a clear statutory pathway to damages, injunctive relief, and attorney's fees, plus a per‑day violation mechanism that increases leverage for rapid content removal.
- Public prosecutors and state enforcement agencies: the statute gives prosecutors an explicit civil enforcement tool with set per‑violation penalties and authority to seek equitable relief.
- Victim‑advocacy groups and organizations focused on nonconsensual pornography: the law standardizes claims and evidence by requiring operator recordkeeping and uploader certifications, enhancing plaintiffs' ability to establish violations.
Who Bears the Cost
- Operators of pornographic websites (large and small): sites must adopt onboarding, email verification, retention systems, moderation workflows, and potentially third‑party verification tech, and they face multiplied civil exposure for each day content remains accessible.
- Content moderation vendors and verification service providers: increased demand for identity, age, and consent verification services will shift costs and operational burdens to these vendors and their customers.
- Uploaders of adult content: uploaders face new compliance steps, potential criminal‑adjacent exposure for false statements (a $1,000 infraction), and reduced anonymity if operators collect additional identity data to reduce liability.
- Courts and defense counsel: the per‑day violation model and cumulative remedies will increase litigation volume and complexity, particularly in cases involving disputed consent or altered/digitized imagery.
Key Issues
The Core Tension
The bill aims to protect victims of nonconsensual and underage sexually explicit content by imposing verification, recordkeeping, and civil penalties, but doing so forces operators to choose between stronger, privacy‑invasive verification and continued legal exposure — a trade‑off between victim protection and platform privacy/operational burdens that has no one‑size‑fits‑all solution.
AB1705 mixes a negligence standard for operators with procedural strongpoints for plaintiffs (presumptions, per‑day violations, and statutory damages), which creates a stack of practical and legal tensions. The statute relies heavily on uploader certifications and a minimal verification step (email verification) rather than prescribing robust identity or age‑verification methods; that design reduces immediate privacy intrusions but leaves open costly compliance choices for operators — adopt more invasive verification to reduce liability or accept greater legal exposure while preserving uploader anonymity.
Retention of uploader statements for seven years raises privacy and data‑security obligations: operators will need policies to protect sensitive information and respond to data‑subject or law‑enforcement requests. The presumption that failure to obtain a statement equals breach of the ordinary‑care duty shifts proof burdens and encourages operators to collect statements even when risk is remote.
Separately, the inclusion of digitized and substantially altered imagery sweeps in deepfake content but also raises evidentiary questions about how a plaintiff proves nonconsent when images are synthetic. Finally, the statute's civil‑enforcement design may collide with federal immunities such as Communications Decency Act Section 230; courts will likely confront whether state civil penalties for content moderation decisions are preempted or limited by federal law, creating an unresolved legal risk for enforcement and defendants alike.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.