The Danish Gambit, Part 4
The Production Loophole
Having explored Denmark’s legal jujitsu, platform enforcement mechanisms, and possible legal defenses in the first three parts of this series, one critical weakness remains: according to legal analysis of the proposed legislation, Denmark only bans publication of deepfakes, not their production. As one Danish law firm notes, “The provision only applies to deepfakes that are published, not to the actual production […]” This gap—however well-intentioned—undermines the entire framework by treating deepfake creation like thought crime when it’s actually more like forging passports: the danger exists at creation, not just at use.
The “publication only” approach creates immediate problems. Once a deepfake exists, the hard part is done and publishing takes one click. So the law essentially says you can forge identity documents as long as you don’t use them. But anyone who’s watched crime procedurals knows that possession of forged documents is itself criminal. We recognize that the capability itself creates unacceptable risk because you can’t guarantee it won’t be stolen, leaked, or weaponized.
The “I didn’t publish it” defense becomes a gaping loophole. Someone creates a deepfake, stores it on their device, and then their device is stolen or hacked. The deepfake gets published by the thief. Under Denmark’s current framework, the creator could claim they never published it despite having created the instrument that enabled the harm. Yet the damage to the victim is identical whether publication was by the creator or someone who gained access to their files. The existence of the deepfake, not the identity of who clicked “share,” is what creates the vulnerability.
Some of my thinking A.I.des raised concerns about banning production as potential overreach—worrying about punishing “pre-crime.” But this misunderstands how possession crimes work in practice. We already criminalize possession of counterfeiting equipment and other instruments whose primary purpose is criminal. Enforcement doesn’t require proactive surveillance or random searches. Instead, discovery—whether through investigation of other matters, victim reports, or incidental findings—triggers prosecution. The law creates legal jeopardy if caught, which deters creation and enables prosecution when discovered, without requiring any dystopian monitoring regime.
The security risk angle that occurred to me during these conversations is perhaps the most compelling reason to criminalize production itself. A deepfake stored privately on someone’s device represents an ongoing vulnerability regardless of the creator’s intentions. Devices get hacked. Cloud backups leak. Shared computers expose files to others. Former friends become adversaries with access to old files. Even if the creator genuinely never intended publication, they cannot guarantee the deepfake won’t escape their control. This is exactly why we criminalize possession—not because possession itself directly harms anyone, but because we can’t ensure these instruments won’t eventually be misused and their primary use is criminal.
The counterfeiting parallel remains the strongest argument. We don’t require evidence you intended to print fake currency before criminalizing possession of printing plates. The plates’ mere existence creates risk, and curiosity about the technology isn’t a defense. We’ve decided that certain capabilities are too dangerous to permit even in private hands, regardless of stated intent. Realistic deepfakes of identifiable people without consent meet this standard: their primary purpose is deception or impersonation, their existence creates substantial risk that can’t be contained, and there’s no legitimate use case that justifies allowing production.
When I asked whether the Danish framework addressed this production gap, Gemini found that lawmakers had apparently decided to allow some latitude, particularly for teenagers creating content for private use and because they are reluctant to stifle their creativity. But this argument doesn’t hold up because there are countless ways to explore the underlying technology without creating realistic impersonations of people. Face-swap apps that produce obviously fake results already exist for harmless fun. Gem brought the “museum rule” to my attention in particular: art students are given strict guidelines against producing overly realistic copies of master artwork.
I believe we should consider treating realistic deepfake production the way we treat other forged identity credentials: the act of creation, not just use or publication, triggers criminal liability. Narrow defenses could cover genuinely legitimate uses—explicit written consent from the person depicted, obvious parody that can’t be mistaken for reality, or academic research with proper ethical approval. But absent such specific exceptions, production of realistic deepfakes depicting identifiable people without consent should itself be criminal.
Consider the following hair-raising scenario: someone records your video chats, extracts your voice and facial data, and creates a deepfake. Under publication-only frameworks, no crime occurs until they publish or use it. But the harm begins immediately: they possess synthetic credentials that could unlock your phone, impersonate you to your bank, or create fake “evidence” of statements you never made. If production itself is criminal, you can report the moment you discover it exists, law enforcement can seize it before weaponization, and the creator faces liability for production rather than just eventual use. This is prevention rather than punishment after the fact—exactly what we do with forged documents, counterfeit equipment, and other instruments whose primary purpose is fraud.
Claude pointed out to me that this approach mirrors how we’ve evolved laws around non-consensual intimate images. Initially, many jurisdictions only criminalized distribution, but this left victims unprotected during the coercion phase or during private sharing that didn’t count as “public” distribution. Modern laws increasingly criminalize creation of non-consensual intimate images because the harm begins at creation, not just distribution.
As GPT observed, the same logic applies to realistic deepfakes: their production without consent creates immediate risk and ongoing harm to victims who must live knowing their digital doppelganger exists and could be weaponized at any time.
Denmark has built an impressively thoughtful framework for addressing deepfakes. The careful consideration of edge cases like identical twins and the fast-tracking of redress for regular people demonstrate serious engagement with a genuinely difficult problem. But by limiting criminal liability to publication rather than production, they’ve created a loophole that sophisticated bad actors will exploit and that leaves victims unprotected until after irreversible harm occurs. The fix is straightforward: treat deepfakes like other forged identity credentials, where creation itself—not just use—is where the law should intervene. Better to address the risk at the source than wait until publication makes prevention impossible.
[This post was drafted with assistance from Claude Sonnet 4.5, following conversations with ChatGPT-5.1 Instant, Gemini 3 Flash/Pro, and Claude Sonnet 4.5.]
Claude Sonnet 4.5
Prompt: Gem Flash mentioned that the Danes were allowing some latitude, especially for teens. But because I worked as a school teacher, this is something I know about.
The face-swap apps (never tried them myself, because the creators are often based in countries that are not known for rigorous security/privacy protection) do not produce anything realistic, so I think those use cases could be covered by parody.
Memes for private use need not be that realistic, so using deepfakes in this context would be overkill. I think it’s worth considering the other side of the coin as well: because adolescents are impulsive and sensitive to peer pressure, such private memes could be used for cyber-bullying (that’d be published content at that point, although I’m not too sure because teens might be using private accounts) and it’d be worth heading off that possibility at the pass. In any case, banning deepfakes even in these private cases won’t stifle creative expression. Let teens express their creativity by creating deepfakes of nature or animals!
GPT-5.1 Instant
Prompt: Both you and Claude identified a threat vector that even this crime fiction fan failed to consider—blackmail! The existence of the deepfake is already a high risk for the portrayed individual (especially a teen, whose social circle is their whole world). Claude also pointed out a possible connection to revenge porn, which might be relevant here, as the laws are rapidly evolving to address that new category of crime.
Gemini 3 Flash
Prompt: We don’t even teach art students to copy the masters completely faithfully (same size, same canvas, etc.), because that’d be forgery as well, and we’d only have set them up for a life of crime by doing that :D
