This is not a niche creator-rights tool. DDT is the consent verification layer underneath every industry that generates, distributes, or monetizes human likeness. The addressable surface is every platform that touches identity-derived media.
Governments across the US, EU, and UK are moving to regulate AI-generated identity content. Every new law creates a compliance requirement. Every compliance requirement needs infrastructure. DDT is building it before the mandate arrives, which means DDT defines what compliance looks like.
| Date | Jurisdiction | Event |
|---|---|---|
| Already in force | New York | Deceased performer digital replica law (S.8391) |
| Already in force | California | AB 1836 / AB 2602 performer consent laws |
| Already in force | India | IT Rules 2026: deepfake labeling + 3hr takedown |
| May 5 2026 | UK | Digital ID consultation closes |
| June 9 2026 | New York | Synthetic performer disclosure law effective |
| June 2026 | EU | AI Act Code of Practice on labeling finalized |
| June 30 2026 | US | SAG-AFTRA contract expires / negotiations resume |
| Summer 2026 | UK | Digital replicas consultation opens |
| Summer 2026 | UK | Creative Content Exchange pilot launches |
| August 2 2026 | EU | EU AI Act Article 50 transparency obligations enforceable |
| Autumn 2026 | UK | AI labelling taskforce interim report |
| End 2026 | EU | EUDI Wallet deployment mandate |
| End 2026 (staggered) | EU multi-state | EUDI national wallet rollouts |
| 2027+ | India | Performer consent statutory framework expected |
| Ongoing | US Federal | NO FAKES Act; Senate/House committees |
A convergence arrives in June 2026: SAG-AFTRA AI negotiations resume after a pause through June 30, with synthetic performer attribution and the "tilly tax" structure unresolved. The WGA contract expires May 1 with negotiations underway. The New York Digital Replica Act and deceased performer law take effect June 9. The UK digital replicas consultation closes. The UK Creative Content Exchange begins with writing Personality Rights Rules. The EU AI Code of Practice labeling will be finalized.
These threads arrive simultaneously.
Every platform that has consent verification infrastructure in place before that moment is protected. Every platform that does not is exposed, in multiple jurisdictions, under multiple legal frameworks, at the same time.
Every job AI replaces was defined by a skill. Skills can be replicated. But you: your face, your voice, your story, your presence: cannot be replicated without your consent. That is the only thing AI cannot manufacture from nothing.
DDT is the infrastructure that turns individuality into a licensable, auditable, revenue-generating asset. Not for corporations. For the person it belongs to.
When a platform uses your likeness in an AI-generated advertisement, DDT makes sure you are asked, you are paid, and you have a record. When your voice is synthesized for a product you have never endorsed, DDT makes sure there is a consent check that either stops it or creates liability. Your identity becomes income. On your terms.
DDT's defensibility is not network effects or brand. It is architectural position. The three primitives at the core of the system are the claims on which the moat is built.
Anchored to the biometric identity subject rather than the asset creator. This distinction is fundamental: in identity-derived media workflows, the entity that captures a performer's likeness is not the entity whose consent governs use. Existing asset-level consent systems register under the asset creator's credentials. The CRO registers under the performer's DID. Once issued, immutable. Permission state changes are recorded as discrete lifecycle events, not modifications to the original object.
A live, cryptographically verifiable endpoint that answers whether a specific identity use is currently authorized. Operates as an OCSP analogue for identity permission state: as OCSP answers "is this TLS certificate currently valid?", the IPS answers "is this identity use currently authorized?" Returns a typed permission state reflecting the current lifecycle status of the consent record. SUSPENDED is always fail-closed: it is an active operational hold, not an ambiguous or unknown state.
A short-lived, cryptographically signed snapshot of an IPS evaluation result. Embeddable in content credentials for offline verification without a live IPS query. Operates as an OCSP stapling analogue: the permission-state answer travels with the content, bounded by an expiry window.
DDT is not a concept. The Identity Permission State endpoint is answering queries in production today. The three-primitive architecture is operational.
For Platforms
Every platform shift in history produced one infrastructure layer that became non-negotiable. You didn't choose to use them. The world made them inevitable. That moment is arriving for human identity.
DDT is a real-time permission layer for identity. It enables platforms to verify whether identity-driven content is authorized before it is ingested, generated, or distributed.
What Changed
A New Requirement: Regulation
For the first time, a person's face, voice, and likeness can be synthesized and deployed at scale without their knowledge, without consent, and without any record it happened.
Laws are arriving. State. Federal. International. Every jurisdiction moving on this faces the same problem: the legal requirement exists. The technical infrastructure to fulfill it does not.
DDT builds that infrastructure and answers the only question regulators will ask: was this authorized, and can you prove it?
Compliance is not optional. DDT is how you get there before the lawsuit does.
How it works for platforms
It works the way your browser checks whether a website is safe to visit. A live responder answers: valid or not valid, right now.
Why this helps platforms
The Verification Receipt is a signed, timestamped record that the platform queried, received an answer, and acted on it. That record is the difference between exposure and defense.
When permission is machine-readable and revocable, licensing becomes programmable. Synthetic media, personalized content, and licensed likeness: all viable, all with consent on the record.
NY, EU, UK, and union frameworks all converge on the same requirement: verifiable consent before identity is used. DDT is the infrastructure those requirements converge on.