It was recently reported by Internet Watch Foundation (IWF) that a UK school has been targeted by criminal gangs to misuse photos of children online. These types of offenders are scraping publicly available student photographs from school websites and using AI to generate hundreds of sexually explicit deepfakes. These images are then weaponised for blackmail.
UK GDPR highlights that a child’s image constitutes personal data. The IWF reports a 26,000% annual increase in AI-generated child sexual abuse material from 13 to 3,440 videos. This data processing is simply unlawful and qualifies as high-risk processing under Article 35.

Behind every manipulated image is a real child. The creation and distribution of AI-generated abusive content cause anxiety and reputational harm to young victims, even when the images are not authentic. This digital violation can erode trust in schools, damage mental wellbeing, and leave lasting psychological scars that far outlast any fleeting online presence.
AI-generated CSAM (insert what this stands for) causes real-world harm. Protecting children’s digital identities is now a non-negotiable legal obligation, requiring urgent policy updates, parental engagement, and alignment with NCA and IWF guidance.
Read more: AI-Generated Child Sexual Abuse Material: New Guidance for Parents