The Limits of State Deepfake Laws Against Foreign Election Interference

In July 2024, the Department of Justice seized two web domains and dismantled nearly 1,000 social media accounts operated by a Russian AI-powered bot farm. The operation, organized by an editor at Russia Today, the Kremlin-funded state media outlet, and financed by Russia's Federal Security Service (FSB) intelligence service, used generative AI to create fake American personas on X (formerly Twitter) and flood U.S. feeds with pro-Russian narratives. One month earlier, Microsoft's Threat Analysis Center uncovered Storm-1516, a separate Russian network that produced a fabricated video accusing Kamala Harris of a 2011 hit-and-run, hosted it on a cloned lookalike of a San Francisco TV station, and watched it accumulate 2.7 million views before debunking efforts could catch up. China has similarly deployed AI-generated content to U.S. audiences, including a falsified transcript of President Biden making inappropriate remarks. These are not isolated incidents. The number of Russian influence operations tracked by Microsoft has grown from two in 2016 to more than 70 by 2024. AI didn't create foreign election interference, but it has turned it into a mass-produced, industrial-scale operation. 

Against this threat, the United States has responded primarily at the state level. Sixteen states enacted AI-related election legislation before the 2024 election. Texas criminalized deepfake campaign content distributed within 30 days before an election. New York required disclaimers on materially deceptive AI media. These laws are well-intentioned, but they were designed for an adversary who is identifiable, prosecutable, and can appear in a courtroom, not one operating out of Moscow or Beijing.

The Jurisdiction Gap: 

Three fractures expose why state law fails against foreign AI disinformation.

1. Criminal penalties do not cross borders. 

   1. Texas's Class A misdemeanor for distributing deepfakes is meaningless when the actor is an FSB officer in Moscow or a Chinese state-run influence cell in Hainan. The New Hampshire robocall, an AI-generated impersonation of President Biden urging up to 25,000 primary voters not to cast ballots, was traced to a domestic political consultant and led to a prosecution. The Storm-1516 campaigns, the RT bot farm, and the Chinese Biden transcript operation have not. Domestic criminal law punishes the rare case where the perpetrator is American and identifiable. It does nothing to deter the cases that actually matter.

2. Detection arrives after damage is done. 

   1. By the time a platform or government agency identifies AI-generated foreign content, it has already spread. The Storm-1516 hit-and-run video had 2.7 million views before it was debunked. In 2024, automated bots accounted for 51 percent of all web traffic, meaning the volume of synthetic content now exceeds what human moderators can meaningfully monitor. Encrypted platforms like WhatsApp and Telegram, where a growing share of voters now get their news, are effectively invisible to this already-strained detection infrastructure. No state disclaimer law can label content that platforms cannot see.

3. No agency owns this problem.

   1. No single agency has statutory authority to coordinate real-time response. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Justice (DOJ), the Office of the Director of National Intelligence (ODNI), and the Federal Election Commission (FEC) each hold partial jurisdiction over foreign influence operations, but none has been designated by Congress as the lead authority when an active operation is detected during an election cycle. The July 2024 bot farm disruption required real-time coordination across the FBI, the Cyber National Mission Force, and intelligence services from Canada and the Netherlands. It worked. But it worked through improvisation, not a legal mandate, and improvisation is not a system.

Why Pre-Emption, Not Prosecution, Is the Right Frame:

The instinct of state legislatures has been to treat foreign AI disinformation as a crime to be punished after the fact. This is the wrong frame. A criminal law approach assumes a prosecutable actor, a discernible act, and a jurisdiction. Foreign AI disinformation operations satisfy none of these reliably. The Russian operatives behind the RT bot farm have been indicted; they will not be extradited. The lesson is not that prosecution is useless – public indictments serve a deterrence and public awareness function – but that prosecution alone cannot be the primary policy instrument. The right frame is infrastructure: what can be built before the next operation begins that makes foreign AI disinformation harder to deploy, faster to detect, and more consistently countered? Without a shift to pre-emption, foreign AI operations will continue to scale faster than U.S. response capacity, and the next close election may not leave enough time for debunking to matter. The evidence suggests three interventions.

The Proposal: A Federal Pre-Emption Architecture

1. Component One: Mandatory AI Content Provenance Standards. 

   1. Congress should pass legislation requiring platforms above a threshold audience size to implement cryptographic content credentials, based on the existing C2PA technical standard, for AI-generated political content at the point of platform ingestion. NIST should be directed to develop the technical specifications that define compliance, drawing on C2PA's existing framework. This separates the technical standard-setting role, which NIST is well suited for, from the binding mandate, which only Congress can create.

2. Component Two: A Unified Federal Early Warning System. 

   1. The fragmentation across CISA, the FBI, and the DNI is not a coordination failure; it is a structural design problem. Congress should designate a single lead agency (CISA is the natural home, given its existing election security mandate) with statutory authority to issue real-time threat advisories to platforms, campaigns, and state election officials when foreign AI disinformation operations are detected. The model is the FAA's Aviation Safety Reporting System: a single intake point, standardized reporting fields, and mandatory notification to affected parties within 72 hours. Currently, no such requirement exists. Platforms discover foreign operations on their own timelines and notify government agencies at their discretion.

3. Component Three: Pre-Bunking as Federal Infrastructure, Not Agency Discretion. 

   1. CISA currently responds to foreign disinformation by, in the agency's own words, trying to "flood the zone with accurate information." This is the right instinct, executed without resources or a mandate proportionate to the threat. Congress should authorize and fund a standing Pre-Bunking Unit within CISA, modeled on the EU's East StratCom Task Force, with the specific mandate to identify emerging foreign AI disinformation narratives before they reach peak virality and issue proactive public communications. Pre-bunking, warning the public about a false narrative before it spreads, has been shown in peer-reviewed research to be more effective than debunking after the fact. It is also, unlike prosecution, a tool that works regardless of where the perpetrator is located.

Executive and Legislative Policy Recommendations: 

Two tracks should be taken, a near-term executive solution and a long-term legislative solution.  

1. In the near term, the White House should direct CISA, the DOJ, and the DNI to publish a joint operational protocol, within 90 days, specifying the lead agency, reporting timelines, and platform notification requirements when a foreign AI influence operation targeting a U.S. election is detected. This requires no new legislation and fills the coordination gap immediately.

2. In the long term, Congress should amend the Defending American Security from Kremlin Aggression Act and the National Defense Authorization Act to codify the three components above: NIST provenance standards, a CISA-led early warning mandate, and a funded pre-bunking capacity. The legislative vehicles exist. The agency relationships exist. The technical standards exist. What the federal government lacks is not capability; it is the infrastructure that connects existing capability into a system that operates before the content goes viral, not after. Foreign adversaries have scaled their operations with AI. The U.S. response has not scaled to match.

Sources: 

• U.S. Department of Justice, “Disruption of Russian Bot Farm” (July 2024)

• Microsoft Threat Analysis Center, Storm-1516 Report (2024)

• FBI & CISA, Joint Advisory on Foreign Influence Operations (Oct. 2024)

• Emerald Publishing, Review of Economics and Political Science, "The Impact of Disinformation Generated by AI on Democracy" (Oct. 2025) 

• Thales, 2025 Imperva Bad Bot Report (Apr. 2025)