Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.
posted 2 hours ago
In June 2026 Brazil’s Federal Supreme Court (Supremo Tribunal Federal, STF) issued a landmark order requiring platforms operating in the country to adopt concrete measures to remove illegal content within a 60‑day compliance window. The order converts the broad intermediary obligations set out in Law No. 12. 965/2014 (Marco Civil da Internet) into a fixed operational timeline that affects social‑media networks, marketplaces, hosting providers, app stores and any online service provider that permits user‑generated content directed at Brazilian users. For in‑house counsel, compliance officers and commercial teams, the question is no longer whether to act but how to comply with the Brazil STF content‑removal order 2026 before the deadline expires.
This guide sets out the complete procedural sequence, from legal intake through evidence preservation to vendor‑contract amendments, together with the required documents, costs and pitfalls that every affected organisation should address now.
The STF’s June 2026 order responds to years of debate over platform accountability under Article 19 of the Marco Civil da Internet, which historically shielded intermediaries from civil liability for third‑party content unless they failed to comply with a specific court order to remove it. The new ruling narrows that safe harbour by imposing an affirmative duty of care: platforms must implement internal systems capable of receiving takedown requests, removing content that falls within defined categories of illegality, and reporting on those actions, all within 60 days from the date of the order.
The categories of illegal content addressed by the order include hate speech, racism, incitement to violence, encouragement of suicide or self‑harm, child sexual abuse material, and content that promotes criminal activity. Both domestically incorporated entities and foreign platforms that direct services to users in Brazil fall within scope. Industry observers expect regulators to treat the existence of a Portuguese‑language interface, Brazilian payment methods, or advertising targeted at Brazilian consumers as sufficient nexus to trigger the obligations.
The order’s scope tracks the definition of “internet application provider” (provedor de aplicações de internet) in Article 15 of the Marco Civil. That definition captures any legal entity that provides functionality to users via the internet and stores user‑generated content or data. In practical terms, the following entities are within scope:
Pure telecommunications carriers (provedores de conexão) and services that perform only transient caching without editorial discretion are generally outside the intermediary obligations under Article 18 of the Marco Civil. However, entities that occupy a hybrid role, for example, an ISP that also operates a news portal, should seek specific legal advice on which activities fall inside the order’s reach.
The STF’s reasoning addresses a recurring practical problem: content that a court has already declared illegal reappears on the same platform or on a different service. The order establishes that once content has been the subject of a binding judicial determination of illegality, platforms are expected to remove identical or substantially identical reposts without requiring a new court order. The likely practical effect is that platforms must implement hash‑matching or fingerprinting technology to detect reposts and act on them proactively. Where there is reasonable doubt about whether new content is genuinely identical to the previously adjudicated material, the platform may seek court clarification before removing it, but it must document the analysis internally.
Platform compliance in Brazil in 2026 requires more than policy statements. Affected organisations should confirm that the following prerequisites are in place before starting the step‑by‑step procedure:
The content takedown process in Brazil under the 2026 order can be broken into six operational steps. The table below summarises ownership and timing; the sub‑sections that follow detail each step.
| Step | Who Does It | Typical Duration |
|---|---|---|
| 1, Legal intake & classification | Legal intake team / Compliance officer | 0–3 business days |
| 2, Technical takedown & preserve evidence | Platform ops / SRE / Trust & Safety | Immediate (hours), preserve logs within 24 hours |
| 3, Notice to uploader / moderation appeal | Trust & Safety + Communications | 1–14 days (notify within 48 hours of takedown) |
| 4, Vendor / supplier notification & contract action | Commercial / Vendor Management + Legal | 3–30 days depending on contract terms |
| 5, Internal audit, reporting, policy update | Legal + Compliance + Product | 7–60 days (complete 60‑day compliance cycle) |
| 6, External reporting to authorities / STF follow‑ups | GC / Local counsel | As required (documented within 60 days) |
Within hours of receiving the STF order, the compliance officer should log the decision in a centralised incident‑management system. The entry must record the docket number, date of the order, the specific categories of content addressed and the operative clauses that prescribe action. A legal triage should classify each category of content against the platform’s existing moderation taxonomy. Where the platform already removes certain content types (e. g. , child sexual abuse material under voluntary hash‑sharing programmes), the triage should note the gap between existing practice and the new obligation. Assign a named project lead and establish a cross‑functional working group comprising Legal, Trust & Safety, Engineering, Commercial, and Communications.
Within the first three business days, the working group should produce a gap‑analysis memorandum identifying exactly which new capabilities, policies and contract amendments are required.
Once content falling within the order’s categories is identified, removal must proceed immediately. “Immediately” in this context means within hours, not days. Platforms should configure their content‑moderation queue to flag items matching the STF order’s categories for priority review. For content that is unambiguously illegal, hate speech, CSAM, incitement, removal should be automated where possible, with human review for edge cases.
Before any content is deleted from production systems, the platform must preserve a full forensic record. This includes:
All preservation exports should be completed within 24 hours of the takedown decision. Engineering teams should write evidence to append‑only storage (e.g., a write‑once cloud bucket) to maintain chain‑of‑custody integrity.
After removal, the notice and takedown process in Brazil requires the platform to notify the user who uploaded the content. The notification should be sent within 48 hours of the takedown and must include: the reason for removal (citing the STF order and the applicable legal provision), the specific content removed (by URL or reference), the user’s right to appeal, and the timeframe within which the appeal must be submitted.
Platforms should use a single canonical notice template across all channels, email, in‑app notification, account dashboard, to ensure consistency and reduce the risk of conflicting communications. The appeal window should be clearly stated; early indications suggest that a 10‑to‑15‑day appeal period is consistent with due‑process expectations under Article 5 of the Brazilian Federal Constitution. Any appeal received must be logged, reviewed by a moderation team member who was not involved in the initial decision, and resolved within the published timeframe. If the appeal is upheld, the content is restored and the decision documented. If the appeal is denied, the user should be informed of any remaining judicial remedies.
The STF order has direct implications for commercial contract clauses relating to takedown obligations and intermediary liability. Within seven calendar days, commercial teams should review all active agreements with suppliers, advertising partners, content distributors and hosting sub‑processors to identify:
Where existing contracts do not address the obligations created by the STF order, commercial teams should prepare emergency amendment letters and seek counter‑signatures within 30 days. For new agreements, standard commercial contract clauses for takedown obligations should be built into the template library going forward. Vendor management should track responses and escalate non‑responsive suppliers to legal for risk assessment.
Between day 14 and day 60, the working group should complete a full internal audit confirming that every obligation under the order has been addressed. This includes verifying that the platform’s Terms of Service have been updated to reflect the new content categories, that internal standard operating procedures (SOPs) have been revised and communicated to all relevant staff, and that training sessions have been conducted for moderation, legal, and customer‑support teams.
The compliance team should prepare a transparency report entry, published on the platform’s website, summarising the aggregate number of content‑removal actions taken during the 60‑day period, the categories of content removed, the number of user appeals received, and the outcomes of those appeals. This public report serves as evidence of good‑faith compliance and aligns with broader transparency expectations emerging in Brazilian digital regulation.
Some situations call for immediate external counsel rather than internal resolution. These include: content that falls in a grey area between protected speech and the order’s defined categories; reposts where the similarity to previously adjudicated content is disputed; orders from lower courts that appear to conflict with the STF decision; and any enforcement action or fine notification. In these scenarios, local Brazilian counsel should be engaged to file a petição (petition) for clarification directly with the STF or the relevant lower court. Documenting the decision to seek clarification, including the legal reasoning and the timeline of the request, protects the platform against allegations of wilful non‑compliance.
Proving compliance with the STF order requires a robust documentary record. The table below lists every document that platforms should create, preserve and be prepared to produce in an enforcement proceeding or judicial review. Each entry specifies who is responsible for generating the document and any format or validity considerations.
| Document | Notes (Who Issues It, Format, Validity) |
|---|---|
| Copy of STF order or binding decision | Downloaded from the STF portal; store original PDF with docket number and date. |
| Internal takedown ticket / incident report | Generated by Trust & Safety; must include timestamps, URLs, screenshots and content hashes. |
| Technical preservation log | Produced by SRE / Engineering; includes server logs, object‑store IDs, database exports, content hashes and geo‑restriction records. |
| Notice to uploader / record of communication | Outbound email or in‑app notice with timestamp, content of the notice and delivery confirmation. |
| Vendor / supplier notification & relevant contracts | Contract clause excerpts, amendment letters, indemnity acknowledgements and SLA responses. |
| Moderation review notes & escalation memos | Reviewer reports with reviewer ID, reasons for removal or retention, and escalation chain. |
| Transparency / public report entry | Published on the platform’s website; references aggregate removal data by category. |
| Chain‑of‑custody evidence affidavit | Prepared by counsel; attests to preservation steps, storage method and access controls. Digital signature recommended. |
| Data retention & access logs | ANPD‑compliant records of who accessed preserved data, for what purpose, and under which retention schedule. |
| Appeal & rebuttal records | User appeal submissions, internal review decisions, timestamps and written rationale for each outcome. |
Platforms should store all of the above for a minimum period consistent with ANPD guidance and any applicable statute of limitations for civil or administrative proceedings. Where documents contain personal data, access must be restricted on a need‑to‑know basis, with audit trails recording every instance of access.
The STF 60‑day deadline runs from the date of the order. The table below translates that single outer deadline into the operational milestones that platforms must hit along the way. Each action is expressed as a countdown from the order date so that project managers can map them directly to their compliance calendars.
| Action | Deadline (From STF Order Date) | Practical Note |
|---|---|---|
| Immediate takedown (technical removal or geo‑restriction) | Hours to 24 hours | Remove or geo‑restrict identified content; begin evidence preservation simultaneously. |
| Preserve logs & forensics | Within 24 hours | Export logs to immutable storage; compute and record content hashes. |
| Notice to uploader | Within 48 hours of takedown | Include reason, legal basis, appeals route and appeal deadline. |
| Vendor / supplier notification | Within 7 calendar days | Trigger indemnity provisions or service‑credit requests as applicable. |
| Internal policy roll‑out & staff training | Within 30 calendar days | Update Terms of Service, internal SOPs and moderation guidelines. |
| Full compliance audit & public transparency update | Within 60 days | Publish aggregate summary of measures taken; close the compliance project formally. |
If the order date is confirmed as 11 June 2026, the 60‑day outer deadline falls on approximately 10 August 2026. However, because the court may count the period differently (calendar days versus business days, or from the date of publication in the Diário Oficial), platforms should confirm the exact calculation with local counsel and build a buffer of at least five business days before the absolute deadline.
Compliance costs vary significantly depending on the platform’s size, existing moderation infrastructure and the volume of content at issue. The table below provides budget‑planning ranges that commercial and finance teams can use as a starting point. These figures should be validated against actual vendor quotes and internal cost‑allocation models.
| Item | Estimated Amount | Notes |
|---|---|---|
| Emergency legal review (per incident) | USD 1,500–5,000+ | Depends on counsel rates and complexity; include Brazilian local counsel fees. |
| Technical takedown & SRE overtime | USD 2,000–10,000 (initial) | One‑off engineering and ops cost to implement geo‑blocks, hash‑matching and log preservation. |
| Forensic preservation & expert affidavit | USD 1,000–8,000 | External digital‑forensics specialists may be needed for evidentiary chain certification. |
| Vendor contract renegotiation / indemnity insurance | Varies | Consider purchasing or amending cyber‑liability or D&O insurance; factor in commercial negotiation costs. |
| Transparency reporting / compliance officer time | Internal cost allocation | Include salary pro‑rata, project‑management tools and any external audit fees. |
From a tax perspective, most of these costs qualify as deductible operating expenses under Brazilian corporate‑income‑tax rules (IRPJ/CSLL), but platforms should confirm treatment with their tax advisors, particularly for cross‑border payments to foreign counsel or forensics providers, which may attract withholding tax (IRRF) and IOF on foreign‑exchange transactions.
Before the June 2026 order, Article 19 of the Marco Civil da Internet required a specific, individualised court order before a platform could be held liable for failing to remove third‑party content. That framework placed the burden on claimants to obtain judicial relief case by case, and platforms had limited affirmative obligations beyond complying with orders once received.
The STF’s 2026 decision introduces three material shifts:
These changes do not repeal Article 19 but layer additional obligations on top of it. The statutory text remains in force, and the Marco Civil’s other provisions, including data‑retention requirements under Article 15 and user‑privacy protections, continue to apply alongside the new ruling. Platforms should treat the order as a binding judicial interpretation of existing law, not a replacement of it.
The 2026 STF content‑removal order marks a turning point for platform compliance in Brazil. What was once a reactive, case‑by‑case takedown regime is now an affirmative, time‑bound obligation with real enforcement consequences. For commercial teams and in‑house counsel, knowing how to comply with the Brazil STF content‑removal order 2026 is not optional, it is an operational imperative with a hard deadline.
The six‑step procedure outlined above, legal intake, technical takedown, user notice, vendor contract action, internal audit and counsel engagement, provides a structured path through the 60‑day window. Pair it with the documents checklist, the timeline table and the costs framework in this guide, and your organisation will have a defensible compliance record should regulators or courts come asking.
For organisations that need specialist guidance on the content takedown process in Brazil, connecting with experienced local counsel is the single most important step. Visit our Brazil lawyer directory to identify qualified commercial and regulatory practitioners who can advise on your specific compliance programme.
This article was produced by Global Law Experts. For specialist advice on this topic, contact Gabriel Siqueira Eliazar de Carvalho at Carvalho & Furtado Advogados, a member of the Global Law Experts network.
Member
No results available
posted 8 minutes ago
posted 3 hours ago
posted 4 hours ago
No results available
Find the right Legal Expert for your business
Sign up for the latest advisor briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisors, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.