The policy prohibits using ElevenLabs tools to replicate the voice of a real, identifiable person without that person's consent, and prohibits generating audio that places false statements in a real person's voice.
This analysis describes what ElevenLabs's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes a consent requirement for voice cloning that interacts directly with biometric privacy statutes in multiple US states and with GDPR consent and data processing obligations in the EU; enterprise users building products on top of the ElevenLabs API must assess whether their own consent collection mechanisms satisfy both ElevenLabs' policy requirements and applicable law.
Interpretive note: The policy does not specify the form or documentation standard required for valid consent, creating ambiguity for enterprise users seeking to operationalize this requirement across jurisdictions with differing statutory consent standards.
The provision was streamlined to remove distinction between public and private figures, simplified language from 'explicit prior consent' to 'consent', and added explicit prohibition on false attribution statements.
View full change record →Under this provision, users may not generate voice content of identifiable individuals without documented consent, and users who do so may be subject to account termination; individual creators and developers integrating the API are responsible for obtaining and retaining consent documentation in accordance with applicable legal standards in their jurisdiction.
How other platforms handle this
You may not automatedly crawl or query the Services for any purpose or by any means (including, without limitation, screen and database scraping, spiders, robots, crawlers and any other automated activity with the purpose of obtaining information from the Services) unless you have received prior exp...
relate to transactions involving (f) the promotion of hate, violence, racial or other forms of intolerance that is discriminatory or the financial exploitation of a crime... (i) involve offering or receiving payments for the purpose of bribery or corruption.
You must not, and must not allow others to: Facilitate illegal or harmful activity through the End User Services; Cause harm to us or others through the End User Services;
Monitoring
ElevenLabs has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"You may not use ElevenLabs to clone the voice of an identifiable individual without their consent, or to generate content that falsely represents a real person as saying something they did not say.— Excerpt from ElevenLabs's ElevenLabs Usage Policy
(1) REGULATORY LANDSCAPE: This provision engages Illinois BIPA, Texas CUBI, and Washington's My Health My Data Act where voice prints may constitute biometric identifiers requiring informed written consent prior to collection and use. GDPR Article 9 may apply in EU contexts if voice data is treated as biometric data uniquely identifying a natural person. The FTC Act's prohibition on deceptive practices is implicated where non-consensual voice cloning facilitates fraud or impersonation. Enforcement authority includes state attorneys general under BIPA and analogous statutes, EU supervisory authorities under GDPR, and the FTC under Section 5. (2) GOVERNANCE EXPOSURE: High. The provision creates a consent requirement but does not specify the form, documentation standard, or verification mechanism required to satisfy it, leaving enterprise API customers to define their own consent processes, which may or may not align with applicable statutory requirements in their users' jurisdictions. (3) JURISDICTION FLAGS: Illinois presents heightened exposure under BIPA's private right of action, which has generated substantial litigation. EU/EEA jurisdictions present exposure under GDPR if voice biometric data processing lacks a valid legal basis. California's AB 602 and AB 2602 address digital replicas and synthetic voice consent in specific commercial contexts. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise API customers should assess whether their vendor agreements with ElevenLabs adequately address data processing roles, consent verification obligations, and liability allocation for downstream non-consensual use. The policy places compliance responsibility on the user, which may conflict with enterprise customers' own terms of service or indemnification structures. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should implement consent collection and documentation workflows prior to any voice cloning activity, audit existing voice assets for consent provenance, and assess whether current privacy notices adequately disclose voice biometric data processing to data subjects in applicable jurisdictions.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes a consent requirement for voice cloning that interacts directly with biometric privacy statutes in multiple US states and with GDPR consent and data processing obligations in the EU; enterprise users building products on top of the ElevenLabs API must assess whether their own consent collection mechanisms satisfy both ElevenLabs' policy requirements and applicable law.
Under this provision, users may not generate voice content of identifiable individuals without documented consent, and users who do so may be subject to account termination; individual creators and developers integrating the API are responsible for obtaining and retaining consent documentation in accordance with applicable legal standards in their jurisdiction.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by ElevenLabs.