At the European Parliament, an actress and a lawmaker posed a disarmingly simple question: who decides if AI can use your face, your voice, your name? The answer, according to Cate Blanchett and MEP Eva Maydell, should be: you.

The vehicle is the Human Consent Registry, a free tool launched by RSL Media that anyone can use to set terms for how AI systems handle their identity. It’s not a law or an enforcement platform, but a powerful signal: in an era where cloning a voice or creating a deepfake costs pennies, awareness of the stakes is growing far beyond tech circles. The tool treats name, face, and voice as a form of intellectual property you can license or withhold entirely.

Beyond deepfakes: owning your likeness

The initiative arrives as generative technologies blur the line between real and synthetic. A face can be inserted into a promotional video without permission; a voice can read a script its owner never saw. Even under GDPR, the legal framework for consent around commercial or creative use of likeness remains fragmented. Blanchett and Maydell’s registry shifts the burden: individuals declare upfront what they allow, putting responsibility squarely on AI developers and deployers.

For organizations running on-premise inference systems, this is more than a philosophical debate. When a pipeline processes images, audio or text that may contain biometric data, consent management becomes an operational requirement. Without verification mechanisms, every batch of data could include material lacking explicit authorization.

The data sovereignty nexus

The Brussels launch underscores growing tension between innovation and individual rights. The EU AI Act classifies certain uses as high-risk, and biometric data processing is among the most sensitive. The registry aligns with a broader movement demanding tools that return control to citizens—a principle that resonates deeply for AI-RADAR readers evaluating self-hosted, local stacks. Enterprises using private models to analyze user-generated content must be able to trace consent, or face escalating regulatory and reputational risk.

Implications for on-prem deployments

For teams weighing private infrastructure, consent becomes an architectural layer. A capable model is no longer enough: you need systems that embed authorization registries, filters to exclude non-consented content, and solid audit trails. This is where on-premise shines—complete data control allows implementing consent policies at the application level without relying on third parties that may not match your compliance posture. But it also brings development overhead that cloud solutions often hide behind prepackaged APIs. The trade-off, as ever, is between flexibility and direct accountability.

Blanchett’s registry doesn’t fix these technical challenges, but it makes them visible. In a field obsessed with scalability and throughput, remembering that technology operates on real people—with faces and voices—may be the most necessary cultural shift of all.