Compliance

Native ad compliance — what actually gets you banned

A practitioner's read on the words, images, claims, and account-warm-up patterns that actually trip Outbrain, Taboola, and the other major native networks' compliance teams in 2026 — sourced from the platforms' own AUPs, the FTC's native advertising guidance, and the NAD's enforcement decisions.

By Eyal RosenthalMay 6, 202616 min readAI-assisted research

The single biggest cost in affiliate marketing that nobody puts on the P&L is account loss. A new Outbrain account takes weeks to build trust, hundreds of dollars to warm up, and exactly one bad creative to lose. Same on Taboola. The compliance literature you find on operator forums is mostly mythology — "don't say 'lose weight,' don't show before-and-after, don't mention specific dollar amounts" — passed around as a folk lore that's roughly directionally correct but rarely sourced. This piece goes through the actual policies, the actual FTC enforcement context, and the actual patterns that trigger manual review, with citations.

What a compliance team is actually optimizing for

Compliance at a major native network has three concurrent goals:

Avoid regulatory liability. The FTC has been increasingly active on native ads since the 2015 enforcement policy on native advertising and the 2022 update on AI-related claims. The big risk to the network is being held jointly liable for misleading content under Section 5 of the FTC Act.

Protect the publishers. Outbrain and Taboola serve their widgets on premium publishers (CNN, BBC, Bloomberg-tier). Those publishers have their own brand-safety teams. A creative that gets coverage on a Bloomberg page and embarrasses Bloomberg gets the network a phone call, and the publisher relationship is more valuable than any single advertiser.

Minimize spam-y user experience. The platform's own retention metric is publisher-page-CTR-on-the-widget. A widget full of obvious scams stops getting clicks, which kills the publisher relationship, which kills the supply.

Everything else — the specific language, the image policies, the warm-up cadence — flows from these three. If you internalize this hierarchy, you can predict what will and won't pass review without memorizing every line of the AUP.

The primary source documents

Read these. They are short, and they are the actual rules:

What is hard-banned, with sources

The list of things that will get a creative rejected immediately and an account flagged is shorter than people think.

Explicit before-and-after weight-loss imagery. Outbrain's policy on health and wellness explicitly prohibits this. Taboola's advertising policies prohibit "before/after photos in the context of weight loss or other health/wellness claims." This is a specific rule, not a general one. Before-and-after photos in non-health contexts (home renovation, hair, beauty styling) are typically allowed.

Body-shaming or appearance-shaming language. "Are you ashamed of your body" hooks. Both networks reject these.

Specific income claims without substantiation. "Make $500/day from home." The FTC's case decisions on income claims and the Business Opportunity Rule make this category high-risk for advertiser and platform alike.

False urgency / fake countdowns. "Only 4 spots left." If the spots aren't real, this is straightforward deception under FTC native-ad guidance. Outbrain's AUP and Taboola's policies both list this as prohibited. The NAD's decisions on countdown timers (search "countdown" or "scarcity") show consistent enforcement against fake-urgency tactics.

Disease-treatment claims for non-FDA-approved supplements. "Cures diabetes." "Reverses Alzheimer's." This is illegal at the FDA level, and platform-banned. The FDA's warning letter database catalogs hundreds of cases against advertisers making disease-treatment claims for unapproved products. The platforms' compliance teams subscribe to these.

Cryptocurrency "guaranteed return" claims. "Earn 30% a month from this new coin." See: every SEC enforcement action since 2017. The SEC's cryptocurrency enforcement page catalogs these.

Use of celebrity likeness without permission. This is platform-banned and tort-banned (right of publicity). The FTC's recent enforcement against AI-generated celebrity endorsements (the BetterHelp class) makes this an active enforcement area.

Fake news-site formatting. Creatives that deliberately mimic CNN, Bloomberg, or other outlet branding to imply editorial endorsement. Both Outbrain and Taboola explicitly prohibit this in their AUPs. The FTC's Lord & Taylor case (2016) is the classic regulatory precedent.

That's the hard-ban list. Everything else is a spectrum of risk, judgment, and enforcement variability.

What is on the spectrum

The middle category is where most operators get into trouble. These are tactics that aren't explicitly banned but that trigger manual review when they appear:

The "doctor discovers" template. Implies medical authority. Whether it gets approved depends on the lander, the disclaimers, and the specificity of the claim. A creative saying "Doctor in Tampa shares 5 tips for blood-sugar support" is very different from "Doctor cures diabetes." The first usually clears review, the second doesn't.

Specific dollar amounts in the headline. "How a 67-year-old retiree pulls in $4,200/month." Specific numbers attract scrutiny, especially in finance and income-related verticals. The platforms' compliance teams are trained on FTC income-claim cases. A specific number without substantiation in the lander is a near-certain rejection.

Demographic targeting language in the creative. "If you were born before 1970..." "Texas residents are eligible for..." This is allowed but increasingly scrutinized. The Department of Housing and Urban Development's enforcement against discriminatory targeting has spilled into general native-ad compliance over the past five years.

Implied-celebrity headlines. "What [vague description that sounds like a celebrity] said about [product]." If the description threads the needle of being recognizable without being specific, sometimes approved, sometimes not.

Politicized topic alignment. Creatives that imply political alignment to drive curiosity ("What this Republican congressman said about Social Security..."). Outbrain has historically been stricter than Taboola on political-adjacent creative; both have tightened in election years.

AI-generated faces. The platforms are increasingly detecting these. The FTC's AI guidance explicitly addresses this. Faces that look real but aren't tied to a real person are tolerated only if they're clearly stylized; photo-realistic AI-generated humans posing as real people are increasingly being rejected.

Account warm-up: what actually works

The folk lore on warm-up is that you should spend "$50/day for two weeks before scaling." The actual mechanics are more nuanced. Both Outbrain and Taboola have new-advertiser trust scores that compound over the first 30-90 days. Their public docs don't fully describe these scores — they're internal — but the patterns operators have reverse-engineered include:

Spend pacing. Steady daily spend (no big jumps) builds trust faster than spiky spend. A new account that goes from $50/day to $5,000/day in week 2 will get manually reviewed and probably paused.

Creative compliance rate. Submitting creatives that all clear review on first submission is treated as a positive signal. Submitting a stream of creatives that get rejected (even if you eventually fix them) lowers your trust score. This is one of the few cases where being "creative-conservative" early matters.

Click-quality signal. The networks see your downstream conversion data through their conversion-tracking pixels. Accounts whose tracked conversions look reasonable (real time-on-site, real engagement signals) ramp faster than accounts whose tracked behavior looks like search arbitrage to a search feed. This is partly why pure-arb accounts have gotten harder over the years.

Account profile completeness. Full company information, real contact details, verified payment method. Skeleton profiles get throttled.

No multi-account overlap. Running the same creative or the same lander or even the same offer across multiple accounts on the same network gets flagged. The networks correlate account fingerprints (browser, payment method, IP, lander domain, conversion pixel ID). Operators who try to "circumvent" by running parallel accounts get all of them banned simultaneously.

What does not work, and what operators waste time on:

"Magic" creative templates that supposedly pre-clear review. Nothing reliably pre-clears.
VPN-based geo-spoofing of the account's home country. Detectable.
Submitting creatives in the middle of the night to "skip review." Reviews are queued, not on-shift.
Mass-submitting creative variants hoping one slips through. Increases your rejection rate, lowers your trust score.

Real cases worth reading

The best way to understand what crosses the line is to read the cases. A few that are publicly accessible and instructive:

FTC v. BetterHelp (2023): $7.8M settlement for deceptive native-ad-style content related to mental health services and data sharing. FTC press release.

FTC v. Goli Nutrition (2024): Native and influencer-driven supplement-claim case. The FTC complaint and stipulated order details the specific claim language that was found deceptive — useful as a template of what not to write in supplement creative.

NAD case against several income-claim native advertisers (2022-2025): The NAD's decisions database has decisions on multiple income-claim cases. Search "income" or "earnings" in the decisions database; the ones with summary findings of "modify or discontinue" are operationally instructive.

FTC v. Roomster (2022): Native and review-style advertising with fake reviews. FTC settlement.

FTC v. Lord & Taylor (2016): The classic native-disclosure case. Useful precedent on what disclosure language is required when content is paid. FTC announcement.

What to do if you get a manual review

Manual review on Outbrain or Taboola is not the end. It is a moment where a human compliance reviewer is looking at your creative or your lander or your account and making a judgment call. A few things that help, sourced from operator practice and platform documentation:

Have your lander match your creative claims with documented substantiation visible above the fold. If your headline says "How retirees are saving $300/month on Medicare," your lander should immediately demonstrate the path.
Have an "About" page with real company details, phone number, and physical address. This is one of the cheapest trust signals and most operators skip it.
Have a privacy policy and terms-of-service page on the lander domain. Both platforms' AUPs require this.
Disclose paid-content status if your creative borrows editorial framing. "Sponsored" or "Paid Partnership" labeling. The FTC's .com Disclosures guide is the canonical document on what disclosure is sufficient.
Respond to compliance inquiries in writing within 24-48 hours. Ghosting compliance is the fastest path to permanent ban.

How the platforms enforce — pre-review vs reactive

The two platforms use different mixes of pre-review (creative rejected before launch) and reactive enforcement (creative caught after launch and disabled).

Outbrain leans pre-review for new accounts and managed accounts, reactive for established ones. Their public help docs describe a "first 24-48 hours" review window for most creatives.

Taboola is similar but has historically been faster on initial approval and more aggressive on reactive enforcement. Their advertising policies explicitly reserve the right to disable creatives or accounts at any time.

Both networks use a combination of automated classifiers (text and image), human review queues, and post-launch click-quality monitoring. They both also subscribe to industry feeds — TAG's brand-safety alerts, the IAB's Tech Lab fraud lists, and various private compliance vendors.

A quick taxonomy of disclosure language

Disclosure is one of the operationally trickiest parts of compliance because the requirements are partly soft (what does "clear and conspicuous" mean in pixels?) and partly hard (specific mandatory language under specific federal statutes). A short taxonomy of what disclosure is required when:

Native ad / paid content disclosure. Required by the FTC's 2015 Enforcement Policy Statement. The label must be "as close as possible" to the headline of the native unit and use language that "consumers would understand to mean the content is advertising." Acceptable: "Sponsored," "Paid Partnership," "Promoted by [Advertiser]," "Ad." Not acceptable: "Sponsored Content" (ambiguous), "Suggested for You" (deceptive), "Trending" (deceptive). The networks themselves enforce a default disclosure label on the widget; advertisers usually don't need to add additional labeling on the creative itself, but verifying that the network's label is rendering on every placement is part of the operator's check.

Endorsement disclosure. Required by the FTC Endorsement Guides when an advertorial or testimonial is presented. If the lander includes "real people who used the product," the relationship between the people and the advertiser must be disclosed. "Paid" or "compensated" is the standard.

Income-claim disclosure. Required by the Business Opportunity Rule and FTC Endorsement Guides for any income-related claims. The "typical earnings" disclosure or a representative-experience disclosure is required, and the FTC has been increasingly insistent on the granularity. "Results not typical" is often not sufficient; the affirmative statement of what is typical is increasingly required.

Health-claim disclosure. FDA-regulated for supplement and pharmaceutical claims, which requires "These statements have not been evaluated by the Food and Drug Administration" plus the standard "not intended to diagnose, treat, cure, or prevent any disease" boilerplate.

Affiliate-relationship disclosure. Increasingly expected for affiliate-driven content. The FTC's 2023 Endorsement Guides update made this more explicit. "I receive a commission if you click and purchase" is the standard. For native ads pointing at affiliate offers, the disclosure on the lander needs to be "clear and conspicuous."

Most native-ad compliance reviewers will check for these specifically. Skipping any of them on a regulated-vertical lander is a near-certain rejection.

The ban-recovery playbook

If you do get banned, the playbook depends on the severity:

Single creative rejected. Fix and resubmit. No account-level damage.

Multiple creatives rejected in short succession. Stop submitting, ping your AM, ask for guidance, fix the structural issue, then resume.

Account paused for review. Contact AM. Provide all documentation requested. Wait. Most paused accounts are restored within 1-7 days if the underlying creative or lander issue is fixed.

Account suspended. Significantly harder. Sometimes recoverable through AM escalation; often permanent. Restoration rate I've seen reported is roughly 20-30% for first-time suspensions, much lower for repeat offenders.

Account terminated. Effectively permanent. Network correlates fingerprints across attempts to re-register, and re-registration is grounds for permanent IP-and-entity ban.

The implication: do not run on the edge. The expected value of one extra-aggressive creative is much smaller than the expected value of an account that's compounding trust for two years. Most successful long-term operators run boring creative.

The compliance-team-internal escalation path

A few words on what actually happens inside the network when a borderline creative gets flagged. Based on conversations with people who have worked on these teams, the typical internal path is:

Automated classifier flag. The creative tripped one or more of the network's NLP/CV classifiers — banned-claim detection, before/after image detection, celebrity-likeness detection, etc. The classifier's confidence score determines whether it's auto-rejected (high confidence) or queued for human review (medium confidence).

Tier-1 human review. A reviewer (usually offshore, often in the Philippines or Eastern Europe for the major networks) does the first-pass human review using a checklist driven by the network's policies. Most cases resolve here.

Tier-2 escalation. If the tier-1 reviewer is uncertain, the case escalates to a senior compliance reviewer — typically US- or EU-based, with deeper policy and legal training. These reviewers handle a few dozen cases a day rather than hundreds.

Legal-team review. A small percentage of cases (high-stakes verticals, novel claim patterns, anything potentially involving FTC-relevant deception) escalate to in-house legal. These reviews can take weeks.

Account-level decision. Repeat offenders, pattern violations, or single severe violations result in account-level action — restriction, suspension, or termination. This decision is typically made by a compliance lead in coordination with the account manager.

For an operator, the practical implication is that the speed of resolution depends on which tier your case is at. Tier-1 cases resolve in 24-48 hours. Tier-2 in 3-7 days. Legal-team cases can take 2-6 weeks. Knowing where your case is — your AM can usually tell you — is the difference between staying calm and panicking.

A note on cross-network compliance signals

The big networks (Outbrain, Taboola, Google, Meta) all run their own compliance, but they also subscribe to industry-shared signals. The Trustworthy Accountability Group's bad-actor lists, the IAB's brand-safety frameworks, and various private compliance vendors aggregate and share information about advertisers and lander domains that have been associated with policy violations.

What this means in practice: a compliance violation on Outbrain can have downstream effects on your Taboola account. Not always, not immediately, but the cross-network correlation is real and growing. Operators who get banned on one network and assume their other accounts are unaffected sometimes wake up to find them all under review.

The implication: treat your compliance reputation as cross-network. Don't run a borderline test on RevContent assuming Outbrain won't notice. The networks talk through industry frameworks, even though they don't directly share advertiser data.

A note on state-level enforcement

Federal enforcement is the most-cited compliance frame, but state-level activity is increasingly the operational risk. The California Attorney General's office, the New York Attorney General's office, and several other state AGs have brought consumer-protection actions against affiliate-style native advertisers over the past several years. State-level enforcement is harder to predict because the jurisdictional thresholds are lower (a single complainant in the state can trigger an investigation) and the political winds vary by election cycle.

The practical implication for operators: federal compliance plus a handful of state-specific compliance issues (particularly California and New York for consumer protection, plus state insurance commissioner rules for any insurance-vertical creative) is the relevant compliance surface. A creative that's fully FTC-compliant but runs afoul of state-specific advertising rules can still trigger enforcement.

The National Association of Attorneys General periodically publishes coordinated state-AG action summaries that are worth scanning for trends. The cross-state coordination on certain consumer-protection categories has tightened over the past five years.

Building a personal compliance review checklist

Many operators end up building an internal pre-launch checklist that captures the specific compliance issues their offers and creative have triggered historically. A starter version might include:

Have I substantiated every income claim in the lander with actual data?
Have I included the appropriate FDA boilerplate for any health-related claim?
Have I disclosed affiliate relationships clearly above the fold?
Have I confirmed that the lander URL serves identical content to compliance-reviewer-equivalent and user-equivalent fingerprints?
Have I verified that scarcity timers and "limited" claims are real?
Have I confirmed no AI-generated likenesses of real people?
Have I run the headline through a banned-words filter for the specific networks I'm targeting?
Have I reviewed the FTC's most recent guidance on the vertical (search the FTC's blog for the past 90 days)?

The discipline of running every creative through this checklist before submission is worth more than any sophisticated compliance tooling. Most rejections I've seen could have been caught by a 10-minute checklist review.