Regulatory Investigations Into X’s Grok Over Non-Consensual Sexual Image Generation
Ireland’s Data Protection Commission (DPC) opened a formal GDPR investigation into X’s use of the Grok AI tool after reports that users could prompt @Grok to generate non-consensual sexualized images of real people, including children. The DPC said it will examine whether X’s EU subsidiary (X Internet Unlimited Company) met core GDPR obligations, including lawful processing, data protection by design, and whether appropriate data protection impact assessments were conducted.
The Irish inquiry adds to a widening set of actions focused on Grok-related harms and platform safety governance. UK authorities have also moved to tighten expectations for AI chatbot providers following Grok-linked sharing of non-consensual intimate images, with the UK government signaling faster rule updates and enforcement for child-safety duties; separately, the UK ICO has opened its own investigation, and the European Commission has initiated proceedings under the Digital Services Act to assess whether X adequately evaluated risks before deploying Grok. Additional reported scrutiny includes investigations by California’s Attorney General and UK regulator Ofcom, and a separate criminal probe in France involving a raid of X’s Paris offices.
Timeline
Apr 20, 2026
French prosecutors confirm Musk skipped police questioning in X probe
French prosecutors said Elon Musk did not appear for voluntary police questioning in Paris as part of the criminal investigation into X over alleged illegal sexualized AI-generated images. Authorities said his absence would not halt the case and that invitations had also been extended to CEO Linda Yaccarino and other employees to explain compliance measures.
Feb 17, 2026
European Commission examines X under the Digital Services Act
The European Commission separately began examining whether X violated the EU Digital Services Act by failing to assess and mitigate risks tied to deploying Grok in the EU. This added DSA scrutiny to the GDPR-focused Irish investigation.
Feb 17, 2026
Ireland's DPC opens formal GDPR probe into X over Grok images
Ireland's Data Protection Commission opened a formal investigation into X over allegations that Grok could generate and publish non-consensual sexualized images of real people, including children. The probe will examine lawful processing, privacy by design, and whether X carried out an adequate data protection impact assessment.
Feb 16, 2026
UK intervention prompts removal of a Grok function
Following a recent intervention over non-consensual intimate images shared via Grok, a related function was removed from the service. The action was cited by the UK government as part of its push for stricter AI chatbot safety enforcement.
Feb 16, 2026
UK moves to tighten AI chatbot child-safety enforcement
The UK government announced immediate action to force AI chatbot providers to comply with existing online child-safety duties, warning of legal consequences for non-compliance. Prime Minister Keir Starmer also said the government would seek new legal powers to update online safety rules more quickly.
Feb 3, 2026
French authorities raid X's Paris offices
French authorities searched X's Paris offices as part of an investigation into compliance with European digital safety law and the handling of illegal content linked to Grok-generated sexualized imagery. The raid was reported as occurring on 2026-02-03.
Jan 15, 2026
Apple warns xAI Grok could be removed from App Store
In January 2026, Apple privately told xAI that Grok could be pulled from the App Store unless it stopped generating nude and sexualized deepfakes, finding X and Grok in violation of App Store rules. Apple required a content moderation plan, rejected an initial remediation as insufficient, and later approved a revised submission after further changes.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
5 more from sources like dataprotection.ie, bank info security, bleeping computer, register security and help net security
Related Stories
EU Digital Services Act Investigation Into X’s Grok Over Sexualized Deepfakes
The **European Commission** opened formal proceedings against **X** under the **Digital Services Act (DSA)** to examine risks linked to the rollout of its AI tool **Grok** in the EU, focusing on whether the platform adequately assessed and mitigated systemic risks tied to the spread of **illegal content**. Regulators cited the apparent materialization of harms including **manipulated sexually explicit images** and content that may amount to **child sexual abuse material (CSAM)**, and will assess whether X met DSA obligations around risk identification, mitigation measures, and reporting—potentially including whether an **ad hoc risk assessment** was completed and submitted before Grok-related features were deployed. The Commission is also expanding its earlier DSA investigation into X’s **recommender systems**, including risks associated with a shift toward a **Grok-based recommender model**, and is coordinating with Ireland’s media regulator **Coimisiún na Meán** (as Ireland is X’s EU establishment). Reporting also notes parallel international scrutiny and responses: the UK regulator **Ofcom** has opened a probe into Grok, **Malaysia and Indonesia** have banned the chatbot, and xAI/X have claimed to implement technical measures and restrict some Grok functionality (including limiting certain image generation and restricting access to paying subscribers) amid concerns that mitigations have been insufficient to prevent sexualized deepfakes and related harms.
1 months ago
EU Opens Digital Services Act Investigation Into X’s Grok Over Sexually Explicit Deepfakes
The **European Commission** opened a formal investigation into **X** under the **Digital Services Act (DSA)** over concerns that its GenAI chatbot **Grok** enabled the creation and dissemination of *manipulated sexually explicit images*, including content that may amount to **child sexual abuse material (CSAM)**. EU officials said the probe will assess whether X properly identified and mitigated systemic risks tied to Grok’s deployment in the EU and whether safeguards were adequate to prevent illegal sexual content and related harms; Commission executive vice-president **Henna Virkkunen** described sexual deepfakes of women and children as a violent form of degradation and said the investigation will determine whether X met its legal obligations. Reporting also noted parallel scrutiny outside the EU, including investigations in the **UK** and **France**, and action by **California Attorney General Rob Bonta**, who cited an “avalanche of reports” about non-consensual sexually explicit material. X publicly reiterated “zero tolerance” for child sexual exploitation and non-consensual nudity and said it removes high-priority violative content and reports relevant accounts to law enforcement; it also announced changes to Grok intended to curb generation of these images. Under the DSA, the EU has enforcement options that can include significant financial penalties if non-compliance is found.
1 months ago
French prosecutors raid X’s Paris offices over Grok deepfakes, CSAM allegations, and algorithm manipulation probe
French prosecutors raided **X’s Paris offices** as part of a criminal investigation led by the Paris prosecutor’s cybercrime unit with support from France’s National Gendarmerie and **Europol**. Authorities said the probe—opened in **January 2025** after complaints from French officials—covers allegations including **fraudulent/automated data extraction**, **tampering with automated data processing systems**, and potential **organized manipulation of X’s recommendation algorithms**, including concerns about possible influence by foreign actors. Prosecutors also summoned **Elon Musk** and X executive **Linda Yaccarino** for **voluntary interviews** in Paris in April, and called additional employees as witnesses; no charges or arrests were reported at the time of the search. The investigation expanded to include X’s AI chatbot **Grok**, following complaints that it facilitated or generated illegal content, including **sexually explicit deepfakes** (including alleged depictions of minors), **Holocaust denial** content, and alleged complicity in the **possession/distribution of child sexual abuse material (CSAM)**, alongside allegations of operating an illicit online platform. UK regulators also opened parallel scrutiny: the **ICO** launched a formal investigation into X and Grok over potential generation of nonconsensual sexualized images (including of children), and **Ofcom** had previously announced its own inquiry into related concerns. Separately, European policy pressure on youth social media access continued, with the Netherlands considering a higher minimum age and stricter platform oversight, but that debate is distinct from the French criminal case.
1 months ago