Ireland’s Data Protection Commission has opened a formal investigation into X over allegations that Elon Musk’s Grok chatbot generated and spread non-consensual sexualized images, including those depicting children. The probe marks the latest regulatory action in a widening global crackdown on AI-powered “nudification” tools.
The DPC, which serves as the EU’s lead supervisory authority for most major American tech platforms, launched the inquiry into X Internet Unlimited Company which is the EU-registered entity through which X operates across Europe. The investigation will examine whether X complied with core obligations under the EU’s General Data Protection Regulation, or GDPR.
Deputy Commissioner Graham Doyle said the watchdog will assess X’s compliance with fundamental GDPR principles, including lawful basis for processing, privacy-by-design standards, and whether a data protection impact assessment was required before deploying Grok’s image generation features.
The investigation specifically focuses on “the apparent creation, and publication on the X platform, of potentially harmful, non-consensual intimate and/or sexualised images… including children” using Grok’s generative AI tools. X has not yet responded to requests for comment from Decrypt.
What Prompted the Investigation
The Center for Countering Digital Hate reported last month that Grok generated approximately 23,338 sexualized images depicting children over just an 11-day period from December 29 to January 9. Researchers found that roughly one-third of sampled images remained publicly accessible on X despite the platform’s stated zero-tolerance policies.
Following public backlash, X implemented several restrictions on Grok’s capabilities. The company limited image generation and editing features to paid subscribers, added technical barriers to prevent digital manipulation of people into revealing clothing, and geoblocked the feature in jurisdictions where such content is illegal.
Ireland’s investigation arrives as regulators worldwide intensify scrutiny of Grok and its role in generating non-consensual deepfakes. The European Commission opened a formal Digital Services Act probe into X in January, examining whether Grok contributed to the creation and spread of illegal sexualized content.
French authorities raided X’s Paris offices in coordination with Europol, summoning Elon Musk and several executives for questioning over the allegations. The action underscores the severity with which European governments are treating AI-generated abuse material.
In the UK, both Ofcom and the Information Commissioner’s Office launched separate investigations. Ofcom warned it could seek court-backed measures to effectively block X’s service if the company is found non-compliant with online safety standards. Prime Minister Keir Starmer has signaled plans to seek new parliamentary powers to bring AI chatbot providers under online safety law.
Australia’s eSafety Commissioner Julie Inman Grant reported that complaints involving Grok and non-consensual AI-generated sexual images have doubled in recent months. Her office said it would use enforcement powers where necessary to address the issue.
In the United States, California Attorney General Rob Bonta announced a formal investigation into xAI and Grok over the creation and spread of non-consensual sexually explicit AI images of women and children. The action represents one of the first major state-level regulatory moves against the technology.
See also: Elon Musk Backed $10 Billion OpenAI ICO in 2018, Court Documents Reveal
AI-generated sexual abuse material has become a growing concern for child protection advocates. Earlier this month, UNICEF described AI sexual deepfakes as “a profound escalation of the risks children face in the digital environment,” noting that at least 1.2 million children were targeted by such material last year.
The UN agency called on governments to criminalize AI-generated abuse material and require tech companies to implement safety-by-design safeguards. The recommendations align with regulatory approaches now being pursued across multiple jurisdictions.
Ireland’s DPC investigation carries particular weight because its decisions as the lead EU supervisory authority have binding force across the entire European Union. Any findings or enforcement actions are likely to set precedents for how other European regulators approach similar cases.
X and xAI now face coordinated pressure from regulators across Europe, the UK, Australia, and the United States. The company’s response to these investigations will likely influence how other AI developers approach safeguards around similar technologies.
If you’re reading this, you’re already ahead. Stay there, by joining the…
Dipprofit’s private Telegram community
Discover more from Dipprofit
Subscribe to get the latest posts sent to your email.
