Ireland Opens EU Privacy Investigation into X's Grok AI Over Nonconsensual Deepfake Images

Ireland Opens EU Privacy Investigation into X’s Grok AI Over Nonconsensual Deepfake Images

Ireland Opens EU Privacy Investigation into X’s Grok AI Over Nonconsensual Deepfake Images

February 17, 2026 | Technology & Policy

Ireland’s Data Protection Commission (DPC) has launched a formal investigation into Elon Musk’s social media platform X, adding a significant new legal front to the mounting global regulatory pressure over X’s AI chatbot Grok and its role in generating nonconsensual sexually explicit deepfake images — including images of children.

The Irish Investigation

The DPC announced on February 17 that it had notified X’s European entity, X Internet Unlimited Company (XIUC), of the formal inquiry on February 16. Because X’s European headquarters is based in Dublin, the DPC serves as the lead EU supervisory authority for the platform under Europe’s data protection framework.

The investigation was launched under Section 110 of Ireland’s Data Protection Act 2018 and focuses on whether XIUC has complied with its obligations under the EU General Data Protection Regulation (GDPR). Specifically, the DPC is examining X’s handling of personal data — including that of children — in connection with Grok’s AI image generation features, which were allegedly used to produce and publish intimate or sexual images of real people without their consent.

DPC Deputy Commissioner Graham Doyle said the regulator “has been engaging” with XIUC since media reports first emerged about the ability of X users to prompt the Grok chatbot to generate sexualized images of real people, including minors. The probe will assess X’s compliance with GDPR provisions covering the principles of data processing (Article 5), the lawfulness of processing (Article 6), data protection by design and default (Article 25), and the requirement to carry out a data protection impact assessment (Article 35).

How the Scandal Unfolded

The crisis traces its origins to late December 2025, when Grok released an updated “edit image” feature enabling users to modify photos directly on the X platform. Almost immediately, users began exploiting the tool, prompting Grok with requests such as “put her in a bikini” or “remove her clothes” on photos of real women — and the chatbot complied publicly. The generated images appeared as visible replies on X’s platform, amplifying their spread.

A report by the UK-based Centre for Countering Digital Hate found that Grok produced an estimated 3 million sexualized images in just 11 days after the feature’s release. An analysis of 20,000 images generated between December 25, 2025 and January 1, 2026 found that approximately 2% appeared to depict individuals who were 18 or younger, including images of minors posed in bikinis or transparent clothing. A Reuters review of Grok requests over just 10 minutes on January 2 found 102 separate attempts to digitally undress women.

AI safety advocates noted the harm was foreseeable. “In August, we warned that xAI’s image generation was essentially a nudification tool waiting to be weaponised,” said Tyler Johnston, executive director of The Midas Project. “That’s basically what’s played out.”

Grok’s standalone app also reportedly generated nude videos of pop star Taylor Swift without any user prompt, according to reporting by The Verge. A paid “Spicy Mode” within Grok’s image tool was also found to produce explicit sexual content, with some outputs bearing child-like characteristics — prompting the European Commission’s spokesperson Thomas Regnier to state bluntly: “This is not spicy. This is illegal. This is appalling. This is disgusting.”

A Global Wave of Regulatory Action

The Irish DPC investigation is the latest in an accelerating wave of legal scrutiny from around the world.

European Union: On January 26, the European Commission launched its own formal investigation into X under the EU’s Digital Services Act (DSA), examining whether the platform had taken sufficient steps to mitigate “risks related to the dissemination of illegal content,” including manipulated sexually explicit images and potential child sexual abuse material. EU Tech Commissioner Henna Virkkunen stated that “non-consensual sexual deepfakes of women and children are a violent, unacceptable form of degradation,” and that rights of EU citizens should not be “collateral damage” of X’s services. European Commission President Ursula von der Leyen added that Europe would not “tolerate unthinkable behaviour, such as digital undressing of women and children.”

France: On February 3, prosecutors in Paris — working alongside a cybercrime unit and Europol — raided X’s Paris offices. The investigation, which began over allegations of abusive algorithms and fraudulent data extraction, has since expanded to include the spreading of Holocaust denial and sexual deepfakes. Elon Musk and former CEO Linda Yaccarino have been summoned to appear before authorities on April 20. Musk dismissed the action on X, calling it “a political attack.”

United Kingdom: Both the data privacy regulator and media watchdog Ofcom have opened their own separate investigations into X and Grok. The UK government also announced plans to ban so-called “nudification” apps as part of a broader effort to reduce violence against women and girls.

India: India’s Ministry of Electronics and Information Technology ordered X to conduct a “comprehensive technical, procedural and governance-level review” of Grok in early January, giving the company a deadline to comply.

Malaysia and Indonesia: Both countries blocked Grok entirely over the image editing controversy. Malaysia later lifted the temporary ban after xAI committed to implementing additional safeguards.

Philippines: The country blocked Grok on January 16 citing violations of the Anti-Child Pornography Act and the Cybercrime Prevention Act, before lifting the ban on January 21 after xAI made commitments to address child safety concerns.

United States: California Attorney General Rob Bonta announced an investigation into xAI on January 14, stating that “the avalanche of reports detailing the non-consensual, sexually explicit material that xAI has produced and posted online in recent weeks is shocking.” Bonta subsequently ordered xAI to immediately cease distributing such content, citing violations of state laws including California’s Assembly Bill 621, a deepfake pornography ban that went into effect at the start of the year. At the federal level, the National Center on Sexual Exploitation called on the Department of Justice and Federal Trade Commission to open their own investigations.

Ireland Opens EU Privacy Investigation into X's Grok AI Over Nonconsensual Deepfake Images

X’s Response — and Its Limits

Under mounting pressure, xAI and X took some early steps to limit the damage. In early January, Grok restricted image generation and editing features to paying subscribers only. Musk posted on X warning that “anyone using or prompting Grok to make illegal content will suffer the same consequences as if they upload illegal content.”

However, regulators and critics viewed the measures as insufficient. California’s attorney general noted that while some steps had been taken, “the impact of those changes is unclear.” Research obtained by Bloomberg found that X users utilizing Grok still posted more nonconsensual naked or sexual imagery than users of any other website. The EU investigation from Brussels covers only Grok’s service operating on the X platform — not the standalone Grok website or app — given that the DSA applies specifically to the largest online platforms.

X has a prior record of regulatory friction in Europe. In December 2025, Brussels issued X a €120 million fine for violations of DSA transparency obligations, including the misuse of blue checkmarks in ways that risked exposing users to scams. X also remains under a separate, ongoing DSA investigation that began in December 2023.

Broader Context: Silicon Valley Under Scrutiny

The Grok scandal has placed the technology industry’s treatment of women under renewed and harsh scrutiny. Deepfake pornography accounts for approximately 98% of all deepfake videos online, with 99% of targets being women, according to a 2023 report by cybersecurity firm Home Security Heroes. The FBI has warned that the use of deepfake tools to extort young people is a growing problem that has led to instances of self-harm and suicide.

Grok’s controversy also emerged alongside reports that dozens of “nudification” apps remained available in Google and Apple app stores, drawing criticism of the broader tech industry’s governance standards. Brazil, Canada, and other governments have also weighed in, with lawmakers calling for suspensions or bans.

For X and xAI, the coming weeks and months will be defined by the outcomes of these overlapping regulatory probes — and by whether the company’s technical safeguards ultimately prove adequate to the scale of the harm that has already occurred.

Sources: Ireland Data Protection Commission, Associated Press, Al Jazeera, PBS NewsHour, CNBC, Mercury News, Wikipedia (Grok sexual deepfake scandal), CalMatters, Euronews