Dublin: Ireland’s Data Protection Commission (DPC) on Tuesday announced a formal investigation into X’s AI chatbot Grok over its processing of personal data and its potential to generate harmful sexualised images and videos, including those involving children.
The DPC acts as the lead European Union regulator for X, as the company’s EU operations are headquartered in Ireland. Under the bloc’s General Data Protection Regulation (GDPR), the regulator has the authority to impose fines of up to 4 per cent of a company’s global annual revenue for violations.
In a statement, the DPC said it notified X of its decision to initiate the inquiry on Monday. The investigation will assess whether X has complied with its obligations under the GDPR in relation to the personal data processed by Grok.
The probe follows widespread backlash last month after Grok generated AI-altered, near-nude images of real individuals in response to user prompts, sparking global outrage and regulatory scrutiny. Although X announced measures to curb the chatbot’s ability to produce such content, Reuters reported earlier this month that Grok continued to generate sexualised images when prompted.
Deputy Commissioner Graham Doyle said the DPC had been engaging with X Internet Unlimited Company (XIUC) since media reports first surfaced regarding the alleged ability of users to prompt the @Grok account to create sexualised images of real people, including minors.
“As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry,” Doyle said, adding that the investigation would examine compliance with “fundamental obligations under the GDPR in relation to the matters at hand.”
The move comes amid broader regulatory scrutiny in Europe. The European Commission opened an investigation on January 26 into whether Grok disseminated illegal content, including manipulated sexualised images, within the EU.
Separately, Britain’s privacy watchdog, the Information Commissioner’s Office (ICO), launched its own formal investigation on February 3 into Grok’s handling of personal data and its potential to produce harmful content.
The developments come against a backdrop of criticism from U.S. President Donald Trump and other members of his administration, who have described EU regulation of American tech firms as excessive. X owner Elon Musk has also voiced objections to EU digital and content regulations.
The DPC’s findings could have significant implications for X’s operations in Europe as regulators intensify oversight of AI-driven platforms.
