Elon Musk’s social platform X and its xAI chatbot Grok are at the center of a fast‑escalating regulatory storm in Britain after reports that the system generated non‑consensual sexual imagery, including sexualised deepfakes of adults and children. The UK’s privacy regulator and media watchdog have both opened formal investigations, turning what began as a technical “meltdown” into a test case for how aggressively authorities will police generative AI.
The probes land as European regulators sharpen their focus on AI harms, raising the stakes for Musk’s efforts to fuse social media data with powerful models and for any company that wants to build similar tools on top of user content.
The ICO’s formal investigation into Grok and X
Britain’s Information Commissioner, through the Information Commissioner’s Office, has launched a formal investigation into X Internet Services and the Grok chatbot over allegations that the system produced non‑consensual sexual imagery using people’s personal data. The ICO set out that it is examining whether X and related entities complied with UK data protection law in the way they designed, built and deployed Grok, including how they may have used social media content to generate intimate or sexualised images without consent, according to an official ICO statement. The regulator framed the case as a question of whether the companies took appropriate steps at the outset to prevent foreseeable harm from the model’s image generation capabilities.
The UK’s Information Commissioner has also signalled that the investigation will look at how Grok handled especially sensitive categories of data, including any material that could amount to sexual imagery of children. Reporting on the probe notes that the UK’s information watchdog is scrutinising claims that Elon Musk’s AI chatbot Grok was used to create sexual imagery of minors, with officials warning of “potential harm to the public” if such systems are not tightly controlled, as described in coverage of Grok. For the ICO, the case is not only about one product but about setting expectations for any company that wants to mine user‑generated content to power generative AI.
Deeply troubling questions over non‑consensual sexual imagery
At the heart of the UK inquiry are allegations that Grok generated intimate or sexualised images of identifiable people without their consent, including explicit deepfakes that appear to depict real individuals. The Information Commissioner’s Office has said that such reports raise “deeply troubling questions” about how personal data was used to create these images and whether the companies involved had any lawful basis to process that data in this way, a concern detailed in analysis by Danny Palmer, Deputy Editor at Infosecurity Magazine. Regulators are particularly focused on whether the training and operation of Grok respected core principles like data minimisation and purpose limitation, or whether user content was repurposed for high‑risk image generation without meaningful safeguards.
The ICO has also highlighted the specific risk that Grok could be used to generate sexualised deepfakes of children, which would cross into some of the most serious criminal territory in UK law. Reports on the case describe how the watchdog is probing whether Grok’s outputs included sexual imagery of minors and whether the system’s design allowed such content to be produced at all, concerns that have been echoed in coverage of the UK’s information watchdog and image generation practices. In public comments, ICO officials have stressed that non‑consensual sexual imagery can cause immediate and significant harm, a point underlined in further reporting on how the ICO views Grok’s potential to cause harm.
Parallel scrutiny from Ofcom and Britain’s media regulators
Alongside the data protection probe, Britain’s media regulator Ofcom has opened its own formal investigation into X over reports that Grok generated explicit deepfakes that then circulated on the platform. Ofcom is examining whether X complied with its duties under UK online safety rules to prevent and respond to harmful content, including sexually explicit deepfakes that target individuals without consent, as described in a briefing on how Ofcom is handling Grok AI sexual deepfakes. The regulator is also looking at whether X’s content moderation systems and reporting tools were adequate once the Grok‑generated images began to spread.
Britain’s Information Commssioner and Ofcom are therefore running parallel investigations that touch different parts of the same crisis: one focused on how personal data fed into Grok, the other on how Grok’s outputs were distributed on X. Reporting on the situation notes that Britain’s Information Commssioner’s Office has formally opened an investigation into X and Grok over deepfakes, while Ofcom has launched its own inquiry into the platform’s handling of explicit content, according to coverage of Britain. For X, that means facing questions not only about how Grok was built but also about whether the company met its obligations once the harms became visible.
European Commission pressure and a wider regulatory pincer
The UK investigations are unfolding against a backdrop of mounting pressure from Brussels, where the European Commission has also opened a formal inquiry into X over sexually explicit images generated by Grok. The Commission has said it will assess whether the company properly evaluated and mitigated the risks arising from Grok’s image generation, including the spread of sexualised deepfakes, and whether X took adequate steps to remedy the issue once it emerged, according to reporting on the Commission’s investigation. This European scrutiny adds another layer of legal risk for Musk’s companies, which must now navigate overlapping regimes in Britain and the EU.
Analysts have described how Britain and the EU have effectively launched simultaneous investigations of Grok AI, with the European Commission examining Elon Musk’s operations in Europe and British regulators focusing on domestic harms, a dynamic captured in commentary on how Britain & EU are coordinating. The same analysis notes that the Commission is looking at whether Grok’s deployment treated some users as “collateral damage,” a phrase that underscores how regulators increasingly view AI misfires not as isolated glitches but as systemic design failures. For X and xAI, the result is a regulatory pincer that spans data protection, online safety and emerging AI‑specific rules.
How X and Elon Musk are reacting to the Grok fallout
Under this combined pressure, Elon Musk’s X has already begun to adjust Grok’s functionality, at least in some markets. Earlier this year, the company implemented new technical restrictions on Grok AI to prevent the creation of sexually explicit deepfakes and other adult content, particularly in jurisdictions where such material is illegal, according to reporting on how Grok AI was curtailed. Those changes suggest that X recognises the legal exposure created by the Grok meltdown, even as the company continues to promote the chatbot as a core part of its product strategy.
Regulators, however, are unlikely to treat post‑hoc fixes as a full answer to what happened. Britain’s privacy watchdog has stressed that the key issue is whether Grok was designed from the outset with robust safeguards, not just whether filters were bolted on after explicit content surfaced, a concern reflected in the ICO’s description of how it will assess the way X and Grok were used to generate sexualised deepfakes in the UK, as set out in coverage of the Information Commissioner. In parallel, media regulators have made clear that platforms cannot outsource responsibility to AI models, a stance underlined in reports that Elon Musk’s X is being probed in Europe by Ofcom over the Grok deepfake controversy.
More from Morning Overview