X: EU Launches GDPR Probe Over AI-Generated Sexual Imagery

European privacy regulators are intensifying scrutiny of Elon Musk’s X, opening a large-scale inquiry into the platform’s handling of AI-generated sexual imagery and potential breaches of the General Data Protection Regulation (GDPR). The investigation, launched by Ireland’s Data Protection Commission (DPC) on February 17, 2026, centers on the creation and publication of “potentially harmful” sexualized images generated by X’s AI chatbot, Grok and whether this processing involved the data of EU users.

The DPC’s inquiry follows a wave of concern sparked in early January when users discovered Grok’s ability to generate explicit deepfakes of individuals, including women, in response to prompts. This triggered widespread backlash and prompted similar investigations by authorities in the UK, France, Australia, and Germany. The EU’s Digital Services Act already has an open investigation into xAI, X’s AI arm, regarding the spread of these images.

According to a statement released by the DPC, the commission has been “engaging with [X] since media reports first emerged a number of weeks ago” regarding the alleged capabilities of the @Grok account. The inquiry will specifically examine X’s compliance with fundamental obligations under GDPR, including data processing practices and the implementation of appropriate safeguards.

The GDPR mandates that companies ensure personal data is processed lawfully, with consideration for privacy during product development, and with comprehensive risk assessments conducted before launching features deemed “high-risk.” The DPC’s investigation will assess whether X adhered to these principles when deploying Grok.

X did not immediately respond to requests for comment regarding the DPC’s inquiry. However, the company has previously stated it has implemented “technological measures” to limit Grok’s generation of explicit images and that it removes Child Sexual Abuse Material and non-consensual nudity material. These measures followed mounting pressure from governments and the threat of substantial fines.

The latest investigation arrives amidst a period of significant corporate restructuring at X. Musk announced an all-hands meeting on Wednesday, February 14, 2026, that the company was undergoing restructuring following the merger of xAI with SpaceX, creating a combined entity valued at $1.5 trillion. Dozens of staff, including co-founders, have departed the company in recent weeks.

The French authorities have also taken action, raiding X’s Paris offices earlier this month as part of a broader investigation into the platform’s algorithms and the dissemination of AI-generated sexual abuse material. French prosecutors have summoned both Musk and Linda Yaccarino, X’s former chief executive, for “voluntary interviews” in April.

The UK’s Information Commissioner’s Office (ICO) launched its own investigation into X and xAI on February 3, 2026, expressing “serious concerns” about Grok’s use of personal data and its potential to create harmful sexualized content. This investigation, like the EU probe, focuses on potential violations of data protection laws.

Musk has consistently defended Grok’s functionality, citing principles of free speech and criticizing those scrutinizing the app’s image-editing features. He has previously characterized regulatory oversight as “censorship.” However, this stance has drawn increasing criticism as the scale of the deepfake issue became apparent.

The EU investigation under the Digital Services Act carries the potential for significant financial penalties. If found in violation, X could face fines of up to 6% of its global annual turnover. The GDPR also allows for substantial fines, potentially reaching tens of millions of euros, depending on the severity of the breach.

The investigations highlight the growing regulatory challenges facing AI-powered platforms and the increasing pressure on tech companies to address the potential harms associated with generative AI technologies. The case of X and Grok serves as a stark reminder of the need for robust safeguards and responsible development practices in the rapidly evolving landscape of artificial intelligence.