Burak Bir
03 February 2026•Update: 03 February 2026
LONDON
Britain's data protection watchdog said Tuesday it has launched a formal investigation into Elon Musk’s X and xAI companies after the Grok AI tool produced indecent deepfakes without people’s consent.
The fresh probe came following reports that Grok has been used to generate non‑consensual sexual imagery of individuals, including children, the Information Commissioner’s Office said in a statement.
"The Information Commissioner’s Office (ICO) has opened formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) covering their processing of personal data in relation to the Grok artificial intelligence system and its potential to produce harmful sexualised image and video content," the office noted.
The watchdog underlined that these concerns relate to whether personal data has been processed lawfully, fairly, and transparently, and whether appropriate safeguards were built into Grok’s design and deployment to prevent the generation of harmful manipulated images using personal data.
"Where those safeguards fail, individuals lose control of their personal data in ways that expose them to serious harm," it noted.
The statement added that examining these risks is central to the watchdog's role in protecting people’s rights and holding organizations to account as they design and deploy AI technology.
The ICO recalled its previous statement dated Jan. 7 that it had contacted XIUC and X.AI to seek urgent information about these reports.
In the statement, William Malcolm, executive director of regulatory risk & innovation at the ICO, said that the reports about Grok raise "deeply troubling questions" about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent.
"Losing control of personal data in this way can cause immediate and significant harm. This is particularly the case where children are involved," he noted.
Malcolm added: "Our investigation will assess whether XIUC and X.AI have complied with data protection law in the development and deployment of the Grok services, including the safeguards in place to protect people’s data rights."
On Jan. 12, the UK’s online safety regulator Ofcom launched an investigation under the Online Safety Act, following reports that Grok had been used to generate undressed images of individuals and sexualized imagery involving both adults and children.
