Ireland’s Data Protection Commission opened an investigation Tuesday into Elon Musk‘s X and its artificial intelligence tool Grok for producing sexualized images, including images of children.
The inquiry, announced by Ireland’s privacy watchdog under section 110 of the Data Protection Act of 2018, targets X Internet Unlimited Company, the Dublin-based entity that manages X’s operations in the European Union.
The investigation centers on reports that users were able to prompt Grok, an AI chatbot developed by Musk and embedded into X, to create “potentially harmful, non-consensual intimate and/or sexualised images” of real people, including EU residents and children.
DPC Deputy Commissioner Graham Doyle said the agency had been in dialogue with XUIC since media reports first surfaced weeks ago and that the inquiry “will examine XIUC’s compliance with some of their fundamental obligations under the GDPR in relation to the matters at hand.”
During the investigation, regulators said they will examine whether the company complied with the EU’s General Data Protection Regulation, a stringent privacy regime that allows fines of up to 4% of global revenue for violations.
The investigation will assess whether the processing of personal data tied to these outputs met legal requirements, such as lawful handling, data protection by design, and data protection impact assessments.
Ireland’s action reflects mounting pressure on X and its AI tools across Europe, where multiple regulators have zeroed in on Grok’s behavior in recent months. Other popular AI tools produce similar content but have not received the same scrutiny or notoriety.
Authorities in France also pursued legal actions as prosecutors and cybercrime units searched X’s Paris offices in early February, as the dissemination of explicit imagery and other illegal content expanded their scrutiny from algorithmic practices to questions around child protection.
The Spanish government has also asked prosecutors to investigate X, along with Meta and TikTok, over allegations that platforms are spreading AI-generated child sexual abuse material, and is proposing stricter protections for minors online.
Meanwhile, the United Kingdom’s Information Commissioner’s Office opened a separate inquiry in early February into whether X and its AI units complied with U.K. data protection law in the development of Grok, particularly regarding safeguards against generating harmful sexualized imagery. The ICO said it was coordinating with Ofcom and international partners.
In late January, the European Commission, the EU’s executive arm, also launched its own investigation into whether X properly assessed and mitigated risks posed by Grok under the bloc’s Digital Services Act.
The DSA is a sweeping digital rulebook aimed at curbing illegal content and protecting user rights online.
