• The United Kingdom’s data protection authority, the Information Commissioner’s Office (ICO), has opened a formal investigation into Grok, focusing on whether Grok and its operators violated UK data protection law by generating sexualised content using people’s personal data without consent. This includes sexually explicit deepfake images of individuals — including serious allegations that some involve minors.
• The probe targets both X and xAI (and the Dublin-based X Internet Unlimited Company, which is the data controller for the EU/EEA).

Why it matters

• Regulators are concerned Grok’s image-generation capability produced harmful and non-consensual sexualised imagery, potentially breaching GDPR and UK privacy law.
• Estimates suggest millions of sexualised images were generated in a short period, with tens of thousands allegedly involving depictions of children, though precise figures vary by report.
• The ICO’s investigation will assess what safeguards, protections and content controls were in place — or missing — when the technology was deployed.

Parallel and related probes

• Ofcom, the UK’s communications regulator, is conducting its own inquiry under the Online Safety Act 2023, reviewing whether X failed to protect users from illegal content (including non-consensual intimate images and child abuse material generated via Grok).
• Across Europe, French prosecutors raided X offices in Paris as part of a separate investigation into alleged distribution of child abuse content and deepfakes connected to the platform.

Broader context

• The controversy didn’t emerge overnight — news outlets documented Grok being used to create sexualised or “nudified” images of real people (including minors) by late 2025, triggering an international backlash from regulators, safety watchdogs and politicians.

What happens next?

• The ICO’s formal probe could lead to findings on GDPR breaches and data misuse — potentially resulting in fines or compliance orders under UK law if violations are confirmed.
• Ofcom’s investigation and actions by other European authorities may also prompt additional legal consequences or safety requirements for Grok’s operators.