European Union Opens Major Investigation Into X's Grok AI Over Illegal Sexual Content

European Union Opens Major Investigation Into X's Grok AI Over Illegal Sexual Content

2026-01-26 data

Brussels, Monday, 26 January 2026.
The European Commission has launched a formal investigation into Elon Musk’s X platform under the Digital Services Act, focusing on whether the company adequately assessed risks before deploying its Grok AI chatbot in the EU. The probe centers on reports that Grok generated manipulated sexually explicit images, including potential child sexual abuse material, exposing EU citizens to serious harm. This marks a significant escalation in regulatory scrutiny of AI-driven content systems, with potential fines reaching 6% of global annual turnover.

Investigation Builds on Previous Regulatory Action

This latest investigation represents a significant escalation from earlier regulatory pressure that led to X opening its recommendation algorithm code to the public on January 14, 2026, following a €140 million EU fine for transparency violations under the Digital Services Act [GPT]. The European Commission announced the new formal investigation on Monday, January 26, 2026, specifically targeting whether X properly assessed and mitigated risks associated with deploying Grok’s functionalities in the EU [1][2]. The Commission stated that these risks “seem to have materialised, exposing citizens in the EU to serious harm” through the dissemination of illegal content, including manipulated sexually explicit images and content that may amount to child sexual abuse material [1][3].

Dual Investigation Approach Targets AI and Recommendation Systems

The Commission’s investigation operates on two distinct fronts, examining both X’s new AI capabilities and its existing content recommendation infrastructure. The primary investigation focuses on whether X conducted proper risk assessments before deploying Grok’s functionalities, particularly regarding the potential for generating illegal sexual content [1][4]. Simultaneously, the Commission extended its ongoing investigation launched in December 2023 into X’s recommender systems risk management obligations, now incorporating the platform’s recently announced switch to a Grok-based recommender system [1][8]. Under the Digital Services Act, X faces obligations to “diligently assess and mitigate systemic risks” and conduct ad hoc risk assessment reports with critical impact on the platform’s risk profile prior to deployment [1].

Global Regulatory Response Intensifies Across Multiple Jurisdictions

The EU investigation forms part of a coordinated international regulatory response, with governments and regulators in at least eight countries taking action against X and xAI [4]. On January 12, 2026, the UK’s Ofcom opened a formal investigation under the Online Safety Act to examine whether X complied with duties to prevent the spread of illegal content, including child sexual abuse material [4][6]. Canada’s federal Privacy Commissioner expanded its investigation into X on January 15, 2026, to examine whether Grok was used to generate explicit deepfake images without consent [4]. Brazil has given xAI 30 days from January 20, 2026, to stop Grok from producing fake sexualized images, while Malaysia temporarily blocked Grok before restoring access on January 23, 2026, after X introduced safety measures [4].

Financial Stakes and Enforcement Timeline

The financial implications for X are substantial, with the Digital Services Act allowing fines of up to 6% of global annual turnover for breaches [8][9]. This potential penalty follows closely on a previous €120 million fine issued in December 2025 for breaches including the deceptive design of X’s blue checkmark system [8][6]. The Commission has indicated it will continue gathering evidence through additional information requests, interviews, and inspections, with the authority to “impose interim measures” if there are no “meaningful adjustments” to the X service [8]. EU Commissioner for Technology Henna Virkkunen stated that the investigation will determine “whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens — including those of women and children — as collateral damage of its service” [5][6].

Bronnen

• digital-strategy.ec.europa.eu
• www.reuters.com
• eulawlive.com
• www.techpolicy.press
• www.bbc.com
• therecord.media
• www.xinhuanet.com
• www.xinhuanet.com
• www.cnbc.com

AI regulation Digital Services Act