Following France and the UK, the EU's main privacy regulator has officially launched a "large-scale" investigation into Elon Musk's X platform and AI company xAI.
The Irish Data Protection Commission (DPC), responsible for enforcing the EU's General Data Protection Regulation (GDPR), announced earlier that it has officially launched a large-scale investigation into xAI. The investigation focuses on whether its AI chatbot, Grok, used EU user data and generated "non-consensual pornography" involving real people, including children.
Grok gets into trouble: AI-generated "non-consensual pornography" crosses the line.
The investigation was sparked by a controversy that erupted in early January of this year. At that time, a large number of X platform users discovered that they could easily use prompts to trick Grok into generating deepfake pornographic images targeting specific real women. These images spread rapidly on social media, triggering strong backlash from security experts, politicians, and ordinary users.
In a statement, Graham Doyle, Deputy Commissioner of the Irish Data Protection Commission, said: "The Irish Data Protection Commission has been in contact with X since the media first revealed a few weeks ago that X users could induce @Grok accounts to generate pornographic images of real people (including children)."
The Irish Data Protection Commission emphasized that this investigation will examine whether X has fulfilled its basic obligations under the GDPR (General Data Protection Regulation), particularly whether it considered privacy risks during the product development phase (Privacy by Design), and whether it had a legitimate purpose in using EU citizens' data for AI processing.
Global Crackdown: From French Searches to UK ICO Concerns
This is not an isolated incident; global regulatory agencies appear to have launched a crackdown on the X platform.
• French raid search:In early February, French and European investigators raided X's Paris offices, focusing on the algorithm's operation and the dissemination of AI-generated sexually abusive content. French prosecutors even summoned Musk and former X CEO Linda Yaccarino to Paris in April for "voluntary interviews."
• UK concerns:The UK Information Commissioner's Office (ICO) recently announced an investigation into X and xAI, and expressed "serious concern" about Grok's use of personal data to generate harmful pornographic content.
• EU survey:In addition to this GDPR investigation, the EU had previously launched a formal investigation into xAI under the Digital Services Act (DSA), requiring the platform to mitigate the risk of spreading illegal and harmful content.
Elon Musk's Counterattack: Political Persecution and the Battle for Freedom of Speech
Faced with mounting regulatory pressure, Elon Musk and the X platform have maintained their consistently tough stance.
In response to the French search, X refuted the allegations as "baseless" in an official post, condemning it as a "law enforcement theatre" aimed at achieving illegal political ends and seriously threatening freedom of speech.
Despite its tough rhetoric, under pressure from governments threatening fines and bans, xAI implemented some "technical measures" last month to limit Grok from generating certain explicit images. However, xAI maintains that its primary targets are content involving child sexual abuse (CSAM) and non-consensual nudity, attempting to find a balance between regulations and its proclaimed "absolute freedom of speech."
Analysis of viewpoints
This move by the Irish Data Protection Commission marks a new phase in the regulation of generative AI: a legal battle escalating from "content moderation" to "personal data processing."
In the past, discussions about AI-generated pornography (NCII, unauthorized private images) mostly focused on ethics and platform management responsibility. However, the EU's invocation of the GDPR directly questions xAI's "data training methods" and "whether it has the right to process this data to generate specific images." This is a very strong move, because if found to have violated the GDPR, the fine could reach up to 4% of its global annual revenue—an astronomical figure for a newly merged, massive entity.
Furthermore, Grok's problem lies in its real-time data integration with the X platform. While this is its strength (allowing for discussions of the latest events), it also makes it a prime target for generating deeply distorted content. Unlike OpenAI or Google, which have erected numerous safeguards, Elon Musk's pursuit of "unrestricted AI" clearly underestimates the risks of malicious use by humans.
As AI regulations are implemented in various countries by 2026, development models like xAI, which operate on the edge of legal boundaries, will inevitably face more frequent legal challenges. This is not just a matter of fines; it could force xAI to modify its algorithms from the ground up, or even suspend its services in Europe. For Musk, who aspires to create an "all-in-one app," European regulators will be his biggest obstacle.
