The UK's data protection regulator has initiated a formal investigation into social media giant X and its associated artificial intelligence firm xAI, focusing on their adherence to British law following disturbing reports about the Grok chatbot. The probe centres on allegations that the AI tool was utilised to create sexualised deepfake imagery without the consent of the individuals depicted, raising significant legal and ethical concerns.
Regulatory Scrutiny Intensifies
The Information Commissioner's Office (ICO) confirmed the investigation, stating the reports have prompted "serious concerns" under the UK's robust data protection framework. The inquiry will specifically examine whether adequate safeguards were integrated into both the design and the operational deployment of the Grok services to protect personal data.
William Malcolm, the ICO's Executive Director for Regulatory Risk and Innovation, emphasised the gravity of the situation. "The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this," he stated. Malcolm highlighted the immediate and substantial harm caused by such a loss of control over personal information, noting the particular vulnerability of children in these circumstances.
Parallel Investigations and International Pressure
This UK probe is not occurring in isolation. The platform and its parent company are facing mounting pressure from multiple international regulatory bodies. Ofcom, the UK's communications regulator, had already launched a separate investigation into X several weeks prior and continues to gather evidence, a process expected to extend over several months.
However, Ofcom noted a jurisdictional limitation, explaining it cannot directly investigate xAI, the provider of the standalone Grok chatbot app, due to the specific application of the Online Safety Act concerning chatbots. Despite this, Ofcom issued a firm statement: "We continue to demand answers from xAI about the risks it poses. We are examining whether to launch an investigation into its compliance with the rules requiring services that publish pornographic material to use highly-effective age checks to prevent children from accessing that content."
Simultaneously, X is under investigation by the European Commission. In a significant development on Tuesday, French prosecutors conducted raids on the company's offices in France. This action is part of a preliminary investigation into potential offences, including the dissemination of child sexual abuse material and deepfakes. The Paris prosecutors' office stated it was pursuing a constructive approach to ensure the platform's operations comply with French law.
Company Response and Regulatory Action
In response to the escalating scrutiny, X has stated it has implemented new measures to address the issues previously raised. Ofcom acknowledged these steps, adding that the company must be afforded a "full opportunity to make representations" as part of the investigative process.
The ICO has affirmed its commitment to decisive action. "Our investigation will assess whether XIUC and X.AI have complied with data protection law in the development and deployment of the Grok services, including the safeguards in place to protect people’s data rights," a spokesperson said. "Where we find obligations have not been met, we will take action to protect the public." The watchdog is also coordinating closely with Ofcom and other international regulators to address this cross-border issue.
The case underscores the growing regulatory challenges posed by advanced AI technologies and their potential for misuse, placing significant emphasis on corporate accountability and the enforcement of data protection standards in the digital age.
