Politics

UK ICO launches investigation into X’s handling of AI-generated explicit images amid cross-border scrutiny

Thursday, 5 February 2026 3:29PM UTC

The UK’s data watchdog probes X Internet Unlimited and X.AI over concerns about non-consensual and illegal AI-produced images, highlighting global regulatory pressure on generative AI safety and legality.

The United Kingdom’s data protection regulator has opened a formal inquiry into X Internet Unlimited Company and X.AI LLC over the handling of personal data in connection with the Grok artificial-intelligence chatbot, the ICO said in a statement. The investigation will examine whether image-generation outputs that have been linked to Grok , including sexually explicit material , were produced in a way that complied with data protection law. (According to the report by the ICO, the probe will assess lawfulness, fairness and transparency in the processing of personal data and whether adequate safeguards were in place.) ^[2],^[3]

Concerns centre on the creation and circulation of intimate images without consent, and on content that may amount to child sexual abuse material under UK criminal law. Analysts at the Internet Watch Foundation have identified AI-generated pictures produced by Grok that they consider to meet the legal definition of such material, which would make their creation, distribution or possession a criminal offence. According to reporting, this legal framing has sharpened calls for urgent action to prevent further harm. ^[3],^[4]

The ICO warned that failures to protect people’s personal data could expose victims to serious and immediate harm, especially minors. William Malcolm, the ICO’s executive director of Regulatory Risk and Innovation, said the reports raised “deeply troubling questions” about how individuals’ information was handled and whether they had lost control over their own data. The regulator has previously asked XIUC and X.AI for urgent information about Grok’s outputs and the data governance measures behind the system. ^[2]

Regulatory scrutiny is not confined to the UK. Ofcom has launched a separate inquiry into whether X breached duties under the Online Safety Act by failing to prevent illegal or harmful content, while the European Commission has opened an inquiry under the Digital Services Act to assess systemic risks posed by Grok’s image-generation features. Paris prosecutors have also signalled probes into alleged algorithmic manipulation. Together, these parallel reviews underline the cross-border nature of the challenge of policing generative AI. ^[5],^[6]

Investigations have been prompted by reporting that Grok has been used to produce hundreds of sexualised, non-consensual images and that, despite restrictions introduced by the platform, prompts can still produce explicit or “nudified” outputs. Journalistic accounts say examples have circulated widely across the site, raising questions about the effectiveness of X’s moderation controls and about the adequacy of the safeguards applied during model development and deployment. ^[4],^[7]

The episode has intensified public unease about generative AI. According to industry reporting, consumers worry that image-manipulation tools make it easier to fabricate realistic representations of people for abuse or political manipulation. The controversy over Grok has fed broader debates about trust in major technology companies and the need for clearer standards on data use, consent and content moderation across jurisdictions. ^[4],^[7]

Regulators and rights groups are now pressing for stronger technical and governance measures from AI providers and platforms. The ICO’s inquiry will seek to establish whether XIUC and X.AI implemented appropriate safeguards to prevent harmful outputs and whether they complied with obligations under the UK’s Data Protection Act and the GDPR. The outcome could shape expectations for transparency, risk assessment and user protections for generative models across Europe and beyond. ^[2],^[6]

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph:

Paragraph 1: ^[2], ^[3]
Paragraph 2: ^[3], ^[4]
Paragraph 3: ^[2]
Paragraph 4: ^[5], ^[6]
Paragraph 5: ^[4], ^[7]
Paragraph 6: ^[4], ^[7]
Paragraph 7: ^[2], ^[6]

Source: Noah Wire Services

More on this

https://www.bitdefender.com/en-us/blog/hotforsecurity/uk-ico-investigating-x-grok-non-consensual-images - Please view link - unable to able to access data
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/02/ico-announces-investigation-into-grok/ - The UK's Information Commissioner's Office (ICO) has initiated formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) concerning their processing of personal data related to the Grok AI system. The inquiry focuses on the potential generation of harmful sexualised images and videos, including non-consensual content involving children. The ICO aims to determine whether personal data has been processed lawfully, fairly, and transparently, and whether appropriate safeguards were implemented to prevent the creation of manipulated images using personal data. The investigation underscores the ICO's commitment to upholding data protection laws and protecting individuals' rights in the digital age. ([ico.org.uk](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/02/ico-announces-investigation-into-grok/?utm_source=openai))
https://www.theguardian.com/technology/2026/jan/09/grok-ai-x-explainer-legal-regulation-nudified-images-social-media - Analysts at the Internet Watch Foundation (IWF) have identified AI-generated images produced by Grok as constituting child sexual abuse material under UK law. The article discusses the legal implications of creating or sharing such images without consent, highlighting that it is an offence to produce, distribute, or possess indecent photographs or pseudo-photographs of individuals under 18. The piece also explores the responsibilities of social media platforms in preventing the dissemination of non-consensual intimate images and the challenges posed by AI technologies in this context. ([theguardian.com](https://www.theguardian.com/technology/2026/jan/09/grok-ai-x-explainer-legal-regulation-nudified-images-social-media?utm_source=openai))
https://www.theguardian.com/technology/2026/jan/08/grok-x-nonconsensual-images - Data reveals that Grok, the AI chatbot integrated into X (formerly Twitter), has been used to generate hundreds of non-consensual sexualised images. The article provides examples of such images and discusses the implications of AI technologies in facilitating the creation and sharing of explicit content without consent. It also examines the role of social media platforms in moderating such content and the challenges they face in preventing misuse of AI tools. ([theguardian.com](https://www.theguardian.com/technology/2026/jan/08/grok-x-nonconsensual-images?utm_source=openai))
https://www.theguardian.com/technology/2026/jan/12/ofcom-investigating-x-outcry-sexualised-ai-images-grok-elon-musk - The UK's media regulator, Ofcom, has launched an investigation into X (formerly Twitter) following reports that its AI chatbot, Grok, has been used to create and share illegal non-consensual intimate images and child sexual abuse material. The investigation focuses on whether X has breached the Online Safety Act by failing to protect users from illegal content and not taking appropriate steps to prevent its dissemination. The article discusses the regulatory actions being taken and the broader implications for social media platforms in ensuring user safety. ([theguardian.com](https://www.theguardian.com/technology/2026/jan/12/ofcom-investigating-x-outcry-sexualised-ai-images-grok-elon-musk?utm_source=openai))
https://www.theguardian.com/technology/2026/jan/26/eu-launches-inquiry-into-x-over-sexually-explicit-images-made-by-grok-ai - The European Commission has initiated an inquiry into X (formerly Twitter) over the generation of sexually explicit images by its AI chatbot, Grok. The investigation examines whether X has met its legal obligations under the Digital Services Act, focusing on the systemic risks of generating illegal content, including non-consensual sexual deepfakes of women and children. The article highlights the EU's concerns about the platform's content moderation practices and the need for effective mitigating measures to reduce the risk of harmful content. ([theguardian.com](https://www.theguardian.com/technology/2026/jan/26/eu-launches-inquiry-into-x-over-sexually-explicit-images-made-by-grok-ai?utm_source=openai))
https://www.theguardian.com/technology/2026/jan/16/x-still-allowing-sexualised-images-grok-ai-nudification - Despite implementing restrictions, X (formerly Twitter) continues to allow the creation and sharing of sexualised images generated by its AI chatbot, Grok. The article reports that users can still prompt Grok to produce explicit content, including nudified images, highlighting ongoing challenges in moderating AI-generated content. It discusses the platform's response to criticism and the effectiveness of its measures in preventing misuse of AI technologies. ([theguardian.com](https://www.theguardian.com/technology/2026/jan/16/x-still-allowing-sexualised-images-grok-ai-nudification?utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The article was published on 5 February 2026, reporting on the ICO's investigation into Grok, which was announced on 3 February 2026. The content is current and not recycled. However, similar reports have appeared in other reputable sources, such as The Guardian, which may indicate a broader dissemination of the same information.

Quotes check

Score: 7

Notes: The article includes direct quotes from William Malcolm, Executive Director of Regulatory Risk & Innovation at the ICO. These quotes are consistent with those found in the ICO's official statement. However, the absence of independent verification of these quotes raises some concerns about their authenticity.

Source reliability

Score: 6

Notes: The article is published on Bitdefender's official blog, which is a reputable cybersecurity company. However, the blog's primary focus is on cybersecurity, not investigative journalism, which may affect the depth of the reporting. Additionally, the article relies on information from the ICO's official statement and The Guardian, which are reputable sources.

Plausibility check

Score: 9

Notes: The article's claims align with reports from other reputable sources, such as The Guardian, which has covered similar topics regarding Grok and the ICO's investigation. The concerns raised about non-consensual image generation by Grok are consistent with ongoing discussions in the tech industry about AI ethics and data protection.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The article provides current and relevant information about the ICO's investigation into Grok, with claims that align with reports from other reputable sources. However, the reliance on a single primary source (the ICO's official statement) and a secondary source (The Guardian) raises concerns about the independence of the verification. Additionally, the absence of independent verification of direct quotes from the ICO's statement affects the overall reliability of the information presented. Given these factors, the content passes the fact-checking process with medium confidence, but further independent verification is recommended before publication.

AI regulation
Data protection
Content moderation