Britain’s data protection regulator opened a formal investigation into Elon Musk’s X and xAI on Tuesday after reports emerged that the Grok AI chatbot generated sexualized deepfake images without consent.

The Information Commissioner’s Office said Tuesday it’s investigating both companies for potential breaches of UK data protection laws. The probe covers X Internet Unlimited Company—X’s Dublin-based data controller for the EU and European Economic Area—and xAI itself.

Musk now faces two separate UK investigations. Ofcom, Britain’s communications regulator, started its own probe into X on January 12. On Tuesday, Ofcom confirmed it’s still gathering evidence.

Indonesia, Malaysia Block Elon Musk’s Grok After It Flooded the Web With Deepfake Porn
The weekend bans mark a turning point in AI regulation—governments are moving from issuing warnings to enforcing blocks when platforms fail to prevent AI-generated sexual content.
TechloyDamilare Odedina

What the ICO Is Investigating

Reports say Grok created non-consensual sexual imagery, including images of children. William Malcolm, the ICO’s executive director for regulatory risk and innovation, said the allegations are serious.

“The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this,” Malcolm said.

When children are involved, Malcolm added, losing control of personal data “can cause immediate and significant harm.”

The ICO said creating and circulating such content “raises serious concerns under UK data protection law and presents a risk of significant potential harm to the public.”

If X or xAI violated data protection rules, they could face fines up to £17.5 million or 4% of global annual revenue, whichever is higher.

Two Probes, Different Rules

The ICO and Ofcom investigations operate under different legal frameworks.

The ICO’s probe covers both X and xAI under data protection law. It’s looking at whether Grok had proper safeguards built into its design and how the companies processed personal data when developing the AI.

Ofcom’s investigation only covers X. The regulator can’t investigate xAI directly, and it explained why on Tuesday.

“When we opened our investigation into X, we said we were assessing whether we should also investigate xAI, as the provider of the standalone Grok service,” Ofcom said.

Ofcom is looking at whether it should open a separate investigation into xAI’s compliance with rules that require services publishing pornographic material to use effective age verification.

But for now, Ofcom can’t investigate how Grok creates illegal images. “Because of the way the act relates to chatbots, we are currently unable to investigate the creation of illegal images by the standalone Grok service in this case,” the regulator said.

The Ofcom investigation into X could take months. The regulator noted X has already taken some steps to address the problem and said the company deserves a “full opportunity to make representations” during the investigation.

Wider Crackdown on Grok

Governments and regulators worldwide are cracking down on sexually explicit content from Grok, according to the ICO.

The regulator said it’s coordinating with Ofcom and international authorities “to ensure our roles are aligned and that people’s safety and privacy are protected.”

The dual UK investigations add fresh regulatory pressure on Musk. How X and xAI respond could shape future AI regulation and data protection enforcement in Britain.

Elon Musk’s SpaceX Acquires xAI in $1.25 Trillion Deal, Eyes June IPO
SpaceX announced Monday it acquired xAI, creating what’s expected to be one of the largest initial public offerings in history.
TechloyDamilare Odedina