Ireland Steps Into Expanding European Probe of Grok & AI-Generated Harm

Key Takeaways

• Formal GDPR Inquiry Opened: Ireland’s Data Protection Commission has launched a statutory inquiry under section 110 of the Data Protection Act 2018 into X Internet Unlimited Company.
• Focus on AI-Generated Images: The investigation centers on the alleged creation and publication of non-consensual intimate or sexualized images using generative AI functionality linked to the Grok large language model.
• Children Potentially Affected: The DPC confirmed the matter involves the processing of personal data of EU/EEA data subjects, including children.
• Core GDPR Articles Under Review: The inquiry will examine compliance with Articles 5, 6, 25, and 35 of the GDPR, covering data processing principles, lawfulness, data protection by design and default, and impact assessments.

Deep Dive

Ireland’s Data Protection Commission has opened a formal inquiry into X and the Irish entity responsible for the X platform in the EU, over concerns that generative artificial intelligence tools linked to the platform may have been used to create and publish non-consensual intimate images. The development follows widening scrutiny of Grok and its deployment on X across Europe, including parallel investigations by UK regulators and criminal proceedings in France.

The regulator confirmed on February 17, 2026 that it had initiated an investigation under section 110 of the Data Protection Act 2018. The decision to begin the inquiry was notified to XIUC on February 16.

The inquiry centers on what the DPC described as the apparent creation and publication on the X platform of potentially harmful, non-consensual intimate and/or sexualized images. According to the Commission, the images may involve the processing of personal data belonging to EU and EEA data subjects, including children.

The regulator specifically referenced generative AI functionality associated with the Grok large language model, which is integrated into the X platform. Media reports in recent weeks had alleged that users could prompt the @Grok account on X to generate sexualized images of real individuals, including minors.

The DPC said it has been engaging with XIUC since those reports first surfaced.

GDPR Obligations Under Scrutiny

As the Lead Supervisory Authority for XIUC across the EU and EEA under the GDPR’s one-stop-shop mechanism, the DPC said the inquiry will examine whether the company has complied with several core data protection obligations.

The investigation will assess potential compliance with:

• Article 5 of the GDPR, which sets out the fundamental principles of processing personal data
• Article 6, governing the lawfulness of processing
• Article 25, which requires Data Protection by Design and by Default
• Article 35, which mandates the carrying out of a Data Protection Impact Assessment (DPIA) in certain high-risk circumstances

In announcing the inquiry, Deputy Commissioner Graham Doyle stated that the DPC has been engaging with XIUC for several weeks and has now commenced what he described as a “large-scale inquiry” to examine compliance with “fundamental obligations under the GDPR in relation to the matters at hand.”

Broader AI Governance Implications

The case highlights mounting regulatory attention on the intersection of generative AI, user-generated content, and data protection compliance, particularly where the processing of personal data involves sensitive or sexualized imagery and the rights of children.

While the inquiry remains at an early stage, its outcome could clarify how EU data protection law applies when generative AI systems embedded in social platforms are used to create content that may implicate real individuals’ personal data.

The DPC has not yet indicated a timeline for the conclusion of the investigation.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.