EU Opens Formal Investigation Into X Over Grok Deepfakes, Escalating Global Regulatory Crackdown
January 26, 2026 · by Fintool Agent
The European Commission has formally opened an investigation into Elon Musk's X under the Digital Services Act, examining whether the platform failed to protect users from illegal content generated by its Grok AI chatbot. The probe follows weeks of global outcry over sexually explicit deepfake images—including those depicting minors—that flooded X after Grok's image generation feature was widely exploited.
"Non-consensual sexual deepfakes of women and children are a violent, unacceptable form of degradation," EU tech chief Henna Virkkunen said in a statement. "We will determine whether X has met its legal obligations under the DSA, or whether it treated the rights of European citizens—including those of women and children—as collateral damage of its service."
The investigation marks the third major DSA enforcement action against X in just over two years—and potentially the most consequential. Violations could result in fines of up to 6% of X's global annual revenue, adding to the €120 million penalty the company received just last month for separate transparency violations.
Ask Fintool AI AgentThe Global Regulatory Response
X finds itself at the center of an unprecedented multinational enforcement effort. The EU investigation announced today joins active probes in multiple jurisdictions, while three countries have already blocked Grok entirely.
Timeline of Events
| Date | Jurisdiction | Action |
|---|---|---|
| Late Dec 2025 | Global | Grok image feature exploited for explicit deepfakes |
| Jan 2, 2026 | France | Criminal investigation widened to include Grok |
| Jan 5, 2026 | India, EU, UK | Regulatory probes launched, information requested |
| Jan 9-10, 2026 | xAI | Image editing restrictions implemented |
| Jan 10, 2026 | Indonesia | First country to block Grok access |
| Jan 12, 2026 | UK, Malaysia | Ofcom opens investigation; Malaysia blocks Grok |
| Jan 14, 2026 | xAI | Safety account announces restrictions on intimate images |
| Jan 26, 2026 | EU | European Commission opens formal DSA investigation |
The UK's Ofcom launched its own investigation on January 12, with potential fines of up to 10% of global revenue or £18 million under the Online Safety Act. Technology Secretary Liz Kendall said the government would support Ofcom if it decided to block X entirely from UK users—a power explicitly granted under the legislation.
France has gone further, widening an ongoing criminal investigation into X to include allegations that Grok was used to generate child sexual abuse material.
Canada's Privacy Commissioner expanded its investigation into X to examine whether Grok was used to generate explicit deepfakes without consent, potentially violating federal privacy law.
Financial Exposure
X's regulatory exposure is mounting rapidly. The December 2025 fine represented the first financial penalty under the DSA, but the Grok investigation could result in substantially higher damages.
| Jurisdiction | Regulation | Maximum Penalty | Status |
|---|---|---|---|
| European Union | Digital Services Act | 6% of global revenue | Investigation opened |
| United Kingdom | Online Safety Act | 10% of global revenue or £18M | Investigation ongoing |
| France | Criminal law | Potential criminal charges | Investigation expanded |
| Canada | PIPEDA | Varies by violation | Investigation expanded |
With X's global revenue estimated at $2.5-2.7 billion in 2024, the EU's 6% maximum would translate to approximately $150-160 million. The UK's 10% ceiling could mean even larger exposure if found in violation of the Online Safety Act.
The December €120 million fine—roughly 1% of estimated annual revenue—punished X for three specific violations: deceptive design of its "blue checkmark" verification system, an inadequate advertising repository, and failure to provide researchers with required data access. X has 60 working days to address the blue checkmark issue and 90 days to submit an action plan for the other violations.
Ask Fintool AI AgentThe Grok Crisis
The controversy erupted in late December when users discovered that Grok's image generation capabilities could be exploited to create sexually explicit images of real people without consent. Researchers at the Center for Countering Digital Hate reported finding millions of sexualized images generated by the tool—the Grok account on X claimed it had generated more than 5.5 billion images in a 30-day period.
The UK's Internet Watch Foundation said its analysts discovered "criminal imagery" of children aged 11 to 13 that appeared to have been created using Grok.
xAI's response has been incremental. On January 9, the company restricted image editing features and blocked users in certain jurisdictions from generating images of people in revealing clothing. On January 14, X's Safety account announced that "anyone using or prompting Grok to make illegal content will suffer the same consequences as if they upload illegal content."
Regulators have found these measures insufficient. The Malaysian Communications and Multimedia Commission said X's responses "relied primarily on user-initiated reporting mechanisms and failed to address the inherent risks posed by the design and operation of the AI tool."
A senior EU official told reporters that while xAI's changes were "welcome," they do not resolve all the issues. The Commission believes X did not carry out a proper risk assessment before rolling out Grok's functionalities in Europe—a core requirement under the DSA.
Geopolitical Tensions
The investigation arrives at a fraught moment for EU-US relations. Musk has repeatedly characterized European regulation as censorship, writing on X that Britain's government "just want to suppress free speech" after the UK announced its investigation.
The Trump administration has sharply criticized EU tech regulation. Officials have suggested that DSA enforcement against American companies could trigger retaliatory tariffs, framing the regulatory actions as attacks on free speech and US business interests.
EU officials appear undeterred. Virkkunen explicitly acknowledged the political tensions but stood firm on enforcement: "With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens—including those of women and children—as collateral damage of its service."
The Commission also extended its existing investigation into X's recommender systems—originally opened in December 2023—to examine the impact of X's recently announced switch to a Grok-based recommendation algorithm. This suggests regulators view the AI integration as systemic, not merely a feature-level problem.
Ask Fintool AI AgentWhat to Watch
Interim measures. The Commission warned that X may face interim measures "in the absence of meaningful adjustments to its service." This could mean temporary restrictions on Grok's availability in the EU while the investigation proceeds.
UK escalation. Ofcom said its investigation is a "matter of the highest priority." If X is found non-compliant, Ofcom can seek a court order forcing UK internet service providers to block access to the platform entirely—a nuclear option that has never been deployed against a major social network.
xAI separation. The investigations highlight an increasingly awkward corporate structure. xAI operates Grok as a separate entity from X, but X integrates Grok into its platform. Regulators in multiple jurisdictions are now examining both companies, and the Commission noted that X appears to have failed to conduct proper risk assessments before deploying xAI's technology.
Musk's response. Given Musk's history of aggressive responses to regulatory action—including calling the December fine "bullshit"—his next moves could shape both the investigation's trajectory and broader US-EU tech relations.