Privacy & Cybersecurity Law Blog

On February 3, 2026, the UK Information Commissioner’s Office (“ICO”) publicly confirmed that it has launched formal investigations into X Internet Unlimited Company (“XIUC”) and X.AI LLC (“X.AI”). The Grok artificial intelligence system is the focus of the ICO’s investigation, prompted by reports that it was used to create non-consensual sexual imagery involving individuals, including children.

The ICO’s inquiry will assess whether Grok’s design and deployment adequately considered the risk of generating synthetic images that may result in harm, particularly to children. The ICO indicated that the potential for Grok to generate and distribute sexualized images without permission raises urgent questions about privacy and public safety.

The ICO is now examining the extent to which XIUC and X.AI ensured the lawful, fair and transparent processing of personal data, and whether they incorporated adequate safeguards into Grok’s design to prevent misuse leading to harmful manipulated content. As part of its investigation, the ICO will gather evidence from XIUC and X.AI, analyzing their legal justifications and technical design choices, assessing the safeguards in place around the Grok system and closely liaising with the Office of Communications (“Ofcom”), the UK’s online safety regulator, and other relevant authorities. The ICO stated that no determination has been made yet regarding potential infringements, and any regulatory action will be based on the evidence and representations received from the companies.

This latest development builds on the ICO’s previous engagement with XIUC and X.AI. The ICO had already reached out to XIUC and X.AI for urgent information in January and is collaborating with Ofcom and other international authorities.

Read the ICO’s press release here.