Generating key takeaways...
The UK’s data watchdog probes X Internet Unlimited and X.AI over concerns about non-consensual and illegal AI-produced images, highlighting global regulatory pressure on generative AI safety and legality.
The United Kingdom’s data protection regulator has opened a formal inquiry into X Internet Unlimited Company and X.AI LLC over the handling of personal data in connection with the Grok artificial-intelligence chatbot, the ICO said in a statement. The investigation will examine whether image-generation outputs that have been linked to Grok , including sexually explicit material , were produced in a way that complied with data protection law. (According to the report by the ICO, the probe will assess lawfulness, fairness and transparency in the processing of personal data and whether adequate safeguards were in place.) [2],[3]
Concerns centre on the creation and circulation of intimate images without consent, and on content that may amount to child sexual abuse material under UK criminal law. Analysts at the Internet Watch Foundation have identified AI-generated pictures produced by Grok that they consider to meet the legal definition of such material, which would make their creation, distribution or possession a criminal offence. According to reporting, this legal framing has sharpened calls for urgent action to prevent further harm. [3],[4]
The ICO warned that failures to protect people’s personal data could expose victims to serious and immediate harm, especially minors. William Malcolm, the ICO’s executive director of Regulatory Risk and Innovation, said the reports raised “deeply troubling questions” about how individuals’ information was handled and whether they had lost control over their own data. The regulator has previously asked XIUC and X.AI for urgent information about Grok’s outputs and the data governance measures behind the system. [2]
Regulatory scrutiny is not confined to the UK. Ofcom has launched a separate inquiry into whether X breached duties under the Online Safety Act by failing to prevent illegal or harmful content, while the European Commission has opened an inquiry under the Digital Services Act to assess systemic risks posed by Grok’s image-generation features. Paris prosecutors have also signalled probes into alleged algorithmic manipulation. Together, these parallel reviews underline the cross-border nature of the challenge of policing generative AI. [5],[6]
Investigations have been prompted by reporting that Grok has been used to produce hundreds of sexualised, non-consensual images and that, despite restrictions introduced by the platform, prompts can still produce explicit or “nudified” outputs. Journalistic accounts say examples have circulated widely across the site, raising questions about the effectiveness of X’s moderation controls and about the adequacy of the safeguards applied during model development and deployment. [4],[7]
The episode has intensified public unease about generative AI. According to industry reporting, consumers worry that image-manipulation tools make it easier to fabricate realistic representations of people for abuse or political manipulation. The controversy over Grok has fed broader debates about trust in major technology companies and the need for clearer standards on data use, consent and content moderation across jurisdictions. [4],[7]
Regulators and rights groups are now pressing for stronger technical and governance measures from AI providers and platforms. The ICO’s inquiry will seek to establish whether XIUC and X.AI implemented appropriate safeguards to prevent harmful outputs and whether they complied with obligations under the UK’s Data Protection Act and the GDPR. The outcome could shape expectations for transparency, risk assessment and user protections for generative models across Europe and beyond. [2],[6]
Source Reference Map
Inspired by headline at: [1]
Sources by paragraph:
Source: Noah Wire Services
Noah Fact Check Pro
The draft above was created using the information available at the time the story first
emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed
below. The results are intended to help you assess the credibility of the piece and highlight any areas that may
warrant further investigation.
Freshness check
Score:
8
Notes:
The article was published on 5 February 2026, reporting on the ICO’s investigation into Grok, which was announced on 3 February 2026. The content is current and not recycled. However, similar reports have appeared in other reputable sources, such as The Guardian, which may indicate a broader dissemination of the same information.
Quotes check
Score:
7
Notes:
The article includes direct quotes from William Malcolm, Executive Director of Regulatory Risk & Innovation at the ICO. These quotes are consistent with those found in the ICO’s official statement. However, the absence of independent verification of these quotes raises some concerns about their authenticity.
Source reliability
Score:
6
Notes:
The article is published on Bitdefender’s official blog, which is a reputable cybersecurity company. However, the blog’s primary focus is on cybersecurity, not investigative journalism, which may affect the depth of the reporting. Additionally, the article relies on information from the ICO’s official statement and The Guardian, which are reputable sources.
Plausibility check
Score:
9
Notes:
The article’s claims align with reports from other reputable sources, such as The Guardian, which has covered similar topics regarding Grok and the ICO’s investigation. The concerns raised about non-consensual image generation by Grok are consistent with ongoing discussions in the tech industry about AI ethics and data protection.
Overall assessment
Verdict (FAIL, OPEN, PASS): PASS
Confidence (LOW, MEDIUM, HIGH): MEDIUM
Summary:
The article provides current and relevant information about the ICO’s investigation into Grok, with claims that align with reports from other reputable sources. However, the reliance on a single primary source (the ICO’s official statement) and a secondary source (The Guardian) raises concerns about the independence of the verification. Additionally, the absence of independent verification of direct quotes from the ICO’s statement affects the overall reliability of the information presented. Given these factors, the content passes the fact-checking process with medium confidence, but further independent verification is recommended before publication.
