Lisa Mariana
The European Union has initiated formal proceedings against Elon Musk’s social media enterprise, X, specifically targeting its artificial intelligence tool, Grok, amidst allegations of its instrumental role in the creation and dissemination of sexually explicit deepfake content depicting real individuals, marking a significant escalation in digital platform accountability under the bloc’s stringent regulatory framework. This significant development places X under intense regulatory pressure from Brussels, building upon previous scrutiny and underscoring the EU’s resolve to enforce its comprehensive digital safety legislation.
The European Commission’s decision to launch a formal investigation into X stems from mounting concerns that Grok, a generative AI model integrated into the platform, has been exploited to produce non-consensual intimate imagery (NCII), commonly known as deepfakes. These sophisticated synthetic media involve the manipulation of existing images or videos to create realistic, yet fabricated, depictions of individuals in sexually compromising situations without their consent. The implications of such content are profound, ranging from severe psychological distress for victims to reputational damage and the erosion of trust in digital information. The Commission’s inquiry will rigorously assess whether X has failed to adequately address the risks associated with Grok’s capabilities and its potential for misuse, particularly concerning the exposure of manipulated sexually explicit content to users within the European Union. This regulatory action follows a similar move by the United Kingdom’s communications regulator, Ofcom, which had already announced its own investigation into the matter, signaling a growing international consensus on the urgent need to address the challenges posed by generative AI and its potential for harm.
The legal bedrock for the European Commission’s investigation is the Digital Services Act (DSA), a landmark piece of legislation designed to create a safer, more accountable online environment. The DSA imposes far-reaching obligations on Very Large Online Platforms (VLOPs) like X, which are designated based on their substantial user base within the EU. These obligations include conducting rigorous risk assessments, implementing robust content moderation mechanisms, and taking proactive measures to prevent the spread of illegal and harmful content. For X, the investigation will scrutinize its compliance with DSA articles pertaining to illegal content, especially Article 34, which mandates VLOPs to assess and mitigate systemic risks, and Article 35, which requires transparent and effective content moderation systems. The creation and dissemination of non-consensual intimate imagery unequivocally falls under the category of illegal content in many EU member states, making X’s potential failure to prevent its generation and proliferation a critical area of concern.
Representatives from the European Parliament have vocalized strong concerns regarding X’s adherence to its legal responsibilities. Regina Doherty, an influential Member of the European Parliament from Ireland, articulated the gravity of the situation, emphasizing the fundamental requirement for platforms operating within the EU to meet their obligations in assessing risks and preventing the spread of illegal and harmful material. Her statement underscored the principle that no corporate entity, regardless of its size or global reach, is exempt from the regulatory framework established by the European Union. This sentiment reflects a broader legislative intent to ensure that powerful technological tools are deployed responsibly and do not undermine fundamental rights or societal safety. The Irish media regulator, Coimisiún na Meán, echoed these concerns, explicitly stating that there is no place in society for non-consensual intimate imagery abuse or child sexual abuse material, reinforcing the moral and ethical imperative behind the regulatory intervention.
In response to the escalating criticism, X’s official Safety account had previously issued a statement acknowledging the issue and claiming to have implemented measures to prevent Grok from digitally altering pictures of individuals to remove their clothing in "jurisdictions where such content is illegal." While this suggests an attempt to mitigate the problem, critics and advocacy groups argue that such a reactive approach is insufficient. Campaigners and victims of deepfake abuse have vociferously contended that the inherent capability to generate sexually explicit images using the AI tool should have been proactively prevented from its inception. The ethical onus, they argue, lies with the developers and platform operators to design AI systems with robust safeguards against misuse, rather than relying on post-facto content removal or geo-blocking. The ongoing nature of Ofcom’s investigation in the UK, despite X’s stated measures, further indicates that regulatory bodies remain unconvinced by the platform’s current preventative framework.
The scale of Grok’s image generation capabilities adds another layer of complexity to the regulatory challenge. Public data shared by the Grok account on X indicated that over 5.5 billion images were generated by the tool within a mere 30-day period. This staggering volume highlights the immense difficulty of effectively monitoring and moderating AI-generated content at scale. The sheer speed and volume at which such content can be created and potentially disseminated present significant challenges for any content moderation system, raising questions about whether X’s current infrastructure is equipped to handle the risks inherent in its own generative AI offerings. The investigation will undoubtedly delve into the technical mechanisms, safety-by-design principles, and human oversight processes X has (or has not) implemented to manage this prolific content generation.
The current investigation is not an isolated incident but rather an extension of broader regulatory scrutiny X has faced in Europe. The European Commission had already launched a formal investigation into X in December 2023, primarily focusing on risks associated with its recommender systems – the algorithms that curate and suggest specific posts to users. Concerns center on whether these algorithms amplify disinformation, hate speech, and other harmful content, potentially contributing to societal polarization and undermining democratic discourse. The extension of this ongoing investigation to include the deepfake allegations underscores the interconnectedness of platform design, algorithmic choices, and content moderation in shaping the online experience and preventing harm. Regulators are increasingly looking at the entire ecosystem of a platform, from its foundational AI tools to its content amplification mechanisms, to ensure comprehensive compliance with digital safety standards.
The European Union has demonstrated its willingness to impose significant penalties on platforms that fail to adhere to its regulations. Just a month prior to this latest investigation, X was fined a substantial €120 million (approximately £105 million) over its "blue tick" verification badges. The Commission ruled that these badges, which were previously associated with verified identities, now deceive users by not "meaningfully verifying" who is behind an account, thereby eroding trust and potentially facilitating impersonation or misinformation. This earlier fine highlights the EU’s proactive enforcement posture and its readiness to utilize the financial penalties stipulated under the DSA, which can reach up to 6% of a company’s global annual turnover for severe breaches. The potential financial implications for X, should it be found in violation of the DSA regarding Grok AI, could therefore be substantial.
Elon Musk’s public stance and reactions to regulatory oversight have often been characterized by skepticism and defiance. Following the Commission’s announcement, he posted an image on X that appeared to make light of the new restrictions imposed on Grok. He has previously criticized similar scrutiny, particularly from the UK government, dismissing it as "any excuse for censorship." This perspective reflects a broader philosophical clash between the concept of "free speech absolutism," often championed by Musk, and the regulatory imperative to balance freedom of expression with the prevention of harm and the protection of vulnerable individuals online. This tension is further exacerbated by responses from some US political figures, such as Secretary of State Marco Rubio and the Federal Communications Commission (FCC), who have accused the EU of attacking and censoring American tech firms, a sentiment echoed and amplified by Musk. Such geopolitical dimensions add complexity to the ongoing regulatory battles, framing them not just as compliance issues but as potential clashes of digital governance philosophies across continents.
The implications of this investigation are far-reaching, not only for X but for the broader landscape of generative AI and digital content governance. For X, a finding of non-compliance could result in substantial financial penalties, the imposition of interim measures (such as requiring immediate changes to Grok’s functionality or content moderation practices), and a significant reputational blow. The EU regulator has explicitly stated its capacity to impose such interim measures if X fails to implement meaningful adjustments, signaling a clear intent to enforce its directives. Beyond X, this case sets a critical precedent for how regulatory bodies will approach the governance of emerging AI technologies. It underscores the urgent need for developers and platforms to incorporate ethical considerations and safety-by-design principles into their AI systems from the outset, anticipating and mitigating potential harms before they manifest at scale.
The investigation also highlights the ongoing global debate regarding AI regulation. While the EU has adopted a comprehensive legislative framework with the DSA and the upcoming AI Act, other jurisdictions are still developing their approaches. The outcome of the X/Grok investigation could influence policy discussions and regulatory strategies worldwide, demonstrating the practical challenges and enforcement mechanisms required to tame the wild frontier of artificial intelligence. It emphasizes that while AI offers immense potential for innovation, it also carries significant risks that demand robust oversight and accountability. The European Union’s unwavering commitment to its digital rules, articulated by MEP Doherty’s assertion that "those rules must mean something in practice," signals a resolute intent to shape a digital future where powerful technologies serve humanity responsibly, and where corporate power is tempered by clear legal obligations designed to protect people online.
Ridwan Kamil
Safa Marwah
Aura Kasih
Ayu Aulia