Ireland’s Data Protection Commission (DPC) has opened a formal investigation into social media platform X over concerns related to its AI chatbot, Grok. The announcement was made on February 17, 2026. Ireland acts as X’s lead regulator in the European Union because the company’s EU headquarters is located in Dublin. The inquiry will examine whether X breached EU data protection rules.
The investigation focuses on Grok’s image-generation and image-editing features. Reports have raised concerns that users were able to create sexualized images of real people without consent. Some of the reported content allegedly included explicit material and images that appeared to involve minors. These allegations triggered regulatory scrutiny across Europe.
The DPC will assess whether X complied with the General Data Protection Regulation (GDPR). GDPR requires companies to process personal data lawfully and transparently. It also requires firms to apply “data protection by design and by default” when launching new technologies. Regulators will review whether proper safeguards and risk assessments were in place before Grok’s features were released.
If violations are confirmed, X could face significant financial penalties. Under GDPR, fines can reach up to 4 percent of a company’s global annual revenue. The Irish regulator has not reached any conclusions yet. However, opening a formal probe signals that authorities consider the matter serious.
This move follows action at the European level earlier in January 2026. The European Commission launched its own inquiry into X over Grok’s ability to generate sexualized images. That review is being conducted under the EU’s broader digital safety framework. It adds further regulatory pressure on the platform.
Grok was developed by xAI, the artificial intelligence company linked to Elon Musk. The tool is integrated into X and allows users to generate and edit images using AI. While X has introduced certain restrictions, regulators are examining whether those measures were strong enough. The key concern is whether safeguards effectively prevented misuse and non-consensual content creation.
Authorities in other countries have also taken interest in the issue. The United Kingdom’s data protection watchdog has started reviewing AI-generated content on X. In France, authorities have also taken steps connected to concerns about moderation and AI tools. These parallel reviews show that scrutiny of AI platforms is increasing internationally.
The Irish DPC stated that its investigation will specifically examine how personal data may have been processed in creating AI-generated images. This includes reviewing compliance with GDPR principles and impact assessment requirements. The investigation is ongoing, and no penalties have been announced so far. The case highlights the growing balance regulators are trying to strike between AI innovation and strict privacy protections.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
