The Information Commissioner’s Office (ICO) has opened an investigation into X, the owner of AI tool Grok, after reports that the platform has been used to generate non consensual sexual imagery of individuals, including children.

The probe will also explore concerns about the use of personal data in relation to the technology.

The move comes weeks after Ofcom opened a formal investigation into the company under the Online Safety Act to assess whether the platform has complied with its legal duties to protect users in the UK from illegal content, including sexual abuse materials of adults and children.

On Tuesday, the ICO said that the creation and circulation of this content raises “serious concerns” under UK data protection law and presents a risk of “significant potential harm” to the public.

It explained that these concerns relate to whether personal data has been processed "lawfully, fairly and transparently", and if appropriate safeguards have been built into the platform's design and deployment to prevent the generation of harmful manipulated images using personal data.

"Where those safeguards fail, individuals lose control of their personal data in ways that expose them to serious harm," said the organisation. "Examining these risks is central to the ICO’s role in protecting people’s rights and holding organisations to account as they design and deploy AI technology."

The ICO's executive director regulatory risk & innovation William Malcolm said that the organisation organisation is working closely with Ofcom and international regulators to ensure their roles are "aligned" and that "people’s safety and privacy are protected."

“The reports about Grok raise deeply troubling questions about how people’s personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this," continued Malcolm. "Losing control of personal data in this way can cause immediate and significant harm. This is particularly the case where children are involved."

The announcement follows a previous public statement from the ICO in early January in which it said it had contacted X and X.AI to seek urgent information about the reports of harmful sexualised imagery.

“Our investigation will assess whether XIUC and X.AI have complied with data protection law in the development and deployment of the Grok services, including the safeguards in place to protect people’s data rights," added Malcolm. "Where we find obligations have not been met, we will take action to protect the public."

---