THE DATA PROTECTION Commission (DPC) has opened a formal inquiry into social media platform X over the creation and sharing of sexualised and non-consensual images through its AI chatbot Grok.

The inquiry, announced this morning, will investigate the handling of personal data in Grok’s AI functionality, with a focus on non-consensual and potentially harmful content involving EU and EEA residents, including children.

The DPC has said that the inquiry will examine whether X Internet Unlimited Company has breached GDPR rules, including obligations on lawful processing, data protection by design, and carrying out data protection impact assessments, particularly where EU citizens’ personal data has been used.

X Internet Unlimited Company (XIUC) is the current Irish-based legal entity and data controller for Elon Musk’s X platform. The company was notified of the DPC investigation yesterday.

The DPC inquiry follows the announcement of a similar investigation by the UK’s Information Commissioner’s Office into X.

DPC Deputy Commissioner Graham Doyle said they had been in contact with X following media reports highlighting the platform’s AI-powered Grok account.

“As the Lead Supervisory Authority for XIUC across the EU/EEA, the DPC has commenced a large-scale inquiry which will examine XIUC’s compliance with some of their fundamental obligations under the GDPR in relation to the matters at hand,” Doyle said.

The inquiry comes after a series of reports that Grok generated an estimated three million sexualised images of adults and children within days, including roughly 23,000 images that appear to depict minors.

The AI tool, developed by Elon Musk’s xAI and integrated into X, allowed users to manipulate images of real people with simple prompts such as “put her in a bikini” or “remove her clothes.”

The revelations sparked global outrage, with regulators in multiple countries opening investigations, and some, including the Philippines, temporarily banning the tool.

Here, gardaí revealed last month that they were investigating 200 reports about suspected child sexual abuse material linked to Grok.

The controversy has drawn scrutiny from public figures and politicians, with Minister for AI Niamh Smyth saying she does not trust X and questioning whether the platform had actually disabled the tool worldwide.

Smyth told the Oireachtas that corrective measures had reportedly been taken by X, but independent checks suggested the restrictions were geoblocked only in certain jurisdictions rather than globally.

The scandal has also prompted public bodies, such as Dublin City Council, to suspend their accounts on X.