The inquiry, launched on behalf of the EU, will assess whether X complied with its obligations under the General Data Protection Regulation (GDPR) after reports emerged that Grok was used to generate and share sexualized deepfake images of real people, including content involving women and minors, without their consent.

Because X’s European headquarters are in Dublin, the Irish watchdog acts as the lead EU regulator for the company. If the investigation finds GDPR breaches, X could face fines of up to 4 % of its global revenue.

The controversy around Grok began earlier this year when a Paris-based research group uncovered large numbers of sexually suggestive images created by the chatbot in response to simple user prompts. In some cases, images appeared to involve children, sparking widespread concern among regulators and civil society groups.

In response to backlash, X restricted Grok’s image-generation and editing features, limiting them to paying users and changing some functionality. However, regulators have said those measures have not fully addressed the risks.

The Irish probe adds to a broader wave of scrutiny: the European Commission is conducting a separate investigation under the Digital Services Act (DSA) into how the company handles harmful content, and data protection authorities in other countries, including the United Kingdom and France, are also examining possible legal violations related to Grok’s outputs.