The Irish Data Protection Commission (DPC) is the latest regulator to open an investigation into Elon Musk's X following repeated reports of harmful image generation by the platform's Grok AI chatbot.

The DPC confirmed today it is launching the probe under section 110 of the Data Protection Act 2018.

Officials said the inquiry will focus on Grok AI and the nude or nearly nude images users prompted it to create from photographs of people, which could be viewed by others on the platform.

X's safety team said in January that it had blocked its Grok tool from making these edits: "We have implemented technological measures to prevent the Grok account from allowing the editing of images of real people in revealing clothing..."

In a statement, the Irish DPC said: "The inquiry concerns the apparent creation, and publication on the X platform, of potentially harmful, non-consensual intimate and/or sexualized images, containing or otherwise involving the processing of personal data of EU/EEA data subjects, including children, using generative artificial intelligence functionality associated with the Grok large language model via the Grok account within the X platform."

The DPC will determine whether X violated various aspects of the GDPR, including Articles 5, 6, 25, and 35, that are related to principles and lawfulness of data processing, data protection by design and default, and data protection impact assessment requirements.

"The DPC has been engaging with [X] since media reports first emerged a number of weeks ago concerning the alleged ability of X users to prompt the Grok account on X to generate sexualized images of real people, including children," said deputy commissioner Graham Doyle. 

"As the lead supervisory authority for [X] across the EU/EEA, the DPC has commenced a large-scale inquiry which will examine [X] compliance with some of their fundamental obligations under the GDPR in relation to the matters at hand."

A little late to the party, the DPC joins the likes of the European Commission, the UK's ICO and Ofcom, Australia, Canada, India, Indonesia, and Malaysia in opening cases against the platform. 

The French also have a broad investigation ongoing since January, the scope of which continues to widen as more issues emerge.

• EU looking into Elon Musk's X after Grok produces deepfake sex images
• Ofcom officially investigating X as Grok's nudify button stays switched on
• UK to properly probe xAI to test if its revolting robo-smut generator broke the law
• X marks the raid: French cops swoop on Musk's Paris ops

X's lawyers are going to be busy, not just with the number of open investigations but under the different laws they will have to defend themselves against.

While both are EU authorities, the DPC and the European Commission's investigations are probing the same activity within the confines of GDPR and the Digital Services Act, respectively. 

Likewise, the UK's ICO and Ofcom regulate from different angles. The ICO will probe it from a data protection perspective, while Ofcom, the communications watchdog, is responsible for policing the Online Safety Act.

X is accused of allowing users to prompt its Grok AI chatbot to digitally undress images of real people without their consent. Investigations will also determine whether these cases included images of children.

The company responded by complying with initial requests from the regulators, and revoked Grok's image-generation capabilities for free X users, reserving it only for paid subscribers to the platform. It subsequently widened the restriction to all users. ®