United Kingdom: Information Commissioner's Office opened formal investigations into X Internet Unlimited Company and X.AI LLC

On 3 February 2026, the Information Commissioner’s Office (ICO) opened formal investigations into X Internet Unlimited Company (XIUC) and X.AI LLC (X.AI) regarding the processing of personal data by the Grok artificial intelligence (AI) system. The investigation follows reports that the AI tool was used to generate non-consensual sexual imagery, including content involving children, which raises concerns regarding compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The ICO aims to evaluate whether personal data was processed lawfully, fairly, and transparently, and if appropriate safeguards were implemented during the design and deployment of Grok to prevent the generation of harmful synthetic content. The ICO will gather evidence, examine technical design choices, and assess risk mitigation strategies. If infringements are confirmed, the ICO may issue enforcement notices or impose financial penalties of up to GBP 17.5 million or 4% of the annual worldwide turnover of the organisations.