Brazil: National Data Protection Authority, Federal Public Prosecutor's Office, and National Consumer Secretariat determined measures reported by X are insufficient and imposed additional obligations

On 11 February 2026, the National Data Protection Authority (ANPD), the Federal Public Prosecutor’s Office (MPF), and the National Consumer Secretariat (Senacon) concluded that the measures reported by X in response to a joint recommendation were insufficient to address flaws in the Grok artificial intelligence tool. The authorities found that the company had not provided evidence, technical documentation, or monitoring mechanisms demonstrating the effectiveness of the actions it claimed to have taken, and that preliminary tests indicated the continued generation and circulation of sexualised content involving children, adolescents, and non-consenting adults. ANPD and Senacon ordered X to immediately implement technical and organisational measures to prevent Grok from generating sexualised or eroticised content involving minors and identifiable adults without consent, across all versions and modalities of the system. They also required the company to submit detailed documentation demonstrating the effectiveness of the corrective actions within five business days. The MPF required X to provide monthly reports detailing its efforts to prevent and address the production of non-consensual deepfakes, including quantitative data on content removals and account suspensions, and noted a lack of transparency in the company’s response. The three authorities are continuing their respective investigations within their legal mandates. They indicated that failure to comply with the orders may result in further measures, including fines, administrative sanctioning proceedings, or additional investigative and judicial actions.