EC announces formal investigation into Grok and X’s recommender systems

The European Commission has formally launched an investigation into the social media platform X under the Digital Services Act (DSA). At the same time, the Commission is looking into X’s compliance with its recommender systems risk management obligations.

X has been under scrutiny for a while for sexualizing women on the social media platform. Earlier this month, Grok generated a photo of a 14-year-old actress wearing a bikini, while in fact she was wearing a dress. The same thing happened to numerous women.

In response, X’s Safety account posted an apology and promised to take action against illegal content on X, including child sexual abuse material (CSAM). “Anyone using or prompting Grok to make illegal content will suffer the same consequences as if they upload illegal content,” X owner Elon Musk added.

The European Commission aims to assess whether X has conducted sufficient research into the risks of Grok, and whether sufficient measures have been taken to mitigate those risks. The executive branch of the EU specifically mentions risks against the distribution of illegal content, such as manipulated sexually explicit images.

According to the European Commission, these risks have “materialized,” exposing European citizens to “serious harm.” Therefore, the Commission wants to know whether X has examined these risks before releasing Grok.

To get answers, an in-depth investigation has been launched and is considered a matter of priority. According to a press release, this empowers the European Commission to take further enforcement steps, such as adopting a non-compliance decision. The Commission is also empowered to accept any commitment made by X to remedy the matters subject to the proceeding.

“Sexual deepfakes of women and children are a violent, unacceptable form of degradation. With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens, including those of women and children, as collateral damage of its service,” Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, says in a response.

In a separate investigation, the European Commission has extended an ongoing proceedings against X to determine whether it has properly assessed and mitigated all systemic risks associated with its recommender systems, including the impact of its recently announced switch to a Grok-based recommender system.

In December 2025, X was issued a fine of €120 million for breaching transparency rules under the DSA. The European Commission ruled that anyone can obtain a “verified” status without X meaningfully verifying who is behind the account, exposing users to scammers, impersonation, and other forms of online fraud.