EU flag
EU | European Commission Docket: IP/26/203 • unknown
2026-01-26

Commission investigates Grok and X’s recommender systems under the Digital Services Act

Grok (xAI) formal_proceedings_opened; systemic_risk_assessment; ai_generated_sexual_deepfakes; recommender_systems_risk_management

I. Executive Summary

The European Commission opened formal proceedings under the Digital Services Act (DSA) to investigate whether X properly assessed and mitigated systemic risks linked to deploying Grok features in the EU, including dissemination of manipulated sexually explicit images that may include child sexual abuse material. The Commission also extended its ongoing (December 2023) proceedings concerning X’s recommender-systems risk-management obligations, including impacts of a Grok-based recommender system. The opening of proceedings does not prejudge the outcome, but enables evidence-gathering and potential further enforcement steps.

II. Conduct Analysis

X’s platform deployment of the generative AI feature “Grok” is alleged to have enabled creation and dissemination of manipulated sexually explicit imagery (including potential CSAM) and to have been deployed without adequate prior risk assessment/mitigation under the DSA. The Commission is examining both Grok-related systemic-risk controls and recommender-systems governance.

III. Legal Foundations

Digital Services Act: Articles 34(1)-(2) (systemic risk assessment); 35(1) (risk mitigation); 42(2) (audit-related obligations); Article 66(3) (association of national Digital Services Coordinator)

IV. Key Facts

Commission press release (Brussels) states a new formal investigation into X under the DSA focused on Grok functionalities and systemic risks, including manipulated sexually explicit content potentially amounting to CSAM. It notes the Commission will examine whether X complied with DSA obligations (including an ad hoc risk assessment report for Grok prior to deployment) and references potential infringements of DSA Articles 34(1)-(2), 35(1), and 42(2). The release also states the Commission extended ongoing proceedings opened in December 2023 concerning X’s recommender-systems risk-management obligations and that Ireland’s Digital Services Coordinator (Coimisiún na Meán) will be associated to the investigation.

V. Consequences & Sanction

Formal proceedings opened (procedural step); Commission empowered to gather evidence (e.g., requests for information, interviews, inspections) and may impose interim measures and/or later adopt a non-compliance decision. No monetary sanction was imposed by this opening act.