The European Commission has launched a new formal investigation against X under the Digital Services Act (DSA). In parallel, the Commission extended its ongoing investigation launched in December 2023 into X's compliance with its recommender systems risk management obligations.
The new investigation will assess whether the company properly assessed and mitigated risks associated with the deployment of Grok's functionalities into X in the EU. This includes risks related to the dissemination of illegal content in the EU, such as manipulated sexually explicit images, including content that may amount to child sexual abuse material.
These risks seem to have materialised, exposing citizens in the EU to serious harm. In light of this, the Commission will further investigate whether X complies with its DSA obligations to:
- Diligently assess and mitigate systemic risks, including of the dissemination of illegal content, negative effects in relation to gender-based violence, and serious negative consequences to physical and mental well-being stemming from deployments of Grok's functionalities into its platform.
- Conduct and transmit to the Commission an ad hoc risk assessment report for Grok's functionalities in the X service with a critical impact on X's risk profile prior to their deployment.
Separately, the Commission has extended its ongoing formal proceedings opened against X in December 2023 to establish whether X has properly assessed and mitigated all systemic risks, as defined in the DSA, associated with its recommender systems, including the impact of its recently announced switch to a Grok-based recommender system.
If proven, these failures would constitute infringements of Articles 34(1) and (2), 35(1) and 42(2) of the DSA. The Commission will now carry out an in-depth investigation as a matter of priority. The opening of formal proceedings does not prejudge its outcome.
In preparing for this investigation, the Commission has closely collaborated with Coimisiún na Meán, the Irish Digital Services Coordinator. Further, Coimisiún na Meán will be associated to this investigation, pursuant to Article 66(3), as the national Digital Services Coordinator in the country of establishment in the EU.
Next steps
The Commission will continue to gather evidence, for example by sending additional requests for information, conducting interviews or inspections, and may impose interim measures in the absence of meaningful adjustments to the X service.
The opening of formal proceedings empowers the Commission to take further enforcement steps, such as adopting a non-compliance decision. The Commission is also empowered to accept any commitment made by X to remedy the matters subject to the proceeding.
The opening of formal proceedings relieves Digital Services Coordinators, or any other competent authority of EU Member States, of their powers to supervise and enforce the DSA in relation to the suspected infringements.
Background
Grok is an artificial intelligence ('AI') tool developed by the provider of X. Since 2024, X has deployed Grok in its platform in various ways. These deployments, for example, enable users to generate text and images and to provide contextual information to users' posts.
As a designated very large online platform (VLOP) under the DSA, X has the obligations to assess and mitigate any potential systemic risks related to its services in the EU. These risks include the spread of illegal content and potential threats to fundamental rights, including of minors, posed by its platform and features.
This investigation complements and extends the investigation launched on 18 December 2023 , which focuses on the functioning of X's notice and action mechanism, its mitigation measures against illegal content, such as terrorist material, in the EU, and risks associated with its recommender systems.
These proceedings covered also the use of deceptive design, the lack of advertising transparency and insufficient data access for researchers, for which the Commission adopted a non-compliance decision on 5 December 2025, fining X €120 million. On 19 September, the Commission sent to X a request for information related to Grok, including also questions in relation to the antisemitic content generated by @grok in mid-2025.
Help and support is available at national level for individuals who have been negatively affected by AI-generated images, including child sexual abuse material or non-consensual intimate images. Under the DSA, citizens have the right to make a complaint about a breach of the DSA to the Digital Services Coordinator of their Member State.
