Sexual deepfakes from Grok on X: EU Commission opens new DSA procedure
EU Commission, as the supervisory authority for the Digital Services Act, has initiated another procedure against X – this time due to the integration of Grok.
(Image: lilgrapher/Shutterstock.com)
The EU Commission has initiated a third procedure against Elon Musk's X. This concerns the interplay between the social media platform, formerly known as Twitter, and its in-house general-purpose AI model Grok. The latter has made headlines in recent weeks because the technology has partially generated content that is clearly punishable, such as nude images of minors, fantasy violence photos, and, in the view of the EU Commission, allegedly gender-based depictions of violence.
"Sexualized deepfakes of women and children are a violent, unacceptable form of degradation," says the responsible EU Commission Vice-President Henna Virkkunen. With the investigation now initiated, the supervisory authority wants to find out whether X has fulfilled its legal obligations or whether it has treated the rights of EU citizens as collateral damage for its service.
The Commission has recently been criticized for doing nothing despite obvious shortcomings. However, it currently has no direct leverage to deal with AI systems like Grok. The AI Regulation is not yet fully in force, and the Commission itself had only proposed a postponement of the rules for general-purpose AI systems like Grok a few weeks ago.
Risk Impact Assessment as Leverage
For its actions under the DSA, it is now using the closer link between the offering X, which is subject to the DSA supervisory regime, and Grok: X did not conduct a risk impact assessment before integrating the group's own AI offering – but this is mandatory according to Articles 34 and 35 of the legal framework. If such a risk impact assessment is not carried out, this can be penalized as a violation of the DSA rules. The platforms are obliged to provide their risk assessments.
Videos by heise
Currently, however, the EU Commission does not consider immediate action to be necessary – X has repeatedly tried in recent times to get the problems under control and to readjust its AI filters. Apparently, the EU Commission is confident that X is at least seriously interested in solving the problem.
Green MEP Alexandra Geese welcomed today's step: Finally, the EU Commission has drawn its best weapon to protect Europe from, according to Geese, the "tech oligarchs."
Second Decision Concerns Recommendation System
In a second aspect of today's decision, the EU Commission is demanding further information from Musk's platform on how the platform's recommendation system works, i.e., when which content is displayed to which users. This has long been the subject of investigations by the supervisory authority at X. The reason for extending this investigation is also here the combination with the AI service Grok: X wants to have content selected by its AI recommended to users.
While national supervisory authorities are responsible for all offerings with fewer than 40 million monthly active users in the EU with its nearly 450 million inhabitants, the EU Commission is the supervisory authority for Very Large Online Platforms (VLOP) and Very Large Online Search Engines (VLOSE). The DSA contains the fundamental rules under which companies are exempted from legal liability for user content on their services and has been in force since February 2024. Under the DSA, supervisory authorities have extensive rights; they can seize documents from providers, question witnesses, and impose fines to enforce cooperation.
DSA Only One Applicable Legal Framework
For the investigation at X, the Commission in Brussels is working closely with the Irish DSA supervisory authority: The European subsidiary, called X International Unlimited Company (XUIC), is based in Dublin. However, the Digital Services Act is only one of a whole series of legal frameworks that can be applied to the Nudify problem: In addition to national criminal law, data protection law, and, if applicable, civil law claims for damages and injunctions are also possible. However, these are not pursued by the EU Commission.
Whether further possibilities will arise with the planned amendments to the AI Act is currently still open. Last week, clear wishes of this kind were expressed from the European Parliament that the problem that has now arisen should be addressed more strongly in the course of the deliberations on the so-called Digital Omnibus.
(mki)
