A political agreement on March 11 regarding AI Act amendments has introduced a clear ban on non-consensual intimate AI-generated images, following the Grok scandal.
It took a scandal, regulatory frustration, and a coalition of 57 European Parliament members to achieve this, but the EU’s landmark AI Act now includes a ban on non-consensual sexual deepfakes.
On March 11, 2026, EU lawmakers reached a political agreement on amendments to the bloc’s AI law, with the prohibition of AI-generated non-consensual intimate images, including child sexual abuse material, becoming a significant item in the agreement.
The deal, made between centre-right and centre-left European Parliament lawmakers, also features eased compliance rules for AI systems within sector-regulated products like medical devices and industrial machinery.
The package is part of the broader AI Act Omnibus, a set of amendments being negotiated to streamline and sometimes strengthen the 2024 law as it progresses toward full applicability.
The sexual deepfakes ban was not initially part of the Omnibus negotiations. It was added following a notable AI controversy impacting European regulators: the Grok affair.
In late December 2025, Elon Musk’s AI company xAI updated its Grok chatbot on the social media platform X, with a new image-editing feature. Soon after, users abused it to create realistic sexualized images of real women and girls without their consent, including content depicting minors as child sexual abuse material.
Between January 5 and 6, researchers at the Paris nonprofit AI Forensics estimated at least 6,700 sexual images were created using the tool.
The European Commission responded quickly, labeling the content as ‘appalling’ and ‘clearly illegal,’ stating it had ‘no place in Europe.’
The Commission ordered X to keep all internal documents and data related to Grok until the end of 2026 and initiated a formal investigation into potential breaches of the Digital Services Act, which allows fines of up to 6% of a company’s global annual revenue. X, already fined €120 million for transparency violations in advertising in December 2025, faced two regulatory actions simultaneously.
Under growing pressure, xAI limited Grok’s nudification features first to paying subscribers, then to all users in places where such imagery is illegal.
However, AI Forensics found users could still override the restrictions, and the Commission remained dissatisfied. France, Germany, and the UK initiated national investigations. Malaysia and Indonesia completely blocked access to Grok.
Importantly, on March 11, the European Commission confirmed that existing EU laws, including the currently written AI Act, did not prohibit AI systems that generate child sexual abuse material or sexually explicit deepfake nudes. This legal gap, acknowledged by the Commission in a letter to a European Parliament lawmaker, drove the Omnibus amendment.
France and Spain led the push for the explicit ban in the Omnibus negotiations, with Germany and Slovakia joining them in threatening to block the proposal unless included. The EU Council added the prohibition to their position in a last-minute move on March 10. The Parliament followed on the next day.
The agreement now awaits a committee vote on March 18, before advancing to further parliamentary and Council stages. The Greens have objected to aspects of the package concerning industrial AI deregulation, which may lead to changes in the final text.
The Commission’s review of which AI practices should be formally prohibited, delayed past its August 2025 deadline, is expected to conclude in April.
The Grok incident highlighted a structural issue in the EU’s method for regulating AI-generated harmful content: the legislation’s creators did not foresee the rapid development of capable, public-facing image-generation tools or their potential for misuse.
Ireland’s data protection regulator, Coimisiún na Meán, is anticipated to aid the EU-level DSA investigation. French prosecutors have expanded an existing inquiry into X to include allegations that Grok was used to spread child sexual abuse material.
For Elon Musk, this event poses a new challenge in an already tense relationship with Brussels. X has frequently disputed EU regulatory findings, and Musk has publicly criticized the DSA.
The decision to begin a formal investigation into Grok, along with EU-US trade tensions complicating transatlantic tech relations in 2026, suggests ongoing friction.