The Department for Science, Innovation and Technology (DSIT) published a statement on 9 January 2026 confirming that Technology Secretary Liz Kendall expects Ofcom to act swiftly following reports that xAI’s Grok can still generate sexualised images, including of children. She signalled support for Ofcom to use the full range of Online Safety Act powers, reminded xAI that services can be blocked in the UK if they refuse to comply, and pointed to forthcoming measures to ban ‘nudification’ tools and criminalise the creation of intimate images without consent. ([gov.uk](https://www.gov.uk/government/news/technology-secretary-statement-on-xais-grok-image-generation-and-editing-tool))
Ofcom has made urgent contact with X and xAI to understand the steps taken to meet legal duties to protect users in the UK. The regulator says it will rapidly assess whether potential compliance issues warrant investigation. The Information Commissioner’s Office has separately sought information on data protection compliance related to Grok’s outputs. ([news.sky.com](https://news.sky.com/story/ofcom-makes-urgent-contact-with-x-over-concerns-grok-ai-can-generate-sexualised-images-of-children-13490863?utm_source=openai))
Under the Online Safety Act 2023, Ofcom can impose fines up to the higher of £18 million or 10% of global annual revenue for breaches. In serious or persistent non‑compliance, the regulator may seek court‑ordered business disruption and access restriction measures, which can require UK intermediaries to impede access to a service or limit ancillary services such as payments and advertising. ([cnbc.com](https://www.cnbc.com/2024/12/16/britains-ofcom-brings-tough-online-safety-act-duties-into-force.html?utm_source=openai))
Ofcom’s first illegal‑harms codes and risk‑assessment guidance were finalised in December 2024. Providers were required to complete illegal‑content risk assessments by 16 March 2025 and implement proportionate safety measures from 17 March 2025, or adopt equally effective alternatives. Those duties apply to in‑scope user‑to‑user and search services, and enforcement is now active. ([reuters.com](https://www.reuters.com/world/uk/britain-sets-first-codes-practice-tech-firms-online-safety-regime-2024-12-16/?utm_source=openai))
For intimate image abuse, government policy already requires platforms to proactively remove and prevent sharing of intimate images without consent, which was designated a ‘priority offence’ under the Online Safety Act in September 2024. Criminal law separately covers child sexual abuse material and threats to share intimate images. ([gov.uk](https://www.gov.uk/government/news/crackdown-on-intimate-image-abuse-as-government-strengthens-online-safety-laws?utm_source=openai))
The creation of intimate images without consent is the subject of pending criminal offences. The Ministry of Justice confirmed in January 2025 that new offences-including creating sexually explicit deepfakes and taking an intimate image without consent-will be legislated through the Crime and Policing Bill. Ministers have also announced plans to ban ‘nudification’ tools that generate fake nudes of real people. These changes require the Bill’s passage and commencement before taking effect. ([gov.uk](https://www.gov.uk/government/publications/crime-and-policing-bill-2025-factsheets/crime-and-policing-bill-justice-factsheet-moj?utm_source=openai))
Ofcom published its final guidance on improving the safety of women and girls online on 25 November 2025, setting expectations across product design, moderation, reporting and user support. While guidance is not a statutory code, Ofcom has said it will monitor delivery and consider further recommendations to government if industry action falls short, with an update expected in 2027. ([ofcom.org.uk](https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/a-safer-life-online-for-women-and-girls/))
Applied to xAI and X, compliance will be assessed against illegal‑harms duties, child‑safety requirements and whether proportionate technical and operational measures are in place to prevent the generation and dissemination of illegal content and non‑consensual intimate images. If Ofcom identifies breaches, it can gather information, issue confirmation decisions, levy penalties and, if necessary, seek court‑approved service or access restrictions to protect UK users. ([ofcom.org.uk](https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/time-for-tech-firms-to-act-uk-online-safety-regulation-comes-into-force?utm_source=openai))
Parliamentary scrutiny has intensified. The Science, Innovation and Technology Committee and the Culture, Media and Sport Committee both wrote on 9 January 2026 seeking details from Ofcom on enforcement in relation to Grok, following the regulator’s confirmation of urgent contact with the companies. ([committees.parliament.uk](https://committees.parliament.uk/committee/135/science-innovation-and-technology-committee/news/211248/committee-presses-government-and-ofcom-for-details-on-action-against-ai-intimate-deepfakes/?utm_source=openai))
What this means in practice is a compressed timetable for platforms offering image‑generation or editing features. Compliance teams should revisit illegal‑harms risk assessments in light of generative functions, evidence effective age‑assurance where relevant, and align operations with Ofcom’s guidance on protecting women and girls. Victims can continue to report illegal content to law enforcement and raise data‑protection concerns with the ICO while the Crime and Policing Bill progresses. ([ofcom.org.uk](https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/a-safer-life-online-for-women-and-girls/))