Nextwebworlds

EU lawmakers deal to ban AI nonconsensual intimate deepfakes

It took a scandal, a wave of regulatory anger, and a coalition of 57 European Parliament members to get there, but the EU's landmark AI Act will now contain an explicit ban on non-consensual sexual deepfakes.

On 11 March 2026, EU lawmakers struck a political deal on a package of amendments to the bloc's AI law, with the prohibition of AI-generated non-consensual intimate images, including child sexual abuse material, emerging as one of the most contested and consequential items in the agreement.

The deal, brokered between centre-right and centre-left lawmakers in the European Parliament, also includes eased compliance rules for AI systems embedded in sector-regulated products such as medical devices and industrial machinery.

The package forms part of the broader AI Act Omnibus, a set of amendments being negotiated to streamline and in some cases strengthen the 2024 law as it moves toward full applicability.

The sexual deepfakes ban was never meant to be part of the Omnibus negotiations. It was inserted following one of the most high-profile AI controversies to hit European regulators in recent memory: the Grok affair.

In late December 2025, Elon Musk's AI company xAI updated its Grok chatbot, integrated into the social media platform X, with a new image-editing feature. Within days, users were exploiting it to generate realistic sexualised images of real women and girls without their consent, including content that regulators said depicted minors in a manner that constituted child sexual abuse material.

Between 5 and 6 January alone, researchers at Paris nonprofit AI Forensics estimated that at least 6,700 sexual images were generated via the tool.

The European Commission responded quickly. Its digital affairs spokesperson publicly described the content as ‘appalling' and ‘clearly illegal', saying it had ‘no place in Europe'.

The Commission ordered X to retain all internal documents and data related to Grok until the end of 2026 and subsequently opened a formal investigation into whether the platform had breached the Digital Services Act, a law that can impose fines of up to 6 per cent of a company's global annual revenue. X, which the Commission had already fined €120 million in December 2025 for transparency violations in advertising, found itself simultaneously facing two separate regulatory fronts.

Under mounting pressure, xAI restricted Grok's nudification capabilities first to paying subscribers, then to all users in jurisdictions where such imagery is illegal.

But AI Forensics found that users could still bypass the restrictions, and the Commission remained unsatisfied. National investigations followed in France, Germany, and the United Kingdom. Malaysia and Indonesia blocked access to Grok entirely.

Crucially, however, the European Commission confirmed on 11 March that existing EU law, including the AI Act as currently written, did not ban AI systems capable of generating child sexual abuse material or sexually explicit deepfake nudes. That legal gap, acknowledged publicly by the Commission in a letter to a European Parliament lawmaker, supplied the political impetus for the Omnibus amendment.

France and Spain had championed the explicit ban throughout the Omnibus negotiations, with Germany and Slovakia joining them in threatening to block the file unless it was included. EU Council, representing member states, added the prohibition to their position in a last-minute move on 10 March. Parliament followed the next day.

The deal now faces a committee vote, scheduled for 18 March, before moving to further parliamentary and Council stages. The Greens have expressed opposition to elements of the package relating to industrial AI deregulation, meaning the final text may yet shift.

The Commission's own review of which AI practices should be formally classified as prohibited, a process that missed its August 2025 deadline, is now expected to conclude in April.

The Grok episode has exposed a structural problem in the EU's approach to regulating AI-generated harmful content: the legislation's framers did not anticipate how quickly capable, public-facing image-generation tools would arrive,or how easily they could be abused.

Ireland's data protection regulator, Coimisiún na Meán, is expected to assist the EU-level DSA investigation. French prosecutors have widened an existing inquiry into X to include allegations that Grok was used to disseminate child sexual abuse material.

For Elon Musk, the episode marks a significant new front in an already fraught relationship with Brussels. X has repeatedly contested EU regulatory findings and Musk has publicly criticised the DSA.

The decision to open a formal investigation into Grok, alongside the EU-US trade tensions that have complicated transatlantic tech relations in 2026, means that friction is unlikely to ease soon.

Story by Ana-Maria Stanciuc

Editor-in-Chief

I am the Editor in Chief for TNW, covering technology not as a parade of launches and valuations, but as a system of influence, persuasion, (show all) I am the Editor in Chief for TNW, covering technology not as a parade of launches and valuations, but as a system of influence, persuasion, and change. I write about startups, venture capital, digital policy, and Europe ecosystem, with an eye on the larger story beneath them: who gets to build the future, who profits from it, and how Europe is learning to speak in a louder voice of its own. Before moving into senior editorial leadership, I've built my career for over +10 years across journalism, storytelling, content strategy, SEO, and digital publishing, with experience in SaaS, hospitality, art, and culture.