U.K. Secretary of State for Science, Innovation and Technology Liz Kendall made good on her promise to accelerate a law criminalizing nonconsensual sexual deepfakes when the government brought a new regulation under the Data (Use and Access) Act last week.
The rule adds new clauses to the law making it illegal for AI image generating services to offer capabilities that create "purported intimate images of an adult without consent or reasonable belief in consent." It also provides courts with "the power to make a deprivation order" over a nonconsensual image. The rule's effective date is 6 Feb.
The government was already pursuing legislation to ban "nudification" tools under changes to the Crime and Policing Bill that's currently in Parliament. But Kendall told MP Chi Onwurah in a 12 Jan. letter the matter was urgent as regulators were investigating social media company X's chatbot, Grok, and its ability to generate pictures of women and children undressed or in sexually explicit positions.
"People should be under no illusion that creating or sharing non-consensual intimate images is an offence that law enforcement will take action on," Kendall wrote.
The DUAA is already in effect with different parts of the law scheduled to enter into force through June. U.K. law allows for the government to speed up parts of laws on a compressed timetable if the change was already envisioned in the legislation. The acceleration shows regulators are feeling the need to crack down on Grok, even after X indicated it would ban creating undressed photos of real people.
A series of investigations around the world signals a growing consensus among regulators regarding nonconsensual deepfakes and their ability to harm people.
The U.K. Office of Communications kicked off its investigation 12 Jan. to determine if X violated the Online Safety Act, which charges social media companies with preventing illegal content from being made available to users in the U.K. That work is continuing despite Grok's changes.
Kendall told Onwurah that law has existing protections and would be open to making any needed changes. But Onwurah, chair of U.K. Parliament's Science, Innovation and Technology Committee, highlighted doubts over the effectiveness of X's implemented changes and questioned why it took so long for the government to act.
"It's also unclear whether this ban — which appears to be limited to apps that have the sole function of generating nude images — will cover multi-purpose tools like Grok," she said in a statement.
Despite its changes, the nonprofit AI Forensics found users can bypass Grok's restrictions and still create nude images, Euronews reports.
Action in other jurisdictions
European Commission Executive Vice-President for Technological Sovereignty, Security, and Democracy Henna Virkkunen told EU lawmakers her office is looking into whether Grok has violated the Digital Services Act and promised to take further action if needed, Euractiv reports. The Commission has already asked X to retain internal information and user data on Grok through the end of the year but has not opened a probe.
In Brazil, the country's data regulator, the Agencia Nacional de Protecao de Dados, coordinated with the national consumer protection authority, Senacon, and the federal prosecutor's office on recommendations to prevent Grok's creation and circulation of deepfake images. The recommendations include X creating a way for data subjects to report misuse of their data and suspending any accounts that are creating adult images.
If those recommendations are not followed or inadequately adopted, "other measures may be considered and adopted by the three institutions, both administratively and judicially, to ensure adequate protection for the country's citizens, especially women, children, and adolescents," according to a release.
Hong Kong's Office of the Privacy Commissioner for Personal Data reminded the public it must follow the Personal Data (Privacy) Ordinance when providing information to chatbots after reports of Grok's abilities gained steam. It said anyone found to be creating deepfakes would violate that law and urged users to understand how information is retained and kept by the company before providing it.
The Office of the Privacy Commissioner of Canada announced it is adding a review of Grok's deepfakes to an existing probe of the chatbot. The OPC will examine consent practices around the deepfake capabilities on top of an existing probe into X's AI training data practices that was opened February 2025. Privacy Commissioner Philippe Dufresne characterized explicit deepfakes as "a growing phenomenon that poses serious risks to individuals' fundamental right to privacy."
And in the U.S., California Attorney General Rob Bonta opened his own investigation into Grok. In a letter to X Executive Chairman and Chief Technology Officer Elon Musk, Bonta said the chatbot was possibly violating the state's decency and child sexual abuse material laws. X made the changes to its platform shortly after Bonta launched his probe.
Caitlin Andrews is a staff writer for the IAPP.
