Canada's privacy regulator finds Grok violated federal law over sexualized deepfakes

The OPC ruling concludes that X Corp. and xAI deployed Grok's image generation without the safeguards required under Canadian privacy law, and that the tool enabled creation and sharing of thousands of sexualized deepfakes per hour. The Commissioner used the finding to press for stronger federal legislation and meaningful enforcement powers, arguing existing law lacks teeth against generative-AI harms.

The ruling is notable as one of the first national privacy regulators to formally find an AI image tool unlawful, setting a reference point other jurisdictions may follow. xAI and X have since implemented safeguards, but the retroactive nature — harm first, guardrails later — is precisely the pattern regulators want to deter.

The finding lands awkwardly against xAI's triumphant Colossus 2 compute announcement the same week, underscoring a recurring tension: xAI scales capability aggressively while trust and safety lag. It also sharpens the contrast with Anthropic's heavily-gated Mythos rollout, fueling the week's broader debate over whether safeguards are genuine risk mitigation or liability theater — and who decides.