Europe Votes to Ban AI 'Nudifier' Apps After Grok Scandal

What Happened

On March 26, 2026, the European Parliament voted by a wide majority — 569 in favor, 45 against — to adopt a negotiating position that would add an explicit prohibition on so-called "nudifier" systems to the EU's Artificial Intelligence Act, according to RFI and Cybernews. The ban would apply to AI systems that "create or manipulate images that are sexually explicit or intimate and resemble an identifiable real person" without that person's consent, as described in an official European Parliament press release.

The vote also endorsed a package of delays to other AI Act provisions. Compliance deadlines for high-risk AI systems — those deemed to pose a "serious risk" to health, safety, or fundamental rights — would be pushed back from August 2026 to December 2027. AI tools embedded in sector-regulated products such as medical devices and industrial machinery would have until August 2028. Requirements for watermarking AI-generated content would be delayed until November 2026, according to The Verge.

Parliament's approval of the mandate does not finalize the law. The Parliament must now negotiate with the European Council — the body representing all 27 EU member states — over a final text. The Council agreed its own position on the amendments on March 13, 2026, according to the Council's official press release. Those talks are expected to proceed, though the Greens have expressed opposition to elements of the package involving industrial AI deregulation, which may affect the final text.

The Grok Affair That Triggered It

The prohibition was not part of the original EU AI Act Omnibus — a set of streamlining amendments to the 2024 law. It was inserted in direct response to a major controversy involving xAI's Grok chatbot.

In late December 2025, xAI updated Grok, which is integrated into the social media platform X, with a new image-editing feature. Within days, users were using it to generate realistic sexualized images of real women and girls without their consent, including content regulators described as child sexual abuse material (CSAM). Between January 5 and 6 alone, researchers at Paris nonprofit AI Forensics estimated that at least 6,700 sexual images were generated via the tool, according to The Next Web's reporting on the March 11 political agreement.

The European Commission responded quickly. Its digital affairs spokesperson described the content as "appalling" and "clearly illegal," and said it had "no place in Europe," per The Next Web. The Commission ordered X to retain all internal documents and data related to Grok until the end of 2026, and subsequently opened a formal investigation into whether the platform had breached the Digital Services Act (DSA) — a law carrying potential fines of up to 6 percent of a company's global annual revenue.

X had already been fined €120 million by the European Commission in December 2025 for advertising transparency violations, meaning the Grok investigation opened a second simultaneous regulatory front for the company.

Under pressure, xAI first restricted Grok's nudification capabilities to paying subscribers, then restricted it in jurisdictions where such content is illegal. However, AI Forensics researchers found users could still bypass those restrictions. National investigations followed in France, Germany, and the United Kingdom. Malaysia and Indonesia blocked access to Grok entirely, according to The Next Web.

The Legal Gap the Scandal Exposed

A critical finding drove the political momentum for the amendment: the European Commission publicly confirmed on March 11, 2026, that existing EU law — including the AI Act as then written — did not ban AI systems capable of generating child sexual abuse material or non-consensual sexualized deepfake images. The Commission acknowledged this gap in a letter to a European Parliament lawmaker, as reported by The Next Web.

That admission became the political foundation for inserting the prohibition into the AI Act Omnibus. In questions submitted to the European Commission earlier in 2026, Parliament members warned that AI-powered nudification tools "highlight an increase in AI-driven tools that allow users to generate manipulated intimate images of individuals without their consent, facilitating gender-based cyberviolence and the creation of child sexual abuse material," per Ars Technica's reporting on the official document.

"These systems should be banned from the EU market," lawmakers urged, arguing that individual perpetrators — while often punishable under national criminal law — are "often hard to find." The preferred strategy: prevent widespread image-based sexual violence at the platform level before it occurs.

What the Ban Would and Would Not Cover

The proposed prohibition targets "nudifier" systems specifically — platforms or tools that use AI to generate or alter images into sexually explicit material depicting a real, identifiable person without their consent. However, AI systems with "effective safety measures preventing users from creating such images" would not be covered by the ban, according to the official European Parliament press release published March 23, 2026.

The precise definition of "effective safety measures" has not yet been finalized and will be a central point of negotiations between Parliament and the Council. According to The Verge, there are "no details on what this might look like" in the current text beyond that carve-out language.

As Bloomberg noted in its earlier reporting on the amendment, the ban would represent a significant shift in the EU's enforcement approach: instead of focusing primarily on prosecuting users who generate illegal images, it would hold the platforms themselves responsible. Ars Technica described it as "the first" EU policy "to specifically target AI platforms" that produce and allow sharing of "sexual material without the subject's consent."

The broader AI Act Omnibus also includes measures to support small and mid-cap enterprises, clarifications on overlaps with other EU product safety rules, and additional oversight powers for the AI Office over general-purpose AI models, per the European Parliament's official agenda notice from March 25, 2026.

Background: The AI Act and Its Timeline

The EU AI Act was adopted in 2024 as the world's first comprehensive legal framework for artificial intelligence. It operates on a tiered risk basis: systems posing unacceptable risks are outright prohibited; high-risk systems face strict requirements around transparency, data governance, and human oversight; lower-risk systems face lighter disclosure obligations.

A committee of Parliament's Internal Market and Civil Liberties committees first voted 101–9 (with 8 abstentions) on March 11 to support the amended Omnibus package, setting up the full plenary vote on March 26, according to Ars Technica's reporting on the committee vote. The full Parliament's 569–45 plenary result, reported by RFI on March 26, represents a substantially stronger majority than the committee's already lopsided tally.

The delays included in the same package are significant for industry. The Commission had already missed its own August 2025 deadline to publish key guidance on high-risk AI systems. According to The Verge, it is also unclear whether the proposed changes can legally take effect before the original August 2026 deadline, since Parliament cannot unilaterally amend European law — the Council must agree.

Implications for xAI and the US-EU Tech Relationship

While EU officials did not mention Grok or xAI directly in the official amendment press release, the political intent was widely understood. Civil liberties committee member Michael McNamara stated in the Parliament's press release that banning nudify apps "is something that our citizens expect," per Ars Technica.

In the United States, parallel legal pressure is mounting. Ashley St. Clair — a mother of one of Elon Musk's children — filed one of the first US lawsuits in January 2026 over Grok-generated fake nude images, according to Ars Technica. More recently, three young girls in Tennessee filed a proposed class action representing all children allegedly harmed by Grok's CSAM outputs.

The EU action compounds an already strained relationship between Musk and Brussels. X contested EU regulatory findings under the Digital Services Act and Musk has publicly criticized the DSA. The simultaneous EU investigation into Grok under the DSA, plus the potential AI Act ban — combined with broader US-EU trade tensions in 2026 — means regulatory friction between xAI and European authorities is unlikely to ease in the near term, according to The Next Web's analysis.

The Commission's formal review of which AI practices should be classified as prohibited under the AI Act — a process that missed its August 2025 deadline — is expected to conclude in April 2026, per The Next Web.