The EU Just Banned AI That Undresses People Without Consent

The Grok Crisis That Forced Action

In late December 2025, Elon Musk's AI chatbot Grok began generating nonconsensual intimate images at massive scale. Users discovered they could upload photos of real people and instruct the AI to produce sexualized versions. Within weeks, millions of these images had been created and shared worldwide, targeting public figures, private individuals, and minors.

The Grok incident was not the first time AI nudification tools had caused harm, but it was the first time a mainstream AI platform with millions of users had enabled the abuse at such scale. Previous nudification apps had existed on the margins of the internet. Grok brought the capability to a platform with mainstream reach and a billionaire's promotional megaphone.

What the EU Just Did

On March 10, 2026, the European Council released its proposal for amending the AI Act, the EU's landmark artificial intelligence regulation. In a last minute addition, the Council included a prohibition on AI systems that generate nonconsensual intimate imagery, including deepfakes depicting sexual content and child sexual abuse material.

The following day, EU Parliament lawmakers struck a political deal on the package of amendments. The nudification ban emerged as one of the most contested and consequential items in the agreement. A committee vote is scheduled for March 18 before moving to further parliamentary stages.

The ban classifies AI nudification tools as prohibited AI systems, the highest risk category under the AI Act. This places them alongside other banned applications like social scoring systems and real time biometric surveillance in public spaces. Companies found in violation face fines of up to 35 million euros or 7% of global annual turnover, whichever is higher.

Beyond Nudification: Broader AI Privacy Rules

The AI Act amendments go further than just banning nudification tools. The Council's proposal also includes tougher standards for how AI systems process certain categories of personal data. This has implications for any AI system that handles biometric data, health information, or other sensitive personal data.

The amendments strengthen requirements around:

• Transparency about how AI systems use personal data for training
• Rights of individuals to object to their images being used in AI training datasets
• Mandatory labeling of AI generated content, including deepfakes
• Stricter oversight of general purpose AI models that could be used to generate harmful content

These rules build on the AI Act's existing framework, which began full enforcement in February 2025. The amendments represent the EU's first major revision of the law, driven largely by the speed at which AI capabilities have outpaced the original regulatory text.

The Enforcement Challenge

Banning a technology and actually preventing its use are two different things. AI nudification tools can run locally on consumer hardware, making them difficult to police. Open source AI models capable of generating intimate imagery already circulate freely on developer platforms. The EU's ban primarily targets companies that provide these tools as a service, not individuals who run them privately.

Critics from both sides have raised concerns. Privacy advocates worry the ban does not go far enough because it does not address the underlying image generation capabilities in general purpose AI models. Technology industry groups argue that the rushed timeline, driven by political pressure from the Grok scandal, may create compliance ambiguity for legitimate AI image generation services.

The UK's Information Commissioner's Office is conducting its own investigation into Grok's AI deepfake generation capabilities, and similar regulatory actions are expected in other jurisdictions. But the EU's move is the first to embed the prohibition directly into binding AI legislation.

Why This Matters for Everyone

AI generated nonconsensual intimate imagery is not a niche problem. A 2024 study found that 96% of deepfake videos online were nonconsensual intimate content, overwhelmingly targeting women. The availability of easy to use AI tools has lowered the technical barrier to creating this content to nearly zero. Anyone with a photo and an internet connection can now generate realistic fake intimate imagery of another person.

For victims, the harm is devastating and often irreversible. Once images are created and shared, they can be nearly impossible to fully remove from the internet. The psychological impact mirrors that of actual intimate image abuse, and in many cases the images are used for harassment, extortion, or blackmail.

The EU's ban sends a clear regulatory signal that AI generated intimate imagery without consent is not a feature or a content moderation challenge. It is prohibited conduct. Whether that signal translates into meaningful protection for potential victims will depend on enforcement, and enforcement will depend on whether regulators can keep pace with the technology they are trying to control.