8-minute read | 1,700 words
What to know this week
X investigated by the EU over Grok image generations.
X is now facing an investigation into whether Grok disseminated illegal content after Grok was manipulated into generating sexualised images.
SEC drops case against Gemini Trust.
In a public filing, the SEC has agreed to dismiss the case against Gemini Trust, a crypto exchange firm.
This week's full stories
EU launches investigation into X and Grok.
THE NEWS
On Monday, the European Union (EU) launched a new investigation into the social media platform X. More specifically, the European Commission is examining whether X took appropriate measures to protect consumers by properly assessing and mitigating the risks related to Grok.
This investigation follows a global incident where users on X were able to prompt Grok to generate non-consensual sexual deepfakes of both minors and women.
When announcing this investigation, EU tech chief Henna Virkkunen stated:
“Non-consensual sexual deepfakes of women and children are a violent, unacceptable form of degradation.”
Virkkunen also emphasized:
“With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens - including those of women and children - as collateral damage of its service.”
Alongside starting this investigation, the EU also extended a separate investigation launched in December 2023. That earlier inquiry seeks to assess whether X properly addressed the systemic risks associated with its recommender systems.
THE KNOWLEDGE
Prior to the EU announcing this new investigation, the United Kingdom (UK) also launched a probe into the artificial intelligence (AI) chatbot, citing similar concerns. At the time, the British government emphasized the importance of this issue, noting how a new law was coming into force to address sexual deepfakes and labeled these offences as “weapons of abuse.”
When announcing this investigation, British regulators emphasized that it would not “hesitate to investigate where we suspect companies are failing in their duties, especially where there’s a risk of harm to children.”
Beyond the EU and UK, X has faced immense pressure from other nations. Both Malaysia and Indonesia temporarily suspended Grok, while French officials reported X to prosecutors and regulators for further action.
Separately from the Grok incident, X has been facing greater pressure from regulators in general. In December 2025, the EU fined the company for $140 million for breaching the regional bloc’s online content rules. This fine was tied to a two-year-long investigation related to the platform not abiding by the Digital Services Act, which requires the platform to do more to block illegal and harmful content.
THE IMPACT
This latest investigation adds to the growing international pressure facing X and Grok over both the deepfake incident and the platform’s broader content moderation practices.
More broadly, the probe underscores how European regulators are beginning to apply platform safety laws directly to generative AI features that are embedded inside consumer services. For the wider market, the case serves as an early indication of how aggressively regulators will police AI-enabled content risks, particularly around deepfakes. Platforms that integrate generative AI into products may increasingly be expected to demonstrate upfront safeguards and post-deployment monitoring, not merely utilizing reactive takedowns.
While the investigation will unlikely affect most enterprises, it reinforces a growing global pressure for companies deploying AI systems, where companies allowing for user-generated content will be held accountable for foreseeable misuse. Over time, this approach could translate into higher compliance costs, slower product rollouts, and greater pressures to build stronger safety controls.
SEC drops case against cryptocurrency firm.
THE NEWS
On Friday, the Securities and Exchange Commission (SEC) dropped a long-running lawsuit against Gemini Trust, a crypto exchange firm. The case was originally filed under the Biden administration after a product launched by Gemini failed and prevented consumers from accessing their assets for eighteen months.
This program, known as “Gemini Earn,” would allow customers to lend their digital assets to Genesis Global Capital, Gemini’s partner, with Gemini acting as an intermediary. After lending these assets, customers were allowed to withdraw these funds at any time; however, after Genesis entered bankruptcy proceedings, nearly $1 billion in customer assets were frozen.
For greater context, the Biden administration launched both a case against Gemini and Genesis, emphasizing that hundreds of thousands were left in limbo after their program failed. Alongside the Biden administration’s lawsuit, New York state also filed its own lawsuit.
Notably, Genesis did reach a $2 billion settlement with New York in 2024 alongside Gemini, making its own deal with New York to pay up nearly $50 million to cover any remaining losses. From these settlements, Gemini acknowledged no wrongdoing and blamed Genesis for the incident.
The SEC stated that the decision to drop the case partially stemmed from consumers being able to recover their assets. Alongside dropping this case, the SEC has also dropped many of the other cases involving crypto-related firms, citing that many of the current Republican commissioners disagree with these crypto-related cases.
THE KNOWLEDGE
Outside of the SEC dropping this case, the Trump administration has pivoted significantly away from regulating the cryptocurrency sector. Since taking office, the new Trump-led SEC has dismissed seven crypto cases and moved to freeze or concede seven other cases.
Paul S Atkins, the SEC’s chairman, noted that this decision was part of an effort to curb the Biden administration’s aggressive stance towards crypto. Chairman Atkins stated:
“I’ve made clear that we would end regulation by enforcement.”
Three of the more notable cases the SEC dropped involved Binance, Coinbase, and Ripple Labs.
In the Binance case, the SEC voluntarily dismissed the case. After dismissing the 2023 case with prejudice, the SEC emphasized that it was appropriate “in the exercise of its discretion and as a policy matter.” For context, this lawsuit accused the company of unlawfully facilitating the trading of several crypto-tokens that the previous administration believed should have been registered as securities.
In the Coinbase case, the SEC dropped the 2023 case after it reached an agreement with the company without imposing a financial penalty. The SEC originally sued the company, alleging that Coinbase, like Binance, had allowed the trading of several crypto tokens that should have been registered as securities. Additionally, the lawsuit also targeted Coinbase’s “staking” program, which involved the company pooling assets to verify activity on blockchain networks and takes commissions, which the Biden-led SEC believed should have been registered with the agency.
Lastly, the SEC recently ended its case against Ripple Labs, leaving a $125 million fine intact, ending one of the last high-profile crypto exchange lawsuits. In this 2020 lawsuit, the SEC accused the company of selling tokens without registering them as securities, as seen with other cases.
THE IMPACT
Under the Trump-led SEC, the agency has made a significant pivot in how it aims to enforce the cryptocurrency sector. While the Biden administration relied heavily on enforcement actions to shape the sector’s boundaries, the current SEC is moving toward a far more laissez-faire approach.
For the crypto industry, this overall shift represents a major regulatory relief. Firms that previously faced legal risk will likely be able to expand product offerings and pursue greater domestic growth opportunities without fear of being targeted by enforcement measures.
For consumers and investors, the implications are mixed. While fewer federal lawsuits may encourage innovation and lower compliance costs, the absence of oversight could also lead to a riskier investing environment and poorly designed products, as seen with the Gemini Earn case.
This Week's Caveat Podcast: Compliance in the age of surveillance.
Dave Bittner and Ben Yelin break down how the Immigration and Customs Enforcement agency has been using modern surveillance tools, alongside discussing a Supreme Court case involving Facebook tracking pixels and video store rentals. Our team also sits down with Matt Hillary, the Chief Information Security Officer at Drata. Throughout the conversation, our team and Matt discuss how AI is reshaping the compliance landscape and what is involved to build trust at AI speed.
OTHER NOTEWORTHY STORIES
Researchers attribute Polish cyberattacks to Russian military intelligence.
What: ESET researchers have attributed a malware attack to a Russian hacking unit.
Why: On Friday, ESET researchers attributed a piece of malware to a unit known as Sandworm. The researchers stated that the malware was similar to how the group had operated in the past and that its code overlapped with code used in other attacks by this group.
For context, the malware, known as DynoWiper, was used in December 2025 to target Poland’s power system. In this attack, ESET researchers noted that this attack “resulted in the first-ever malware-facilitated blackout.”
Additionally, Sandworm has been linked to a series of high-profile and destructive attacks for over a decade.
JAN 23, 2026 | Source: Reuters
Spain closes Pegasus spyware probe, again.
What: Spain ended its probe into the NSO Group’s “Pegasus” software.
Why: Last week, Spain’s High Court closed its investigation into Pegasus, an infamous spyware used to target numerous high-profile politicians and reporters. When ending the investigation, the court cited a lack of cooperation from Israeli authorities as the reason for the effort's termination.
For context, the investigation was launched in 2022 after the Spanish government stated that the spyware was used to spy on members of the Spanish cabinet. Previously, the investigation was closed in 2023, citing similar resistance from the Israeli authorities, but the probe was reopened in 2024 following additional information provided by the French government.
JAN 22, 2026 | Source: Reuters
TikTok settles lawsuit.
What: TikTok has settled a social media addiction lawsuit.
Why: On Monday, TikTok settled a lawsuit, which claimed that the social media company engineered products to target young users. In the lawsuit, the plaintiffs were seeking monetary damages and changes to the social media platform’s design. In the original lawsuit, the plaintiffs sued Meta, YouTube, Snap, and TikTok.
With TikTok’s settlement, only Meta and YouTube remain as defendants, as Snap also previously settled.
The suit was originally tied to a case involving a twenty-year-old California woman who alleged she had become addicted to social media sites as a child and experienced anxiety, depression, and body-image issues as a result.
With TikTok’s settlement, Mark Lanier, a lead lawyer for the plaintiff, stated:
“This is a good resolution, and we are pleased with the settlement.”
JAN 27, 2026 | Source: New York Times