Who answers for AI? First UK claim filed against AI company over Grok deepfakes

Labour MP Jess Asato has filed what is believed to be the first English law claim concerning non-consensual intimate deepfakes in the English High Court, with indications that other similar claims are waiting in the wings. The claim documents are not currently available. However, according to a statement by Ms Asato’s legal representative, the claim seeks to hold xAI accountable for design choices that allowed its AI chatbot Grok to create fake sexualised images of her (and will centre on the principle that “AI developers must answer for the way that they design their tools”). We also understand that leading silk Marie Demetriou KC has been instructed on behalf of Ms Asato.   

Ms Asato’s claim raises fundamental questions about the liability of AI developers for content generated by their products. It seems the court will be asked to answer these questions through the lens of data protection and privacy – with Ms Asato’s claim being based on the UK Data Protection Act 2018 and the tort of misuse of private information. Ms Asato is seeking a declaration of illegality, damages, and an order requiring xAI to cease all further illegality (including, for example, implementing measures to prevent such incidents from recurring). 

xAI has already come under significant scrutiny over Grok and its AI ‘nudification’ tool, including a similar lawsuit filed by influencer Ashley St Clair in the United States in January 2026. Regulators around the world, including the ICO in the UK, have launched formal investigations into X and xAI over the issue and the UK government has fast-tracked legislative changes. It is now a criminal offence in the UK for users to create or request a non-consensual intimate deepfake image of an adult (with an existing and separate offence for children). The Crime and Policing Act 2026, which will come into force on 29 June 2026, will also make it illegal for a company and its officers to ‘make, adapt, supply or offer to supply’ a thing for use as a generator of purported intimate images. This new offence is extra-territorial in scope and offenders may face up to three years’ imprisonment.

Why this case is one to watch 

While details of the underlying claim are not yet publicly available, several aspects merit close attention: 

1. Developer liability for design choices: The implications of this case could be profound for the generative AI industry including the potential that it could push developers to implement further pre-deployment safeguards to avoid future liability. The focus on design is a trend we are seeing across digital regulatory regimes – for example, recent enforcement under the EU’s Digital Services Act has also focussed on the impact of a platform’s design.
    
2. Data protection and privacy as the vehicle: English law data protection principles and the rules on misuse of private information have to date been untested in the context of generative AI outputs. This case provides an opportunity to see how the courts will apply these rules in this context and whether the existing data protection legal framework provides an effective route to redress.
    
3. The potential to open the floodgates: An acceptance by the courts of developer liability for misuse of private information could set the scene for a future extension to other torts and wrongs. For example, in the United States, claims have been brought for defamation (against Google for statements generated by its AI Overview tool) and for aiding and abetting violence (against OpenAI for the alleged use of ChatGPT by a suspect in a mass shooting).