How a Small Swiss City Could Help Regulators Avoid the Next Grok Scandal

The city of Basel could be a cut-out from a ‘visit Switzerland’ advertisement. It boasts a picturesque medieval old town, a vibrant cultural scene, and a football club with a continental pedigree.

But for online safety regulators, it offers more than just an idyllic holiday destination. For them, it is a site of inspiration for how to ensure that when there is a repeat of the recent Grok nudification scandal (and it’s a ‘when’ rather than an ‘if’), they are ready to marshal their collective strength and maintain the integrity of their rulebooks.

For in Basel, in an adjacent sector of core societal influence, regulators have developed a means of maintaining both coordinated oversight of, and influence over, firms that boast global impact and the wherewithal to duck compliance across borders.

Sounds interesting, right? It’s time to pay a visit.

What’s happening in Basel?

The Basel Committee on Banking Supervision was established in the 1970s following a string of private bank failures that shook financial markets in Germany and the US. Since then, it has quietly evolved into the go-to forum where supervisors from dozens of countries co-create regulatory norms and align oversight strategies for global banks.

The Basel Committee doesn’t create law or issue fines. It’s not a supra-regulator. Instead, it sets shared expectations and coordination mechanisms that let national regulators manage systemic risks — together. Its job is to “close gaps in international supervisory coverage,” especially for firms that straddle jurisdictions.

That coordination matters. It means a multinational bank can't play regulators off each other. It keeps supervision aligned, expectations consistent, and influence real.

But what does it mean or matter for online safety regulation?

What the Grok scandal exposed about cross-border supervision gaps

A growing number of jurisdictions, on every continent of the Earth, are enforcing comprehensive online safety rulebooks. Yet in spite of the formal power of their rulebooks, the recent Grok scandal suggests that individual regulators are vulnerable when faced with global corporate behemoths intent on an adversarial approach. This is not the fault of any one regulator. Elon Musk’s xAI enjoys a market value in excess of many countries, has powerful political friends in its domestic market, and regulation is premised on the assumption that sectorally significant companies intuitively recognize incentives to comply.

In this kind of dynamic, individual regulators can only be a match for companies like xAI when they are supervising in lockstep - setting similar compliance expectations and deploying their rulebooks in a coordinated and consistent manner. In doing so, they can unlock a force bigger than the sum of their individual parts.

One might observe that this is the precise kind of approach that the Basel Committee nurtures in the world of global banking.

How would it look for online safety?

Multilateralism is hard at the best of times. Calling for greater multilateralism in 2026 feels like the punch-line of a bad joke. Fortunately, to address the shortcomings in global online safety supervision that the xAI scandal exposed, we don’t need a new UN institution or a multilateral accord between governments. The key enablers of multilateralism in online safety supervision emerge from the already-existent individual national rulebooks, as they do in Basel and banking oversight. Instead of striving in vain for one overarching global rulebook for online safety everywhere, regulators can set themselves the more modest but eminently impactful aim of better aligning their respective supervisory efforts and expectations of the companies they each simultaneously oversee, akin to the Basel Committee’s modus operandi.

Consider that a growing number of jurisdictions are coalescing around prudential behavioral regulation for online safety, aiming to enhance the diligence with which private companies design and operate their services. These laws take their regulatory ‘locus’ to be companies’ systems and processes (e.g. recommender systems; reporting channels; moderation systems), and the supervisory tools at regulators’ disposal are procedural in nature (e.g. risk assessment requirements; transparency reports; external audits; information notices; etc).

This archetype rulebook offers abundant ground for greater coherence of supervisory approaches across borders. While different countries will invariably have different scopes and thresholds for illegality, how the various frameworks are supervised by regulators can be made ever more consistent. As a case in point, while it is likely impossible for regulators to align globally on what types of content or behaviour should be included within a risk assessment, they could foreseeably align on how and when companies under their supervision should undertake those assessments, how the respective regulators will evaluate them, and the circumstances wherein different remedial measures are deployed to address shortcomings in assessments. By supervising their respective rulebooks consistently, regulators can ensure that the benefit to companies of compliance with any one rulebook increases, and the risk to companies that follows from non-compliance with any one rulebook increases too.

Yet the agreement on joint supervisory standards and expectations amongst regulators — an endeavour that the Basel Committee restricts itself to — is unlikely, in itself, to be sufficient to meet the structural challenge facing global online safety regulation. Given that regulators are in most cases supervising the same companies under their respective rulebooks, they should also be sharing information and intelligence to ensure that when cross-border compliance shortcomings materialise, they can be addressed in a smooth and coordinated manner.

Unfortunately, we aren’t quite there yet. As reported in Tech Policy Press, there appears to have been limited practical coordination of regulators’ respective enforcement strategies and tactics against xAI, nor any sharing of supervisory intelligence as the crisis unfolded. Cooperation of this kind between regulators and across jurisdictions is obviously complex and challenging, not least because of differences in legal frameworks and strict confidentiality restrictions that undergird supervision of companies.

Yet, regulators adjacent in regulatory domains that exhibit similar structural characteristics, most notably data protection and antitrust, have managed to overcome these hurdles, and have already demonstrated the art of the possible when it comes to intelligence sharing and enforcement cooperation. Their successes should serve as a beacon of hope and an impetus for action on the part of internationally-minded online safety regulators. Until regulators are practically coordinating their enforcement efforts and sharing supervisory intelligence, alignment around supervisory standards (i.e. what makes a good risk assessment) will provide only limited value in the effort to ensure effective cross-border oversight.

Ultimately, the xAI scandal has illustrated that it is no longer sufficient in 2026 for there simply to be formal rulebooks around the world that require companies to take safety seriously. The next critical step is for regulators to leverage their strength in numbers by defining clear shared expectations for what safety means in practice, and marshalling their shared resources and intelligence to realize coordinated, robust supervision. When organized in this way, the fact of a multitude of national online safety rulebooks and regulators need not be a hindrance to oversight of a globalized sector. It will instead be a regulatory force-multiplier.

Promising green shoots

That a cooperation framework akin to the normative influence of the Basel Committee does not yet exist is understandable — all the global online safety rulebooks are still very young and regulators must first establish their own domestic frameworks and intelligence-sharing infrastructure before progressing global efforts. At the same time, the xAI’s Grok scandal is a wake-up call for regulators — in the face of global behemoths, they need to think and act globally.

Fortunately, we are seeing the emergence of mechanisms that should enable the kind of global regulatory coordination that is ever-so-needed. The establishment of the Global Online Safety Regulators Network, an informal forum that brings together some of the largest and the smallest independent regulators in the international community, is an important and welcome step in the right direction. It is likely in time that this regulatory network will become the catalyst for international supervisory coordination of multinational tech companies, and the fulcrum of joint action and supervisory intelligence-sharing. The Grok case, and what it exposed about the depth of coordination today, should encourage its members to bring forward their timelines.

Besides the efforts of regulators themselves, multistakeholder international standard-setting processes will play a critical role in enabling supervisory coordination amongst regulators. These processes, convened by entities ranging from multilateral institutions like UNESCO, industry collectives like the Digital Trust and Safety Partnership, and third-sector stakeholders like the Atlantic Council, establish the shared norms, standards, and best practices that connect individual online safety frameworks across borders. While these standards do not themselves assure compliance by tech companies, they can bridge the gap between different regulators’ approaches, and provide a basis for ‘bottom-up’ coordination of supervisory efforts among regulators supervising the same companies using similar regulatory tools.

‘In the midst of every crisis, lies great opportunity’

If there’s one fundamental lesson that online safety regulators should heed from their banking counterparts, it is to never waste a crisis. The crash of 1929 was the impetus for separating investment from commercial banking, while today’s system of prudential banking regulation owes itself to the regulatory failures that precipitated the 2008 crash.

Regulators, smarting from the fallout of the xAI scandal and what it suggested about their (perceived lack of) influence over certain global tech companies, will want to regain the initiative. Through regulators committing to greater supervisory coordination — building on the efforts to date — the greatest legacy of the xAI scandal might just be the impetus it has given to global coordinated supervision of companies like xAI.

Now, what’s the weather like in Basel in January?