Shareholders request the Board of Directors publish a report, at reasonable cost and omitting proprietary information, assessing the effectiveness of Microsoft’s human rights due diligence (“HRDD”) processes in preventing, identifying, and addressing customer misuse of Microsoft artificial intelligence (“Al”) and cloud products or services that violates human rights or international humanitarian law.
The UN Guiding Principles on Business and Human Rights (“UNGPs”) constitute the global authoritative framework outlining human rights responsibilities of states and businesses, and expectations are heightened for companies with business activities in conflict-affected and high-risk areas.1 Companies are expected to take alI reasonable steps to ensure their products and services – including the deployment of such technologies by customers – are not used to violate human rights.2 To meet these obligations, companies should conduct HRDD to identify, prevent, mitigate, and account for adverse human rights impacts, and to transparently report on the effectiveness of such HRDD.3
Microsoft states it conducts ongoing HRDD across its value chain, in line with its obligations under the UNGPs, but it neither explains its HRDD processes related to customer end use, nor reports on their effectiveness.4 Recent allegations of severe customer misuse suggest Microsoft’s HRDD may be ineffective.
For example, several reports have alleged Israel’s use of Microsoft’s Al and cloud services and technologies in its attacks against Palestinian civilians and civilian objects,5 which have been labeled war crimes and crimes against humanity.6 Many prominent international organizations and scholars believe these attacks constitute genocide.7
In the face of serious allegations of complicity in genocide and other international crimes, Microsoft’s HRDD processes appear ineffective. Microsoft recently published a statement responding to these allegations, explaining it conducted an internal review and commissioned a third-party firm to “undertake additional fact-finding,” and concluding it “found no evidence to date that Microsoft’s Azure and Al technologies have been used to target or harm people in the conflict in Gaza.”8 The statement provides no additional information on the nature of the assessments, the definition of “harm,” nor the identity of the external firm. Notably, the statement admits a significant gap in Microsoft’s HRDD: “Microsoft does not have visibility into how customers use our software on their own servers or other devices.”
In another example, Microsoft provides Al and cloud computing services and mentorship to Chinese startups, through its incubator program.9 After graduating the program, some companies have subsequently partnered with the Xinjiang police where their surveillance tools and support have reportedly been used by the Chinese government in its brutal oppression of the Uyghur population.10
Inadequate HRDD exposes Microsoft to material legal, operational, and reputational risks. For example, Microsoft’s potential complicity in international crimes in Gaza has resulted in outspoken opposition from its own employees,11 a boycott and divestment campaign against the Company,12 and severe reputational damage that may harm long-term shareholder value.