Thomson Reuters (TRI) faces renewed controversy for the use of its products by U.S. Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE). Its products and data, which aggregate billions of private and public records, are integral to ICE’s ability to track, detain, and carry out the largest deportation in U.S. history. In March 2026, TRI had over US$40 million in contracts and subawards for risk mitigation services, CLEAR®, and licence plate recognition (LPR) technology. ICE’s immigration enforcement activities are the subject of multiple lawsuits in response to credible reports of unlawful and improper detentions, due process violations, surveillance of citizens, and deaths.1 Technology and data used by DHS will likely be subject to litigation. Technology providers Capgemini and Stantec have begun divesting or terminating DHS service contracts, signaling a shift in corporate risk appetite. TRI faces compounding legal, reputational, and governance risks. TRI’s employees have spoken out publicly, 2 which could impact TRI’s ability to deliver on its goals. TRI maintains its technology is not used for deportations. However, its products and data are being integrated with and into new products and offerings, including more invasive high-risk surveillance technologies with less oversight.3,4 This could expose TRI and its investors to new, unforeseeable, or difficult to contain risks.5 GenAI litigation including product liability is increasing, representing a growing category of uninsured risk.6 Norges Bank says high-risk AI systems should be subject to additional controls, independent verification and regular audits. Currently: • LPR Mobile Companion is integrated into CLEAR® and its unprecedented scale and capabilities are changing “how immigration enforcement operates”.7 It is used by ICE’s deportation division.8 • Penlink’s warrantless phone-tracking data is integrated into CLEAR®. Penlink faces allegations of violating privacy and constitutional rights.9 • DHS has required TRI’s products to be interoperable with Palantir systems.10 One app, Enhanced Lead Identification and Targeting (ELITE) integrates TRI data, enabling mapping of targets for detention11 with allegations of misuse.12,13 In 2022, TRI committed to align with the UN Guiding Principles on Business and Human Rights (UNGPs). Investors are provided limited disclosure on due diligence efforts, including audits, impeding their ability to measure adequacy and effectiveness. Per the UNGPs, and given harms can emerge from the interaction of multiple technologies, companies must conduct due diligence on: • actual and potential impacts including where data may be accessed, used or repurposed • beyond original intent; and • direct and indirect impacts, including from business relationships. 1 https://www.nytimes.com/live/2026/01/28/us/minneapolis-shooting-ice-minnesota 2 https://www.nytimes.com/2026/03/11/technology/thomson-reuters-ice-minnesota.html 3 https://www.migrationpolicy.org/article/trump-ice-data-surveillance 4 https://fedscoop.com/dhs-surveillance-technology-ai-funding-document-spyware/ 5 https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6345099 6 https://riskandinsurance.com/traditional-insurance-leaves-enterprises-exposed-as-ai-liability-claims-surge/ 7 https://www.biometricupdate.com/202511/ices-license-plate-app-quietly-expands-a-nationwide-surveillanceweb 8 https://www.404media.co/this-app-lets-ice-track-vehicles-and-owners-across-the-country/ 9 https://www.business-humanrights.org/en/latest-news/texas-state-police-expands-surveillance-with-penlinks-controversial-technology-raising privacy-concerns/ 10 https://oaklandprivacy.org/wp-content/uploads/2017/10/LSJ_Final.pdf 11 https://www.404media.co/how-thomson-reuters-powers-ice-and-palantir/ 12 https://www.404media.co/this-app-lets-ice-track-vehicles-and-owners-across-the-country/ 13 https://law.justia.com/cases/federal/districtcourts/oregon/ordce/3:2025cv02083/190309/15/