Recently, Alphabet announced the ubiquitous Google search bar will be completely powered by artificial intelligence. This comes as the parent company of Google and YouTube recorded its highest ever revenue in 2025 of over $400 billion, marking a 15% increase from the prior year, and using a growth strategy that increasingly relies on cloud and AI systems.
However, there is growing concern from investors, legal and human rights experts, and the broader public about the usage of these AI systems. Especially so in the case of surveillance, security and military contexts, as Alphabet processes sensitive enterprise and government data, including personal data such as facial imagery and location.
As investors in Alphabet, we believe that a company this massive, that handles data this sensitive, must meet the highest threshold of corporate responsibility.
Google itself has three AI principles, one of which is, “Responsible development and deployment.” While the principle references “implementing appropriate human oversight, due diligence, and feedback mechanisms to align with user goals, social responsibility, and widely accepted principles of international law and human rights,” what we see in practice indicates the company has failed in this commitment.
To address this, we have submitted a shareholder proposal to be voted on at Alphabet’s Annual General Meeting on June 5 asking the company to publish a report assessing the operational, reputational, regulatory and legal risks associated with its use of AI to process user data. This proposal was preceded by a public letter to the Board of Directors on April 20.
Both the shareholder proposal and open letter are attempts to address a critical question for investors and the public: Is Alphabet properly mitigating the salient and material risks arising from its customers’ use of its products, and the associated data processing?
We are deeply concerned that gaps in the company’s policies, controls and oversight systems of data processed through Google Services and Google Cloud are exposing investors, and the world at large, to great risk.
Myriad risks
One of the first warning signs was in February 2025 when Alphabet removed key commitments from its AI principles, dropping previous pledges not to pursue technologies that could “cause or are likely to cause overall harm,” including weapons development and surveillance tools. What was once a “red line” for the company has been replaced by a discretionary framework, leaving investors with no objective metrics to assess when or how Alphabet will refuse to operate or sell products in high-risk contracts.
In fact, Alphabet already has high-risk customers deploying its cloud, AI and other data processing systems in sensitive contexts, including government agencies engaged in recent or active military and immigration enforcement operations. This includes the U.S. Department of Defense’s Project Maven, U.S. Immigration and Customs Enforcement operations, and the Israeli government’s Project Nimbus. In addition, Alphabet is expanding into other high-risk jurisdictions, such as Saudi Arabia—where legal and governance constraints may limit Alphabet’s oversight.
The deployment of already risky technologies in sensitive contexts presents even greater material risks. Where technologies are linked to military, intelligence or security functions, Alphabet may face heightened exposure to retaliation, disruption, or reputational harm. Alphabet’s infrastructure in geopolitically sensitive environments has faced infrastructure targeting, cyber threats, service disruption, and risks to personnel.
In addition to infrastructure risks, Alphabet has faced physical and operational risks affecting facilities, contractors and employees in geopolitically unstable regions, particularly in the event of escalation or conflict spillover. For example, in response to the US military operations in Iran, Alphabet’s Middle Eastern assets were specifically identified as potential targets for drone strikes in public statements and threats from the Iranian Revolutionary Guard.
Alphabet’s exposure to violations of international humanitarian law and international human rights law through its customers’ use of cloud, data or AI services further raises risks that must be properly addressed. Alphabet has already faced millions of dollars in penalties and damages for privacy violations around the world. For example, the French regulator CNIL fined Google €50 million for inadequate transparency and consent practices, and a federal jury in Rodriguez et al. v. Google LLC (N.D. Cal.) awarded approximately $426 million after finding Google unlawfully collected user data.
Internal pressures also create operational risks. In April 2026, hundreds of Google employees urged CEO Sundar Pichai to refuse to make the company’s AI tools available for the Pentagon in classified settings. In an open letter, employees emphasized that Google’s AI systems, used for military applications, could “cause irreparable damage to Google’s reputation, business and role in the world.” After Pichai went through with the deal, DeepMind workers developing the company’s AI products in the UK voted to unionize.
Google employees have previously called on the company to avoid providing technology services to agencies such as the US Department of Homeland Security and ICE, citing concerns about human rights, surveillance, and civil liberties. Furthermore, the UN Special Rapporteur has called on the company to cease providing technology facilitating violations of IHL in the Occupied Palestinian Territory.
As investors, we are simply asking that the company live up to the principles it espouses, two of which explicitly revolve around responsibility and collaboration. In order for the company to fulfill those promises they must be more transparent with how they are handling highly sensitive data in high-risk environments.
We urge shareholders to vote in favor of our proposal asking for a report assessing these risks.
Marcela Pinilla is director of sustainable investing at Zevin Asset Management. Lydia Kuykendal is director of shareholder advocacy at Mercy Investment Services.
Guest posts on ImpactAlpha represent the opinions of their authors and do not necessarily reflect the views of ImpactAlpha.
