[PX14A6G] MICROSOFT CORP SEC Filing

MICROSOFT HAS A DUE DILIGENCE PROBLEMWHAT? On July 1, 2025, 59 Microsoft shareholders, collectively representing more than $80 million in MSFT shares, filed a shareholder proposal calling on Microsoft to publish a report assessing the effectiveness of its Human Rights Due Diligence (HRDD) processes. It requests that Microsoft evaluate whether its AI and cloud technologies are being misused by customers, such as military entities, to commit human rights abuses or violations of international hu-manitarian law. WHY? On September 25, 2025, The Guardian reported that Microsoft had restricted Israeli military use of certain technol-ogies after journalistic investigations revealed they had been employed in mass surveillance of Palestinians. This followed an earlier Company review, which purportedly found its Azure and AI technologies had not been used in ways that breached Microsoft's terms of service or AI Code of Conduct. The decision to act only after persistent media reporting and employee and public outcry illustrates that Microsoft's HRDD processes did not identify or address significant human rights risks, revealing gaps in oversight and review. This isn't an isolated case. There is a pattern of allegations about Microsoft's complicity in human rights violations in China, Saudi Arabia, and the USA. This suggests systemic issues with Microsoft's HRDD practices.In 2023, Foley Hoag conducted a Human Rights Impact Assessment which recommended that Microsoft assess its military contracts. There has been no public confirmation that Microsoft has done this. These gaps in oversight and review of its due diligence processes pose material risks for investors:? Financial Risk: Potential loss of revenue or increased cost of capital, potential portfolio impacts for investors due to S&P 500 weighting.? Legal and Regulatory Risk: Potential financial liability for the Company under EU laws; potential criminal liability for the Company and its executives for complicity in human rights violations.? Operational Risk: Controversy impacts key talent recruitment and retention; distracts senior management from core business.? Reputational Risks: Microsoft named by UN Special Rapporteur as profiting from, and therefore complicit in, war crimes and genocide in Gaza. Risk of eroding public and customer trust. CONCLUSIONMicrosoft acknowledges that client category and geographic location impact likelihood of product misuse and hu-man rights impacts. Yet it has not demonstrably, consistently translated this awareness into systematic, heightened HRDD. A stream of accusations and the Company's recent decision to cancel one of its contracts with the Israeli military strongly suggest that Microsoft's current, largely reactive measures to allegations of human rights abuses by customers are inadequate. Without a comprehensive, systematic approach to due diligence, shareholders remain exposed to significant material, financial, legal & regulatory, operational, and reputational risks. Supporting the 2025 shareholder resolution is therefore prudent.

Risky Business: Microsoft has a due diligence problem. Here's why investors should be concerned.

2SUMMARY On July 1, 2025, 59 Microsoft shareholders, collectively representing more than $80 million in shares, filed a share-holder proposal for the 2025 shareholder meeting. The proposal calls on Microsoft to publish a report assessing the effectiveness of its human rights due diligence (HRDD) processes. It requests that Microsoft evaluate whether its AI and cloud technologies are being misused by customers, such as military entities, to commit human rights abuses or violations of international humanitarian law. This briefing outlines the various allegations which raise questions about the Company's HRDD practices and the adequacy of existing external reviews, and demonstrates why supporting the resolution is necessary to protect shareholder value. KEY ISSUES ? Microsoft recognizes that certain products, customers, and jurisdictions carry elevated risk, but journalistic investigations suggest ineffective HRDD.? 2023 Human Rights Impact Assessment recommended that Microsoft assess its military contracts. No public confirmation that this has been done.? A pattern of allegations about complicity in human rights violations in Israel, China, Saudi Arabia, and the USA. This suggests systemic issues with Microsoft's HRDD practices.? Microsoft's investigations are reactive, narrow, and non-transparent. ? Its recent decision to block Israeli surveillance use confirms the inadequacy of existing processes.MATERIAL RISKS FOR MICROSOFT AND SHAREHOLDERS? Financial Risk: Potential loss of revenue or increased cost of capital, potential portfolio impacts for investors due to S&P 500 weighting.? Legal and Regulatory Risk: Potential financial liability for the Company under EU laws; potential criminal liability for the Company and its executives for complicity in human rights violations.? Operational Risk: Controversy impacts key talent recruitment and retention; distracts senior management from core business.? Reputational Risks: Microsoft named by UN Special Rapporteur as profiting from, and therefore complicit in, war crimes and genocide in Gaza.2 Risk of eroding public and customer trust.On September 25, 2025, The Guardian reported that Microsoft had restricted Israeli military use of certain technol-ogies after journalistic investigations revealed they had been employed in mass surveillance of Palestinians.1 This followed an earlier Company review, which found that its Azure and AI technologies had not been used in ways that breached Microsoft's terms of service or AI Code of Conduct. The decision to act only after persistent media report-ing and employee and public outcry illustrates that Microsoft's HRDD processes did not identify or address signifi-cant human rights risks, revealing gaps in oversight and review. This poses material risks for investors.2

3MICROSOFT'S HRDD IS INADEQUATEThe UN Guiding Principles on Business and Human Rights ("UNGPs")3 constitute the global authoritative framework outlining human rights responsibilities of states and businesses, and expectations are heightened for companies with business activities in conflict-affected and high- risk areas. Companies are expected to take all reasonable steps to ensure their products and services - including the deployment of such technologies by customers - are not used to violate human rights. To meet these obligations, companies should conduct HRDD to identify, prevent, miti-gate, and account for adverse human rights impacts, and to transparently report on the effectiveness of such HRDD. Microsoft states it conducts ongoing HRDD across its value chain, in line with its obligations under the UNGPs,4 but it provides insufficient information about the effectiveness of its HRDD processes related to customer end use.5Despite Microsoft's policies suggesting that the Company undertakes proactive and ongoing due diligence, potential misuse of its products has been uncovered not by internal HRDD but by investigative journalism. Foley Hoag's human rights impact assessment ("HRIA") highlighted that "Microsoft describes its human rights management as "hub-and-spoke," intended to empower and support front line personnel to identify and address legal and policy issues, including human rights issues. To that end, Microsoft's teams do not typically follow a formal set of processes and protocols to identify and assess potential human rights risks."6 Foley Hoag noted that "[c]onsequently, Microsoft has few internal policies and procedures that could be used by personnel as guidance to establish a standardized process for the identification, assessment, and elevation of human rights risks."7Beyond failures of human rights due diligence, Microsoft's conduct also raises questions about compliance with its primary Codes of Conduct in the Microsoft Services Agreement. These codes prohibit illegal activity and any behavior that harms or threatens to harm others, particularly children. Continued contracts with state and non-state actors implicated in systematic human rights abuses and violations, including those contravening international humanitarian law, represent not only process failures in HRDD but also negligence in enforcing the company's basic user policies and standards.Further, the Company's actions may constitute Business and Human Rights standards norms breaches. Recently issued guidance by the Church of England and a consortium of institutional investors and human rights experts categorizes cases of "Company Breaches of Norms" as substantive failures involving direct or enabling complicity in human rights violations.8 According to their guidance, if Microsoft conducts ongoing business operations with nation states involved in numerous and continual human rights violations, this could constitute being categorized as a "Norms Breach Company", designated at the highest level of harm in terms of severity and irreversibility, exposing the Company to heightened shareholder scrutiny and potential exclusion from investment portfolios.The cumulative effect, despite the Company's claims to the contrary, is a risk management approach that is reac-tive and that does not assure investors or the public that high-risk client relationships are adequately assessed and monitored. This approach increases reputational, regulatory, and operational risks.

4HIGH-RISK CLIENTS AND JURISDICTIONS Microsoft recognizes that the nature and specific location of a customer can amplify risks, independently of the product offered requiring elevated scrutiny. Its Responsible AI Framework, for example, imposes limited access restrictions on certain products such as facial recognition tools when sold to government agencies.9 The Company's Global Human Rights Statement reaffirms its commitment to the UNGPs and emphasizes heightened due diligence for certain countries and HRIAs at both a product and corporate level.10 However, given repeated allegations of human rights issues, implementation appears to be uneven, particularly with respect to products such as Azure cloud storage, whose potential of being deployed in a manner harmful to people is less obvious than that of other AI tools, such as facial recognition. 2023 HRIA RECOMMENDED AN ASSESSMENT OF MICROSOFT'S MILITARY CONTRACTSFoley Hoag was commissioned by Microsoft (in response to a shareholder resolution) to conduct an independent HRIA, focused on Microsoft's licensing of cloud services (including those incorporating AI) to U.S. law enforcement (including agencies involved in policing and prisons) and immigration enforcement agencies.11 While the 2023 HRIA found no direct evidence that Microsoft's products and services caused or contributed to human rights harms, Foley Hoag made 23 recommendations. They included that the Company should "consider conducting theme-specific due diligence exercises or additional HRIAs focused on: [...]assessing the company's commercial relationships with military agencies and their impacts on BIPOC and other vulnerable communities..."12There is no public disclosure confirming that an HRIA has been done for military clients. These gaps underscore that HRDD practices (especially for high-risk client categories such as military agencies) are not sufficiently visible to investors or stakeholders.

5A PATTERN OF CONTROVERSY AND QUESTIONS ABOUT DUE DILIGENCEDespite the Company's claims that it carries out ongoing and proactive due diligence, there is a pattern of allega-tions over many years of involvement in facilitating civil and human rights abuses and human rights violations. This raises significant concerns for investors about the Company's oversight and HRDD processes.5CHINA: ENABLING MASS SURVEILLANCE IN XINJIANGIn September 2025 Associated Press13 reported that Microsoft provided cloud services to Landasoft, a Chinese surveillance company implicated in the repression of Uyghur Muslims in Xinjiang. According to the report, Landasoft registered accounts on Microsoft Azure in 2018 seeking to expand cloud offerings to police clients. Microsoft con-firmed that Landasoft accessed Azure through a self-service portal, which was retired in 2021, and stated that any data related to Landasoft was deleted. While factually accurate, the self-service framing does not remove Microsoft's responsibility under its own human rights policies: China represents a high-risk environment where, according to Microsoft's own policies, "heightened due diligence" should be carried out. Allowing a company with ties to repressive policing to access cloud services without proactive assessment raises questions about Microsoft's HRDD.In another example, Microsoft provided AI and cloud computing services and mentorship to Chinese startups, through its incubator program.14 After graduating the program, some companies have subsequently partnered with the Xinjiang police where their surveillance tools and support have reportedly been used by the Chinese government in its brutal oppression of the Uyghur population.15SAUDI ARABIA: CONCERNS OVER FACILITATING HUMAN RIGHTS VIOLATIONSAssessments from Freedom House and the U.S. State Department show that Saudi Arabia is a high-risk human rights environment.16 In 2023, Human Rights Watch called on Microsoft to suspend its investment in a new cloud data center region in Saudi Arabia until it can clearly demonstrate how it will mitigate the risk of facilitating serious human rights violations.17 The concern arises from the potential for Saudi authorities to obtain access to data stored in Microsoft's cloud data center, posing threats to human rights and privacy. In 2024 a shareholder resolution calling for a HRIA about the data center in Saudi Arabia and other countries with human rights concerns was filed by Ek? and received a third of the shareholder vote.18ISRAEL: FACILITATING MASS SURVEILLANCE OF CIVILIANS In 2019, Microsoft invested in AnyVision which faced scrutiny following media reports that its technology was used to surveil Palestinians who lived in the occupied West Bank.19 Microsoft hired a team from Covington & Burling and former US AG Eric Holder to investigate the claims.5

6Microsoft decided to divest from AnyVision despite investigation finding that the AnyVision technology was not used in mass surveillance.In 2025 Microsoft faced allegations that its Azure cloud and AI tools were used by the Israeli Military to carry out mass surveillance and cause civilian harm - see below for further details. UNITED STATES: HUMAN RIGHTS IMPACT ASSESSMENT OF LAW ENFORCEMENT CONTRACTSIn response to shareholder concerns, Microsoft commissioned a HRIA conducted by the law firm Foley Hoag LLP. The assessment, published in June 2023, examined the impact of Microsoft's cloud and artificial intelligence technologies licensed to U.S. federal and state law enforcement and immigration enforcement agencies. The HRIA found that while Microsoft has robust human rights policies, there are areas where the company can improve, particularly regarding its consulting services provided to law enforcement agencies, and offered recommendations on improving HRDD. MASS SURVEILLANCE OF CIVILIANS BY ISRAELI INTELLIGENCE AGENCYMicrosoft's recent announcement that it found "evidence that supports" Israel's Unit 8200 used its technologies in violation of the terms of service highlight weaknesses in the Company's HRDD and internal and external reviews.In early 2025, The Guardian20 and the Associated Press21 reported that Israel's military relied on Microsoft technology during its Gaza offensive, raising concerns that Azure cloud and AI tools could have been used in operations potentially posing risks to civilians. In response, Microsoft commissioned an internal review and engaged an external firm to undertake additional fact-finding. In May 2025, Microsoft announced that the review concluded there was "no evidence that Microsoft's Azure and AI technologies, or any of our other software, have been used to harm people or that IMOD has failed to comply with our terms of service or our AI Code of Conduct."22 However, the review's method-ology, scope, full final report, or even the name of the external law firm were not disclosed. The absence of key information including which staff were consulted and how much reliance was placed on staff assurances, what data was examined, and how civilian harm was defined and assessed, makes it difficult to evaluate the adequacy of the review. Further reporting from the Guardian and others also raises questions about the robustness of that review. In August 2025, a joint investigation by The Guardian,23 +972 Magazine,24 and Local Call25 alleged that Unit 8200, an Israeli military intelligence unit, had used Microsoft's Azure cloud to store roughly 200 million hours of Palestinian phone call recordings from Gaza and the West Bank. The data, described as stored in "a customized and segregated area within Azure," including data centers in the Netherlands and Ireland,26 was reportedly used to inform military targeting decisions, including operations that posed risks to civilians.

7The investigation, based on internal Microsoft documents and interviews with 11 sources from the Company and Israeli military intelligence, alleged that some Microsoft engineers were aware the data included raw intelligence, while Israel-based staff, including Unit 8200 alumni, appeared to understand the military objectives. The fact that evidence existed internally but was unavailable to the first review casts serious doubt on the adequacy of that assessment.Following this reporting, Microsoft commissioned a second external review, to be led by Covington & Burling LLP with independent consultancy assistance, to examine allegations of mass surveillance that could constitute a breach of its Terms of Service.27 Microsoft has not confirmed to date whether Covington & Burling was also the external firm involved in the first review. Microsoft has a long-standing commercial relationship with Covington & Burling LLP, and Microsoft's Vice Chair and President, Brad Smith, who oversees Microsoft's implementation of its human rights commitments,28 was once a partner at the law firm29 creating at least perception of a conflict of interest.Microsoft subsequently announced on September 25, 2025, that it would cancel the specific contract with the Israeli military while continuing to work with them as a client. While this demonstrates that credible risks of real-world harm existed and required Microsoft to take corrective action, it also confirms that the first review failed to identify them. After the cancellation, Brad Smith sent a note to staff emphasizing that the second review "...had not accessed any customer data but its findings were based on a review of internal Microsoft documents, emails and messages between staff"30 and credited the Guardian reporting for bringing to light "information we could not access in light of our customer privacy commitments."31 However, the Guardian's reporting relied in part on internal Microsoft documents indicating that information needed to assess risk was available internally during the first review but was not examined. The second review appeared to focus narrowly on whether cloud storage was used for mass surveillance, and seems not to explicitly address allegations that the stored data was used in military operations potentially harmful to civilians.32 The August 2025 reporting by The Guardian, +972 Magazine, and Local Call highlighted these risks and prompted the second review, yet Microsoft treats these allegations as distinct from those addressed by the first re-view. In reality, they are the same category of risks, demonstrating that the first review did not, at minimum, examine the internal documents later cited by the investigative reporting. Given that Microsoft has revised its assessment of violation of its terms of service, it is unclear why the allegations of civilian-harm are not also being revisited.The sequence of events highlights weaknesses in and unresolved questions about Microsoft's HRDD, oversight, review processes, and transparency when it comes to high-risk client relationships. The prudent course of action at this time is to formally assess the effectiveness of Microsoft's HRDD practices in preventing, identifying, and addressing customer misuse of Microsoft AI and cloud products or services that violate human rights or international humanitarian law.The Guardian, August 6, 2025+972 Magazine, August 6, 2025

8ADEQUACY OF EXISTING EXTERNAL INVESTIGATIONSMicrosoft's response to these allegations has followed a familiar pattern: commissioning external reviews that conclude with "no evidence" of misuse, but new allegations continue to arise. In 2020, Covington & Burling LLP found no breach in relation to Microsoft's investment in the Israeli surveillance firm AnyVision although the Company subsequently divested. In 2023, the Foley Hoag HRIA reached similar no evidence of harm findings regarding Microsoft's services and products by US law enforcement agencies. The first review into Israeli military contracts in early 2025 repeated this formula, concluding that Azure and AI technologies had not been used to harm civilians or violate Microsoft's terms of services. This pattern suggests structural deficiencies in Microsoft's HRDD including insufficient mechanisms to assess real-world impacts of high-risk clients, and raise questions about the scope and adequacy of external reviews. They are typically narrow in scope, and sometimes constrained by client agreements or Terms of Service that can limit disclosure, as seen in the Foley Hoag HRIA. Their opacity is heightened when methodologies, terms of reference, or full reports are withheld, making it impossible to assess rigor or scope, or where their conclusions amount to mere blanket statements (e.g., "found no evidence"), which provide little basis for stakeholders or investors to evaluate whether underlying risks have been materially reduced.Microsoft's deference to Terms of Service and customer privacy commitments to define what can be investigated reflects a choice that limits its own ability to assess potential human rights abuses using their products by high-risk clients.33 Even when investigative reporting identifies potential misuse, internal reviews may be constrained from fully examining the facts, creating structural gaps in HRDD.Investors should support an independent review of Microsoft's HRDD to ensure high-risk client use is properly assessed and potential human rights risks are effectively mitigated.

9MATERIAL RISKS FOR INVESTORSThe recurring nature of these allegations suggests systemic issues with Microsoft's HRDD practices especially when it comes to high-risk clients such as military agencies. Inadequate HRDD exposes Microsoft to material, legal, operational, and reputational risks.Microsoft's potential complicity in international crimes in Gaza has resulted in outspoken opposition from its own employees,34 a boycott and divestment campaign against the Company,35 severe reputational damage that may harm long-term shareholder value, and risks exposing the company to legal and regulatory penalties.? FINANCIAL PERFORMANCE RISK: ? Enterprises, governments, and other large customers may avoid association with companies under hu-man-rights or surveillance controversy. Loss of business, or demands for contract renegotiation and higher indemnification, can directly reduce revenue and margins. The UN Human Rights Council has highlighted the business risks of corporate complicity in conflict-affected areas.36? Meeting the criteria of a "Norms Breach Company" of international human rights standards, can expose the Company to shareholder action, engagement escalation, or exclusion from investment portfolios, which in turn can increase the Company's cost of capital.37? LEGAL AND REGULATORY RISK: If voice recordings obtained through mass surveillance of civilians are stored in any Microsoft Data Centers located in Ireland or the Netherlands, this will likely breach the EU's General Data Protection Regulation. If any of this data involves calls between people in the EU and in the West Bank or Gaza, this is likely an additional breach of the rights of EU citizens. The collection of this data does not appear to fall within any of the six legal grounds that allow for collection defined under the regulation. It is likely that com-plaints will be lodged with the EU lead's data protection authority - Ireland's Data Protection Commission - calling on the agency to investigate.The Dutch government announced they would "request further investigation", and if there are serious indica-tions of criminal offences, then the public prosecutor's office could decide to initiate legal proceedings.38It is also possible that efforts will be made to hold the company and/or its executives responsible in the courts if there is evidence of complicity in human rights violations. Universal jurisdiction, the principle that certain grave crimes (e.g., genocide, crimes against humanity) can be prosecuted irrespective of where they were committed or the nationality of perpetrators or victims, is increasingly being tested in the context of corporate complicity in human rights violations. This presents heightened legal and reputational risk for companies and their investors. Substantiated allegations such as misuse of cloud services, GDPR violations, or human rights harms could also increase perceived risk, raising equity risk premiums and pushing up the cost of debt as lenders incorporate litigation and regulatory exposure into credit spreads.399

10? OPERATIONAL RISK: Involvement in controversial partnerships that attract the attention of the media, civil society, and regulators can distract senior management from Microsoft's core business objectives. Employee protests and activism over controversial contracts can depress morale, erode trust in management, increase quits, and slow delivery in mission-critical teams.42 At a time when tech companies are competing intensely for key employees to win the competitive race on AI, Microsoft can ill afford to undermine its ability to acquire and retain top talent. ? REPUTATIONAL RISK: In June 2025, United Nations Special Rapporteur, Francesca Albanese, presented a new report - "From economy of occupation to economy of genocide"- to the United Nations' Human Rights Coun-cil, which names companies she says are profiting from, and therefore complicit in, war crimes and genocide in Gaza.43 She includes Microsoft, noting its decades-long involvement in Israel and the extensive access Micro-soft grants the Israeli government to its AI technologies, data analytics, and surveillance.44 Microsoft is facing repeated allegations of its products being used to facilitate human rights violations, which is drawing internal45 and external criticism46 which is itself continuously generating headlines which damage the company's brand and can erode public and customer trust. ? SYSTEMIC RISK: Microsoft is the second largest stock weights in the S&P 500, at ~6.4%,47 with a market capital-ization of roughly USD 3.8 trillion.48 When a company of this size suffers a reputational or legal shock, the effects ripple through index-tracking portfolios and pension funds. Exposure to Microsoft is often unavoidable for in-vestors. For diversified investors and "universal owners," these portfolio-level impacts of the Company's actions make it essential to monitor potential risks associated with Microsoft's operations and public perception. Addressing the costs of human rights violations may help protect shareholders from economy-wide risks, including those resulting from human rights abuses potentially associated with Microsoft's products. Market performance, and, accordingly, the long-term performance of diversified portfolios, depends on the health of the economy, which can be undermined when companies' activities create social and environmental costs that drag on GDP.49 Conflict and human rights violations can generate spillover effects that disrupt trade, investment, and financial markets beyond local economies.50 Reports indicate that Microsoft's technologies have been linked to LEGAL PROCEEDINGS INVOLVING CORPORATE ACCOUNTABILITY FOR ALLEGED COMPLICITY IN INTERNATIONAL CRIMESLundin Case (Sweden)On 11 November 2021, the Swedish public prosecutor formally charged the chief executive of Lundin Energy (formerly Lundin Petroleum) and the chairman of the Board for aiding and abetting war crimes that occurred between 1999 and 2003 in Sudan, now South Sudan. Both deny the allegations. The trial started on 5 September 2023 and the concluding pleas will be delivered in February and March 2026.40Lafarge Case (France)French cement company Lafarge is facing charges of complicity in crimes against humanity, and financing terrorism and violating an embargo.41 Between 2013 and 2014, Lafarge allegedly made payments to terrorist groups, including ISIS, to continue operations at its Syrian cement plant amidst the civil war.10

11military targeting and surveillance activities in Gaza, contributing to the destruction of infrastructure, the displacement of communities, and loss of life, factors that depress economic productivity and slow recovery. These dynamics not only weaken local economies but can ripple globally, heightening legal, reputational, and systemic risks, and threatening the long-term returns of diversified investors.51Shareholders need to be assured that the Company's strategy is not mispricing and undervaluing the risks associat-ed with continuing business with customers in violation of the Company's standards and policies. Continuing contracts that bear numerous and compounding material risks and costs to the Company should be weighed against the revenue gained by such contracts and the costs of adequate and efficient due diligence. Negligence to address these due diligence failures raises numerous issues related to the Company's Duty of Care to shareholders. Robust due diligence practices are essential to mitigate these risks. Given repeated allegations, an independent assessment of the effectiveness of the Company's HRDD processes and practices is needed. By taking proactive steps, Microsoft can safeguard its reputation, ensure compliance with international standards, and maintain investor confidence.CONCLUSIONMicrosoft acknowledges that client category and geographic location impact likelihood of product misuse and human rights impacts. Yet it has not demonstrably consistently translated this awareness into systematic, heightened HRDD. External assessments, such as the Foley Hoag HRIA, have explicitly recommended assessing the company's relationship with military agencies and working with stakeholders to discuss priorities for future HRDD but the company has not publicly committed to fully implementing these recommendations. A stream of accusa-tions and the Company's recent decision to cancel one of its contracts with the Israeli military strongly suggest that Microsoft's current, largely reactive measures to allegations of human rights abuses by customers are inadequate. Without a comprehensive, systematic approach to due diligence, shareholders remain exposed to significant material, financial, legal & regulatory, and reputational risks. Supporting the 2025 shareholder resolution is therefore prudent.

12DISCLAIMERNone of Ek?, Investor Advocates for Social Justice (IASJ), Center for Middle East Investment (CMEI), nor Racial Justice Investing (RJI) are investment or financial advisors, and do not make any representation regarding the advisability of investing in any particular company or investment fund or vehicle. A decision to invest in any such investment fund or entity should not be made in reliance on any of the statements set forth in this briefing. While Ek?, IASJ, CMEI, and RJI have obtained information believed to be reliable, they shall not be liable for any claims or losses of any nature in connection with information contained in this document, including but not limited to, lost profits or punitive or consequential damages. This publication should not be viewed as a comprehensive guide of all questions an investor should ask an institution, but rather as a starting point for questions specifically related to the issues presented in this publication. The opinions expressed in this publication are based on the documents specified in the endnotes. We encourage readers to read those documents.CONTACT DETAILSTo connect with the authors of this report, please email microsoft@eko.org.1 Harry Davies and Yuval Abraham, "Microsoft Blocks Israel's Use of Its Technology in Mass Surveillance of Palestinians," The Guardian, September 25, 2025, https://www.theguardian.com/world/2025/sep/25/microsoft-blocks-israels-use-of-its-technology-in-mass-surveillance-of-palestinians2 Imogen Foulkes, "UN Expert Calls for Companies to Stop Doing Business with Israel," BBC News, July 3, 2025, https://www.bbc.com/news/articles/cx2039xpv87o Francesca Albanese, From Economy of Occupation to Economy of Genocide: Report of the Special Rapporteur on the Situation of Human Rights in the Palestinian Territories Occupied Since 1967 (A/HRC/59/23, United Nations, July 2025), https://www.un.org/unispal/document/a-hrc-59-23-from-econo-my-of-occupation-to-economy-of-genocide-report-special-rapporteur-francesca-albanese-palestine-2025/3 United Nations Office of the High Commissioner for Human Rights, Guiding Principles on Business and Human Rights: Implementing the United Nations "Protect, Respect and Remedy" Framework (New York / Geneva: United Nations, 2011), https://www.ohchr.org/sites/default/files/documents/publications/guidingprinciplesbusinesshr_en.pdf4 United Nations Office of the High Commissioner for Human Rights, Guiding Principles on Business and Human Rights: Implementing the United Nations "Protect, Respect and Remedy" Framework (New York / Geneva: United Nations, 2011), https://www.ohchr.org/sites/default/files/documents/publications/guidingprinciplesbusinesshr_en.pdf5 Microsoft, Microsoft's Commitment to Human Rights ([May 2025]), https://msblogs.thesourcemediaassets.com/sites/5/2025/05/Microsofts-Commit-ment-to-Human-Rights.pdf6 Foley Hoag, Human Rights Impact Assessment of Microsoft's Enterprise Cloud and AI Technologies Licensed to U.S. Law Enforcement Agencies, prepared for Microsoft (Redmond, WA: Microsoft, June 2023), 24, https://cdn-dynmedia1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Human-Rights-Impact-Assessment-Li-censed-Technologies.pdf7 Foley Hoag, Human Rights Impact Assessment of Microsoft's Enterprise Cloud and AI Technologies Licensed to U.S. Law Enforcement Agencies, prepared for Microsoft (Redmond, WA: Microsoft, June 2023), 24, https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Human-Rights-Impact-Assessment-Li-censed-Technologies.pdf8 Church of England. Investor Initiative on Human Rights Data (II-HRD) Report ? September 2025. London: Church of England, 2025. Available at: https://www.churchofengland.org/sites/default/files/2025-09/ii-hrd-report-september-2025.pdf The Investor Initiative on Human Rights Data (II-HRD) is a collaborative effort among institutional investors, including the Church Commissioners for En-gland, Aviva Investors, and Scottish Widows, working with the Investor Alliance for Human Rights and other experts to improve corporate human rights data and integrate it systematically into investment and stewardship decisions.9 Microsoft, Responsible AI Transparency Report 2025 (Redmond, WA: Microsoft, 2025), 25, https://cdn-dynmedia-1.microsoft.com/is/content/microsoft-corp/microsoft/msc/documents/presentations/CSR/Responsible-AI-Transparency-Report-2025-vertical.pdf10 Microsoft, Microsoft Global Human Rights Statement, accessed September 21, 2025, https://www.microsoft.com/en-us/corporate-responsibility/hu-man-rights-statement#tab-foundational-principles11 Foley Hoag, Human Rights Impact Assessment of Microsoft's Enterprise Cloud and AI Technologies Licensed to U.S. Law Enforcement Agencies, prepared for Microsoft (Redmond, WA: Microsoft, June 2023), https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presenta-tions/CSR/Human-Rights-Impact-Assessment-Licensed-Technologies.pdf Military agencies were explicitly excluded from the HRIA at Microsoft's request, creating an obvious and significant gap. The report was also criticized by Open Mic for "ignor[ing] the latest guidance regarding human rights expectations in the tech sector?".12 Foley Hoag, Human Rights Impact Assessment of Microsoft's Enterprise Cloud and AI Technologies Licensed to U.S. Law Enforcement Agencies, prepared for Microsoft (Redmond, WA: Microsoft, June 2023), 50, https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/pre-sentations/CSR/Human-Rights-Impact-Assessment-Licensed-Technologies.pdf

1313 Michael Biesecker, "How Silicon Valley Enabled China's Digital Police State," Associated Press, September 9, 2025, https://apnews.com/article/chi-nese-surveillance-silicon-valley-uyghurs-tech-xinjiang-8e000601dadb6aea230f18170ed54e8814 Joanna Chiu, "Chinese Startups Supported by Microsoft and Google Incubator Programs Worked with Police," Rest of World, November 19, 2024, https://restofworld.org/2024/microsoft-google-chinese-startup-incubator-police-surveillance/15 Joanna Chiu, "Chinese Startups Supported by Microsoft and Google Incubator Programs Worked with Police," Rest of World, November 19, 2024, https://restofworld.org/2024/microsoft-google-chinese-startup-incubator-police-surveillance/16 U.S. Department of State, 2024 Country Reports on Human Rights Practices: Saudi Arabia, accessed September 21, 2025, https://www.state.gov/re-ports/2024-country-reports-on-human-rights-practices/saudi-arabia#:~:text=Significant%20human%20rights%20issues%20included,restrictions%20on%20freedom%20of%20expressionFreedom House, Freedom in the World 2025: Saudi Arabia, accessed September 21, 2025, https://freedomhouse.org/country/saudi-arabia/free-dom-world/202517 Human Rights Watch, "Saudi Arabia: Microsoft Should Hold Off on Data Center," Human Rights Watch, April 13, 2023, https://www.hrw.org/news/2023/04/13/saudi-arabia-microsoft-should-hold-data-center?18 Microsoft Corporation, Form 8-K: Current Report, filed December 10, 2024, U.S. Securities and Exchange Commission,https://www.sec.gov/Archives/edgar/data/789019/000119312524275524/d865252d8k.htm?19 Dastin, Jeffrey, "Microsoft to Divest AnyVision Stake, End Face Recognition Investing," Reuters, March 28, 2020, accessed September 24, 2025, https://www.reuters.com/article/technology/microsoft-to-divest-anyvision-stake-end-face-recognition-investing-idUSKBN21E3BA/20 Harry Davies and Yuval Abraham, "Revealed: Microsoft Deepened Ties with Israeli Military to Provide Tech Support During Gaza War," The Guardian, Janu-ary 23, 2025, https://www.theguardian.com/world/2025/jan/23/israeli-military-gaza-war-microsoft21 Sam Mednick, Garance Burke, and Michael Biesecker, "How US Tech Giants Supplied Israel with AI Models, Raising Questions about Tech's Role in War-fare," Associated Press, February 18, 2025, https://apnews.com/article/israel-palestinians-ai-weapons-430f6f15aab420806163558732726ad922 Microsoft, "Microsoft Statement on the Issues Relating to Technology Services in Israel and Gaza," Microsoft On the Issues, May 15, 2025, https://blogs.microsoft.com/on-the-issues/2025/05/15/statement-technology-israel-gaza/23 Harry Davies and Yuval Abraham, "Microsoft Launches Inquiry into Claims Israel Used Its Tech for Mass Surveillance of Palestinians," The Guardian, August 15, 2025, https://www.theguardian.com/world/2025/aug/15/microsoft-launches-inquiry-claims-israel-used-tech-mass-surveillance-palestinians?24 Yuval Abraham, "Microsoft Storing Israeli Intelligence Trove Used to Attack Palestinians," +972 Magazine, August 6, 2025, https://www.972mag.com/mic-rosoft-8200-intelligence-surveillance-cloud-azure/25 Abraham, Yuval. "?????? ????? ????: ????? ?? 8200 ?? ???? ????????? ???"? [A Million Calls an Hour: 8200's Database on Microsoft Servers Abroad]." Shi-cha Mekomit, August 6, 2025, https://www.mekomit.co.il/%d7%9e%d7%99%d7%9c%d7%99%d7%95%d7%9f-%d7%a9%d7%99%d7%97%d7%95%d7%aa-%d7%91%d7%a9%d7%a2%d7%94-%d7%94%d7%9e%d7%90%d7%92%d7%a8-%d7%a9%d7%9c-8200-%d7%a2%d7%9c-%d7%a9%d7%a8%d7%aa%d7%99-%d7%9e%d7%99/26 Yuval Abraham, "Microsoft Storing Israeli Intelligence Trove Used to Attack Palestinians," +972 Magazine, August 6, 2025, https://www.972mag.com/mic-rosoft-8200-intelligence-surveillance-cloud-azure/27 Microsoft, "Microsoft Statement on the Issues Relating to Technology Services in Israel and Gaza," Microsoft On the Issues, August 15, 2025, https://blogs.microsoft.com/on-the-issues/2025/05/15/statement-technology-israel-gaza/28 Microsoft, "Microsoft Global Human Rights Statement," accessed September 21, 2025, https://www.microsoft.com/en-us/corporate-responsibility/hu-man-rights-statement?#tab-internal-governance29 Brad Smith, "Brad Smith - Vice Chair and President at Microsoft Corporation," LinkedIn, accessed September 21, 2025, https://www.linkedin.com/in/brad-smith30 Harry Davies and Yuval Abraham, "Microsoft Blocks Israel's Use of Its Technology in Mass Surveillance of Palestinians," The Guardian, September 25, 2025, https://www.theguardian.com/world/2025/sep/25/microsoft-blocks-israels-use-of-its-technology-in-mass-surveillance-of-palestinians31 Harry Davies and Yuval Abraham, "Microsoft Blocks Israel's Use of Its Technology in Mass Surveillance of Palestinians," The Guardian, September 25, 2025, https://www.theguardian.com/world/2025/sep/25/microsoft-blocks-israels-use-of-its-technology-in-mass-surveillance-of-palestinians32 Microsoft, "Microsoft Statement on the Issues Relating to Technology Services in Israel and Gaza," Microsoft On the Issues, August 15, 2025, https://blogs.microsoft.com/on-the-issues/2025/05/15/statement-technology-israel-gaza/33 Harry Davies and Yuval Abraham, "Microsoft Blocks Israel's Use of Its Technology in Mass Surveillance of Palestinians," The Guardian, September 25, 2025, https://www.theguardian.com/world/2025/sep/25/microsoft-blocks-israels-use-of-its-technology-in-mass-surveillance-of-palestinians34 No Azure for Apartheid, No Azure for Apartheid Petition, accessed September 21, 2025, https://noazureforapartheid.com/petition/35 BDS Movement, Boycott Microsoft Petition, accessed September 21, 2025, https://bdsmovement.net/microsoft36 Francesca Albanese, From Economy of Occupation to Economy of Genocide: Report of the Special Rapporteur on the Situation of Human Rights in the Palestinian Territories Occupied Since 1967 (A/HRC/59/23, United Nations, July 2025), https://www.un.org/unispal/document/a-hrc-59-23-from-econo-my-of-occupation-to-economy-of-genocide-report-special-rapporteur-francesca-albanese-palestine-2025/ 37 Philipp Krüger, "Corporate Goodness and Shareholder Wealth," Journal of Financial Economics 115, no. 2 (2015): 304?329. https://doi.org/10.1016/j.jfine-co.2014.09.00838 Harry Davies, "Activists in Netherlands Protest on Roof of Microsoft Site Storing Israeli Military Data," The Guardian, August 10, 2025, https://www.theguardian.com/world/2025/aug/10/activists-in-netherlands-protest-on-roof-of-microsoft-site-storing-israeli-military-data

1439 Andrew Goss and Gregory S. Roberts, "The Impact of Corporate Social Responsibility on the Cost of Bank Loans," Journal of Banking & Finance 35, no. 7, 1794?1810, 2011, https://doi.org/10.1016/j.jbankfin.2010.12.002Bing Zheng, "An Empirical Study of the Impact of Corporate Social Responsibility on the Cost of Debt," SSRN Working Paper, Social Science Research Net-work, 2021, https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID3833171_code4681707.pdf?abstractid=383317140 Business & Human Rights Resource Centre, "Lundin Petroleum Lawsuit (Re Complicity in War Crimes, Sudan)," accessed September 21, 2025, https://www.business-humanrights.org/en/latest-news/lundin-petroleum-lawsuit-re-complicity-war-crimes-sudan/41 European Center for Constitutional and Human Rights (ECCHR), "Lafarge in Syria," January 16, 2024, https://www.ecchr.eu/en/press-release/la-farge-in-syria42 Empirically, firms with higher employee satisfaction and perceived managerial trustworthiness deliver stronger long-run stock returns and profitability. See: Alex Edmans, 2011. "Does the Stock Market Fully Value Intangibles? Employee Satisfaction and Equity Prices." Journal of Financial Economics 101, no. 3: 621?640,. DOI: 10.1016/j.jfineco.2011.03.021. (publisher/abstract) https://www.sciencedirect.com/science/article/pii/S0304405X1100086943 Imogen Foulkes, "UN Expert Calls for Companies to Stop Doing Business with Israel," BBC News, July 3, 2025, https://www.bbc.com/news/articles/cx2039xpv87o; Francesca Albanese, From Economy of Occupation to Economy of Genocide: Report of the Special Rapporteur on the Situation of Human Rights in the Palestinian Territories Occupied Since 1967 (A/HRC/59/23, United Nations, July 2025), https://www.un.org/unispal/document/a-hrc-59-23-from-econo-my-of-occupation-to-economy-of-genocide-report-special-rapporteur-francesca-albanese-palestine-2025/44 Francesca Albanese, From Economy of Occupation to Economy of Genocide: Report of the Special Rapporteur on the Situation of Human Rights in the Palestinian Territories Occupied Since 1967 (A/HRC/59/23, United Nations, June 2025), https://www.ohchr.org/en/documents/country-reports/ahrc5923-economy-occupation-economy-genocide-report-special-rapporteur45 No Azure for Apartheid, No Azure for Apartheid Petition, accessed September 21, 2025, https://noazureforapartheid.com/petition/ Timothy Pratt, "Microsoft Faces Growing Unrest over Role in Israel's War on Gaza: ?Close to a Tipping Point'," The Guardian, April 18, 2025, https://www.theguardian.com/technology/2025/apr/18/microsoft-ai-israel-gaza-war46 Joe Taysom, "Brian Eno Pleads with Microsoft to Cut Ties with Israel," Far Out Magazine, May 21, 2025, https://faroutmagazine.co.uk/brian-eno-pleads-mi-crosoft-cut-ties-with-israel/47 Slickcharts, "S&P 500 Companies by Weight," accessed September 26, 2025, https://www.slickcharts.com/sp500 48 MarketBeat, "Indiana Trust & Investment Management Co Lowers Stake in Microsoft Corporation," September 18, 2025, https://www.marketbeat.com/instant-alerts/filing-indiana-trust-investment-management-co-sells-542-shares-of-microsoft-corporation-msft-2025-09-1549 Principles for Responsible Investment & UNEP Finance Initiative, "Universal Ownership: Why Environmental Externalities Matter to Institutional Investors," Appendix IV, available at https://www.unepfi.org/fileadmin/documents/universal_ownership_full.pdf.50 Institute for Economics & Peace, Business & Peace Report 2021: Peace: A Good Predictor of Economic Success(Sydney: Institute for Economics & Peace, May 2021), PDF, https://www.economicsandpeace.org/wp-content/uploads/2021/05/BAP-2021-web.pdf51 Principles for Responsible Investment & UNEP Finance Initiative, "Universal Ownership: Why Environmental Externalities Matter to Institutional Investors," Appendix IV, available at https://www.unepfi.org/fileadmin/documents/universal_ownership_full.pdf.

Email to Proxy Advisors and Asset Managers

Dear INSTITUTION,

I hope you are well. My name is Aaron Acosta, and on behalf of lead proponents Religious of the Sacred Heart of Mary Charitable Trust and the Sisters of the Sacred Heart of Mary and 57 additional co-filers, we respectfully request your support for our shareholder proposal at Microsoft Corporation (MSFT), which can be found here. We would welcome the opportunity to meet to discuss the proposal in greater detail.

The proposal asks Microsoft to publish a report, assessing the effectiveness of its human rights due diligence (“HRDD”) processes in preventing, identifying, and addressing customer misuse of Microsoft artificial intelligence (“AI”) and cloud products or services that violates human rights or international humanitarian law. You can find our exempt solicitation, which explains the material risks, here.

We believe support for this shareholder resolution is warranted because Microsoft’s current HRDD appears insufficient in preventing, identifying, and addressing customer misuse of its technologies and services. This was highlighted most recently by the Company’s decision to terminate one of its contracts with the Israeli military, following a journalistic investigation that revealed its technologies had been employed in mass surveillance of Palestinians. Notably, it was the journalistic investigation, not Microsoft’s HRDD, that brought to light the customer misuse. Our exempt solicitation shows that this example of ineffective HRDD is just one of many cases in which the Company’s technologies and services have been used to violate human rights and international humanitarian law, underscoring the importance of the requested report on the effectiveness of Microsoft’s HRDD.

Ineffective HRDD exposes investors to material risks, including:

● Financial Risk: potential loss of revenue or increased cost of capital, potential portfolio impacts for investors due to S&P 500 weighting.

● Legal and Regulatory Risk: potential financial liability for the Company under EU laws; potential criminal liability for the Company and its executives for complicity in human rights violations.

● Operational Risk: negative impacts on key talent recruitment and retention; distractions of senior management from core business.

● Reputational Risks: Microsoft named by UN Special Rapporteur as profiting from, and therefore complicit in, war crimes and genocide in Gaza. Risk of eroding public and customer trust.

We would welcome the opportunity to discuss the shareholder resolution with you. Thank you for your time and attention, and we look forward to hearing from you.

Best Regards,

Aaron