Google and Amazon: Acknowledged Risks, and Ignored Responsibilities

•April 2, 2026

Electronic Frontier Foundation — Deeplinks —•Apr 2, 2026

Key Takeaways

•Project Nimbus supplies Israeli defense with cloud and AI services.
•Google and Amazon ignored EFF's human rights requests.
•Internal assessments flagged abuse risks before contract signing.
•No public impact assessment or transparency from either company.
•Inaction risks reputational damage and regulatory scrutiny.

Summary

Human rights groups have pressed Google and Amazon to address the risks of Project Nimbus, a cloud and AI contract with Israel’s Ministry of Defense and Security Agency. Despite internal warnings and mounting media reports linking the services to potential surveillance and military use, both firms have offered no substantive response or transparency. In contrast, Microsoft only acted after a public leak exposed misuse of its own services. The article calls for immediate independent impact assessments, disclosure of monitoring practices, and suspension of high‑risk services.

Pulse Analysis

Cloud providers have become essential partners for governments seeking scalable computing power, artificial‑intelligence tools, and real‑time data analytics. Project Nimbus, the multi‑year agreement that places Google Cloud and Amazon Web Services at the core of Israel’s Ministry of Defense and Security Agency operations, exemplifies this trend. While the contract promises advanced services such as large‑scale storage, image‑recognition APIs, and custom AI model training, it also raises red flags under international human‑rights standards that prohibit technology enabling surveillance or targeting civilians.

NGOs and legal scholars argue that the very capabilities offered can be repurposed for military intelligence, making proactive due‑diligence a non‑negotiable requirement. Google and Amazon’s silence, despite internal risk assessments and a cascade of investigative reporting, contrasts sharply with Microsoft’s reluctant response after a whistle‑blower leak forced a public review of its own Israeli contracts. The lack of an independent impact assessment or transparent monitoring plan leaves both firms exposed to potential violations of their published AI Principles and human‑rights commitments, inviting regulatory probes in the European Union and heightened scrutiny from socially‑responsible investors. In an era where ESG metrics increasingly influence capital allocation, any perception of willful blindness can translate into tangible financial penalties and brand erosion.

Stakeholders are now urging the companies to commission an independent human‑rights impact study, disclose the criteria used to vet high‑risk contracts, and suspend services where credible abuse risks exist, even absent definitive proof. Such proactive steps would align operational practices with the ethical frameworks that underpin their AI Principles and could mitigate looming legal challenges. As governments worldwide tighten export‑control regimes for dual‑use technologies, cloud providers that demonstrate rigorous due‑diligence are likely to retain market access and investor confidence, while those that remain opaque risk being sidelined.