Here is a scene that keeps repeating. Representatives gather — CEOs, archbishops, prime ministers, tech executives. They sign a document. Photographers capture the moment. Press releases go out about shared values, human dignity, algorithmic responsibility. Everyone flies home.

Then absolutely nothing changes.

Surveillance expands. Flawed medical algorithms spread through hospital networks without real validation. Governments automate life-altering decisions about immigration, welfare, and policing using systems nobody has audited. The companies involved keep growing, keep collecting revenue, and return next year to sign the next pledge.

This isn’t cynicism. It’s the documented record. And the Rome Call for AI Ethics — the world’s most prominent faith-backed framework for responsible AI — is Exhibit A.

What the Rome Call Actually Is

The Rome Call for AI Ethics launched in February 2020, when the Vatican’s Pontifical Academy for Life co-signed a declaration alongside Microsoft, IBM, the Food and Agriculture Organization, and the Italian government. Its six founding principles — transparency, inclusion, accountability, impartiality, reliability, and security — sound like the kind of thing reasonable people would agree on over dinner.

The concept at its center, “algorethics,” was coined by Fr. Paolo Benanti, scientific director of the Vatican’s RenAIssance Foundation. The idea: ethics baked into algorithms from day one, not bolted on afterward as a PR function. Noble in theory. In 2021, Pope Francis established the RenAIssance Foundation specifically to guard and promote the Call.

Key Fact

The Rome Call is not legally binding. Signatories make a voluntary moral commitment. There are no compliance reports, no audits, no penalties for violations, and no mechanism to remove a signatory caught violating its principles. The framework, in its own words, “relies on good faith implementation.”

By July 2024, the initiative had expanded dramatically. At a ceremony in Hiroshima, eleven world religions signed on — Buddhist, Hindu, Islamic, Jewish, and others. Sixteen new institutional signatories joined. Qualcomm became the latest major tech signatory in June 2025. The Rome Call has become, by any measurement, the most diverse and widely supported AI ethics framework on earth.

It has also remained, in every measurable way, completely ineffective at changing behavior.

11 World religions signed the Rome Call at Hiroshima, July 2024
0 Enforcement mechanisms in the agreement
67% Of real sepsis cases missed by AI deployed across U.S. hospitals
3.5× Growth in ICE’s Microsoft cloud data, July 2025 – January 2026

Case Study 1: Microsoft, the Rome Call, and the ICE Surveillance Explosion

Case 01 / Corporate Accountability

Microsoft president Brad Smith was one of the original signatories of the Rome Call in 2020. The company has since positioned itself — in the words of the New York Times — as “the industry’s moral conscience,” with Satya Nadella and Smith emerging as “some of the most outspoken advocates in the industry for protecting user privacy and establishing ethical guidelines for new technology.”

Hold that framing while you look at what happened in the eight months following the Hiroshima ceremony.

According to investigative reporting published in February 2026, ICE — the U.S. Immigration and Customs Enforcement agency — more than tripled the amount of data it stored on Microsoft’s Azure cloud servers, jumping from 400 terabytes to 1,400 terabytes between July 2025 and January 2026. The data spike coincided with Congress awarding ICE a $75 billion budget increase in July 2025, making it the most heavily funded law enforcement agency in the country.

What the Data Shows

Leaked documents indicate ICE was using Microsoft Azure’s AI Video Indexer and Azure Vision tools — capable of analyzing images, detecting faces, emotions, and objects in audio and video files — during this same period. Microsoft told employees it “does not presently maintain AI services contracts tied specifically to enforcement activities.” This is a narrower statement than it sounds. It does not address what ICE does with its data once stored on Azure infrastructure.

This tension goes back further than 2025. In January 2018, Microsoft announced an ICE partnership, with an executive boasting that Azure Government would “utilize deep learning capabilities to accelerate facial recognition and identification” and handle “ICE’s most sensitive unclassified data.” When employees protested and the public pushed back over family separation policies, CEO Nadella said the engagement was only about “legacy mail, calendar, messaging and document management.” Both things were said by Microsoft, six months apart. The company signed the Rome Call two years later.

It gets more specific. The ICE surveillance apparatus in 2025 and 2026 is not a legacy IT setup. ICE awarded Clearview AI a $9.2 million contract for facial recognition. It deployed “Mobile Fortify,” an app that lets agents point phones at people’s faces on the street and instantly identify them against 200 million photos from state driver’s license databases. It used Palantir’s Investigative Case Management system — built on a $95.9 million contract — to filter people by immigration status, physical characteristics, criminal affiliation, and location. It purchased Paragon spyware to read encrypted messages without any click from the target. And throughout this entire buildup, Microsoft’s cloud infrastructure remained the backbone.

Microsoft has maintained it does not believe ICE is engaged in “mass surveillance of civilians.” The definition of “mass” and the definition of “surveillance” are apparently doing a lot of work in that sentence.

The Rome Call principles include transparency, accountability, and respect for privacy. No audit of Microsoft’s role in this system has been called for under the Rome Call framework. No statement has been issued. No signatory has raised the issue publicly in the context of the pledge.

“Ethics without enforcement is not naive. It is complicit. It enables harm to spread without consequence.”

Case Study 2: The Sepsis Algorithm and the Patient Nobody Warned

Case 02 / Healthcare AI

The promise was straightforward: AI can detect sepsis earlier than humans, saving thousands of lives. Sepsis is a systemic response to infection that kills fast — hours matter — and early detection genuinely saves lives. So when Epic Systems released its Sepsis Prediction Model and hospital systems began deploying it, the logic was compelling.

The performance data was not.

Independent external validation, published in peer-reviewed literature and subsequently confirmed by multiple research groups, found that Epic’s model missed approximately 67% of actual sepsis cases at its recommended alert threshold. Simultaneously, it generated alerts for 18% of all hospitalized patients — most of them false positives. In practical terms: physicians had to review 109 alerts to identify one patient who genuinely needed intervention.

Clinicians began ignoring the alerts. Which is exactly the rational response to a system crying wolf that often. But that creates its own catastrophic risk: what happens to the one real case buried inside the 108 false alarms?

From the Peer-Reviewed Record

Research published in JAMA Internal Medicine and confirmed by subsequent systematic reviews found the Epic Sepsis Model was deployed across hundreds of U.S. hospitals without randomized evidence of effectiveness. The 2024 Lancet Digital Health systematic review examined 2,582 records of medical AI studies and found only 18 randomized controlled trials meeting criteria for patient-relevant outcomes — and of those, 58% failed to document adverse events at all.

Since mid-2024, over 10,000 AI-related safety incidents have been reported in healthcare settings. The three primary failure modes: algorithmic bias that worsens clinical disparities, data drift (where the real world gradually diverges from training data, silently degrading accuracy), and system integration failures that disrupt workflows rather than improving them.

The EU AI Act of 2024 now classifies medical AI systems as “high risk” and requires stricter validation before deployment. The WHO has issued ethical guidance on AI in health. The U.S. FDA regulates adaptive AI as a medical device. None of these frameworks existed when the Epic model was deployed at scale across hospital systems — including Catholic-affiliated hospital networks whose parent organizations had signed the Rome Call.

A healthcare AI tool with a 67% miss rate on the condition it’s supposed to detect should be withdrawn or rebuilt. In many hospitals, it wasn’t. That’s not a technology story. It’s a governance story.

The upside went to shareholders. The downside went to patients.

The Pattern: How the Ethics Industry Works

Look at enough of these cases and a consistent structure emerges. It isn’t a bug. It’s the business model.

01

Ceremony Replaces Control

Pledges get signed with significant fanfare. Systems get deployed without any validation against the pledge’s principles. Nobody checks compliance because there is no compliance mechanism. The ceremony is the product — it exists to be photographed, not enforced.

02

Violations Go Without Consequence

No penalties. No recalls. No expulsion from the signatory list. No legal exposure. Companies absorb harm costs — when they’re forced to — as operational expenses. The harm is borne by patients, migrants, job applicants, people flagged by predictive policing. Not by the companies whose tools created it.

03

Institutions Trade Relevance for Enforcement

Religious and institutional leaders gain something real from these partnerships: access, visibility, a seat at the table. Confronting a major signatory would cost all of that. So they don’t. They continue issuing principles. They get invited to the next summit. The cycle restarts.

04

The Language Expands as the Harm Grows

This is the detail that stings. The Rome Call has more signatories now than ever. The statements are more elaborate. The ceremonies are more diverse. Meanwhile, ICE’s surveillance apparatus is larger than it has ever been, hospital AI is less validated than it was in 2020, and global facial recognition deployment has expanded to every inhabited continent.

The Regulatory Reality: Binding Law vs. Voluntary Pledges

It’s worth being precise about what actually exists in terms of enforceable AI governance — because some genuinely meaningful law has emerged alongside the pledge-signing.

Framework Binding? Enforcement? Penalties? Covers Medical AI?
EU AI Act (2024) Yes Yes Up to €35M / 7% revenue Yes (high-risk)
Rome Call for AI Ethics No No None Guidance only
WHO AI Ethics Guidelines No No None Guidance only
U.S. FDA (Adaptive AI devices) Yes Yes Device recalls possible Partial
U.S. Executive Orders (AI) No Limited None Federal agencies only

The EU AI Act is real law. It classifies medical AI as high risk, mandates transparency requirements, and carries penalties that actually scale with company size. If it’s enforced — a critical condition — it represents the kind of teeth that voluntary frameworks entirely lack.

But the EU AI Act doesn’t cover U.S. hospital systems. It doesn’t cover ICE procurement. And research published in 2024 found that even binding ethical guidelines fail when enforcement mechanisms are under-resourced or politically blocked.

What Real Accountability Would Look Like

The honest version of this article doesn’t end with “things are terrible.” It ends with a specific answer to the question: what would actually work?

The gap between ethical AI pledges and ethical AI outcomes is not a mystery. It’s a power problem. Companies don’t change behavior when the cost of misbehaving is lower than the cost of complying. Right now, signing the Rome Call is cheaper than building genuine oversight infrastructure. So that’s what companies do.

Accountability with actual force looks like this:

Enforcement Framework: What Needs to Exist

Public compliance reports. If you signed a pledge, publish annual evidence of what you did to honor it. Audited, not self-reported.

Independent algorithm audits. Third-party, technically competent, with access to actual model performance data — not PR summaries. The EU AI Act points in this direction for high-risk systems.

Public violation registries. A named list of organizations that signed ethics frameworks and demonstrably violated them. Reputational cost is real when it’s specific and documented.

Procurement leverage. Hospital systems, universities, and government agencies that care about ethics can refuse to buy AI products from vendors who fail independent audits. That’s a market signal the industry cannot ignore.

Divestment pressure. Institutional investors — including faith-based endowments whose institutions signed the Rome Call — can tie capital allocation to verified ethics compliance, not voluntary pledges.

Notice what each of these has in common: cost. Real cost, specific and unavoidable, attached to real behavior. Not philosophical disappointment. Not a strongly worded letter. Cost.

Which is exactly why none of these things exist under the Rome Call framework. Implementing them would require confronting the companies that provide access and funding to the institutions promoting the framework. The incentive runs directly against enforcement.

Why Moral Voices Have Failed — and How They Could Matter

Most of the world identifies with a religious tradition. When religious institutions speak on technology governance, they reach audiences that secular regulators and tech journalists do not. That’s a genuine form of power.

The Rome Call understood this. Bringing eleven world religions to Hiroshima was not theater for the sake of theater — it was an attempt to build a moral coalition with genuine cultural weight. The problem isn’t the ambition. The problem is what the coalition is actually asked to do.

Right now, institutional signatories are asked to: attend summits, sign documents, and continue their relationships with technology companies. They are not asked to: withhold endorsement from companies that violate the principles, publish accountability reports, or use procurement leverage against offenders. The framework asks for presence, not action.

That could change. Faith-based hospital networks are major healthcare AI customers. University systems affiliated with religious institutions are major research and procurement actors. If those entities started using their purchasing power to demand verified compliance rather than voluntary pledges, the economics shift. Rapidly.

Until they do, the Rome Call will remain what it is: an elaborate ceremony that gives companies exactly what they need — moral cover — in exchange for nothing they fear losing.

The Bottom Line

Let me be direct about what the evidence shows.

Microsoft signed the Rome Call in 2020 and is currently providing the cloud infrastructure that stores 1,400 terabytes of data for an agency running facial recognition operations, phone location tracking, and AI video analysis across the country. No accountability under the Rome Call framework has followed.

Hundreds of U.S. hospitals deployed a sepsis algorithm that missed two thirds of actual cases and flooded doctors with false alarms. Over 10,000 AI safety incidents have been reported in healthcare since mid-2024. The algorithm was deployed without randomized evidence of effectiveness. The Rome Call principles include accountability and reliability. No accountability under the Rome Call framework has followed.

This pattern — pledge, deploy, harm, no consequence — is not a failure of the Rome Call. It’s the Rome Call working exactly as designed. It was never designed to stop harm. It was designed to demonstrate concern about harm. Those are very different things.

AI systems are now deployed in border surveillance, clinical decision-making, predictive policing, and automated governance at a scale that would have seemed implausible in 2020 when the Call was signed. The window to establish meaningful governance — the kind with actual teeth — is not permanently open.

If the institutions that signed the Rome Call want to matter in how AI is governed, they have a choice to make. Keep attending summits. Or start enforcing something.

Those two options are not compatible.

“The problem is not a gap between ideals and reality. This is the business model — companies get reputational filtering, institutions get influence, politicians get applause, and vulnerable people absorb the harm.”