Morrisons Digital Audit

Audit Phase: V-DIG — Digital Forensics / Technology Supply Chain
Target: Wm Morrison Supermarkets Limited
Audit Date: 2026-05-01
Ownership: Private — acquired by Clayton, Dubilier & Rice (CD&R), October 2021 ⁷

Enterprise Technology Stack & Vendor Relationships

Israeli-Origin Software & Services

No public corporate disclosure, press release, procurement notice, or verified trade-press report has been identified confirming that Morrisons holds a named licensing, subscription, or integration relationship with any of the specifically listed Israeli-origin vendors — including Check Point Software Technologies, Wiz, SentinelOne, CyberArk, NICE Systems, Verint, Claroty, or Palo Alto Networks.

Morrisons was taken private by CD&R in October 2021 ⁷ and no longer files detailed public accounts subject to the level of disclosure that would typically surface named IT vendor relationships in UK regulatory filings. Post-acquisition annual accounts filed at Companies House are consolidated at group level and do not itemise technology vendor relationships. This structural opacity materially limits the verifiability of the enterprise technology stack across all sub-categories below.

• Palo Alto Networks is publicly documented as having Israeli co-founders and significant Israeli R&D operations. No verified source confirms Morrisons as a named Palo Alto Networks customer. No public evidence identified.
• NICE Systems (Israeli-headquartered) is active in UK contact-centre and workforce analytics markets. Morrisons operates customer-service and contact-centre functions. No confirmed deployment of NICE products at Morrisons has been identified in public sources. No public evidence identified.
• Verint Systems (Israeli-headquartered) is similarly active in UK retail analytics and contact-centre intelligence markets. No confirmed Verint deployment at Morrisons has been identified in public sources. No public evidence identified.
• SentinelOne, CyberArk, Wiz, Claroty, Check Point: No Morrisons-specific case studies, press releases, or named-customer confirmations from any of these vendors have been identified in public sources. No public evidence identified.

Scale of Dependency

Cannot be assessed. No confirmed Israeli-origin vendor relationship has been identified; dependency scale is therefore not determinable from available public evidence.

Procurement & Integrator Relationships

• Morrisons has publicly disclosed use of Manhattan Associates for supply chain management software — specifically warehouse and transport management systems — in an engagement announced approximately 2021. Manhattan Associates is a US-headquartered firm (Atlanta, GA); no Israeli-origin technology connection has been identified in this engagement.
• Morrisons has historically worked with large UK IT managed-service providers, including IBM UK and Capgemini UK, for enterprise IT functions based on trade-press reporting circa 2019–2022. No confirmed Israeli-origin technology deployment via these integrators for the Morrisons account has been identified in public sources.
• No public evidence has been identified of systems integrators, digital transformation consultancies, or IT outsourcing partners engaged by Morrisons having mandated or deployed Israeli-origin technology as part of their Morrisons engagement. This gap persists in part because sub-vendor technology choices within prime integrator engagements are not publicly disclosed.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics

Big Brother Watch’s June 2022 report “Face Off” ² documented UK retailers deploying live facial recognition technology, and associated BBC News coverage ⁴ highlighted specific retailer use cases. Retailers named in that report included Southern Co-op and deployments using Facewatch technology. Morrisons is not named in the Big Brother Watch 2022 “Face Off” report as a user of facial recognition technology. ^{2 3}

• Trigo Vision (Israeli-origin, founded Tel Aviv 2018) has publicly announced computer-vision and frictionless-checkout pilots with several European grocery retailers. Named public retail partners as of the training-data cutoff include Albert Heijn (Netherlands), Netto (Germany), and Aldi Nord (Germany). Morrisons is not among Trigo’s publicly named retail partners. No public evidence identified of any Trigo deployment at Morrisons.
• AnyVision (rebranded Oosto in 2022) ⁵ is an Israeli-origin facial recognition and video analytics vendor active in retail and physical security markets. No confirmed Morrisons deployment has been identified in public sources. No public evidence identified.
• BriefCam (Israeli-origin, subsequently acquired by Canon) provides video synopsis and analytics technology. No confirmed BriefCam deployment at Morrisons has been identified. No public evidence identified.
• The ICO’s June 2023 public warning on live facial recognition in UK retail ⁸ does not name Morrisons as a subject of investigation, enforcement action, or identified deployment. No public evidence identified.

A material evidence gap persists in this sub-domain: Morrisons operates approximately 500 stores across the United Kingdom, and specific loss-prevention technology vendors — including any CCTV analytics, AI-driven stock monitoring, or in-store computer-vision providers — are not publicly named. This gap prevents both verification and confirmed exclusion of Israeli-origin retail analytics vendors from Morrisons’ loss-prevention technology estate.

Predictive Analytics & Monitoring

No public evidence identified of Israeli-origin predictive analytics, sentiment analysis, social media monitoring, or workforce surveillance tools deployed by Morrisons, whether as standalone procurements or as components of broader enterprise platform deployments.

Third-Party Deployment

No public evidence identified of Israeli-origin surveillance or biometric technology reaching Morrisons indirectly via third-party platform providers, managed security service providers, or bundled enterprise software suites.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence identified. Morrisons is a UK domestic grocery retailer with no publicly documented international data-centre footprint. No co-location, leasing, or ownership of data-centre infrastructure within Israel has been identified in any public corporate disclosure, trade-press report, or regulatory filing.

Government Cloud Contracts

No public evidence identified. Project Nimbus is a cloud infrastructure contract between the Israeli government and Google Cloud and Amazon Web Services ⁶, under which cloud and AI services are provided to Israeli state bodies including the military. Morrisons is not a cloud infrastructure or platform vendor and has no identified participation in Project Nimbus or any comparable Israeli state-backed digital infrastructure programme.

Data Sovereignty & Resilience Services

No public evidence identified. Morrisons is a grocery retailer and does not offer data sovereignty, data residency, or infrastructure resilience services to third parties. It has no identified capacity to provide such services to Israeli state institutions. Not applicable to Morrisons’ business domain.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified. Morrisons is a UK domestic grocery retailer with no identified contracts, partnerships, memoranda of understanding, or service agreements with the Israeli Ministry of Defence, the Israel Defence Forces (IDF), or Israeli intelligence agencies including Unit 8200, Mossad, or Shin Bet.

Dual-Use Technology Provision

No public evidence identified. No reports from official sources, academic researchers, or NGOs have documented commercially available Morrisons technology being deployed for military, intelligence, or law enforcement surveillance applications within Israel or the occupied Palestinian territories.

Offensive Cyber & Weapons Technology

No public evidence identified. Morrisons is not a technology developer and has no identified involvement in offensive cyber capabilities, zero-day exploit development, intrusion tools, or digital weapons systems. Not applicable to Morrisons’ business domain.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State Bodies

No public evidence identified. Morrisons does not operate as an AI or machine learning platform vendor. No verified source documents the provision of AI, ML, computer vision, or autonomous decision-support systems by Morrisons to Israeli state, military, or security bodies, whether directly or via intermediary commercial arrangements.

Training Data & Model Development

No public evidence identified. No publicly reported instances of Morrisons’ internal AI or ML models being trained on, or provided access to, civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the occupied Palestinian territories have been identified.

Autonomous Systems & Lethality

No public evidence identified. Not applicable to Morrisons’ business domain. Morrisons has no identified involvement in the development or commercialisation of autonomous weapons, lethal autonomous systems, or AI-enabled targeting tools.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres

No public evidence identified. Morrisons has no publicly documented R&D facilities, software engineering offices, innovation laboratories, or corporate accelerator programmes within Israel. Morrisons’ technology and digital functions are based in the United Kingdom, principally at its Bradford headquarters and associated UK locations.

Acquisitions & Investments

No public evidence identified. No acquisitions of Israeli-origin technology companies by Morrisons, and no strategic investments in Israeli technology startups, venture capital funds, or corporate venture vehicles with Israeli portfolio exposure, have been identified in public records, Companies House filings, or trade press through the training-data cutoff.

Patent & Intellectual Property

No public evidence identified. No significant patent portfolios, cross-licensing agreements, or co-development arrangements between Morrisons and Israeli-domiciled entities, or Israeli research institutions such as the Technion, Hebrew University of Jerusalem, or Weizmann Institute of Science, have been identified in public records or IP filings.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

• Big Brother Watch facial recognition campaigning (2022–2023) ^{3 2} does not name Morrisons as a user or prospective user of live facial recognition or other biometric surveillance technology. The organisation’s “Face Off” report ² and associated campaign materials focus on Southern Co-op, Facewatch, and specific leisure and retail venues — not Morrisons.
• The ICO’s June 2023 public warning on live facial recognition technology in UK retail ⁸ does not name Morrisons as a subject of investigation, recipient of an enforcement notice, or identified deployer of facial recognition technology.
• Who Profits Research Centre maintains a database of companies identified as profiting from Israeli occupation across technology, infrastructure, and commercial sectors. As of the training-data cutoff, no Who Profits entry specifically profiling Morrisons for technology provision to Israeli state or military bodies has been identified. This finding is based on training-data knowledge of the Who Profits database and may not reflect the most current state of that record.
• Palestine Solidarity Campaign (UK) has focused boycott technology campaigns primarily on named technology companies — including HP, Microsoft, Google, and Amazon — rather than on Morrisons as a technology vendor or technology supplier to Israeli state entities.
• No UN report, Human Rights Watch investigation, Amnesty International report, academic study, or major international NGO publication specifically addressing Morrisons’ technology relationships with the Israeli state, the IDF, or Israeli intelligence bodies has been identified.

Boycott & Divestment Campaigns

Morrisons has been subject to consumer boycott calls in the context of its sale of Israeli-origin food products, particularly during the 2023–2024 period following the escalation of the Gaza conflict, including campaigns by Palestine Solidarity Campaign UK and associated consumer advocacy groups. However, these campaigns are focused on product sourcing and commercial relationships with Israeli food producers and agricultural exporters — not on Morrisons’ technology vendor relationships or provision of technology to Israeli state entities. This falls outside the V-DIG domain scope.

No organised boycott, divestment, or sanctions campaign specifically targeting Morrisons on the grounds of its technology provision to Israeli state, military, or security bodies has been identified in public records or civil society reporting.

Regulatory & Legal Actions

• The Morrisons data breach litigation (2017–2020) concerned an internal employee data leak and the question of employer vicarious liability for employee-perpetrated data breaches ¹. The Supreme Court found in Morrisons’ favour in April 2020. This litigation has no connection to Israeli technology vendors, Israeli state entities, or any aspect of the V-DIG assessment domain.
• No regulatory inquiries, export control actions, sanctions-related investigations, parliamentary scrutiny, or legal challenges involving Morrisons’ technology sales, services, or vendor relationships with Israeli state entities have been identified in public records through the training-data cutoff.

End Notes