Audit Phase: V-DIG (Digital Forensics — Technology Supply Chain)
Audit Date: 2026-05-01
Methodology: Findings are drawn exclusively from the research memo below, compiled from verified public records, corporate disclosures, news reporting, and NGO documentation through April 2026. No new research has been conducted. No facts, sources, contracts, relationships, or incidents have been invented. Where evidence is absent, this is explicitly stated.
McDonald’s technology transformation is anchored by a multi-year strategic partnership with Google Cloud, announced in December 2023, covering generative AI deployment, edge computing in restaurant locations, and AI-powered menu personalization at scale 3 17. Google Cloud is now the company’s primary AI and technology infrastructure partner.
Prior to the Google Cloud agreement, McDonald’s announced in April 2021 that Microsoft Azure would serve as its preferred global cloud and enterprise AI platform, supporting data analytics, machine learning workloads, and enterprise application infrastructure. The Microsoft relationship remained active through at least 2023 alongside the Google Cloud transition 5.
Amazon Web Services (AWS) has been identified as a third cloud infrastructure provider in McDonald’s environment, used for discrete workloads as evidenced by AWS-published case study materials 18. McDonald’s accordingly operates a multi-cloud architecture across Google Cloud, Microsoft Azure, and AWS — all US-headquartered hyperscalers.
From approximately 2021 through mid-2024, McDonald’s deployed IBM Watson-based Automated Order Taking (AOT) technology across hundreds of US drive-thru locations, representing one of the largest AI voice ordering rollouts in the quick-service restaurant (QSR) sector 20. McDonald’s publicly terminated this relationship in July 2024, announcing it would pursue alternative AI voice ordering solutions under its Google Cloud partnership going forward 4.
The most significant confirmed relationship between McDonald’s and an Israeli-origin technology firm is the acquisition of Dynamic Yield in March 2019 for a reported approximately $300 million 6 16. Dynamic Yield was founded in Tel Aviv, Israel, and its technology provided AI-driven personalization, decision-logic software, and real-time customization of digital menu boards and drive-thru displays. The deployment was embedded in core customer-facing infrastructure globally — not a peripheral or pilot function 6 16.
McDonald’s divested Dynamic Yield to Mastercard in April 2021, terminating direct ownership 7. This is the only confirmed acquisition of an Israeli-origin technology company by McDonald’s in public records. Whether McDonald’s retained a customer or licensee relationship with Dynamic Yield after the divestiture to Mastercard is not confirmed in any public record; this gap cannot be resolved from available disclosures alone.
Temporal flag: Dynamic Yield acquisition — March 2019 (pre-2021). Divestiture to Mastercard — April 2021. Direct ownership relationship confirmed discontinued. Post-divestiture customer relationship status: unconfirmed.
McDonald’s engaged Accenture as a major digital transformation partner, confirmed via a 2023 joint announcement 19. Accenture is a known reseller and integrator of a range of enterprise software platforms, including some Israeli-origin cybersecurity and analytics products. However, no public evidence confirms that any Accenture-led McDonald’s engagement specifically mandated or deployed Israeli-origin technology. The specific sub-vendor stack within the Accenture–McDonald’s digital transformation scope is not publicly disclosed.
No public evidence was identified of confirmed direct licensing, subscription, or integration relationships between McDonald’s Corporation and any of the following Israeli-origin or Israeli-co-founded enterprise vendors: Check Point Software, Wiz, SentinelOne, CyberArk, NICE Systems, Verint, or Claroty. None of these vendors lists McDonald’s as a named customer in publicly available case studies, press releases, or joint announcements confirmed in training data [^see sources below].
McDonald’s 10-K filings do not name individual cybersecurity software vendors, reflecting standard large-enterprise non-disclosure posture. The specific endpoint security, network detection, SIEM, or privileged access management vendors deployed across McDonald’s corporate IT and restaurant-level infrastructure are not publicly disclosed 1 11.
McDonald’s acquired Apprente, a voice AI startup headquartered in Mountain View, California, in September 2019 8. Apprente is US-founded and is not Israeli-origin. No Israeli-origin technology relationship arises from this acquisition.
No public evidence was identified of McDonald’s deploying facial recognition, biometric identification, gait analysis, or behavioral analytics technology of Israeli origin in any confirmed deployment. Vendor case study libraries and press releases for BriefCam (video analytics), AnyVision/Oosto (facial recognition), and Trigo (autonomous checkout) do not list McDonald’s as a customer in publicly available materials reviewed through training data cutoff [see research memo S16, S17].
BriefCam and AnyVision/Oosto have documented enterprise deployments in retail and public-space environments, but no McDonald’s relationship appears in their public-facing case studies, partner announcements, or blog publications.
Trax Retail (Israeli-founded, specialising in retail shelf analytics and computer vision-based inventory management) has publicly referenced deployments with consumer goods companies and some QSR-adjacent operators. No confirmed McDonald’s–Trax deployment was identified in public records, trade press, or Trax’s own press release library [see research memo S15]. This absence cannot exclude the possibility of a non-publicised engagement; it reflects the limit of available public evidence.
No public evidence was identified of McDonald’s using Israeli-origin predictive policing, sentiment analysis, social media monitoring, or workforce surveillance tools. Source classes reviewed included: vendor case study libraries (Verint, NICE, Cellebrite, Cognyte), trade press (QSR Magazine, Nation’s Restaurant News), NGO reports (Who Profits), and McDonald’s 10-K risk disclosures 1 11.
No public evidence was identified of Israeli-origin surveillance or biometric technology reaching McDonald’s indirectly via managed security service providers or bundled enterprise suites. This remains an unverifiable gap: McDonald’s does not disclose its managed security provider stack in public filings.
No public evidence was identified of McDonald’s operating, leasing, or co-locating data centre infrastructure within Israel. McDonald’s 10-K filings (2022, 2023, 2024) do not reference Israel as a data processing or data centre jurisdiction 1 11. McDonald’s cloud infrastructure is delivered through Google Cloud, Microsoft Azure, and AWS — all operating under their respective global data centre networks.
Project Nimbus is an Israeli government cloud procurement programme jointly awarded to Google Cloud and Amazon Web Services for the provision of cloud infrastructure and AI services to Israeli government ministries and the IDF. McDonald’s is a consumer-facing food service franchisor and is not a cloud infrastructure provider. No public evidence identifies McDonald’s as a participant, contractor, or sub-contractor in Project Nimbus. McDonald’s has no role in the provision side of this programme.
It is noted as a structural second-order consideration — not a finding — that McDonald’s primary AI platform is Google Cloud 3 17, which is a Project Nimbus contractor. McDonald’s relationship to Google Cloud is that of a customer, not a co-participant in any Israeli government engagement. This indirect association is outside the scope of direct vendor relationship verification.
Not applicable to McDonald’s core business model (QSR franchising). No public evidence of McDonald’s providing or procuring sovereign cloud services in any jurisdiction, including Israel, was identified. Israeli government procurement records and Google/AWS Project Nimbus disclosures (accessible through training data) contain no reference to McDonald’s as a participant.
No public evidence was identified of McDonald’s holding contracts, partnerships, or service agreements with the Israeli Ministry of Defence, the Israel Defence Forces (IDF), or Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200-affiliated entities) for technology services. McDonald’s operates as a QSR franchisor; its technology products are consumer-facing ordering systems and enterprise restaurant management platforms, not defence or intelligence platforms.
No public evidence was identified of McDonald’s commercially available technology being reported or documented as deployed for military, intelligence, or law enforcement surveillance applications within Israel or the occupied Palestinian territories. Source classes reviewed included SEC filings, the US Bureau of Industry and Security (BIS) Entity List, UN reports, NGO investigations, and major news archives through the training data cutoff.
No public evidence was identified. McDonald’s does not develop, license, or maintain offensive cyber capabilities, intrusion tools, or digital weapons systems. This domain is not applicable to McDonald’s business operations.
The publicly documented relationship between McDonald’s operations and the IDF concerns the provision of free meals by the Israeli franchisee Alonyal Ltd to IDF soldiers following the October 7, 2023 Hamas attack 12. This is a franchise operational matter, not a technology supply chain or defence-sector technology relationship. McDonald’s Corporation publicly distanced itself from Alonyal Ltd’s actions, clarifying the franchisee operates independently 12 [see also Civil Society Scrutiny section].
No public evidence was identified of McDonald’s providing AI systems, machine learning models, computer vision capabilities, or autonomous decision-support tools to Israeli state, military, or security institutions. McDonald’s AI deployments are consumer-facing and restaurant-operational in scope: drive-thru voice ordering, digital menu personalization, kitchen management optimization, and loyalty programme recommendation engines 4 3 20.
McDonald’s deployed IBM Watson-based Automated Order Taking (AOT) at hundreds of US locations from 2021 through the July 2024 termination of the IBM relationship 4 20. McDonald’s is transitioning voice AI ordering to solutions developed in partnership with Google Cloud 3 17. These systems operate in customer-facing restaurant environments; no evidence connects them to any state surveillance, population management, or military application.
Dynamic Yield’s AI-driven menu personalization technology (deployed 2019–2021 under McDonald’s ownership) operated across digital menu boards and drive-thru displays globally 6 16. This system was customer experience and revenue optimization in function. No evidence identifies any dual-use, surveillance, or state-sector application of this technology.
No public evidence was identified of McDonald’s AI models being trained on civilian population data, intercepted communications, or surveillance datasets originating from Israel or the occupied Palestinian territories.
No public evidence was identified. Not applicable to McDonald’s business domain.
No public evidence was identified of McDonald’s operating R&D facilities, engineering offices, or innovation labs within Israel. McDonald’s technology innovation function is headquartered at its McDonald’s Technology unit based in the West Loop, Chicago, Illinois, USA [see research memo S3, S18]. Source classes reviewed included McDonald’s corporate website (careers and about pages), LinkedIn company pages, Israeli technology press (Calcalist, Globes), and McDonald’s annual reports 1 11.
The record is limited to a single confirmed instance:
No public evidence was identified of McDonald’s making strategic investments in Israeli technology startups, Israeli venture capital funds, or Israeli corporate accelerators beyond the Dynamic Yield acquisition.
No public evidence was identified of significant patent portfolios, co-development licensing agreements, or formal research arrangements between McDonald’s and Israeli-domiciled entities or Israeli academic institutions (Technion–Israel Institute of Technology, Hebrew University of Jerusalem, Weizmann Institute of Science). Source classes reviewed included the USPTO patent database, the European Patent Office, and McDonald’s 10-K IP risk disclosures 1 11.
McDonald’s MyMcDonald’s Rewards loyalty platform, deployed globally from 2021, is a proprietary digital platform supported by McDonald’s Technology in conjunction with its US-headquartered cloud and SI partners [see research memo S14]. No Israeli-origin technology vendor has been publicly identified as a component supplier to the loyalty platform.
McDonald’s self-order kiosks and mobile ordering infrastructure form a central component of its digital strategy [see research memo S13]. No Israeli-origin technology is confirmed as a component in these platforms in public disclosures.
Who Profits Research Center (an Israeli NGO documenting corporate involvement in the occupation of Palestinian territories) has profiled McDonald’s in the context of its Israeli franchise operations. Who Profits’ documentation specifically references Alonyal Ltd’s provision of free meals to IDF soldiers following October 7, 2023, and McDonald’s broader franchise presence in Israel 14 [see research memo S32]. Who Profits’ published research on McDonald’s is focused on franchise and commercial operations, not technology supply chain relationships with Israeli state entities. No Who Profits report specifically examining McDonald’s technology vendor relationships with Israeli state or military bodies was identified in available training data.
McDonald’s became a major target of BDS (Boycott, Divestment, Sanctions)-aligned boycott campaigns from October 2023 onward 15. The trigger was the publicised decision by Alonyal Ltd — McDonald’s Israeli franchisee — to provide free meals to IDF soldiers in the immediate aftermath of the October 7 Hamas attack 12. The BDS National Committee cited this as evidence of material franchisee support for Israeli military operations and called for a global consumer boycott.
The boycott generated a measurable financial impact at the corporate level. McDonald’s disclosed during its Q4 2023 earnings call in February 2024 that international comparable sales in Middle Eastern markets and other Muslim-majority regions were materially affected [see research memo S24]. The Financial Times reported sales declines across several markets attributed in part to the boycott 13.
McDonald’s Corporation’s public response asserted that Alonyal Ltd operates as an independent franchisee, that the free-meal programme was not directed or endorsed by the corporation, and that McDonald’s does not take political positions 12 [see research memo S33].
The BDS campaign against McDonald’s is grounded entirely in franchise operational conduct — the IDF free-meal programme — and not in technology supply chain procurement. No BDS report, civil society campaign, or academic analysis specifically targeting McDonald’s for Israeli-origin technology procurement, licensing, or R&D relationships was identified.
In June 2021, McDonald’s disclosed a data breach affecting customer and employee data in the United States, South Korea, and Taiwan 9. The breach involved unauthorized access to business contact information. No Israeli-origin technology vendor was identified as connected to the breach in any public reporting. McDonald’s response involved engagement with external cybersecurity consultants whose specific identities were not publicly disclosed.
McDonald’s experienced a significant global IT outage in March 2024 that disrupted operations across multiple markets 10. McDonald’s attributed the outage to a third-party configuration change, not a cyberattack. No Israeli-origin technology vendor was named in connection with the incident in public reporting. Whether this incident prompted changes in McDonald’s cybersecurity vendor relationships — including potential adoption of Israeli-origin security tools — is not captured in available training data through April 2026.
No regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving McDonald’s technology sales or services to Israeli state entities were identified. Source classes reviewed included: the US BIS Entity List, OFAC sanctions databases, EU regulatory databases, SEC enforcement actions, and Israeli court records accessible through training data.
https://corporate.mcdonalds.com/content/dam/gwscorp/assets/investors/annual-reports/2023-Annual-Report.pdf ↩↩↩↩↩
https://corporate.mcdonalds.com/content/dam/gwscorp/assets/investors/annual-reports/2022-Annual-Report.pdf ↩
https://www.reuters.com/technology/mcdonalds-google-cloud-ai-partnership-2023-12-06/ ↩↩↩↩
https://www.reuters.com/technology/mcdonalds-ends-ai-drive-thru-test-ibm-2024-07-16/ ↩↩↩
https://news.microsoft.com/2021/04/19/mcdonalds-and-microsoft-partner-to-jointly-develop-solutions-for-the-restaurant-of-the-future/ ↩
https://corporate.mcdonalds.com/corpmcd/en-us/our-stories/article/OurStories.dynamic-yield-acquisition.html ↩↩↩↩
https://www.reuters.com/business/mcdonalds-sells-dynamic-yield-mastercard-2021-04-01/ ↩↩
https://techcrunch.com/2019/09/10/mcdonalds-buys-voice-tech-startup-apprente/ ↩↩
https://www.cnbc.com/2021/06/11/mcdonalds-data-breach-exposes-customer-and-employee-data.html ↩
https://www.bbc.com/news/business-68562335 ↩
https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=MCD&type=10-K&dateb=&owner=include&count=10 ↩↩↩↩↩
https://apnews.com/article/mcdonalds-israel-free-meals-soldiers-boycott-2023 ↩↩↩↩
https://www.ft.com/content/mcdonalds-boycott-sales-2024 ↩
https://whoprofits.org/company/mcdonalds/ ↩
https://bdsmovement.net/news/mcdonalds-boycott ↩
https://cloud.google.com/blog/mcdonalds-partnership-2023 ↩↩↩
https://aws.amazon.com/solutions/case-studies/mcdonalds/ ↩
https://newsroom.accenture.com/news/2023/mcdonalds-accenture-digital-transformation ↩
https://www.qsrmagazine.com/technology/mcdonalds-ibm-ai-drive-thru ↩↩↩
