Digital Audit: Burberry Group plc

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Burberry Group plc (LSE: BRBY) Registered Address: Horseferry House, Horseferry Road, London SW1P 2AW, United Kingdom Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor case studies and press releases, trade and technology press, and NGO/biometric-policy reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Burberry procuring technology from Israeli-origin vendors - is a customer relationship, recorded explicitly as such and weighted far lower than provision. No transitive guilt is imputed: a vendor’s other clients, its founders’ military backgrounds, or a US parent’s separate activities are not attributed to Burberry. US-entity relationships (e.g. AWS, Microsoft, Capgemini, EPAM, Contentstack) are not Israeli-origin and are noted only for completeness.

Enterprise Technology Stack & Vendor Relationships

Strategic Technology Partnerships (Direction: Burberry as customer)

Burberry’s principal disclosed enterprise-technology relationships are with US-headquartered firms. Burberry migrated its SAP estate to Amazon Web Services (AWS) in 2020 with AWS Premier Tier Services Partner Capgemini, reporting a 30% reduction in operational expenditure; the programme built a custom AWS Lambda dashboard for systems visibility, deployed Amazon CloudWatch for uptime, and used Capgemini’s Cloud Platform Automation for SAP.¹ AWS is a US entity; this is a customer relationship and is not an Israeli-origin vendor engagement.¹

Burberry’s digital commerce estate was rebuilt on a MACH architecture (microservices, API-first, cloud-native, headless) delivered with EPAM Systems, which has supported Burberry’s e-commerce platform since 2014; the MACH build uses AWS services including AWS Lambda.² EPAM is a US-listed (Pennsylvania-headquartered) engineering firm; this is a customer/integrator relationship.²

Burberry’s headless CMS is Contentstack, deployed as a component of the MACH transition, managing content across global websites in 11 languages (with bulk publishing in up to 50 languages) and reportedly improving translation throughput by 80%.³ Contentstack is a US-domiciled (San Francisco) company; this is a customer relationship.³

Israeli-Origin Technology Vendors in the Burberry Stack

No public evidence was independently identified confirming that Burberry procures a commercial product from any clearly Israeli-origin technology vendor under a named, disclosed contract. Earlier internal research leads suggesting Israeli-origin SaaS suppliers could not be corroborated against any vendor case study, corporate disclosure, or trade-press report naming Burberry as the customer. No public evidence identified.

Israeli-Origin Cybersecurity Vendors

No public evidence was identified confirming that Burberry holds a licensing, subscription, or integration relationship with any Israeli-origin cybersecurity vendor (including Check Point, Wiz, CyberArk, SentinelOne, Claroty, Verint, or NICE Systems). A previously cited signal - that John Meakin, formerly Burberry’s Chief Security & Risk Officer, engaged with privileged-access-management (PAM) architecture - does not establish a Burberry–CyberArk contract; Meakin retired from Burberry in mid-2017 and is documented across multiple prior CISO roles (Standard Chartered, GlaxoSmithKline, BP, Deutsche Bank, RBS, Richemont), with no primary source linking a CyberArk deployment to Burberry.⁴ No public evidence identified of an Israeli-origin security product in Burberry’s stack.

Procurement Transparency Constraints

Burberry is a private-sector company not subject to public-procurement disclosure obligations. Vendor relationships below the level of named, publicly announced partnerships are not in the public domain, and the full security/IT vendor stack is undisclosed. This is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Facial Recognition - UK Domestic Policing (Project Pegasus)

Project Pegasus is a UK Home Office / police initiative launched in 2023 under which approximately 14 major UK retailers share CCTV footage with police forces for retrospective facial-recognition matching against the Police National Database.⁵ Public reporting on the participating and funding retailers names supermarkets and high-street chains (John Lewis, Co-op, Tesco, Sainsbury’s, Waitrose, Next, M&S, Boots); no public source reviewed names Burberry as a Project Pegasus participant or funder.⁵ No public evidence identified of Burberry’s participation in Project Pegasus.

Israeli-Origin Surveillance / Biometric Vendors

No public evidence was identified that Burberry has deployed facial-recognition, biometric, gait-analysis, or in-store behavioural-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax). No public source links any of these vendors to Burberry. No public evidence identified.

In-Store Retail Technology - Tencent “Social Retail” Store (Shenzhen)

Burberry partnered with Tencent to open a “Social Retail” concept store in Shenzhen, China, announced November 2019 and opened 31 July 2020.⁶⁷ The store integrates with WeChat via a dedicated mini-program: customers unlock content (store tours, product information, appointment bookings, café reservations) and earn gamified “social currency” through QR-code-mediated interactions linked to their WeChat digital identity.⁶⁷ Published accounts describe WeChat-linked digital-identity tracking; no reviewed source confirms that Burberry’s Shenzhen store deploys biometric facial recognition (trade press notes Tencent had previously enabled a separate facial-recognition store for another brand, Bestseller, but does not attribute facial recognition to the Burberry deployment).⁶⁷ This is a China-based deployment with no Israel nexus identified. No public evidence identified of an Israeli-origin technology component in this store.

RFID & Inventory Intelligence

Burberry historically deployed RFID-enabled interactive “Magic Mirrors” at its Regent Street flagship and is documented as an adopter of RAIN (UHF) RFID for inventory management.⁸ These are item-level product-tracking technologies with no documented biometric or person-identification component, and no Israeli-origin element identified. No public evidence identified.

Loss Prevention, Predictive Analytics & Workforce Monitoring

Burberry’s documented loss-prevention analytics provider is IntelliQ, a London (UK)-origin exception-based-reporting vendor used by a Burberry Loss Prevention Data Analyst function; IntelliQ was subsequently acquired by US firm Agilence.⁹ No Israeli-origin component of IntelliQ’s stack is documented. No public evidence was identified of Burberry using Israeli-origin predictive-analytics, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools. No public evidence identified.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence was identified that Burberry operates, leases, or co-locates data-centre infrastructure within Israel. Burberry’s disclosed cloud strategy centres on AWS (a US-entity relationship), with no published indication that any workload is routed through the AWS Israel (Tel Aviv) il-central-1 region, which became available in August 2023.¹¹⁰ No public evidence identified.

Project Nimbus & Israeli State Cloud Infrastructure

Project Nimbus is the Israeli-government cloud contract announced April 2021, valued at approximately $1.2 billion, awarded jointly to Google Cloud and AWS, requiring both vendors to build local cloud infrastructure within Israel for Israeli government, defence, and military stakeholders.¹¹¹² Burberry is neither a participant in nor a sub-provider to Project Nimbus. Burberry’s relationship to AWS is that of a general enterprise customer; as such its cloud spend contributes to AWS’s global revenue base, a structural feature of any large AWS customer and not a Burberry-specific arrangement. No public evidence was identified that Burberry has any direct contractual relationship with Project Nimbus or any Israeli state-backed digital-infrastructure programme.¹¹¹²

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Burberry does not operate as a technology or cloud-service provider to any state body, Israeli or otherwise.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, or service agreement between Burberry and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (including Unit 8200-linked commercial entities). Burberry is a luxury fashion and retail business and does not publicly operate in the defence-technology or security-services sector. No public evidence identified.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Burberry providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Burberry commercial technology (retail analytics, RFID, e-commerce infrastructure) being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. No public evidence identified.

Offensive Cyber Capability

No public evidence identified. Burberry does not develop, license, or sell offensive cyber capability. No public evidence was identified of any major cyberattack carried out against Burberry in 2025 (Burberry was not named in the wave of UK-retail ransomware incidents reported that year). No public evidence identified.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to Israeli State Bodies

No public evidence identified. Burberry deploys AI/ML internally - demand forecasting, personalisation, virtual try-on, and counterfeit detection - and has built real-time “Customer 360” profiles using the Databricks Lakehouse and Snowplow behavioural-data platforms (both US/UK-origin), with AI investment reaffirmed under the November 2024 “Burberry Forward” strategy.¹³¹⁴ No public evidence was identified of Burberry providing AI capability, model access, datasets used for model training, or inference services to any Israeli state, military, or security body.

Population-Data Provenance in Model Development

No public evidence was identified of Burberry contributing to, commissioning, or benefiting from AI model development involving Israeli population datasets, intercepted communications, or intelligence-derived data. No public evidence identified.

Autonomous Systems & Lethality

No public evidence identified. The development or deployment of autonomous lethal systems is not within Burberry’s business domain.

Internal Algorithmic Deployment - Israeli-Origin AI Tooling

Burberry’s documented internal AI/data tooling runs through US/UK-origin platforms (AWS, Databricks, Snowplow).¹¹³ No public evidence was identified of any Israeli-origin AI vendor embedded in Burberry’s stack; the undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified. No public evidence identified.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Burberry operates any R&D facility, engineering office, innovation lab, or accelerator programme within Israel. Burberry’s documented technology work is centred on its London headquarters and executed through third-party partners (EPAM, Capgemini).¹² No public evidence identified.

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Burberry acquiring, or taking a corporate-venture stake in, any Israeli technology company. Burberry’s documented corporate activity is confined to the luxury fashion and brand-licensing domain. No public evidence identified.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Burberry and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). Burberry’s IP activity centres on trade dress, textile design, and brand protection. No public evidence identified.

Supplier Code of Conduct - Technology Supply-Chain Provisions

Burberry’s responsible-business and modern-slavery frameworks (including its Ethical Trading Code of Conduct and Vendor Ownership Programme) address ethical obligations across its product supply chain but do not, in public versions reviewed, contain provisions governing the national origin or geopolitical exposure of technology vendors, software suppliers, or digital-infrastructure providers.¹⁵ No technology-supply-chain due-diligence framework specific to vendor geopolitical exposure is publicly documented by Burberry.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Burberry’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. Civil-society attention on Burberry in relation to Israel has centred on its retail/franchise presence and material sourcing (the Economic domain), not on technology procurement.¹⁶ No public evidence identified.

BDS Campaigns

Burberry appears in BDS-aligned retail listings as a “target of concern,” with the publicly stated grounds relating to its Israeli retail/franchise presence and material sourcing, not to Israeli-origin technology procurement, software licensing, or digital-infrastructure provision.¹⁶ No public evidence was identified of a BDS or NGO campaign specifically targeting Burberry’s technology relationships. The No Tech for Apartheid campaign, which targets AWS and Google Cloud workers’ objections to Project Nimbus, does not name Burberry.¹⁷ No public evidence identified of a technology-specific campaign targeting Burberry.

Export Controls & Sanctions Authorities

No public evidence was identified of any action by UK export-control authorities, HMRC, the Office of Financial Sanctions Implementation (OFSI), or any equivalent body relating to Burberry technology sales, services, or data transfers to Israeli state entities. No public evidence identified.

Regulatory & Legal Actions - Technology Sales to Israeli State Entities

No public evidence identified of any ICO, FCA, HMRC, export-control, or sanctions-body action relating to Burberry technology sales or services to Israeli state entities.

End Notes