Digital Audit: Louis Vuitton (LVMH Moët Hennessy Louis Vuitton SE)

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Louis Vuitton Malletier SAS - fashion & leather goods Maison within LVMH Moët Hennessy Louis Vuitton SE (Euronext Paris: MC) Registered Address: 22 Avenue Montaigne, 75008 Paris, France (LVMH group) Audit Date: June 2026 Evidence Base: Published corporate and partner press releases, vendor and cloud-provider disclosures, trade and technology press, data-protection regulator statements, court filings, and NGO/boycott materials. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Louis Vuitton/LVMH procuring technology from Israeli-origin vendors, or its controlling shareholder investing in an Israeli technology company - is an inbound customer/investor relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: an Israeli vendor’s other clients or founders’ military backgrounds are not attributed to Louis Vuitton. US-entity relationships (Google, Microsoft, AWS, Salesforce, ConsenSys) are not Israeli-origin and are noted only for completeness. Louis Vuitton operates as a brand within LVMH; group-level technology disclosures that materially govern the Maison are recorded, with the distinction noted where relevant.

Enterprise Technology Stack & Vendor Relationships

Strategic Cloud & Platform Partnerships (Direction: LVMH/Louis Vuitton as customer)

LVMH’s principal disclosed enterprise technology relationships are with US-headquartered hyperscalers and platform vendors. On 16 June 2021 LVMH and Google Cloud (US) announced a multi-year strategic partnership to build cloud-based AI/ML solutions for demand forecasting, inventory optimisation, and customer personalisation across the group’s Maisons including Louis Vuitton, and to launch a “Data and AI Academy” in Paris.¹ LVMH also runs a documented Microsoft Azure (US) relationship for cloud data analytics and machine learning,² and is listed as an AWS (US) and Salesforce (US) customer for compute, CRM, and marketing-cloud workloads.³⁴ None of these is an Israeli-origin vendor; they are recorded for completeness only.

China-Market Cloud (Direction: LVMH as customer)

Since 2019 LVMH has operated a retail-cloud partnership with Alibaba Cloud (China), extended for a further five years in May 2024, covering more than 30 brands and divisions in mainland China and Southeast Asia.⁵ LVMH uses Alibaba Cloud’s Dataphin data-management tool to power its “LVMH ATOM” China platform and has begun integrating Alibaba’s Qwen large language model and Model Studio (Bailian).⁵ This is a China-data-residency arrangement aligned to Chinese regulation; it is not an Israeli-origin relationship and no Israel nexus arises from it.

Israeli-Origin Software & Security Vendors

No public evidence was identified independently confirming that Louis Vuitton or LVMH holds a named licensing, subscription, or integration relationship with any Israeli-origin enterprise-software or cybersecurity vendor - including Check Point, CyberArk, SentinelOne, Wiz, Verint, NICE Systems, or Claroty. General reporting confirms these are Israeli-founded firms, but none was linked to Louis Vuitton’s or LVMH’s environment in any independently sourced record reviewed. (For the Wiz investment by LVMH’s controlling shareholder, see “Acquisitions & Investments” below - that is an inbound investor relationship, not a Louis Vuitton procurement.) No public evidence identified.

Systems Integration & Professional Services

No public evidence was identified of a named systems-integration engagement mandating or deploying Israeli-origin technology within Louis Vuitton’s stack. LVMH’s documented integration relationships centre on US/EU vendors and the hyperscalers above.¹⁴ No public evidence identified.

Procurement Transparency Constraints

LVMH is a private-sector group not subject to public-procurement disclosure obligations in France or the EU; vendor relationships below the level of named, publicly announced partnerships are not in the public domain, and the full security/IT vendor stack is undisclosed. This is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

In-Store Facial Recognition / Live Biometrics

No public evidence was identified that Louis Vuitton operates live facial-recognition or in-store biometric surveillance of customers, of Israeli origin or otherwise.

Online Biometric Capture - Virtual Try-On (BIPA litigation)

Louis Vuitton’s online “Virtual Try-On” eyewear tool became the subject of a class action, Theriot v. Louis Vuitton North America, Inc. (N.D. Ill., No. 1:22-cv-02944, filed 8 April 2022), alleging that the tool captured and stored users’ facial-geometry data without the disclosure and written consent required by the Illinois Biometric Information Privacy Act (BIPA).⁶ The complaint identifies the try-on application as designed by FittingBox - a French (Toulouse-based) vendor, not Israeli.⁶ No Israeli-origin biometric vendor is identified in this matter.

Israeli-Origin Surveillance / Biometric / Retail-Vision Vendors

No public evidence was identified that Louis Vuitton or LVMH has deployed facial-recognition, gait-analysis, frictionless-checkout, or in-store computer-vision technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax). Israeli retail-vision firms such as Trigo are documented with other European retail clients, but no public source links any of them to Louis Vuitton or LVMH. No public evidence identified.

RFID & Product Authentication Hardware

Louis Vuitton embeds UHF RFID microchips in leather goods (replacing its date-code system from 1 March 2021) for inventory tracking and anti-counterfeiting, with item identifiers held on LVMH’s private blockchain (see Aura, below).⁷ No public source identifies the RFID chips, readers, or tracking platform as being of Israeli origin, and the chips carry product data only (no GPS).⁷ No Israeli nexus identified.

Predictive Analytics, Workforce Monitoring & Social-Media Surveillance

No public evidence was identified of Louis Vuitton or LVMH using Israeli-origin predictive-policing, workforce-surveillance, sentiment-analysis, or social-media-monitoring tools. No public evidence identified.

Store Technology in Israeli Locations

Louis Vuitton operates retail boutiques in Israel (e.g. at Ramat Aviv Mall, Tel Aviv).⁸ The point-of-sale, surveillance, and access-control technology deployed in these specific stores is not publicly documented and cannot be assessed from public sources. No public evidence identified of any Israeli-state or military technology nexus arising from this retail footprint.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data-Centre Operations in Israel

No public evidence was identified that Louis Vuitton or LVMH operates, leases, or co-locates data-centre infrastructure within Israel. LVMH’s disclosed cloud strategy centres on Google Cloud, Microsoft Azure, and AWS (US entities), with Alibaba Cloud for China-market data residency.¹²³⁵ No public evidence identified.

Project Nimbus & Israeli State Cloud Infrastructure

Not applicable. Project Nimbus is the Israeli-government cloud contract awarded to Google Cloud and AWS; Louis Vuitton/LVMH is a luxury-goods business and is neither a participant, prime contractor, nor sub-provider. LVMH’s use of Google Cloud and AWS as a commercial customer of those platforms is not characterised in any public disclosure as participation in, or material support for, the Nimbus contract. No public evidence identified.

Data-Sovereignty or Resilience Services to State Institutions

No public evidence identified. Louis Vuitton/LVMH does not operate as a technology or cloud-service provider to any state body, Israeli or otherwise.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, or service agreement between Louis Vuitton (or LVMH) and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies. Louis Vuitton is a fashion and leather-goods Maison and does not publicly operate in the defence-technology or security-services sector. No public evidence identified.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Louis Vuitton or LVMH providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Louis Vuitton commercial technology (RFID, blockchain authentication, e-commerce, or AI tooling) being reported or confirmed as repurposed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. No public evidence identified.

Offensive Cyber Capability

No public evidence identified. Louis Vuitton/LVMH does not develop, license, or sell offensive cyber capability. The group was itself the victim of multiple 2025 cyberattacks (see “Civil Society Scrutiny & Regulatory History”); those incidents were done to the company and have no nexus to provision of technology to Israel.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to Israeli State Bodies

No public evidence identified. LVMH deploys AI/ML internally and consumer-facing (demand forecasting, personalisation, supply-chain optimisation, generative AI) primarily via Google Cloud, Microsoft Azure, OpenAI/Google models, and Alibaba’s Qwen in China.¹²⁵⁹ No public evidence was identified of Louis Vuitton or LVMH providing AI capability, model access, training data, or inference services to any Israeli state, military, or security body.

Internal Generative-AI Platform (MaIA)

In early 2024 LVMH launched MaIA, an internal generative-AI assistant reported as built initially on OpenAI’s GPT-4 and subsequently using Google Gemini, Imagen, and OpenAI models, handling internal queries across tens of thousands of employees.⁹ The underlying models and platforms are US/Google-origin; no Israeli-origin AI model or vendor is identified in MaIA’s disclosed stack.⁹ No public evidence identified of any Israeli nexus.

Training Data & Model Development Involving Israeli Population Data

No public evidence was identified of Louis Vuitton or LVMH using surveillance-derived data, intercepted communications, or occupied-territory population data for AI model training; disclosed training inputs reference customer purchase and behavioural data.¹⁹ No public evidence identified.

Autonomous Systems & Lethality

No public evidence identified. The development or deployment of autonomous or lethal systems is not within Louis Vuitton’s business domain.

Internal Algorithmic Deployment - Israeli-Origin AI Tooling

No public evidence was identified of any Israeli-origin AI vendor embedded in Louis Vuitton’s or LVMH’s stack. The undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified. No public evidence identified.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Louis Vuitton or LVMH operates an R&D facility, engineering office, or innovation lab within Israel. LVMH’s disclosed innovation infrastructure includes the “La Maison des Startups” accelerator at Station F, Paris (since 2017), which curates international cohorts; no ongoing structured R&D partnership with Israeli institutions, and no specific Israeli cohort identity, was confirmed in available public records.¹⁰ No public evidence identified of an Israeli R&D centre.

Acquisitions & Investments in Israeli Technology Companies (Direction: inbound investor)

LVMH’s controlling shareholder Bernard Arnault, via his family investment vehicle Aglaé Ventures (supported by Agache, the entity through which Arnault controls LVMH), participated in a circa-US$120m secondary-share transaction in the Israeli cloud-security company Wiz (founded January 2020 by Assaf Rappaport, Ami Luttwak, Yinon Costica, and Roy Reznik), reported in 2021.¹¹¹² This is an inbound investment by Arnault’s personal vehicle into an Israeli company - a financial/investor relationship at the controlling-shareholder level - not a provision of technology by Louis Vuitton, and not a Louis Vuitton or LVMH corporate procurement. It is recorded here as the most directionally relevant Israel-technology link in the public record, with direction noted explicitly. No public evidence was identified of LVMH or Louis Vuitton (the corporate entities) acquiring or taking a corporate-venture stake in any Israeli technology company.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Louis Vuitton/LVMH and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). No public evidence identified.

Blockchain & Product Authentication (Aura)

Louis Vuitton co-founded the Aura luxury-blockchain platform, announced 16 May 2019 with ConsenSys (US) and Microsoft (US), built on Ethereum/Quorum and running on Microsoft Azure, with Louis Vuitton and Parfums Christian Dior as the founding LVMH brands.¹³ Aura later became the Aura Blockchain Consortium (with Richemont, Prada, OTB, and Mercedes-Benz). No Israeli state ownership, Israeli government involvement, or Israeli-origin technology provider is identified in Aura’s disclosed governance or stack.¹³ No Israeli nexus identified.

Supplier Code of Conduct - Technology Supply-Chain Provisions

No public evidence was identified of an LVMH technology-supply-chain due-diligence framework specifically governing the national origin or geopolitical exposure of software vendors, security suppliers, or digital-infrastructure providers. No public evidence identified.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, UN report, or academic study addressing Louis Vuitton’s or LVMH’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. Boycott materials targeting Louis Vuitton/LVMH cite the group’s retail presence in Israel and Bernard Arnault’s investment in Wiz, rather than any provision of technology by Louis Vuitton to Israel.⁸¹⁴ No public evidence identified of an NGO campaign specifically targeting Louis Vuitton’s technology provision.

BDS / Boycott Campaigns

Louis Vuitton and LVMH appear on activist boycott listings; the publicly documented grounds relate to the group’s retail presence in Israel and to Bernard Arnault’s personal investment in the Israeli firm Wiz, not to Louis Vuitton’s provision of surveillance, data, or digital technology to Israeli state entities.⁸¹⁴ No public evidence identified of a BDS campaign grounded in Louis Vuitton technology provision to Israel.

Data-Protection Enforcement - 2025 Cyberattacks (Direction: company as victim)

In 2025 Louis Vuitton and other LVMH brands suffered a series of data breaches in which the company was the victim:

• Salesforce-vector intrusions (ShinyHunters/UNC6040): Threat actors used voice-phishing (“vishing”) to trick staff into authorising a malicious OAuth data-loader app linked to the brands’ Salesforce environments, exfiltrating customer “Accounts”/“Contacts” data; Louis Vuitton, Dior, and Tiffany & Co. were named among the LVMH victims.¹⁵
• South Korea (PIPC): South Korea’s Personal Information Protection Commission imposed total fines exceeding ₩36bn (~US$25m), with Louis Vuitton Korea receiving the largest single penalty of ₩21.4bn (~US$14.8m), over breaches between 9–13 June 2025 affecting some 3.6m customers; the regulator attributed the Louis Vuitton incident to malware on an employee device that exposed Salesforce credentials and cited a failure to apply IP-based access controls and strong authentication.¹⁶
• United Kingdom (ICO): Louis Vuitton disclosed that its UK IT systems were accessed by an unauthorised third party on 2 July 2025, exposing customer names, contact details, and purchase histories (no bank/card data); the company notified the UK Information Commissioner’s Office.¹⁷
• Hong Kong (PCPD): Hong Kong’s Office of the Privacy Commissioner for Personal Data opened an investigation into a breach affecting ~419,000 customers (names, passport-ID details, addresses, contact data, purchase history); unusual activity was detected 13 June 2025, the Hong Kong impact confirmed 2 July 2025, and the breach reported to the PCPD on 17 July 2025.¹⁸

These incidents were done to Louis Vuitton/LVMH and have no nexus to the provision of technology to Israel; the regulatory exposure concerns the adequacy of the company’s data-security controls (notably around its US-origin Salesforce CRM). They are recorded as factual digital context only.

Export Controls & Sanctions Authorities

No public evidence was identified of any action by export-control or sanctions authorities (in France/EU or elsewhere) relating to Louis Vuitton or LVMH technology sales, services, or data transfers to Israeli state entities. No public evidence identified.

Regulatory & Legal Actions - Technology Sales to Israeli State Entities

No public evidence identified of any data-protection, export-control, or sanctions-body action relating to Louis Vuitton technology sales or services to Israeli state entities.

End Notes