Digital Audit: Mazda Motor Corporation

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Mazda Motor Corporation (マツダ株式会社) (TSE: 7261) Registered Address: 3-1 Shinchi, Fuchu-cho, Aki-gun, Hiroshima, Japan Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor case studies and press releases, technology and security trade press, automotive-industry reporting, and NGO/database sources. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Mazda procuring technology from Israeli-origin vendors - is a customer relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: a vendor’s other clients, its founders’ backgrounds, or a distributor’s separate activities are not attributed to Mazda. US-entity relationships (e.g. Microsoft) are not Israeli-origin and are noted only for completeness. Cyberattacks committed against Mazda are not provision and are recorded as factual context only.

Enterprise Technology Stack & Vendor Relationships

Core Enterprise & Workplace Systems (Direction: Mazda as customer)

Mazda’s principal publicly documented enterprise technology relationship is with Microsoft, a US-headquartered entity. Microsoft’s customer-story library documents that Mazda deployed Azure Virtual Desktop to build a virtual desktop infrastructure and delivered Microsoft 365 as a collaboration and communication platform across an IT estate used daily by the group’s approximately 43,000 employees, with the rollout run by the Infrastructure Systems Department in Mazda’s MDI & IT Division.¹ Microsoft is a US entity; this is recorded for completeness and is not an Israeli-origin vendor relationship.

Cloud & Connected-Vehicle Platform

Microsoft operates a Connected Vehicle Platform built on Azure with a roster of automaker partners (e.g. Volkswagen Group, the Renault–Nissan–Mitsubishi Alliance) documented in Microsoft’s own Azure communications.² Public Azure and connected-vehicle materials reviewed did not list Mazda among the named Microsoft Connected Vehicle Platform automakers; Mazda’s documented Microsoft relationship in primary sources concerns enterprise/workplace cloud (Azure Virtual Desktop, Microsoft 365), not a connected-vehicle platform contract.¹² No Israel-specific data-centre arrangement or Israeli-origin cloud module was identified within Mazda’s disclosed Microsoft deployment.

Israeli-Origin Enterprise / Cybersecurity Vendors

No public evidence was identified confirming that Mazda holds a licensing, subscription, or integration relationship with any Israeli-origin enterprise-software or cybersecurity vendor (including Check Point, Wiz, SentinelOne, CyberArk, NICE Systems, Verint, or Claroty). Specifically:

Upstream Security (Israeli-founded automotive cybersecurity firm): Upstream’s public materials describe work with “multiple OEMs” but name no automakers on the pages reviewed, and do not list Mazda as a customer or partner.³ No confirmed relationship identified.
Mobileye (Israeli-origin ADAS supplier): Mobileye’s public disclosures name automaker programmes (e.g. Volkswagen, Nissan) but do not name Mazda; no Mazda–Mobileye production programme was identified in the sources reviewed.⁴ No confirmed relationship identified.

In each case the direction would, if confirmed, be Mazda as customer procuring a commercial product - not Mazda providing technology to any Israeli entity. No such procurement relationship was confirmed.

Procurement Transparency Constraints

Mazda, consistent with most automotive OEMs, does not publicly disclose its full enterprise-software and cybersecurity vendor stack below the level of major strategic partnerships. Tier-2 and Tier-3 vendor provenance therefore cannot be confirmed from open sources alone, and this is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

In-Vehicle Facial Recognition - Driver Personalisation (Consumer Product)

Mazda has deployed an in-vehicle facial-recognition Driver Personalisation System, introduced on the CX-60 (2022) and carried into models including the CX-80 and CX-90.⁵⁶ A camera embedded in the centre display recognises and identifies the driver’s face, stores up to six driver profiles, and automatically adjusts over 250 settings (seat, steering wheel, mirrors, head-up display, climate, audio).⁵⁶ Per Mazda’s product documentation and US vehicle privacy notice, the driver-monitoring/personalisation camera converts facial features into numeric “Driver Profile” data that is secured and stored locally on the vehicle only, is not subject to remote access, and does not store or share images, audio, or video.⁶⁷ No public source identified the camera/processing vendor by name, and no Israeli-origin technology was identified in this system.⁵⁶ This is a consumer in-vehicle feature with no Israel nexus identified.

Israeli-Origin Surveillance / Biometric Vendors (Facilities, Dealerships, Retail)

No public evidence was identified that Mazda has deployed facial-recognition, biometric, gait-analysis, or in-store/behavioural-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax) in any operational context - manufacturing facilities, dealership networks, or corporate premises. No public evidence identified.

No public evidence identified of Mazda using Israeli-origin predictive-analytics, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools in any disclosed operational deployment.

Third-Party & Indirect Deployment

No public evidence identified of Israeli-origin surveillance or analytics technology reaching Mazda indirectly via third-party platform providers, managed-security service providers, or bundled enterprise suites. This layer is opaque in public disclosures and is recorded as an evidence gap, not a finding.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence was identified that Mazda operates, leases, or co-locates data-centre infrastructure within Israel. Mazda’s documented cloud footprint centres on Microsoft Azure (a US-entity relationship) for enterprise/workplace systems.¹ No Israel-specific data-residency arrangement was identified in the sources reviewed.

Project Nimbus & Israeli State Cloud Infrastructure

Not applicable. Project Nimbus is the Israeli-government cloud contract awarded to Google Cloud and Amazon Web Services; Mazda is neither a participant nor a sub-provider. Mazda is an automotive OEM and does not operate as a cloud or managed-service provider. No public evidence was identified of Mazda involvement in any Israeli state-backed digital-infrastructure programme.

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Mazda does not operate as a technology or cloud-service provider to any state body, Israeli or otherwise.

Connected-Vehicle Telematics Data Flows

Mazda’s US connected-services documentation states that it contracts with third-party connectivity and telematics service providers but does not name them in public-facing materials.⁷ The national-origin provenance of all telematics sub-providers is therefore not publicly verifiable; no Israeli-origin telematics provider was identified, and this is recorded as an unresolved line of inquiry rather than a finding.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, memorandum of understanding, or service agreement between Mazda Motor Corporation and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (including Mossad, Shin Bet, or Unit 8200-linked commercial entities). A targeted search of Israeli defence-procurement reporting surfaced no Mazda entry.⁸ This is consistent with Mazda’s status as an automotive OEM with no disclosed defence or intelligence business line.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Mazda providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Mazda’s commercially available technology (vehicle platforms, infotainment, driver-assistance, or connected-vehicle infrastructure) being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories.

Offensive Cyber Capability

No public evidence identified. Mazda does not develop, license, or sell offensive cyber capability or digital weapons systems. Mazda was itself the victim of a data-security incident: in March 2026 Mazda disclosed that an internal warehouse-management system (used for parts procured from Thailand) had been accessed by an external threat actor; the intrusion was detected in mid-December 2025 and disclosed on 23 March 2026, exposing 692 records of employee, group-company, and business-partner data (user IDs, names, email addresses, company names, partner IDs).⁹¹⁰ Mazda stated no customer personal data was held in the affected system and that the incident was not a ransomware/malware infection, and reported it to Japan’s Personal Information Protection Commission.⁹¹⁰ A Mazda data breach affecting North American customer data was also reported in earlier years by specialist press.¹¹ These incidents were done to Mazda, implicate no Israeli-origin technology or Israeli state relationship, and are recorded here as factual digital context only.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to Israeli State Bodies

No public evidence identified. No public evidence was identified of Mazda providing AI capability, model access, datasets for model training, computer-vision, or inference services to any Israeli state, military, or security body.

Consumer-Facing AI, ADAS & Autonomous Systems

Mazda’s publicly disclosed AI and autonomous-systems activity is directed at consumer road-vehicle applications, including its driver-assistance and driver-monitoring features (above) and the facial-recognition Driver Personalisation System.⁵⁶ In June 2019 Mazda took a 2% equity stake (approximately 57.1 million yen) in MONET Technologies, the SoftBank–Toyota mobility-services and Autono-MaaS joint venture, alongside Isuzu, Suzuki, Subaru, and Daihatsu.¹²¹³ MONET is a Japanese mobility-services venture; no Israel nexus was identified in its disclosed structure or activities.¹²¹³ No provision of autonomous targeting, automated threat-detection, or autonomous tracking technology to any military or security force was identified.

Datasets for Model Training & Model Development Involving Israeli Population Data

No public evidence identified of Mazda’s AI models being trained on, or provided access to, civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the Occupied Palestinian Territories.

Internal Algorithmic Deployment - Israeli-Origin AI Tooling

No public evidence was identified of any Israeli-origin AI vendor embedded in Mazda’s internal stack. The undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Mazda operates any research and development facility, engineering office, innovation lab, or accelerator programme within Israel. A published list of carmaker R&D centres in Israel - which names GM, Mercedes-Benz, Ford, BMW, Volkswagen, Hyundai, Honda (via DRIVE TLV), and Nissan (via the Renault–Nissan–Mitsubishi Alliance lab), among others - does not include Mazda (nor Toyota).¹⁴ No public evidence identified.

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Mazda acquiring, or taking a corporate-venture stake in, any Israeli technology company. Mazda’s disclosed strategic technology investment in the period centres on the Japanese MONET mobility venture¹² and internal electrification/connected-car R&D; no Israeli entity was identified in its disclosed M&A or investment activity.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Mazda and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). No public evidence identified.

Authorised Israeli Distributor - Delek Motors (Direction: import/distribution, not provision)

Mazda vehicles are sold in Israel through Delek Motors Ltd., which obtained the Mazda import concession in 1991, with the first Mazda vehicles arriving in Israel in early 1992; Delek Motors is the official importer and distributor of Mazda (alongside Ford, BMW, MINI, and other brands) in Israel and has made Mazda a leading car brand in that market.¹⁵¹⁶ This is a standard commercial vehicle-import/distribution arrangement, not a Mazda technology subsidiary. Delek Motors independently operates its own IT and dealership-management infrastructure; whether it deploys Israeli-origin enterprise technology within the scope of its Mazda franchise is outside Mazda Motor Corporation’s disclosed corporate perimeter and could not be assessed from available records. This is recorded as an evidence gap, not a finding. (Note: an earlier draft of this audit incorrectly named Colmobil Group as the Mazda importer; the correct importer is Delek Motors.)¹⁵¹⁶

Supplier Code of Conduct - Technology Supply-Chain Provisions

No public evidence was identified that Mazda’s supplier-conduct or responsible-sourcing frameworks contain provisions governing the national origin or geopolitical exposure of technology vendors, software suppliers, or digital-infrastructure providers. No technology-supply-chain due-diligence framework specific to vendor geopolitical exposure is publicly documented. No public evidence identified.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Mazda’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. The Who Profits Research Centre database documents corporate involvement in the occupation economy and is consulted by the BDS movement; no Mazda technology-relationship entry was surfaced in the sources reviewed.¹⁷ No public evidence identified.

BDS Campaigns

No public evidence was identified of an organised boycott, divestment, or sanctions campaign specifically targeting Mazda’s technology relationships with Israel or operations in occupied territories. General BDS target/campaign databases reviewed did not surface a Mazda technology-provision entry.¹⁸ No public evidence identified.

Regulatory & Data-Protection History (Direction: Mazda as data controller / victim)

Mazda’s March 2026 warehouse-system breach triggered notification to Japan’s Personal Information Protection Commission;⁹¹⁰ this concerns Mazda’s posture as a data controller and the victim of an intrusion, and is not connected to any Israeli-origin technology relationship. No public evidence identified of regulatory inquiries, export-control actions, or sanctions investigations involving Mazda technology sales or services to Israeli state entities.

Export Controls & Sanctions Authorities

No public evidence was identified of any action by export-control or financial-sanctions authorities (in Japan or elsewhere) relating to Mazda technology sales, services, or data transfers to Israeli state entities. No public evidence identified.