INDEX / DIRECTORY / NINTENDO / DIGITAL

Nintendo DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-15
Digital Score 0.00 /10 E Nintendo - BDS-1000 125
Digital 0.00

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit: Nintendo Co., Ltd.

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Nintendo Co., Ltd. (TYO: 7974; OTC: NTDOY) Registered Address: 11-1 Kamitoba-hokotate-cho, Minami-ku, Kyoto 601-8501, Japan Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor case studies and technical presentations, trade and technology press, NGO/database research, and Nintendo’s own legal/privacy notices. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Nintendo procuring technology from Israeli-origin vendors, or Nintendo products being sold in Israel through a local distributor - is a customer/distribution relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: a vendor’s other clients, its founders’ backgrounds, or a parent group’s separate activities are not attributed to Nintendo. US-entity relationships (e.g. Amazon Web Services, Google Cloud, NVIDIA) are not Israeli-origin and are noted only for completeness and directional clarity.

Enterprise Technology Stack & Vendor Relationships

Primary Cloud and Online-Services Vendors (Direction: Nintendo as customer)

Nintendo’s disclosed online-services infrastructure runs on two US-headquartered hyperscalers. Nintendo Switch online multiplayer is served by the Nintendo Platform Network (NPLN), a general-purpose game server Nintendo began developing in 2018 and built on Google Cloud (a US entity), using Google Kubernetes Engine for stateless microservices, Cloud Spanner and Cloud Storage for stateful/user data, Anthos Service Mesh for routing, Cloud Load Balancing, and Cloud Monitoring/Trace/Logging with BigQuery for analytics.12 Separately, the Nintendo eShop backend was modernised onto Amazon Web Services (a US entity), using Amazon ECS, API Gateway, ECS Service Connect and related services, as presented by Nintendo Systems Co., Ltd. at AWS re:Invent 2023; Nintendo also runs push-notification infrastructure on AWS (Fargate, Network Load Balancer, DynamoDB, SQS) at a scale described as 100 million concurrent devices.345 Both relationships are inbound procurement (Nintendo as customer); neither vendor is Israeli-origin.

Named Content-Delivery-Network Providers (Direction: Nintendo as customer)

Nintendo’s own legal notice names the content-delivery-network providers with which it shares information for Nintendo Account Services, Nintendo Network and the official website: Akamai Technologies, Inc. / Akamai Technologies GK; Amazon Web Services Inc.; CDNetworks Japan Co., Ltd.; and Limelight Networks, Inc.6 All four are US- or Japan-domiciled entities. No Israeli-origin CDN vendor is named.

Israeli-Origin Software & Cybersecurity Vendors

No public evidence was identified that Nintendo holds a licensing, subscription, or integration relationship with any Israeli-origin enterprise-software or cybersecurity vendor (e.g. Check Point, Wiz, CyberArk, SentinelOne, NICE Systems, Verint, Claroty). Nintendo does not publish a named security-vendor stack or sub-processor list in its primary corporate filings, so such a relationship cannot be positively excluded; none was identified in any source reviewed. No public evidence identified.

Procurement Transparency Constraints

Nintendo does not publish a technology-vendor dependency map, a GDPR Article 28 sub-processor list, or named security-product disclosures in its main investor or corporate-responsibility reporting. The full IT/security vendor stack beneath the primary US cloud providers is undisclosed; this is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Deployment

No public evidence was identified that Nintendo operates facial-recognition, biometric-identification, gait-analysis, or in-store behavioural-analytics technology of any origin - Israeli or otherwise - at its small directly operated retail estate (Nintendo NY, Nintendo Tokyo, Nintendo Osaka, Nintendo Kyoto). No public evidence identified.

Israeli-Origin Surveillance / Biometric Vendors

No public evidence was identified linking Nintendo to any Israeli-origin surveillance or biometric vendor (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax, Corsight). No public evidence identified.

Consumer Analytics & Platform Telemetry

Nintendo collects first-party platform telemetry through Switch hardware, Nintendo Accounts, and eShop systems, and discloses data-collection practices in its privacy policy without naming third-party behavioural-analytics vendors.7 No public evidence was identified of Israeli-origin sentiment-analysis, social-media-monitoring, or consumer-surveillance tooling in this telemetry stack. No public evidence identified.

Predictive Analytics & Workforce Monitoring

No public evidence identified of Nintendo deploying Israeli-origin predictive-analytics, social-media-surveillance, or workforce-monitoring tools.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence was identified that Nintendo operates, leases, or co-locates data-centre infrastructure within Israel. Nintendo’s disclosed online-services footprint is served from the US hyperscalers AWS and Google Cloud, with regional delivery for Japan, the Americas, and Europe.13 No public evidence identified.

Project Nimbus & Israeli State Cloud Infrastructure

Not applicable. Project Nimbus is the c.US$1.2bn Israeli-government cloud contract awarded to Google Cloud and Amazon Web Services; Nintendo is a customer of those same hyperscalers for its consumer gaming services and is neither a participant, sub-provider, nor advisor in Nimbus.8 No public evidence was identified of Nintendo involvement in any Israeli state-backed digital-infrastructure programme. (No transitive guilt is imputed from sharing a cloud vendor with Nimbus.)

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Nintendo is a consumer of cloud services, not a provider; it does not market or supply data-sovereignty, resilience, or infrastructure-security services to any state body, Israeli or otherwise.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, memorandum of understanding, or service agreement between Nintendo and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), Shin Bet, Mossad, or Unit 8200-linked commercial entities.9 Nintendo’s operations are wholly within consumer entertainment hardware, software, and online services.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Nintendo providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found.9 No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of Nintendo’s commercially available technology (consoles, first-party software, Nintendo Switch Online services) being reported, confirmed, or documented as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. No public evidence identified.

Offensive Cyber Capability

No public evidence identified. Nintendo does not develop, license, or sell offensive cyber capability, intrusion tooling, or exploit technology. Nintendo has instead been the victim of cyber incidents: in April–May 2020 it disclosed a large-scale credential-stuffing attack against the Nintendo Network ID (NNID) system, ultimately affecting approximately 300,000 accounts (an initial 160,000 plus a further c.140,000), exposing names, email addresses, dates of birth, and country, and prompting password resets and the abolition of NNID logins.1011 These incidents were done to Nintendo, have no documented nexus to Israeli-linked threat actors, and are recorded here as factual digital context only.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to Israeli State Bodies

No public evidence was identified of Nintendo providing AI/ML systems, models, datasets, model access, or inference services to any Israeli state, military, or security body. Nintendo’s disclosed AI/ML use is confined to consumer product development (game-development pipelines, account-security/anti-fraud, animation). No public evidence identified.

Internal Algorithmic Deployment - Israeli-Origin AI Tooling

The principal AI capability associated with Nintendo’s current hardware is the on-device AI of the Nintendo Switch 2, which is built on an NVIDIA (a US entity) custom processor with Tensor Cores enabling DLSS upscaling and related AI graphics features.12 No public evidence was identified of any Israeli-origin AI vendor embedded in Nintendo’s products or stack; the undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified. No public evidence identified.

Training Data & Model Development Involving Israeli Population Data

No public evidence was identified of Nintendo contributing to, commissioning, or benefiting from AI model development involving Israeli population datasets, intercepted communications, or surveillance-derived data. No public evidence identified.

Autonomous Systems & Lethality

No public evidence identified. The development or deployment of autonomous or lethal systems is not within Nintendo’s business domain.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Nintendo operates any R&D facility, engineering office, innovation lab, or accelerator programme within Israel. Nintendo’s R&D footprint is concentrated at its Kyoto headquarters and Tokyo offices in Japan and at Nintendo of America in Redmond, Washington.13 No public evidence identified.

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Nintendo acquiring, or taking a corporate-venture stake in, any Israeli technology company or Israeli-linked venture fund. Nintendo’s documented acquisitions in the recent period are non-Israeli (e.g. SRD Co., Ltd. in Japan; Next Level Games in Canada).13 No public evidence identified.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Nintendo and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute). No public evidence identified.

Distribution Presence in Israel (Direction: Nintendo products sold via local distributor)

Nintendo products are sold in Israel through TorGaming Ltd., named as Nintendo’s official representative/distributor in Israel from March 2019; TorGaming owns and operates a Nintendo-branded store at the Dizengoff Center in Tel Aviv (opened June 2019, reported at the time as the second official Nintendo brick-and-mortar store worldwide) and opened a further facility in Eilat in 2022.141516 This is an outbound distribution/retail relationship operated by a third party, not provision of technology to any Israeli state entity; it is a downstream commercial presence (the substance of which sits in the Economic domain) and is recorded here only for completeness and directional clarity.

Supplier Code of Conduct - Technology Supply-Chain Provisions

Nintendo’s Supplier Code of Conduct addresses labour, environmental, and business-ethics expectations oriented toward its hardware-manufacturing supply chain (semiconductors, components, physical goods) and does not, in the public version reviewed, contain provisions governing the national origin or geopolitical exposure of software vendors, IT-service suppliers, or digital-infrastructure providers.17 No public evidence identified of a technology-supply-chain due-diligence framework specific to vendor geopolitical exposure.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Nintendo’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. Nintendo does not appear as a profiled company in the Who Profits Research Center database or the AFSC Investigate database in connection with the settlement or occupation economy.1819 No public evidence identified.

BDS Campaigns

No public evidence was identified of an organised BDS, divestment, or sanctions campaign specifically targeting Nintendo over technology provision to Israel. Recent BDS gaming-sector campaigning has centred on Microsoft/Xbox in connection with Project Nimbus, not Nintendo.20 Nintendo is not a named BDS priority or pressure target in published campaign materials reviewed. No public evidence identified.

Regulatory & Legal Actions - Technology Sales to Israeli State Entities

No public evidence was identified of any action by export-control authorities, sanctions bodies, or data-protection regulators relating to Nintendo technology sales, services, or data transfers to Israeli state entities. Nintendo’s documented regulatory history concerns consumer-protection/resale-price matters, intellectual-property/anti-piracy enforcement, and general data-protection compliance - none of which relates to Israel, the Occupied Palestinian Territories, or defence/security export controls.7 No public evidence identified.

Security-Incident Regulatory Context

The 2020 NNID credential-stuffing breach prompted customer-facing remediation, reimbursement of fraudulent charges, and password/login-system changes; no publicly disclosed regulatory enforcement action in the primary jurisdictions was identified, and the incident has no Israel nexus.1011

Evidence Gaps

  1. Full IT and security vendor stack (highest priority) - Nintendo does not publish a named security-product list or GDPR sub-processor disclosure; Israeli-origin cybersecurity vendor exposure beneath the primary US cloud providers cannot be positively excluded on public evidence.
  2. Sub-vendor layer on AWS/Google Cloud - The identity of security, analytics, and fraud-detection vendors layered on top of the disclosed hyperscaler platforms is not publicly documented.
  3. Japanese-language disclosures - Nintendo’s Japanese-language filings and procurement materials may contain vendor references not captured in English-language sources.
  4. Distributor IT overlap - Whether TorGaming’s Israeli retail operation shares any central Nintendo IT/e-commerce systems is not publicly documented; any such overlap would be a downstream distribution matter, not provision to a state entity.

End Notes

Footnotes

  1. https://cloud.google.com/blog/ja/topics/customers/nintendo-new-game-servers-built-with-gke-cloud-spanner?hl=ja 2

  2. https://enterprisezine.jp/news/detail/17293

  3. https://aws.amazon.com/solutions/case-studies/nintendo-systems-case-study/ 2

  4. https://d1.awsstatic.com/events/Summits/reinvent2023/GAM306_Modernization-of-Nintendo-eShop-Microservice-and-platform-engineering.pdf

  5. https://aws.amazon.com/solutions/case-studies/scalability-aws-nintendo/

  6. https://www.nintendo.com/en-gb/Legal-information/What-is-a-content-delivery-network-CDN-and-which-CDN-providers-is-Nintendo-working-with-/What-is-a-content-delivery-network-CDN-and-which-CDN-providers-is-Nintendo-working-with-1378848.html

  7. https://www.nintendo.com/en-US/privacy-policy 2

  8. https://www.972mag.com/project-nimbus-contract-google-amazon-israel/

  9. https://investigate.afsc.org/companies 2

  10. https://www.idtheftcenter.org/post/credential-stuffing-compromises-160000-accounts-in-nintendo-data-breach/ 2

  11. https://www.bitdefender.com/en-us/blog/hotforsecurity/nintendo-confirms-additional-140000-accounts-compromised-in-april-data-breach 2

  12. https://blogs.nvidia.com/blog/nintendo-switch-2-leveled-up-with-nvidia-ai-powered-dlss-and-4k-gaming/

  13. https://www.nintendo.co.jp/ir/pdf/2024/annual2401e.pdf 2

  14. https://nocamels.com/2019/06/nintendo-store-tel-aviv/

  15. https://en.globes.co.il/en/article-nintendo-opens-second-store-worldwide-in-israel-1001291033

  16. https://www.calcalistech.com/ctech/articles/0,7340,L-3765800,00.html

  17. https://www.nintendo.co.jp/csr/en/supplier/index.html

  18. https://whoprofits.org/companies/

  19. https://investigate.afsc.org/tags/settlement-industry

  20. https://www.jpost.com/bds-threat/article-849120