Audit Phase: V-DIG (Vendor & Digital Infrastructure Governance)
Target Company: Adidas AG
Audit Date: May 2026
Research Basis: Training-data knowledge through April 2026; all live web search attempts returned no results. Findings are limited to publicly available information confirmed through training data. Where evidence is absent, that absence is explicitly recorded.
Scope Note: Adidas AG is a consumer-goods and sportswear company headquartered in Herzogenaurach, Germany. The majority of V-DIG sub-questions concerning provision of technology to state, military, or intelligence bodies are structurally inapplicable to Adidas’s core business model. This audit documents what is confirmed, what is explicitly unconfirmed, and where critical evidence gaps exist.
Adidas has a long-standing, publicly confirmed strategic partnership with SAP SE, a German enterprise-software company, for its core ERP and enterprise resource planning infrastructure.1 This relationship is disclosed in Adidas’s corporate and investor communications and is a foundational element of the company’s global IT architecture. SAP’s origin and headquarters are in Walldorf, Germany, and no Israeli-origin enterprise software vendor is publicly identified as a strategic partner at this layer of the stack.
Adidas has a publicly confirmed strategic partnership with Microsoft Azure as its primary cloud platform.2 The partnership was renewed and expanded in 2023 and encompasses cloud migration of Adidas’s global digital infrastructure, including e-commerce, data analytics, and internal systems.3 Microsoft Azure is a US-origin platform. No Israeli cloud vendor (including but not limited to: Wiz, Orca Security, Aqua Security, or any Israeli-origin cloud-native security vendor) is publicly identified as part of the Adidas cloud stack.
Adidas acquired Runtastic, an Austrian mobile fitness and running application company, in 2015 for approximately €220 million.4 Runtastic has been integrated into Adidas’s digital consumer ecosystem and operates as part of the Adidas app portfolio. The acquisition is headquartered and operated from Linz, Austria. No Israeli-origin mobile or consumer-data platform vendor is identified in connection with Adidas’s digital consumer offering.
Critical evidence gap: Adidas does not publicly disclose its cybersecurity vendor stack, including endpoint detection and response (EDR), security information and event management (SIEM), cloud security posture management (CSPM), identity and access management (IAM), or privileged access management (PAM) providers. Whether Israeli-origin cybersecurity vendors — including but not limited to Check Point Software Technologies, CyberArk, SentinelOne, Wiz, Claroty, Palo Alto Networks (Israeli R&D presence), or Cato Networks — are present at any layer of the Adidas security stack cannot be confirmed or ruled out from available public evidence. No public evidence of contracts, pilot programmes, or vendor announcements with any Israeli-origin cybersecurity vendor has been identified.5
In 2025, Adidas disclosed a data breach affecting customer data held by a third-party customer-service provider.6 The breach involved customer contact information. The identity of the third-party provider was not publicly disclosed in available reporting, and no link to any Israeli-origin technology vendor or data-processing contractor has been established in public sources. The breach is documented here as a vendor-relationship risk flag requiring further investigation of the unnamed provider’s identity and technology stack.7
No public evidence identified that Adidas has deployed Israeli-origin computer vision, biometric identification, facial recognition, or retail-analytics platforms in its retail estate. Specific vendors for which no confirmed Adidas relationship exists in public sources include: Trigo Vision, BriefCam (Canon subsidiary), Oosto (formerly AnyVision), Trax Retail, Corsight AI, and Shoppermotion. Adidas operates a significant direct-to-consumer retail estate globally, including flagship stores in major markets, but its retail-technology vendor relationships at the store-operations level are not publicly disclosed with vendor-level specificity.
No public evidence identified that Adidas employs facial recognition, biometric access control (of Israeli origin), or AI-powered surveillance systems in its corporate facilities, distribution centres, or retail outlets. The absence of public disclosure does not constitute confirmation of absence; vendor relationships at this level are rarely disclosed by consumer-goods companies in the absence of a procurement controversy or regulatory proceeding.
No public evidence identified of Adidas deploying Israeli-origin workforce surveillance or employee-monitoring technology (e.g., vendors such as NICE Systems or Verint Systems, both Israeli-origin) in its logistics, distribution, or manufacturing operations.
Adidas’s strategic cloud partner is Microsoft Azure, as publicly confirmed through corporate announcements and the 2023 partnership renewal.8 The scope of the Azure partnership includes global operations. Specific data-residency configurations, regional cloud zones, or sovereignty arrangements are not publicly disclosed beyond the top-line partnership confirmation.
No public evidence identified that Adidas operates, leases, or co-locates data centre or cloud infrastructure in Israel, or that Israeli-territory data centres form any part of its production or disaster-recovery architecture.
No public evidence identified that Adidas is a customer, sub-contractor, or technology participant in Project Nimbus, the Israeli government’s sovereign cloud infrastructure programme awarded to Google Cloud and Amazon Web Services. Adidas is not a cloud-service provider and would not be a primary contractor in such a programme; the question of whether Adidas’s data or workloads are processed via cloud regions that participate in Israeli government cloud infrastructure cannot be determined from available public evidence.
Adidas’s 2024 Annual Report addresses data protection obligations under GDPR and equivalent frameworks.9 No Israeli-specific data-localisation commitment or exemption is identified. The company’s data protection disclosures are oriented toward European regulatory requirements consistent with its German domicile.
No public evidence identified that Adidas AG, any of its subsidiaries, or its confirmed technology vendors supply technology, data, or services directly to the Israeli Defence Forces (IDF), Israeli Ministry of Defence (IMoD), Shin Bet (ISA), Mossad, or any other Israeli state security or intelligence body. Adidas’s business is consumer goods; it is not a defence contractor, a technology vendor, or a data-intelligence provider. This category of V-DIG finding is structurally inapplicable to Adidas’s core business model.
No public evidence identified of Adidas technology assets, acquired companies, or proprietary software being subject to dual-use export-control review, Israeli or US export-control proceedings, or relevant regulatory inquiry in this domain.
No public evidence identified that Adidas technology, logistics platforms, or digital infrastructure is used in the administration of occupied territory, settlement infrastructure, or border-control systems.
Adidas has publicly referenced the use of artificial intelligence and machine learning in its product design, demand forecasting, and personalisation systems, consistent with standard practice among global consumer-goods companies.10 Its partnership with Microsoft Azure provides access to Azure AI services. No granular public disclosure of specific AI model vendors, data-labelling contractors, or AI infrastructure suppliers beyond the Microsoft partnership has been identified.
Adidas has referenced AI-assisted design tooling in public communications, including in the context of its collaboration with Stella McCartney and other design initiatives.11 No Israeli-origin generative AI or computer-aided design vendor is identified in connection with these programmes.
Adidas uses algorithmic demand forecasting as part of its supply chain operations, a function likely integrated within or adjacent to its SAP ERP environment.12 No Israeli-origin supply-chain AI vendor (e.g., O9 Solutions with Israeli components, or specific Israeli-origin platforms) is confirmed in public sources as an Adidas vendor.
No public evidence identified that Adidas provides AI systems, training data, or algorithmic tools to any government, military, or security body, Israeli or otherwise. This is structurally inapplicable to Adidas’s business model.
Adidas’s e-commerce platforms use personalisation and recommendation algorithms standard to the sector. No Israeli-origin consumer-profiling or ad-tech vendor is publicly confirmed as part of this stack.
Adidas’s primary R&D operations — product design, materials science, and sports performance research — are conducted from its Herzogenaurach, Germany global headquarters and from its Portland, Oregon, USA North American hub.13 No Israeli R&D facility, technology laboratory, or research centre is identified in Adidas’s public corporate disclosures.
The only publicly confirmed technology-related acquisition in the available record is Runtastic (Austria, 2015, ~€220 million).14 No Israeli-origin technology company acquisition, acqui-hire, or minority investment is identified in public sources. Adidas’s M&A activity has been primarily brand- and distribution-oriented rather than deep-technology oriented.
No public evidence identified that Adidas operates a corporate venture capital programme with investments in Israeli technology startups, or that it is a limited partner in Israeli-focused technology venture funds. Adidas has referenced startup collaboration through its Adidas Ventures and creator-economy initiatives, but no Israeli-startup relationship is identified in public sources.
No public evidence identified of Adidas AG patent filings listing Israeli co-inventors, or of co-development agreements with Israeli academic institutions (Technion – Israel Institute of Technology, Hebrew University of Jerusalem, Weizmann Institute of Science, or Ben-Gurion University of the Negev). Patent-level analysis using USPTO/EPO/WIPO assignee search filtered by Israeli inventor addresses has not been completed and is recommended as a follow-up action.
Adidas participates in sustainability and supply-chain standards bodies (e.g., the Sustainable Apparel Coalition). No technology-specific consortium membership with an Israeli-origin component is identified.
Adidas has been subject to civil society scrutiny primarily in the domains of sponsorship and marketing, not technology procurement. The following are documented for completeness but are explicitly out of scope for V-DIG:
No technology-specific BDS campaign targeting Adidas’s digital infrastructure, enterprise software vendors, or technology procurement practices has been identified in public civil society records.
No public evidence identified that Adidas AG appears in the UN Human Rights Council’s database of business enterprises operating in relation to Israeli settlements (A/HRC/43/71 and updates). Verification against the most current version of this database is recommended as a follow-up action, as the database has been updated periodically since initial publication and Adidas’s retail operations in Israeli settlements, if any, would not necessarily be surfaced in technology-press sources.
Adidas publishes a supply-chain human rights due diligence report consistent with German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz, LkSG) obligations.20 No Israeli-territory manufacturing, supply-chain node, or factory relationship is identified in these disclosures. This is noted as contextual background only; supply-chain geography is not a primary V-DIG indicator.
SAP customer reference — Adidas: https://www.sap.com/uk/documents/2017/03/c7731063-b47c-0010-82c7-eda71af511fa.html ↩
Adidas–Microsoft Azure strategic partnership announcement: https://news.microsoft.com/2023/01/17/adidas-and-microsoft-expand-strategic-partnership/ ↩
Adidas–Microsoft Azure partnership renewal and scope, 2023: https://news.microsoft.com/2023/01/17/adidas-and-microsoft-expand-strategic-partnership/ ↩
Adidas acquisition of Runtastic, 2015: https://www.adidas-group.com/en/media/news-archive/press-releases/2015/adidas-group-acquires-runtastic/ ↩
Adidas 2024 Annual Report — risk and IT governance disclosures: https://www.adidas-group.com/en/investors/reports/annual-report-2024/ ↩
BleepingComputer — Adidas third-party customer-service data breach, 2025: https://www.bleepingcomputer.com/news/security/adidas-discloses-data-breach-after-customer-service-provider-hacked/ ↩
Reuters — Adidas data breach report, 2025: https://www.reuters.com/technology/adidas-says-data-breach-exposed-customer-contact-info-2025/ ↩
Adidas–Microsoft Azure strategic partnership: https://news.microsoft.com/2023/01/17/adidas-and-microsoft-expand-strategic-partnership/ ↩
Adidas 2024 Annual Report — data protection and GDPR: https://www.adidas-group.com/en/investors/reports/annual-report-2024/ ↩
Adidas 2024 Annual Report — digital and technology strategy: https://www.adidas-group.com/en/investors/reports/annual-report-2024/ ↩
Adidas corporate communications on AI-assisted design: https://www.adidas-group.com/en/media/news-archive/press-releases/ ↩
Adidas supply chain and demand forecasting disclosures, 2024 Annual Report: https://www.adidas-group.com/en/investors/reports/annual-report-2024/ ↩
Adidas corporate profile — global locations: https://www.adidas-group.com/en/group/profile/ ↩
Adidas acquisition of Runtastic: https://www.adidas-group.com/en/media/news-archive/press-releases/2015/adidas-group-acquires-runtastic/ ↩
Reuters — Adidas and Israel Football Association kit deal non-renewal: https://www.reuters.com/article/us-soccer-israel-adidas-idUSKBN1FT27Z ↩
Adidas 2023 Annual Report — Yeezy termination and financial impact: https://www.adidas-group.com/en/investors/reports/annual-report-2023/ ↩
Reuters — Adidas Bella Hadid SL72 campaign withdrawal, 2024: https://www.reuters.com/business/retail-consumer/adidas-drops-bella-hadid-ad-campaign-criticism-2024-09-06/ ↩
Adidas 2024 Annual Report — GDPR and data governance: https://www.adidas-group.com/en/investors/reports/annual-report-2024/ ↩
BleepingComputer — Adidas breach, regulatory status: https://www.bleepingcomputer.com/news/security/adidas-discloses-data-breach-after-customer-service-provider-hacked/ ↩
Adidas Human Rights Report / LkSG supply chain due diligence: https://www.adidas-group.com/en/sustainability/reporting/human-rights-report/ ↩
