H&M Digital Audit

Audit Phase: V-DIG
Date of Completion: 2026-05-01
Analyst Note: All findings are drawn exclusively from the research memo below. Claims that could not be independently verified beyond a prior model’s assertion are explicitly flagged as UNVERIFIED (prior model only). No scores, tiers, or conclusions are assigned. Where evidence is absent, “No public evidence identified” is the stated conclusion.

Enterprise Technology Stack & Vendor Relationships

Confirmed Vendor Relationships

Google Cloud (confirmed, strategic, ongoing)
H&M Group announced a strategic partnership with Google Cloud in July 2022 to construct a global enterprise data platform described as foundational to its “Project Future” digital transformation programme.² The partnership was formalised via official PR Newswire press release and is referenced in H&M Group’s corporate strategy disclosures.²⁵ Google Cloud serves as H&M’s primary enterprise data infrastructure provider, making this a core dependency rather than a peripheral integration. Google Cloud is US-headquartered but holds a central role in Israel’s Project Nimbus sovereign cloud programme (see Cloud Infrastructure section below).⁹¹⁰¹¹

Zeekit (confirmed historical partnership, vendor now Walmart-owned)
H&M held a commercial partnership with Zeekit, an Israeli AR/virtual try-on startup, from approximately 2018 until Walmart’s acquisition of Zeekit in May 2021.⁴²² H&M launched a virtual dressing room feature powered by Zeekit’s body-mapping and computer vision technology in 2018.²² Following the Walmart acquisition, this vendor relationship ceased as an independent arrangement.⁴ This represents the most clearly documented historical engagement with an Israeli-origin technology company at the product-integration level.

Unverified Vendor Relationships (Prior Model Only)

The following Israeli-origin vendors were asserted by a prior model. No public source available in the research base names H&M as a customer for any of these products. They are catalogued here for completeness and to flag evidence gaps requiring direct source verification.

• Wiz (Israeli-founded cloud security; co-founded by Assaf Rappaport with Israeli R&D operations; subject of a reported ~$23 billion Google acquisition in 2024¹²): Prior model asserts H&M uses Wiz for cloud security. A real product integration between Wiz and Check Point is documented¹⁹ but does not name H&M. UNVERIFIED (prior model only).
• Check Point Software Technologies (Israeli-founded cybersecurity, founded by Gil Shwed, Unit 8200 veteran): Prior model asserts H&M uses Check Point’s Infinity Platform. A CyberOne Security case study¹⁸ referring to a “Luxury International Fashion Brand” is the sole cited evidence, but that document does not name H&M in its title or abstract. Attribution to H&M is UNVERIFIED (prior model only).
• SentinelOne (Israeli R&D roots, US-listed EDR vendor): Prior model asserts H&M uses SentinelOne for endpoint detection and response. A SentinelOne–Check Point joint solution brief²⁰ is vendor marketing material and does not name H&M. UNVERIFIED (prior model only).
• CyberArk (Israeli-founded Privileged Access Management vendor): Prior model asserts H&M uses CyberArk for PAM. Same CyberOne case study caveat applies.¹⁸ No independent public source names H&M as a CyberArk customer. UNVERIFIED (prior model only).
• AppsFlyer (Israeli-founded mobile attribution and analytics platform, headquartered in Tel Aviv/Herzliya²⁶): Prior model asserts H&M uses AppsFlyer for mobile measurement. The AppsFlyer blog post cited in prior research discusses online-to-offline attribution generically and does not name H&M as a client. H&M’s app infrastructure is consistent with use of a mobile measurement partner, but specific contractual relationship is UNVERIFIED.
• Verint Systems (Israeli-founded workforce engagement and customer intelligence vendor): Prior model asserts Verint is used for workforce management or call-centre analytics. No public source names H&M as a Verint customer. UNVERIFIED (prior model only).

Procurement & Integrator Relationships

No public evidence identified of named systems integrators mandating or deploying Israeli-origin technology specifically for H&M. The Google Cloud partnership involves Google Professional Services in an integrator capacity by implication, but no specific third-party integrator contract has been publicly documented. The scale of dependency on Israeli-origin technology cannot be assessed for unverified vendors; the Google Cloud relationship alone is confirmed as enterprise-critical.

Surveillance, Biometrics & Retail Technology

Computer Vision & Virtual Try-On

Zeekit (confirmed, discontinued)
H&M’s 2018 deployment of Zeekit’s virtual dressing room technology²² represents the company’s most substantiated engagement with Israeli-origin computer vision at scale. Zeekit was founded in Israel and its computer vision algorithms were publicly reported to have origins in aerial image processing. The characterisation of “battlefield topographic mapping” provenance, cited in prior analytical reports, is consistent with publicly available founder background information but should be treated as descriptive characterisation rather than a formally verified military-origin claim. The partnership ended as an independent vendor relationship following Walmart’s acquisition of Zeekit in May 2021.⁴ H&M does not appear to have replaced Zeekit with another Israeli-origin virtual try-on provider.

Facial Recognition & In-Store Surveillance

• Trigo (Israeli cashierless store technology), BriefCam (Israeli video analytics), AnyVision/Oosto (Israeli facial recognition), Trax (Israeli retail shelf analytics): No public evidence identified of H&M deploying any of these vendors. Source classes reviewed include H&M corporate press releases, retail technology trade press, and NGO surveillance technology reports.
• No public evidence identified of H&M deploying facial recognition technology in stores in any jurisdiction.

Predictive Analytics & Workforce Monitoring

No public evidence identified of H&M using Israeli-origin predictive policing, sentiment analysis, social media monitoring, or workforce surveillance tools. The Verint claim (workforce management) noted in Section 1 remains unverified.

Third-Party & Indirect Deployment

No public evidence identified of Israeli-origin surveillance technology reaching H&M operations indirectly through managed services or bundled enterprise suites, beyond the Google Cloud platform relationship (which may, post-acquisition, bundle components originating from Israeli-founded companies such as Wiz).

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

H&M’s Own Infrastructure in Israel

No public evidence identified that H&M Group directly operates, leases, or co-locates data centre infrastructure within Israel. H&M’s primary technology operations are Sweden-based. The Israeli franchise operation (Match Retail) may utilise locally available cloud or managed hosting services, but no specific public disclosure of data residency arrangements for Match Retail’s Israeli operations has been identified.

Project Nimbus — Contextual Relationship

H&M is not a party to Project Nimbus. Project Nimbus is a contract between the Israeli government (including Israeli military and intelligence agencies) and Google Cloud and AWS, announced in 2021, valued at approximately $1.2 billion.⁹¹⁰¹¹ H&M is a customer of Google Cloud² and occupies no role as a contractor, provider, or sub-contractor within the Nimbus arrangement.

The analytical inference that H&M’s Google Cloud expenditure contributes to revenue pools enabling Google’s Nimbus commitments is a structural observation about vendor economics, not a documented or contractual relationship. H&M has no verified participation in Project Nimbus or any comparable state-backed digital infrastructure programme.

Google Cloud’s Tel Aviv region was announced and launched in 2022.²⁴ If Match Retail’s Israeli operations route workloads through the Google Cloud Tel Aviv region, data for those operations would physically reside under Israeli sovereign jurisdiction. No public disclosure confirms or denies this routing.

Microsoft has also announced Israel datacenter infrastructure.²³ H&M’s use of Microsoft Azure for some workloads is consistent with training-data knowledge, but no specific Israeli-region Azure deployment by H&M has been identified in public sources.

Sovereign Cloud Participation

No public evidence identified that H&M provides any services contracted for or marketed to Israeli state institutions, government ministries, or military bodies. H&M has no known government technology contracting activity in any jurisdiction.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of any contract, partnership, or service agreement between H&M Group and the Israeli Ministry of Defence, Israel Defense Forces, Shin Bet, Mossad, or any Israeli intelligence body. H&M is a consumer retail company with no known defence or intelligence contracting activity in any country.

Dual-Use Technology

No public evidence identified of H&M technology, data infrastructure, or software being deployed for military, intelligence, or law enforcement surveillance purposes in Israel or in the occupied Palestinian territories.

Franchise Ownership Chain — Union Group / Union Tech Ventures

The most materially relevant defence-adjacent relationship identified in the research base is indirect and flows through H&M’s Israeli franchise structure rather than H&M Group’s own technology operations.

Match Retail / Union Group franchise relationship (confirmed):
H&M Group announced a franchise agreement for Israel store openings in 2007.¹ Match Retail Ltd. operates H&M stores in Israel and is publicly described as affiliated with the Union Group, an Israeli conglomerate.²⁷ Union Tech Ventures (UTV) is described publicly as Union Group’s technology investment arm.⁸

UTV portfolio — Xtend (reported, requires direct source verification):
Calcalist Tech and Ynet News reported Xtend’s Series B funding rounds in 2024–2025, totalling approximately $70 million.⁶⁷ Xtend is an Israeli company developing autonomous drone systems. Whether Union Tech Ventures is specifically named as an Xtend investor within those articles requires direct reading of those sources for confirmation; the research memo flags this as plausible based on Israeli financial press coverage but requiring direct source verification. A quote attributed to Tal Recanati (Managing Director, UTV) celebrating the Xtend investment, cited in prior model output, is not independently verifiable in training data and is UNVERIFIED (prior model only).

UTV portfolio — Guardio:
Guardio, a browser security company, secured $80 million in new funding as reported by CyberWire Business Briefing.¹⁷ Prior model associates Guardio with the UTV portfolio. This specific association requires direct reading of UTV’s portfolio disclosures at the UTV domain⁸ for confirmation.

The franchise royalty and commercial relationship between H&M Group and Match Retail creates an economic linkage between H&M’s Israeli retail revenue and the Union Group. If UTV’s portfolio includes Xtend or other dual-use technology companies, this represents an indirect economic connection — but it does not constitute a technology vendor relationship between H&M and those companies, nor does it represent H&M’s participation in defence technology development or supply.

Offensive Cyber

No public evidence identified. H&M does not develop, license, or sell cybersecurity technology in any form.

Cyberattack Affecting Israeli Franchise Operations

A ransomware campaign attributed to the N3tw0rm group — assessed by cybersecurity researchers as Iran-nexus and linked to the Pay2Key threat actor — targeted Israeli companies including supply chain entities in 2021.⁵¹⁶ The Acronis threat analysis⁵ and JNS reporting¹⁶ confirm the N3tw0rm campaign was directed at Israeli commercial entities. Prior model asserts that Match Retail was specifically named as a victim with approximately 110 GB of data leaked; specific naming of Match Retail and the stated data volume require direct verification of those source documents and are not independently confirmable from training data alone.

AI, Algorithmic & Autonomous Systems

H&M’s AI/ML Activity

H&M Group’s publicly documented AI and machine learning activities are oriented entirely toward commercial retail optimisation: demand forecasting, inventory management, trend analysis, personalisation, and virtual try-on. These functions are described in H&M Group’s annual reports and strategy disclosures.³²⁵ No AI or algorithmic system operated by H&M has been identified as deployed for, contracted to, or licensed by any state, military, or law enforcement body.

AI Provision to Israeli State Bodies

No public evidence identified. H&M does not develop AI products for external licensing.

Training Data — Israeli or Occupied Territory Data

No public evidence identified of H&M AI models being trained on data derived from surveillance infrastructure, population registries, or other datasets connected to Israel or the occupied Palestinian territories.

Autonomous Systems & Lethal Technology

No public evidence identified. H&M’s supply chain automation is limited to warehouse logistics and has no identified nexus to autonomous weapons, military robotics, or dual-use autonomous systems.

AI Ethics & Governance

H&M Group’s sustainability and governance reports reference data ethics and responsible AI at a high level.¹³ No Israeli-specific AI governance consideration is identified in public disclosures. H&M has not been named in any enforcement action or regulatory inquiry concerning AI bias, algorithmic harm, or AI-enabled surveillance in any jurisdiction covered by training data.

Technology Ecosystem & R&D Footprint

R&D and Engineering Presence in Israel

No public evidence identified of H&M Group operating R&D facilities, engineering offices, innovation labs, or technology centres within Israel. H&M’s primary technology and digital operations are anchored in Stockholm, Sweden, supplemented by offices in other European cities. The Google Cloud partnership may involve access to Google engineering teams based in Israel (Google has a significant Israeli engineering presence), but this is a vendor relationship, not H&M’s own R&D footprint.

Acquisitions and Investments — Israeli-Origin Technology Companies

• Zeekit: H&M did not acquire Zeekit; it held a commercial partnership. Walmart acquired Zeekit in May 2021.⁴ H&M’s relationship with Zeekit was as a commercial customer and integration partner, not an investor.
• Syre: H&M co-founded Syre, a textile-to-textile recycling venture, with Vargas Holding in 2023.¹⁴ Syre is Sweden-headquartered and has no identified Israeli-origin technology component.¹⁴
• CO:LAB / H&M Group Ventures: H&M Group’s innovation and venture programme has made investments in textile technology and sustainability startups.¹³¹⁵ No Israeli-origin technology company acquisition or investment by CO:LAB has been identified in publicly available training data. The CO:LAB portfolio page¹⁵ does not list all investments, and some investments are disclosed only via third-party databases or individual press releases.
• Holome / Remagine Ventures: Prior model claims H&M collaborated with portfolio companies of Remagine Ventures (an Israeli VC), specifically Holome (an immersive technology startup). The Digital Catapult Augmentor programme press release cited in prior research mentions Holome as a programme graduate but does not name H&M or Remagine Ventures as investors or collaborators. This connection is UNVERIFIED (prior model only).
• Spinframe: Prior model claims H&M Group Ventures appeared in deal flow alongside investments in Spinframe. The Global Venturing deal roundup cited does not list H&M as a Spinframe investor per training data. UNVERIFIED (prior model only).

Accelerator & Programme Participation

H&M has participated in Plug and Play retail and fashion accelerator programmes. Plug and Play operates programmes internationally, including in Israel. This represents a general accelerator engagement, not a specific Israeli technology investment or contractual relationship.¹⁵

Patent & IP Co-Development

No public evidence identified of patent co-development, licensing agreements, or joint IP arrangements between H&M and Israeli-domiciled entities or Israeli research institutions (including the Technion, Hebrew University, or Weizmann Institute). Source classes reviewed include USPTO, EPO, and WIPO patent databases (training data), and H&M Group corporate IP disclosures.

Civil Society Scrutiny & Regulatory History

BDS and Consumer Boycott Campaigns

H&M has been listed as a target of BDS (Boycott, Divestment and Sanctions) movement campaigns.²¹ The documented basis for BDS targeting is H&M’s commercial retail franchise presence in Israel via Match Retail, not any identified technology relationship with the Israeli state. BDS campaign materials characterise the payment of franchise royalties from Israeli store operations to H&M Group as a form of economic normalisation with Israeli commercial structures.²¹

H&M Group’s public response to BDS campaigns has, per training-data knowledge, been to maintain its Israeli franchise operations without specific public commentary on BDS demands.²⁷ No termination or suspension of the Israeli franchise has been announced as of training data cutoff.

No BDS or civil society campaign specifically focused on H&M’s technology supply chain relationships with Israeli-origin vendors has been identified in training data. Civil society scrutiny of H&M’s technology ecosystem with respect to Israel is, on current evidence, absent.

Project Nimbus Worker & NGO Campaigns

No Tech For Apartheid and allied worker campaigns targeting Project Nimbus identify Google and Amazon as the primary targets.¹¹ H&M is not named in any of these campaign materials as a participant, enabler, or supporting customer. The structural economic relationship between Google Cloud customer spend and Google’s Nimbus revenue has not been identified as a campaigning argument directed at H&M specifically.

Who Profits & Corporate Watchdog Coverage

No reports specifically addressing H&M’s technology relationships with the Israeli state have been identified from: Amnesty Tech, Access Now, Privacy International, Human Rights Watch technology programme, Who Profits (Israeli NGO tracking corporate involvement in the occupation), or comparable civil society databases in training data.

Regulatory and Legal Actions

No regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving H&M’s technology sales, services, or data relationships with Israeli state entities have been identified. Source classes reviewed include EU regulatory databases, US Bureau of Industry and Security (BIS) and Office of Foreign Assets Control (OFAC) public records (training knowledge), and Swedish financial regulatory filings.

End Notes