Audit Phase: V-DIG Domain Audit
Subject Entity: Nestlé S.A. (HQ: Vevey, Switzerland)
Sector: Fast-Moving Consumer Goods (FMCG) — Food, Beverage & Nutrition
Audit Date: May 2026
Nestlé’s publicly disclosed enterprise technology architecture is anchored by three major non-Israeli platform vendors. Microsoft is Nestlé’s primary strategic cloud and productivity partner, with a confirmed multi-year relationship encompassing Microsoft Azure cloud infrastructure, Microsoft 365, and Dynamics 365 enterprise resource planning deployments globally 41. Google Cloud was announced as an accelerated migration partner for cloud workloads in 2021 5. SAP S/4HANA was selected as Nestlé’s core ERP transformation platform, representing a major enterprise-wide programme 6. Nestlé’s digital transformation strategy — including data platforms, AI enablement, and supply chain digitalisation — has been publicly described in corporate communications 31.
Accenture is a confirmed digital supply chain and broader transformation integrator for Nestlé 1022. Infosys holds a confirmed IT infrastructure modernisation engagement dating from 2019 13. Nestlé’s Supplier Code of Conduct and procurement framework governs vendor relationships across its global operations 930.
Trax Retail (confirmed): Nestlé has a publicly documented commercial relationship with Trax, an Israeli-founded computer-vision and shelf-monitoring analytics platform (Trax subsequently relocated its headquarters to Singapore and the United States). Trax deploys in-store camera hardware and AI image-recognition software to audit product placement, monitor out-of-stock events, and verify planogram compliance. Nestlé is cited in Trax’s customer-facing materials and in trade press as a major FMCG partner utilising the platform for on-shelf availability analytics across multiple markets 1514. This relationship is documented from approximately 2019–2020 onward. The current status of this relationship as of 2025–2026 is unknown; no confirmed discontinuation has been identified in public sources.
The Trax platform is a retail execution analytics tool. In Trax’s own categorisation and in available trade press, it is classified as a commercial operations function (retail shelf intelligence), not as network security, financial infrastructure, or critical enterprise architecture. It is the sole identifiable Israeli-origin or Israeli-founded vendor with a confirmed Nestlé commercial relationship based on publicly available evidence.
The following Israeli-origin or Israeli-co-founded technology companies were assessed for a Nestlé relationship. No public evidence of a direct commercial relationship was identified in any case:
No public evidence identifies Accenture as having mandated or deployed Israeli-origin technology as part of its Nestlé digital supply chain engagement 1022. No public record identifies Infosys as deploying Israeli-origin technology for Nestlé as part of its IT infrastructure modernisation engagement 13. However, sub-vendor relationships within major integrator programmes are not disclosed publicly at the granularity required to exclude Israeli-origin technology at the sub-vendor tier — this represents a material evidence gap across this section.
Nestlé does not publicly disclose its endpoint security, network monitoring, SIEM, or privileged access management vendor relationships. Whether Israeli-origin cybersecurity platforms are deployed within Nestlé’s global IT estate — whether procured directly or delivered through integrator engagements — cannot be confirmed or excluded from publicly available sources alone.
No verified use by Nestlé of facial recognition, gait analysis, or biometric identification technology from any vendor — Israeli-origin or otherwise — has been identified in public corporate disclosures, news reporting, or civil society investigations reviewed 12718. Vendors active in this space with Israeli origins (including AnyVision/Oosto, BriefCam, and Trigo) are not referenced in connection with Nestlé in any accessible source. No public evidence identified.
As documented in the Enterprise Technology section, Nestlé utilises the Trax shelf-monitoring computer vision platform 1514. This system analyses physical shelf states — product facings, stock levels, planogram adherence — using in-store cameras and image-recognition algorithms. The technology processes images of retail shelving and merchandise, not images or biometric data of individuals. Trax’s platform is not categorised by the vendor, by Nestlé in public disclosures, or in trade press as a biometric identification or personal surveillance system. The relationship dates from approximately 2019–2020; current operational status is unconfirmed for 2025–2026.
No verified use of Israeli-origin predictive analytics platforms, social media monitoring tools, sentiment analysis engines, or workforce surveillance systems by Nestlé has been identified 1217187. No public evidence identified.
No evidence that Nestlé’s managed security service providers, cloud platform vendors, or enterprise application suite integrators have delivered Israeli-origin surveillance or monitoring tools to Nestlé as part of a bundled offering has been identified. No public evidence identified.
Nestlé does not publicly disclose operating, leasing, or co-locating dedicated data centre infrastructure within Israel. Nestlé’s primary cloud infrastructure is hosted via Microsoft Azure and Google Cloud 451. Neither Microsoft nor Google Cloud is described in any Nestlé public disclosure as routing Nestlé workloads specifically through Israeli regional data centre facilities. No public evidence of Nestlé-operated or Nestlé-leased data centre infrastructure within Israel has been identified.
Project Nimbus is a contract between the Israeli government and Google Cloud and Amazon Web Services as cloud infrastructure providers. Nestlé is a cloud consumer, not a cloud infrastructure provider. Nestlé has no reported role as a vendor, sub-vendor, or participant in Project Nimbus or any comparable Israeli state cloud infrastructure programme. This category is structurally inapplicable to Nestlé in its capacity as an end-user organisation. No public evidence identified.
No evidence that Nestlé provides or markets data sovereignty, infrastructure resilience, or digital continuity services to Israeli state institutions, ministries, or military bodies has been identified in any source class reviewed 1271729. No public evidence identified.
No verified contracts, partnerships, memoranda of understanding, or service agreements between Nestlé and the Israeli Ministry of Defence, Israel Defence Forces (IDF), Shin Bet, Mossad, or any other Israeli state security body have been identified in any public source reviewed 1271729. No public evidence identified.
No instances in which Nestlé’s commercial technology — including its AI, data analytics, supply chain, or retail computer vision capabilities — has been reported, confirmed, or documented by researchers as deployed for military, intelligence, or law enforcement surveillance within Israel or the occupied Palestinian territories have been identified. No public evidence identified.
Nestlé is a food, beverage, and consumer goods corporation. It does not develop, sell, license, or maintain cybersecurity products, offensive cyber capabilities, electronic warfare systems, or digital weapons platforms. This category is structurally inapplicable to Nestlé’s business activities. No public evidence identified.
Nestlé’s publicly disclosed AI and generative AI programmes are focused on internal commercial applications. The primary documented use cases include accelerating product formulation research and development, personalising marketing content and consumer communications, and optimising supply chain and demand planning operations 231. Nestlé’s digital transformation narrative, as communicated in corporate newsroom materials, explicitly frames AI as a tool for internal efficiency and product innovation rather than as an externally licensed or sold technology product 323.
No verified provision of AI, machine learning, computer vision, or autonomous decision-support systems by Nestlé to Israeli state, military, security, or law enforcement bodies has been identified 231. No public evidence identified.
No publicly reported instances of Nestlé AI models being trained on or having access to civilian population data, intercepted communications, biometric databases, or surveillance-derived datasets originating from Israel or the occupied Palestinian territories have been identified 23. No public evidence identified.
Nestlé does not develop, procure for external licensing, or operate autonomous systems with lethal, weapons-guidance, or kinetic military applications. This category is structurally inapplicable. No public evidence identified.
Nestlé operates one of the largest private food and nutrition research networks globally, comprising approximately 23 research centres and product technology centres 1127. Publicly disclosed locations span Switzerland (Lausanne, primary research campus), the United States, France, China, India, Australia, and Mexico, among others. No Israeli R&D facility, engineering office, or product technology centre is listed on Nestlé’s publicly disclosed R&D network pages 1127. No public evidence of an Nestlé R&D or engineering presence within Israel has been identified.
No acquisitions of Israeli-origin technology companies by Nestlé have been identified in public M&A records, corporate disclosures, or news reporting 121920. Nestlé’s principal Israeli commercial presence is through Osem Group (Osem Investments Ltd.), an Israeli food manufacturer in which Nestlé progressively acquired a controlling and ultimately near-full ownership stake over several decades — with significant shareholding from the 1990s and consolidation progressing through the 2010s 1920. Osem is a food and consumer goods manufacturer; it is not a technology company, and its acquisition does not constitute a technology-sector investment 20. No technology-sector acquisitions in Israel have been identified.
Nestlé has not been identified as an investor in Israeli technology venture funds or startups in publicly available records. No public evidence identified.
Osem Group, as a Nestlé subsidiary operating primarily within Israel, maintains its own commercial operations and corporate infrastructure. No public inventory of Osem’s internal IT vendor stack is available in accessible sources 2028. This creates a material subsidiary-level evidence gap: any Israeli-origin technology deployed at the Osem subsidiary level within Israel cannot be confirmed or excluded from open sources. Osem’s participation in the MAALA Israeli CSR index reflects domestic sustainability reporting obligations and does not address IT vendor relationships 28.
No significant patent co-development arrangements, joint research agreements, or IP licensing relationships between Nestlé and Israeli research institutions (Technion – Israel Institute of Technology, Hebrew University of Jerusalem, Weizmann Institute of Science) or Israeli-domiciled technology entities have been identified in publicly accessible corporate disclosures or patent records 11127. No public evidence identified. A comprehensive patent co-authorship analysis against EPO and USPTO full-text databases was not possible within the scope of this audit; this gap is noted for follow-on verification.
Who Profits Research Center maintains an active profile on Nestlé and a dedicated profile on its subsidiary Osem Group 729. The Who Profits research focus for Nestlé/Osem concerns Osem’s food manufacturing operations and the distribution and sale of Osem products within Israeli settlements in the occupied West Bank. The accountability concern documented relates to Osem’s role as a food producer operating in and serving settlement consumers — not to Nestlé’s technology vendor relationships, digital infrastructure, or IT procurement practices 729. No Who Profits report reviewed specifically addresses Nestlé’s technology stack in the context of the Israeli-Palestinian conflict.
BDS Movement includes Nestlé in its corporate target materials 831. The stated basis for the BDS campaign against Nestlé is its ownership of Osem and Osem’s commercial presence in Israeli settlements — specifically food production and distribution operations. No BDS campaign material reviewed specifically targets Nestlé’s technology vendor relationships, cybersecurity procurement, AI systems, or digital infrastructure 831. The technology-specific dimension of this audit (V-DIG) is not the documented focus of identified BDS campaigns against Nestlé.
Oxfam Behind the Brands has produced Nestlé-focused assessments within its supply chain accountability programme 18. Oxfam’s coverage addresses supply chain labour standards, land rights, smallholder farmer conditions, and gender equity in sourcing — not Israeli technology relationships or digital infrastructure. No Oxfam report specifically addresses Nestlé’s Israeli technology relationships.
MAALA Index: Osem Group participates in the MAALA Israeli CSR sustainability rating index 28. MAALA is a domestic Israeli corporate responsibility initiative. Its index methodology does not assess technology vendor relationships, occupied-territory operations under international humanitarian law frameworks, or digital infrastructure choices 28.
In March 2022, a dataset attributed to Nestlé was published online following a claim by the hacktivist group Anonymous 1221. The exposed data included internal business documents and customer information. Post-incident reporting described the incident as a data leak rather than an intrusive network breach 12. No public reporting attributed the incident to a failure of any named security vendor, and no Israeli-origin security product was identified in connection with either the incident or Nestlé’s remediation response 21. Nestlé’s overall IT security posture and vendor stack following the incident remain undisclosed in public sources.
Organised BDS activity targeting Nestlé, as documented in accessible civil society sources, is focused on Osem’s food manufacturing and settlement distribution operations rather than on Nestlé’s technology relationships, digital infrastructure, or enterprise IT procurement 831. No coordinated consumer or investor campaign specifically targeting a Nestlé technology vendor relationship — including the Trax retail analytics relationship — has been identified.
No regulatory inquiries, export control actions, sanctions-related investigations, or legal proceedings involving Nestlé’s technology procurement, sales, or services to Israeli state entities have been identified in public filings, regulatory records, or news reporting 1271829. No public evidence identified.
https://www.nestle.com/sites/default/files/2024-03/2023-annual-report-en.pdf ↩↩↩↩↩↩↩↩↩↩↩↩
https://www.nestle.com/sites/default/files/2023-03/2022-annual-report-en.pdf ↩↩↩↩↩↩
https://www.nestle.com/stories/nestle-digital-transformation-data-technology ↩↩
https://news.microsoft.com/2022/06/nestle-microsoft-partnership ↩↩
https://cloud.google.com/blog/products/infrastructure/nestle-cloud-journey ↩↩
https://news.sap.com/2020/nestle-s4hana-enterprise ↩
https://www.nestle.com/sites/default/files/2022-10/nestle-supplier-code-of-conduct-en.pdf ↩
https://newsroom.accenture.com/news/nestle-digital-supply-chain ↩↩
https://cybernews.com/security/nestle-data-leaked-anonymous/ ↩↩↩
https://www.infosys.com/newsroom/press-releases/2019/nestle-it-infrastructure.html ↩↩
https://www.checkpoint.com/case-studies/fmcg/ ↩
https://www.nestle.com/sites/default/files/2023-sustainability-report.pdf ↩↩↩
https://www.reuters.com/article/nestle-osem-idUSL5E8GS2012 ↩↩
https://www.infosecurity-magazine.com/news/nestle-data-leak-anonymous-2022/ ↩↩↩
https://www.accenture.com/us-en/insights/technology/technology-trends-2023 ↩↩
https://www.nestle.com/stories/nestle-generative-ai-product-development ↩↩↩↩
https://www.sentinelone.com/press/emea-expansion-2023/ ↩
https://www.nice.com/resources/case-studies/fmcg ↩
https://www.verint.com/customers/ ↩
https://www.nestle.com/aboutus/supplier-management ↩
https://www.wiz.io/press/enterprise-growth-2023 ↩
https://claroty.com/blog/food-beverage-ot-security ↩
