V-DIG Audit: Audemars Piguet Holding SA

Audit Phase: V-DIG (Digital Forensics / Technology Supply Chain) Audit Date: 2026-05-01 Jurisdiction: Switzerland (Le Brassus, Vallée de Joux); global retail operations Research Basis: Training knowledge through April 2026; no live web queries executed. All factual claims are grounded in the research memo above. Claims that could not be independently verified are flagged explicitly.

Enterprise Technology Stack & Vendor Relationships

SAP Ecosystem (including Gigya/SAP Customer Data Cloud — Israeli origin)

Gigya was founded in Tel Aviv in 2006 and acquired by SAP in September 2017 for approximately $350 million ¹. Following the acquisition, Gigya’s identity and customer data platform was rebranded as SAP Customer Data Cloud (SAP CDC) and integrated into the broader SAP Customer Experience suite. The prior research identified Audemars Piguet as a plausible user of Gigya/SAP CDC for Customer Identity and Access Management (CIAM), on the basis that AP operates on an SAP core ERP — a claim itself inferred from a 2024 SmartRecruiters job posting for a Senior Accountant role that listed SAP proficiency as a requirement ². A job posting listing SAP as a required skill is a weak indicator of enterprise-wide SAP deployment and does not constitute confirmation of a discrete SAP CDC or Gigya contract. No AP press release, SAP case study, or verified technographic database entry was identified to directly confirm an active Gigya/SAP CDC licensing relationship. This claim is plausible given AP’s enterprise scale and the common bundling of SAP CDC within SAP S/4HANA customer ecosystems, but remains unverified from available sources.

Zscaler (US-headquartered; Israeli R&D footprint)

Zscaler Inc. holds a material Israeli R&D presence through several acquisitions, including Canonic Security (Israel, 2022) and Avalor (Israel, 2024). The research memo’s most specific technology-stack claim relates to Zscaler: the professional profile of Romain Bourdy, a former Technical Information Security Officer at Audemars Piguet, posted on the French-language freelance platform Malt.ch, reportedly documents his responsibility for migrating AP’s enterprise traffic security infrastructure from Blue Coat to Zscaler during his tenure ³. A professional profile published by a former senior security employee constitutes a credible primary-type disclosure, though it is not equivalent to an official procurement record. If accurate, this would represent an embedded, critical-infrastructure deployment — Zscaler’s Zero Trust Exchange inspects all enterprise internet traffic, making it a foundational network security layer rather than a peripheral tool. This is the strongest single vendor-relationship finding in the available evidence base; it is single-source and requires live verification of ³ to confirm.

CyberArk (Israeli origin, Petah Tikva)

CyberArk Software Ltd. was founded in 1999 and is headquartered in Petah Tikva, Israel, with a US headquarters in Newton, Massachusetts, and a NASDAQ listing ⁴. The prior research inferred AP’s use of CyberArk Privileged Access Management (PAM) from the fact that Scattered Spider / Octo Tempest threat actors specifically target CyberArk environments, and that AP has been named in open-source threat intelligence as a Scattered Spider target ⁵⁶. The logical chain from “named as a target” to “confirmed CyberArk deployment” is weak: threat actors target sectors and company scales, not only confirmed CyberArk customers. No primary procurement disclosure, incident report naming CyberArk, or AP job posting referencing CyberArk by version or license was identified. This claim is unverified and rests on inference rather than evidence.

CrowdStrike (US-headquartered; Israeli R&D acquisitions)

CrowdStrike Holdings Inc. acquired Preempt Security (Tel Aviv, identity-based threat detection) in 2020 ⁷ and has maintained R&D operations in Israel, giving it a material Israeli R&D connection. CrowdStrike is, however, a US-domiciled company incorporated in Delaware. The prior research applied the same Scattered Spider targeting inference to assert CrowdStrike deployment at AP ⁵⁶. The same evidential weakness applies: being identified in threat intelligence as a Scattered Spider target does not confirm the specific security tooling deployed. This claim is unverified; CrowdStrike’s Israeli R&D footprint is documented but its deployment at AP is not.

Salesforce (US; Israeli-origin acquisitions)

Salesforce Inc. has acquired multiple Israeli-origin companies, including ClickSoftware (Petah Tikva, 2019) ⁸ and Datorama (Tel Aviv, 2018) ⁹. The prior research cited a cybersecurity vendor report documenting a ShinyHunters threat actor campaign that breached multiple luxury and retail brands via Salesforce platform misconfigurations ¹⁰. Being identified as a victim of a Salesforce-platform attack is not equivalent to AP confirming Salesforce as its primary CRM or marketing cloud provider. No AP corporate disclosure of a Salesforce contract was identified. Claim is unverified from available sources; the basis is a threat-actor report, not a procurement disclosure.

AppsFlyer (Israeli origin, Herzliya)

AppsFlyer Ltd. was founded by Oren Kaniel and Reshef Mann in Herzliya, Israel, and remains headquartered there ¹¹. The research identified a Campaign Middle East trade publication from June 2024 ¹² that reportedly lists AppsFlyer as a “Tech Partner” in an Audemars Piguet × Spider-Man campaign activation. A trade publication listing is a legitimate secondary source for a peripheral commercial relationship. Mobile attribution analytics is a lower-risk, non-infrastructure relationship: AppsFlyer would process mobile advertising performance data rather than core business or customer records. This finding is plausible and the most clearly scoped Israeli-origin vendor relationship in the evidence base; it could not be live-confirmed in this session.

Palo Alto Networks (Israeli-founded leadership heritage)

Palo Alto Networks was co-founded by Nir Zuk, formerly of Check Point Software Technologies (Israel). The prior research referenced AP IT job descriptions that listed “Palo Alto Networks” firewall experience as a requirement, and separately referenced managed network security provider Avianet as AP’s firewall infrastructure manager. Job descriptions listing vendor technologies establish familiarity preferences, not confirmed license agreements. The Avianet relationship itself — described as covering firewall configuration, automated backups, and hardware deployments for AP — was not supported by a primary public source. No public evidence identified of a confirmed Palo Alto Networks or Check Point contract at AP or through Avianet for AP’s account.

Google Cloud Platform & Amazon Web Services

The prior research asserted AP uses both GCP and AWS as cloud infrastructure providers, citing the same Scattered Spider / DragonForce threat intelligence blog posts ⁵⁶ as the evidential basis. Threat actor blog posts describe attack methodologies and named target organisations, not the specific cloud infrastructure stack deployed by those targets. No AP corporate infrastructure disclosure, cloud provider case study, or verified technographic record was identified. Claim unverified.

makemepulse (Digital Experience Agency)

A makemepulse case study ¹³ — accessible as a publicly published agency portfolio item — documents a collaborative project with Audemars Piguet titled “The House of Wonders,” a digital experience campaign. This is the most directly evidenced vendor relationship in the technology stack section: a named agency has published a case study confirming work performed for AP. makemepulse is a French digital experience studio with no identified Israeli ownership or Israeli-origin technology stack dependency noted in the available research. This relationship is relevant as context for AP’s broader digital marketing technology posture. Confirmed from public primary source ¹³.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Computer Vision

No verified use of Israeli-origin facial recognition or computer vision technology has been identified at any Audemars Piguet location. Vendors specifically examined in the prior research — including BriefCam (a subsidiary of Canon; Israeli origin), AnyVision/Oosto (Israeli), Trigo (Israeli), and Trax (Israeli) — returned no public evidence of deployment, partnership, or procurement by AP or its named retail integrators. The prior research explicitly characterised any such assertions as inferred from the elevated physical security profile of AP House retail locations, particularly AP House Tel Aviv ¹⁴¹⁵. Inference from security requirements is not evidence of vendor selection. No public evidence identified.

Predictive Analytics, Sentiment Monitoring & Workforce Surveillance

No public evidence was identified — across luxury retail trade press, Israeli technology vendor case studies, NGO surveillance accountability reports, or AP’s own corporate communications — of AP deploying Israeli-origin predictive analytics, social media sentiment monitoring, or workforce surveillance systems. No public evidence identified.

Retail Technology Infrastructure

The AP House format ¹⁶¹⁷[^23] is documented as a flagship experiential retail concept. AP House Tel Aviv’s existence is confirmed ¹⁴¹⁵; the design of other AP Houses has been attributed to Lissoni & Partners [^24]. The specific technology infrastructure deployed within any AP House for retail operations — point-of-sale systems, visitor management, CCTV platform, or access control — is not documented in any public source available in training knowledge. No public evidence identified regarding the surveillance or biometric technology stack within any AP House globally.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence was identified that Audemars Piguet operates, leases, co-locates, or contracts data centre capacity within Israel. AP’s operational and manufacturing headquarters are in Le Brassus, Switzerland. No public evidence identified.

Project Nimbus & Israeli State Cloud Participation

Project Nimbus is a multi-billion-dollar contract between the Israeli government and Google Cloud Platform and Amazon Web Services to provide cloud infrastructure to Israeli state ministries and defence entities. Participation is limited to the contracting cloud providers and their direct ministry clients. Audemars Piguet is a luxury watch manufacturer and retailer; it is not a cloud services provider and is structurally ineligible for participation in Project Nimbus. The prior research correctly acknowledged this. Even if AP uses GCP or AWS as cloud infrastructure providers (itself unconfirmed — see Enterprise Technology Stack section), this would constitute standard commercial cloud consumption and carries no Project Nimbus nexus. No public evidence identified. This sub-category is structurally inapplicable to the target.

Data Residency & Sovereignty

No public evidence was identified of data processing agreements, data residency commitments, or cross-border data transfer arrangements between AP and Israeli state institutions or Israeli data sovereignty frameworks. No public evidence identified.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

Audemars Piguet is a manufacturer of mechanical and haute horlogerie timepieces. No public evidence was identified — in procurement databases, Israeli Ministry of Defence disclosures, corporate filings, investigative journalism, or NGO reports — of any contract, partnership, or service agreement between AP and the Israeli Ministry of Defence, Israel Defence Forces, Mossad, Shin Bet, Unit 8200, or any other Israeli state security body. No public evidence identified. This sub-category is structurally inapplicable to the target.

Dual-Use Technology

No public evidence was identified of any AP product, service, or technology being deployed for military, intelligence, or law enforcement surveillance applications within Israel or in Israeli-occupied territories. No public evidence identified.

Offensive Cyber & Weapons Technology

Audemars Piguet does not develop cybersecurity products, surveillance systems, or weapons systems. No public evidence identified. This sub-category is structurally inapplicable to the target.

”Unit 8200” Analytical Framing

The prior research applied “Unit 8200 alumni” framing to several Israeli-origin vendors (CyberArk, Check Point lineage, Wiz) as an amplifying risk factor. This framing reflects a common analytical convention in supply-chain security assessments but is not itself a verifiable forensic finding specific to AP. The framing indicates Israeli military-intelligence talent pipelines feeding into the commercial technology sector — a documented structural feature of the Israeli technology industry — but does not establish that AP has a procurement relationship with any specific vendor, nor that any such vendor has used its government-adjacent capabilities in AP’s commercial deployment context. Where vendor relationships themselves are unconfirmed (CyberArk, CrowdStrike), the Unit 8200 framing adds no evidentiary weight.

AI, Algorithmic & Autonomous Systems

AI Provision to State Bodies

Audemars Piguet does not develop, sell, or license AI systems. No public evidence identified. Structurally inapplicable to the target.

Training Data, Model Development & Generative AI

No public evidence was identified of AP contributing proprietary data to Israeli AI development programmes, partnering with Israeli AI companies for model training, or participating in Israeli government AI initiatives. The Athens Journal of Business & Economics academic paper on digital transformation in the hard luxury sector ¹⁸ discusses industry-wide AI adoption trends but does not document AP-specific AI vendor relationships or Israeli-origin AI deployment. No public evidence identified.

Autonomous Systems & Lethality

Audemars Piguet manufactures mechanical watch movements. It has no autonomous systems, robotics, or weapons-adjacent product lines. No public evidence identified. Structurally inapplicable to the target.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres & Engineering Offices

No public evidence was identified of Audemars Piguet operating any R&D facility, software engineering office, innovation laboratory, design studio, or accelerator programme within Israel. AP’s manufacturing and movement R&D operations are publicly and consistently documented as based in Le Brassus and the broader Vallée de Joux, Switzerland — a concentration reflecting the company’s 150-year manufacturing heritage in that region. No public evidence identified.

Acquisitions & Strategic Investments

No public evidence was identified of Audemars Piguet acquiring any Israeli-origin technology company or making strategic investments in Israeli technology startups or venture capital funds. AP is a privately held Swiss family company controlled by the Audemars and Piguet families; its M&A activity has historically been limited and concentrated in Swiss watch movement and manufacturing supply-chain relationships. No public evidence identified.

Patent & Intellectual Property

No public evidence was identified of significant patent portfolios, licensing agreements, or co-development arrangements between AP and Israeli-domiciled entities or academic research institutions including the Technion–Israel Institute of Technology, Hebrew University of Jerusalem, or the Weizmann Institute of Science. No public evidence identified.

Physical Corporate & Commercial Presence in Israel

This represents the most robustly evidenced dimension of AP’s Israel footprint.

• Audemars Piguet Tel-Aviv Ltd: AP’s official subsidiary and points-of-sale listing ¹⁹ and the AP store locator page ¹⁴ confirm the existence of a corporate entity and retail presence in Tel Aviv. The registered address — Rothschild Boulevard 13, Tel Aviv-Yafo — is consistent with the AP House Tel Aviv location described in trade and news coverage ¹⁵.
• AP House Tel Aviv: An Israel Hayom article dated 29 November 2021 ¹⁵ confirms the public announcement of the Tel Aviv AP House location. AP’s own store page ¹⁴ is consistent with this being an active, operational location. The AP House format — a combination of retail boutique, private client suite, and brand experience space — is documented as AP’s flagship retail concept across multiple markets including Hong Kong ¹⁶ and other locations ¹⁷[^23].
• Design attribution: The Lissoni & Partners connection [^24] is documented for AP House locations generally; the specific design attribution for the Tel Aviv AP House was not independently confirmed from available training knowledge sources.
• Israeli corporate registry: AP Tel-Aviv Ltd’s formal incorporation details (registration date, share capital, directors, registered agent) in the Israeli Companies Registrar (Rasham HaChavarot) were not accessible from training knowledge in this session and remain unconfirmed.

Civil Society Scrutiny & Regulatory History

NGO Investigations & Academic Reports

No public evidence was identified of any NGO investigation, academic study, or United Nations report specifically addressing Audemars Piguet’s technology relationships with the Israeli state, its operations in Israeli-occupied territories, or its supply chain in the context of the Israeli-Palestinian conflict. Source classes examined in the research include: Who Profits (Israeli settlement economy database), Business & Human Rights Resource Centre, Amnesty International’s technology-focused investigations, Human Rights Watch corporate accountability reports, UN OHCHR business and human rights databases, and BDS Movement published target and complicit companies lists. No public evidence identified.

Boycott, Divestment & Sanctions (BDS) Campaigns

No public evidence was identified of organised BDS campaigns or formal divestment demands specifically targeting Audemars Piguet. AP does not appear on the BDS Movement’s primary published target lists, which focus on companies with direct Israeli military procurement relationships, arms sales, settlement infrastructure supply chains, or technology enabling occupation. AP’s Tel Aviv presence is a commercial luxury retail operation. No public evidence identified.

Regulatory & Legal Actions

No public evidence was identified of regulatory inquiries, sanctions-related investigations, export control actions, or legal challenges involving Audemars Piguet in connection with technology sales or services to Israeli state entities, Israeli defence entities, or operations in Israeli-occupied territories. No public evidence identified.

Data Protection & Privacy Regulatory History

No public evidence was identified of AP being subject to GDPR enforcement actions, Swiss Federal Act on Data Protection (nFADP) proceedings, or Israeli Privacy Protection Law (PPL) regulatory action in connection with its technology stack or data handling practices. No public evidence identified.

End Notes