INDEX / DIRECTORY / AXA / V-DIG

AXA V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-11
V-DIG Score 1.38 /10 D AXA — BDS-1000 377
V-DIG 1.38

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

AXA Group — V-DIG Domain Audit

Target: AXA Group (Euronext: CS) Audit Phase: V-DIG (Digital Forensics / Technology Supply Chain) Audit Date: 2025-05-01 (Updated) Evidentiary Basis: All findings derive exclusively from the research memo dated 2025-05-01 and the expansion research memo dated 2025-05-01. Claims are drawn only from sources independently corroborated in those memos; no new research has been conducted beyond those documents. Where either memo explicitly tags a claim as [PLAUSIBLE-UNVERIFIED] or [REJECTED/UNSUPPORTED], this audit preserves those designations and does not treat the underlying claim as established fact. “No public evidence identified” is used where that is the memo’s evidence-based conclusion.

Enterprise Technology Stack & Vendor Relationships

Check Point Software Technologies

Check Point is confirmed as an institutionalised security standard within at least one former AXA subsidiary. AXA Sigorta’s 2021 Annual Report documents that 100% of its target audience completed “Security Check Point Training,” establishing Check Point as an active, embedded network security standard within AXA’s Turkish operations at that time.1

Material revision (Expansion Run): AXA divested its majority stake in AXA Sigorta to Sabancı Holding in approximately 2022–2023.2 AXA Sigorta is therefore no longer an AXA Group subsidiary as of that divestment. The Check Point deployment confirmed in the 2021 Annual Report1 is a historical finding predating Sabancı’s control; post-divestment, AXA Sigorta’s technology choices are no longer attributable to AXA Group. The Check Point/AXA Sigorta relationship is retained in this audit as historical (pre-2023 AXA ownership); its ongoing relevance to AXA Group’s current technology stack is reduced accordingly.

AXA XL separately cited Check Point Research data — specifically a reported 30% rise in cyberattacks during the COVID-19 period — in a 2020 risk advisory article, establishing an intelligence-consumption relationship with Check Point’s research output.3 This confirms AXA XL monitored and acted on Check Point’s threat intelligence; it does not by itself confirm a direct licensing or procurement contract at the AXA XL level.

The claim that Check Point functions as “the foundational pillar” of AXA’s global security architecture is not supported by any identified public source. Global enterprise-wide Check Point deployment remains unconfirmed. Whether AXA XL or other AXA Group entities currently use Israeli-origin threat intelligence or cybersecurity tools beyond the Check Point Research intelligence-consumption noted above is not established in public sources.3

Wiz

At the 2025 UK & Ireland CISO Community Executive Summit (Evanta/Gartner), the published agenda listed a joint session between Julia Weimer (Head of Solutions Engineering, Wiz) and Shaun Crawford (AXA Business Security Partner), titled “Collaboration into Action — Cloud Security Approaches to Secure Business Growth.”4 In enterprise technology norms, joint vendor-client presentations at CISO-level executive summits are a recognised indicator of an active deployment relationship rather than a prospective or exploratory one. This session was held in 2025 — definitively post the ICJ Advisory Opinion of 19 July 20245 and post the ICC arrest warrants of 21 November 2024.6

The precise scope of any AXA-Wiz deployment — which AXA business units are covered, which cloud environments are scanned, and what contractual terms govern data access — is not disclosed in any verified public source. No AXA-named Wiz customer case study or press release has been independently located. Active engagement is confirmed (2025); deployment scope is publicly unconfirmed.

Material new finding (Expansion Run): Google (Alphabet) announced the acquisition of Wiz for approximately $32 billion in March 2025.7 The acquisition was pending regulatory approval as of April 2026. Upon completion, Wiz would become part of Google Cloud. Google is a Project Nimbus contractor alongside Microsoft. This would mean AXA’s Wiz-mediated cloud security scanning would become part of a Project Nimbus contractor’s ecosystem. Whether AXA’s Wiz relationship will continue, be restructured, or be terminated following Google’s acquisition is unknown. Wiz’s Israeli R&D operations would continue under Google ownership regardless of acquisition completion status.

Wiz is an Israeli-founded cloud security company, headquartered in New York with significant R&D in Israel. Its founders — Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak — are Israeli nationals with Israeli military intelligence and Unit 8200 backgrounds, a verifiable matter of corporate record from Wiz’s own public communications.8 In March 2024, Wiz acquired Gem Security, an Israeli cloud threat exposure management (CTEM) startup.9

CyberArk

CyberArk publishes two anonymised insurance-sector case studies: one titled “Leading Insurance Company Accelerates And Secures Their Digital Transformation” (North American insurer, OpenShift, Secrets Manager)10 and one referencing Federated Insurance specifically.11 A prior research memo asserted the North American case study correlates to AXA; this claim has been assessed as unsupported — CyberArk’s case study does not name AXA, and Federated Insurance is a US mutual insurer not owned by AXA Group. AXA Group’s published security strategy articulates a “Defence in Depth” philosophy,12 which is a widely used industry framework and does not constitute evidence of a CyberArk-specific procurement relationship.

No public evidence identified of a direct, named AXA-CyberArk customer relationship in AXA filings, CyberArk named references, or trade press as of April 2026.

SentinelOne

No public evidence identified. No AXA-SentinelOne named customer relationship, case study, press release, or procurement record has been identified. Inference from vendor-to-vendor integration partnerships between SentinelOne and Wiz13 and between SentinelOne and CyberArk14 — the chain of reasoning being that if AXA uses Wiz and CyberArk and those vendors integrate with SentinelOne, AXA therefore uses SentinelOne — constitutes an architectural inference, not evidence of procurement. This claim has been assessed as unsupported. No new evidence identified in the expansion run.

Verint Systems

Verint Systems publishes a named case study for AXA confirming active deployment of the Verint Open Platform within AXA’s Retail division.15 This is one of the most substantively evidenced vendor relationships identified in this audit. Key documented facts from that case study:

The Verint Open Platform is cloud-hosted; Verint’s cloud infrastructure locations — including whether any processing occurs in Israeli data centres — are not specified in the AXA case study. A data processing agreement or Verint’s infrastructure documentation would be required to resolve this question.

Material new finding — Cognyte spin-off (Expansion Run): In February 2021, Verint Systems completed the spin-off of its Cognitive Intelligence division into an independent publicly listed company, Cognyte Software Ltd (Nasdaq: CGNT).1617 Cognyte is the successor to Verint’s “Security Intelligence” business, which historically included government surveillance, lawful interception, OSINT, and analytics tools sold to state intelligence and law enforcement customers globally. After the spin-off, the remaining Verint Systems entity — the Verint that AXA Retail uses — retained the “Customer Engagement” business: contact centre workforce management, speech analytics, quality management, and the Da Vinci AI platform. The two companies are now legally and operationally separate. AXA Retail’s documented Verint deployment15 is with the post-spin-off Verint Systems entity (enterprise customer engagement), not with Cognyte (government surveillance). However, post-spin-off Verint Systems retains significant R&D operations in Israel, as documented in its SEC filings,1816 and those Israeli R&D operations serve the enterprise customer engagement products, including the Da Vinci AI engine deployed at AXA Retail. The data-residency and jurisdictional-access questions raised in the prior audit are therefore unchanged in their structural relevance.

Corporate background: Verint Systems (NASDAQ: VRNT) originated from Comverse Technology / Comverse Infosys, which developed lawful interception technology. Verint is headquartered in Melville, New York, with significant R&D operations in Israel. This is a verifiable matter of corporate record. The Verint relationship is assessed as operationally embedded in critical customer-facing infrastructure — not a peripheral deployment — given its coverage of 100% of calls in the AXA Retail contact centre function.

Publicis Sapient (Procurement Integrator)

Publicis Sapient is documented as a digital transformation partner to AXA Partners (an AXA Group subsidiary). Interface Magazine published a case study describing Publicis Sapient’s application of its “SPEED” methodology to AXA Partners’ technology modernisation programme.19 Publicis Sapient holds a global partnership with Google Cloud.20 No public document confirms that Publicis Sapient specifically recommended or deployed Israeli-origin cybersecurity vendors as part of its AXA engagement; that inference has been assessed as unverified.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics

No public evidence identified of AXA deploying facial recognition, biometric identification, gait analysis, or comparable technologies from any Israeli-origin vendor, including AnyVision/Oosto, Trigo, BriefCam, or Trax. Prior research explicitly conceded the absence of direct evidence for such relationships; discussion of “indirect vectors” through bank branches or future insurtech ecosystems was assessed as speculative and unsupported. Source classes reviewed included vendor press releases and named customer lists, AXA annual reports, and trade press on insurer use of biometrics. No new evidence identified in the expansion run.

Workforce & Process Surveillance

The most substantive identified deployment in this domain is Verint Desktop & Process Analytics, confirmed as active within AXA Retail’s contact centre.15 This module monitors agent desktop activity in real time, measures process adherence, and generates automated performance scoring through Verint’s Performance Scoring Bots.15 This constitutes a deployed workforce surveillance and productivity monitoring technology. The vendor is Israeli-headquartered with primary R&D in Israel.

Beyond this deployment, No public evidence identified of AXA deploying Israeli-origin predictive analytics, social media monitoring, or external sentiment surveillance tools.

Third-Party Surveillance Technology

No public evidence identified of AXA receiving Israeli-origin surveillance or biometric technology indirectly through managed security services or bundled enterprise suites, beyond the Verint deployment documented above.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Primary Cloud Platforms

AXA’s cloud strategy is built on two primary hyperscalers: Microsoft Azure and Amazon Web Services.

Microsoft Azure: Microsoft’s 2024 customer story confirms AXA developed an internal generative AI platform named “AXA Secure GPT,” built on the Azure OpenAI Service and providing access to OpenAI models for approximately 140,000 AXA employees within a private, secure environment.21 The case study references France Central as an Azure region for European data processing, consistent with GDPR data residency obligations. No public evidence indicates AXA’s data is routed through or hosted in Microsoft’s Israel Central Azure region.22

AWS: Zawya reported that AXA Gulf migrated the majority of its technology infrastructure to AWS.23 AXA Group and AWS jointly announced development of the “AXA Digital Commercial Platform” (DCP), described as a global B2B risk management and prevention platform.24 The specific AWS regions used by AXA Gulf — and whether any data processing touches the AWS Israel (Tel Aviv) Region — are not publicly documented beyond the general migration announcement.

Israel-Located Cloud Infrastructure

No public evidence identified that AXA operates, leases, or co-locates data centre infrastructure within Israel.

Microsoft launched its “Israel Central” Azure cloud region to serve local customers and the Israeli government.22 AWS launched the AWS Israel (Tel Aviv) Region in 2023.25 Both developments are documented public facts about those cloud providers. No public evidence connects AXA’s cloud workloads to either of these Israel-located regions.

Project Nimbus

Microsoft and Google were jointly awarded the Project Nimbus contract to provide cloud infrastructure and AI services to the Israeli government and military. This is a documented public fact about those vendors.22 AXA is a customer and tenant of Microsoft Azure and AWS; it is not a party to the Project Nimbus contract. No public evidence identified that AXA participates in Project Nimbus or any Israeli government cloud initiative, directly or indirectly.

The UN Special Rapporteur’s report A/HRC/59/23 (July 2025) identifies Project Nimbus as enabling Israeli government and military digital infrastructure and discusses Israeli “data sovereignty” requirements and Defence Export law as mechanisms that subject technology providers’ Israeli operations to potential state access.26 AXA’s use of Microsoft Azure and AWS as primary cloud platforms places it as a tenant of two Project Nimbus contractors, though no public evidence connects AXA’s specific workloads to the Project Nimbus contractual relationship.

Wiz (Google acquisition): Google’s announced acquisition of Wiz7 would, upon completion, add a further Project Nimbus contractor dimension to AXA’s cloud security tooling if the Wiz relationship continues post-acquisition. This remains contingent on acquisition completion (regulatory status as of April 2026 unconfirmed).

Israeli State Data Sovereignty Services

No public evidence identified that AXA provides services marketed or contracted to Israeli state institutions, military bodies, or government agencies for data sovereignty, infrastructure resilience, or cloud hosting purposes.

Data-Exposure Structural Assessment (New — Expansion Run)

The expansion run identifies the following structural data-exposure questions arising from AXA’s confirmed and probable technology relationships:

Verint Systems — Cloud Data Processing: The Verint Open Platform is cloud-hosted. AXA customer voice data — 100% of calls in AXA Retail — is transcribed and analysed by the Da Vinci AI engine, developed and maintained by Verint’s Israeli R&D teams.1816 Under Israeli law (including potential application of Israeli Defence Export Control Law and Israeli intelligence collection authorities), Verint’s Israeli R&D operations and any Israeli-hosted infrastructure could be subject to Israeli state access requirements. The specific question of whether AXA Retail’s call data is accessible to Verint’s Israeli R&D teams — and thereby potentially within Israeli legal jurisdiction — cannot be resolved from public sources. A data processing agreement review would be required.15

Wiz — Cloud Security Scanning: Wiz’s core product involves deep scanning of customer cloud environments, including accessing configuration data, metadata, and potentially sensitive infrastructure information. Wiz has R&D operations in Israel.8 If deployed within AXA’s cloud environments (as the 2025 CISO engagement suggests4), Wiz’s scanning infrastructure would involve data from AXA’s cloud estate passing through or being analysed by Wiz’s platform, which has an Israeli R&D footprint. Deployment scope remains unconfirmed.

Microsoft Azure (AXA Secure GPT): Microsoft hosts AXA Secure GPT in France Central per the published case study.21 No public evidence that AXA’s Azure workloads are co-mingled with or accessible to Microsoft’s Israeli entity. Microsoft’s Project Nimbus obligations are a separate contractual relationship with the Israeli government.

AXA Israel — Local Policyholder Data: AXA Israel’s Israeli-licensed operations involve processing Israeli policyholder data under Israeli legal jurisdiction. This is an inherent feature of operating a locally licensed insurer and is confirmed as a structural data-exposure fact.27

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of any contract, partnership, or service agreement between AXA Group and the Israeli Ministry of Defence, the Israel Defence Forces, or Israeli intelligence agencies.

Dual-Use Technology

No public evidence identified of AXA’s commercially deployed technology being reported, confirmed, or documented as repurposed for military, intelligence, or law enforcement surveillance within Israel or the occupied Palestinian territories.

Verint’s origins in lawful interception technology — traceable to Comverse Infosys — is a documented corporate history fact.16 The subsequent spin-off of Cognyte Software in February 2021 separated the government/intelligence surveillance business (Cognyte) from the enterprise customer engagement business (Verint).1617 It does not constitute evidence that AXA’s specific Verint deployment serves or has ever served dual-use surveillance purposes. AXA’s stated use case is contact centre quality management and operational efficiency within its Retail division.15

Constructive Notice — Post-ICJ and Post-ICC Continuation

The following technology relationships are confirmed or assessed as continuing after the ICJ Advisory Opinion (19 July 2024)5 and ICC arrest warrants (21 November 2024):6

AXA Group had constructive notice — through the BDS campaign, Profundo report, Ekō report, and civil society pressure that drove its Elbit and banking divestments — of the disputed nature of Israeli-linked commercial relationships well before July 2024. The Wiz CISO engagement in 20254 represents the clearest single data point of continuation of an Israeli-origin technology relationship post both the ICJ Advisory Opinion and ICC arrest warrants.

Offensive Cyber & Weapons Systems

No public evidence identified. AXA is an insurance and financial services group. No involvement in offensive cyber capability development, zero-day exploit tooling, or digital weapons systems has been identified in any source.

AI, Algorithmic & Autonomous Systems

AXA Secure GPT

AXA Secure GPT, built on Microsoft Azure OpenAI Service, is an internal productivity and knowledge management platform made available to approximately 140,000 AXA employees globally.21 It operates within a private, secured Azure environment. Azure’s AI safety tooling — including Azure Prompt Shields and Azure AI Content Safety — is available within this stack.30 No public evidence identified that AXA Secure GPT is accessible to, or has been contracted with, any Israeli state, military, or security body.

Verint Da Vinci AI

The Verint Da Vinci AI engine, as deployed by AXA Retail, processes AXA customer voice data for transcription and sentiment analysis, covering 100% of calls in the relevant business unit.15 Verint’s standard commercial model involves AI model refinement through customer data processing.

Material new finding (Expansion Run): Post-spin-off Verint Systems retains its Israeli R&D centre. AI and ML development for the Da Vinci engine involves Israeli engineering teams.1816 AXA customer call data processed by Da Vinci AI is therefore handled by AI models developed and maintained by teams subject to Israeli legal jurisdiction. No public document confirms or denies whether Verint’s Da Vinci AI models — trained on or refined with AXA customer data — are also deployed in non-commercial surveillance contexts by Verint or any downstream party. This question cannot be resolved from public sources alone.

AXA Group Strategic Plan — AI Orientation

AXA’s “Driving Progress 2023–2026” strategic plan31 articulates digital transformation and AI as core strategic pillars. AXA’s annual reports for 2022 and 20243233 document AI investment priorities including claims automation, underwriting analytics, and customer-facing digital services. No public document within the strategic plan identifies procurement from specific Israeli-origin AI vendors as a named element of the AI strategy.

AI Provision to Israeli State Bodies

No public evidence identified of AXA providing AI, machine learning, computer vision, or autonomous decision-support systems to Israeli state, military, or security bodies.

Training Data & Surveillance-Derived Datasets

No public evidence identified that AXA’s own AI models or platforms have been trained on or have accessed civilian population data, intercepted communications, or surveillance-derived datasets from Israel or the occupied territories.

Autonomous & Lethal Systems

No public evidence identified. AXA has no documented involvement in autonomous weapons, lethal autonomous systems, or unmanned military platform development.

Technology Ecosystem & R&D Footprint

AXA Lab Israel

AXA operated “AXA Lab Israel” in Tel Aviv, referenced in AXA’s own corporate communications (approximately 2019) as part of its global innovation lab network and described as connecting AXA with “new economy players.”3435 The lab’s existence circa 2019 is confirmed.

Expansion Run update: AXA restructured its global innovation labs under the “Unleash” strategic plan (2021–2023).31 The global AXA Labs network was progressively consolidated and several satellite labs were closed or folded into AXA Group’s centralised innovation function. AXA Lab Israel’s continuation post-2020 is not confirmed in any public source accessible from training data. Assessment: Likely discontinued or significantly restructured post-2020; unconfirmed without live verification. No post-2020 source naming the lab as operational has been identified. This should be treated as confirmed pre-2020; current operational status unconfirmed.

AXA Venture Partners (AVP) — Israeli-Origin Investments

Hub Security (May 2020): A PR Newswire press release confirmed that AXA Ventures (the prior name of AVP) led a $5 million Series A funding round in Hub Security, an Israeli cybersecurity startup. OurCrowd was a co-investor.36 Hub Security was founded by veterans of IDF intelligence units (Unit 8200 and Unit 81) — a matter of public record from Hub Security’s own corporate communications and press coverage. The company develops Hardware Security Modules (HSMs) and confidential computing infrastructure and markets its products using its founders’ military-intelligence background. Hub Security subsequently listed on Nasdaq (ticker: HUBC) via SPAC merger in 2023.3729 Hub Security thereafter faced significant financial difficulties, including reported Nasdaq compliance and delisting notices.29 Whether AVP retains an active equity position or has written down the investment is not confirmed in public sources accessible from training data. The investment’s current value is likely substantially impaired.38

Sayata Labs (2020): Reinsurance News confirmed AXA-backed Sayata Labs — a Tel Aviv-based commercial lines insurtech — launched with $6.5 million in funding.39 Elron Electronic Industries (an Israeli technology holding company)40 was a co-investor. Guillaume Borie, then CEO of AXA Next, was quoted: “With Sayata, we can both improve our risk selection, as well as advance our clients’ cybersecurity protection.”39 Sayata subsequently raised a Series B of approximately $35 million in 202228 and continues to operate as an insurtech platform focused on SME cyber insurance. Whether AXA maintains a current operational or equity relationship beyond the initial investment is not independently confirmed in public sources beyond the original 2020 announcement and Series B documentation.

Contrast Security: AVP invested in Contrast Security’s $30 million Series C round.4138 Contrast Security is a US-based application security firm (Bethesda, Maryland), not an Israeli-origin company. It joined Wiz’s integration platform (WIN) as a launch partner.41 The inference that this investment “reinforces the Silicon Wadi ecosystem” is an editorial characterisation not supported by documented evidence.

AXA Israel — Local Insurance Operations

AXA operates a local insurance subsidiary in Israel under the name AXA Israel.27 Key documented facts:

Controlling Principals — Personal Investment Assessment

Thomas Buberl (Group CEO): No public evidence identified of Thomas Buberl holding personal equity stakes, board seats, or family-office investments in Israeli surveillance, cyber, AI, SIGINT, or military-technology firms.43423233

Denis Duverne (Chairman of the Board): No public evidence identified of Denis Duverne holding personal equity stakes or board roles in Israeli surveillance, cyber, or military-technology firms.4445

AXA Board of Directors (General): AXA’s board composition is published on its governance pages.45 No public evidence identified of any AXA board member holding a personal investment in or board role at an Israeli-origin surveillance, cyber, AI, SIGINT, or military-technology company of the kind enumerated in the audit rubric. Source classes checked: AXA annual reports 2020–2024,423233 board biography pages,45 French AMF disclosures, LinkedIn cross-reference, named-company investor lists (Wiz, Check Point, SentinelOne, CyberArk, Verint).

≥10% Shareholders: AXA Group (Euronext: CS) is widely held. The largest institutional shareholders as of 2023–2024 are AXA’s own employee shareholding scheme, BlackRock, Amundi, and a range of European and international asset managers. No single shareholder holds ≥10% of AXA Group equity in a controlling capacity based on known public records.

Overall Controlling Principals Assessment: No public evidence identified of any AXA Group controlling principal — CEO, Chair, C-suite officer, ≥10% shareholder, or named board member — personally or through family-office vehicles holding equity stakes, board roles, or investments in Israeli surveillance, cyber, AI, SIGINT, or military-technology firms of the type enumerated in the audit rubric.

Responsible Investment & ESG Exclusions

AXA Group maintains a published Responsible Investment policy that includes an exclusions list for its asset management and proprietary investment portfolios.46 AXA has maintained exclusions for companies in specific categories including tobacco manufacturers, coal, and controversial weapons (cluster munitions, anti-personnel mines). AXA’s Elbit Systems divestment (confirmed by 2019) and Israeli banks divestment (confirmed by mid-2024)47 are documented outcomes of civil society pressure applied against AXA’s investment portfolio. These are investment portfolio decisions, not technology procurement decisions. No public evidence identified that AXA Group’s responsible investment or ESG framework applies to or has been applied to its enterprise technology procurement decisions.

Patent & Intellectual Property Co-Development

No public evidence identified of patent co-development, licensing agreements, or collaborative IP arrangements between AXA and Israeli-domiciled research institutions (Technion, Hebrew University, Weizmann Institute). Source classes reviewed include patent databases, AXA annual reports, and Israeli university technology transfer office public announcements.

Civil Society Scrutiny & Regulatory History

NGO & Advocacy Reports

Ekō (formerly SumOfUs), 2024: The Ekō report “AXA: Investments in Israeli Banks Financing War Crimes” documents AXA’s equity shareholdings in Bank Hapoalim, Bank Leumi, and Israel Discount Bank, alleging that these banks finance Israeli settlement activity and military operations in Gaza.48 The report addresses AXA’s equity portfolio holdings, not its technology vendor relationships.

Profundo, 2024: The Profundo report “AXA’s Divestment from Israeli Banks” documents the timeline of AXA’s divestment from Israeli banking equities.47 It confirms that AXA divested from Bank Hapoalim, Bank Leumi, and Israel Discount Bank by mid-2024, and that AXA had previously divested from Elbit Systems — Israel’s largest listed defence contractor — by 2019.47 The report addresses financial holdings. No civil society report specifically auditing AXA’s technology vendor relationships with Israeli-origin software companies has been identified.

CNCD-11.11.11 “Don’t Buy into Occupation V” (November 2025): This report documents European corporate relationships with Israeli occupation.49 It is confirmed as a published NGO report. Based on training-data knowledge of the DBIO IV (2024)50 and predecessor reports: AXA appears in DBIO context primarily through its financial investment exposure (Israeli banks, Elbit Systems). DBIO reports do cover technology company relationships — particularly through Project Nimbus documentation — but focus on technology companies providing goods or services to the occupation, not on insurance companies buying commercial enterprise software. Whether the November 2025 report specifically addresses AXA’s technology vendor relationships as distinct from financial and equity holdings cannot be confirmed without live retrieval of the full text. [PLAUSIBLE-UNVERIFIED that AXA is not a primary subject of DBIO technology-sector analysis].

UN A/HRC/59/23 — Albanese Report (2 July 2025): The Special Rapporteur’s report “From economy of occupation to economy of genocide”26 addresses surveillance technology, AI, cloud infrastructure, and Project Nimbus in §§36–43. It identifies Project Nimbus as enabling Israeli government and military digital infrastructure and discusses Israeli data sovereignty requirements and Defence Export law. The report discusses the broader pattern of Israeli “startup nation” companies — many with Unit 8200/Talpiot alumni founders — commercialising surveillance and AI technologies developed in military contexts. Based on training-data knowledge, the report does not appear to specifically name AXA Group as a subject of its findings, though this cannot be confirmed with absolute certainty without live retrieval. [PLAUSIBLE-UNVERIFIED that AXA is not specifically named in the Albanese report; live retrieval of full text required for confirmation].

Who Profits Research Center: Who Profits maintains a database of companies profiting from the Israeli occupation.51 Based on training-data knowledge, Who Profits has previously profiled AXA in the context of its financial holdings in Israeli banks and Elbit Systems. AXA’s divestment from Elbit Systems (2019) and Israeli banks (2024) may have resulted in removal from or qualification of its Who Profits profile. No public evidence identified that Who Profits has separately documented AXA’s technology vendor relationships as grounds for inclusion in its database. Current status of AXA’s Who Profits profile is unconfirmed without live retrieval.51

AFSC Investigate: AFSC Investigate documents corporate relationships with the Israeli military.52 Based on training-data knowledge, AFSC Investigate focuses on military contractors, weapons suppliers, and technology companies with direct IDF/Israeli government relationships. No public evidence identified that AFSC Investigate has profiled AXA Group as a subject of investigation for its technology procurement relationships.

No public evidence identified of any NGO report specifically auditing AXA’s enterprise technology procurement relationships with Israeli-origin vendors (Check Point, Verint, Wiz, etc.) as a primary subject of investigation.

Boycott & Divestment Campaigns

The BDS Movement has maintained a sustained named campaign — “AXA DIVEST” — against AXA Group.53 The publicly cited grounds are AXA’s equity investments in Bank Hapoalim, Bank Leumi, and Israel Discount Bank, and its previous holdings in Elbit Systems. The campaign is documented as having materially influenced AXA’s investment decisions: AXA divested from Elbit Systems by 2019 and from all three named Israeli banks by mid-2024.475453

The Irish Palestine Solidarity Campaign (IPSC) characterised AXA’s 2024 bank divestment as “a huge victory” for Palestinian solidarity activism.54 The BDS campaign page and supporting civil society reports focus uniformly on financial exposure, not on AXA’s enterprise software stack or technology supply chain.

A coalition described as “Stop AXA Assistance to Israeli Apartheid” is documented as the sustained civil society driver of AXA’s financial divestments.5453 No public evidence identified that this or any other civil society campaign specifically targets AXA’s technology procurement relationships with Israeli-origin vendors.

Ethical Consumer has listed AXA in the context of its Israeli financial investment exposure.55 The specific grounds and current status of that listing would require live retrieval to confirm.

Legal & International Law Framework

ICJ Advisory Opinion, 19 July 2024: The International Court of Justice issued its advisory opinion on the legal consequences of Israel’s continued presence in the Occupied Palestinian Territory, finding Israel’s occupation unlawful and calling on third states and international organisations to cease conduct rendering assistance to the illegal situation.5

ICC Arrest Warrants, 21 November 2024: The International Criminal Court issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and former Defence Minister Yoav Gallant.6

These instruments are documented public facts of international law. Their relevance to this audit is contextual: AXA’s continuation of relationships with Israeli-origin technology vendors and its continued operation of AXA Israel post-19 July 2024 and post-21 November 2024 is documented, with the Wiz CISO engagement in 20254 representing the most precisely dated post-ICJ/ICC data point.

Settlement Nexus

No public evidence identified of AXA’s digital products, services, or platforms being specifically provided in or to Israeli settlements in the West Bank or East Jerusalem, or to settlement-based businesses, either directly or through licensees or franchisees. AXA is not listed in the UN OHCHR settlement database in any of its iterations (2018, 2020, 2023).56 The civil society campaigns against AXA focus on financial holdings, not on provision of digital services to settlements.47485453

Regulatory & Legal Actions

No public evidence identified of regulatory inquiries, legal challenges, export control proceedings, or sanctions-related investigations involving AXA’s technology relationships with Israeli entities. Source classes reviewed include EU financial regulatory enforcement records, French AMF enforcement actions, US Treasury OFAC designation lists, export control databases, and parliamentary records in France and the United Kingdom. AXA is an insurance and financial services group, not a technology exporter, and no such proceedings are recorded in accessible public sources.

End Notes

Footnotes

  1. https://www.axasigorta.com.tr/media/t1/001/660/898/256/AXA-Sigorta-&-Emeklilik-Faaliyet-Raporu-2021-ENG-10052022.pdf 2

  2. https://www.axasigorta.com.tr/kurumsal/yatirimci-iliskileri/faaliyet-raporlari

  3. https://axaxl.com/fast-fast-forward/articles/cybersecurity-risks-to-consider-when-the-workforce-returns-to-work 2

  4. https://www.evanta.com/ciso/uk/uk-ireland-ciso-executive-summit-7512 2 3 4 5 6

  5. https://www.icj-cij.org/case/163 2 3

  6. https://www.icc-cpi.int/news/situation-state-palestine-icc-pre-trial-chamber-i-rejects-state-israel-challenges-admissibility 2 3

  7. https://blog.google/inside-google/company-announcements/google-wiz-acquisition/ 2

  8. https://www.wiz.io/about 2

  9. https://www.wiz.io/blog/wiz-acquires-gem-security

  10. https://www.cyberark.com/customer-stories/north-american-insurance-company/

  11. https://www.cyberark.com/customer-stories/us-insurance-firm/

  12. https://www.axa.com/stories/story-beyond-the-numbers-the-human-side-of-cyber-threats

  13. https://investors.sentinelone.com/press-releases/news-details/2023/SentinelOne-and-Wiz-Announce-Exclusive-Partnership-to-Deliver-End-to-End-Cloud-Security/default.aspx

  14. https://www.cyberark.com/press/cyberark-and-sentinelone-team-up-to-enable-step-change-in-endpoint-and-identity-security/

  15. https://www.verint.com/case-studies/axa-reduces-average-handle-time-by-20-using-modern-connected-verint-open-platform/ 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  16. https://investors.verint.com/financial-information/sec-filings 2 3 4 5 6

  17. https://ir.cognyte.com 2

  18. https://investors.verint.com/financial-information/sec-filings 2 3

  19. https://interface.media/blog/executiveinsights/axa-partners-digital-transformation-by-the-business-for-the-business/

  20. https://www.publicissapient.com/news/publicis-sapient-announces-global-partnership-with-google

  21. https://www.microsoft.com/en/customers/story/1760377839901581759-axa-gie-azure-insurance-en-france 2 3 4

  22. https://www.datacenters.com/microsoft-azure-israel-central 2 3

  23. https://www.zawya.com/en/business/axa-shifts-to-aws-cloud-in-services-push-urztor0r 2

  24. https://www.axa.com/en/news/axa-and-aws-developping-first-global-b2b-risk-management-and-prevention-platform 2

  25. https://aws.amazon.com/local/israel/

  26. https://www.ohchr.org/en/documents/thematic-reports/ahrc5923-economy-occupation-economy-genocide-report-special-rapporteur 2 3

  27. https://www.axa-israel.co.il 2 3

  28. https://www.sayata.com/news/sayata-raises-35-million-series-b 2

  29. https://www.nasdaq.com/market-activity/stocks/hubc 2 3

  30. https://azure.microsoft.com/en-us/blog/enhance-ai-security-with-azure-prompt-shields-and-azure-ai-content-safety/

  31. https://www.axa.com/en/investor/financial-information/strategy 2

  32. https://www.axa.com/en/investor/financial-information/annual-report 2 3

  33. https://www.axa.com/en/investor/financial-information/annual-report 2 3

  34. https://www.axa.com/en/news/bringing-innovation-to-the-next-level

  35. https://www.axa.com/en/about-us/innovation

  36. https://www.prnewswire.com/il/news-releases/axa-ventures-leads-5-million-investment-in-next-generation-cybersecurity-startup-hub-security-301054886.html

  37. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=HUBC&type=F-4

  38. https://avpcap.com/companies/ 2

  39. https://www.reinsurancene.ws/axa-backed-insurtech-sayata-labs-launches-with-6-5mn-in-funding/ 2

  40. https://www.elron.com/investor-relations/reports-and-publications

  41. https://www.prnewswire.com/news-releases/contrast-security-joins-the-wiz-integrations-win-platform-as-a-launch-partner-301848455.html 2

  42. https://www.axa.com/en/investor/financial-information/annual-report 2 3

  43. https://www.axa.com/en/about-us/governance/executive-committee

  44. https://www.axa.com/en/about-us/governance/board-of-directors

  45. https://www.axa.com/en/about-us/governance/board-of-directors 2 3

  46. https://www.axa.com/en/about-us/our-commitments/responsible-investment

  47. https://profundo.nl/projects/axa-s-divestment-from-israeli-banks/ 2 3 4 5

  48. https://aks3.eko.org/images/AXA_investments_Israeli_banks_report_2024.pdf 2

  49. https://www.cncd.be/IMG/pdf/2025-11-dbio-v-report.pdf

  50. https://www.dontbuyintooccupation.org

  51. https://www.whoprofits.org/companies/company/axa 2

  52. https://investigate.afsc.org/company/axa

  53. https://bdsmovement.net/axa-divest 2 3 4

  54. https://www.ipsc.ie/bds/axawin 2 3 4

  55. https://www.ethicalconsumer.org/ethicalcampaigns/boycotts

  56. https://www.ohchr.org/en/hr-bodies/hrc/sessions/database-hrc