V-DIG Audit — Christian Dior SE

Prepared: 2026-05-01 | Audit Phase: V-DIG | Parent Entity: LVMH Moët Hennessy Louis Vuitton SE

Enterprise Technology Stack & Vendor Relationships

Controlling Shareholder Investment in Israeli-Origin Cybersecurity

The most significant documented link between Christian Dior SE’s ownership structure and Israeli technology concerns Wiz, the Israeli-founded cloud-native application protection platform (CNAPP). Aglaé Ventures — the investment vehicle of Bernard Arnault, who serves simultaneously as Chairman and CEO of both LVMH and Christian Dior SE — participated in a funding round for Wiz in 2023.¹² This relationship sits at the level of Arnault’s personal and family-office capital deployment, not a corporate procurement or licensing contract entered into by Dior SE or LVMH as an operating enterprise.

Wiz was co-founded by Assaf Rappaport, Yinon Costica, Ami Luttwak, and Roy Reznik, all publicly documented alumni of Israeli military intelligence Unit 8200, who previously co-founded Adallom (acquired by Microsoft in 2015) and subsequently led Microsoft Azure’s Cloud Security Group before departing to found Wiz.¹³ The firm’s product line covers cloud workload protection, cloud security posture management (CSPM), and data security posture management (DSPM) across multi-cloud environments.

No public evidence has been identified of a direct licensing, subscription, or enterprise services contract between Christian Dior SE or LVMH and Wiz. The relationship is one of minority venture-capital investment by the group’s ultimate controlling shareholder.¹² Arnault’s family holding structure — Financière Agache, which controls both LVMH and Christian Dior SE — provides the vehicle through which Aglaé Ventures operates.⁴

The Google–Wiz acquisition (reported at $32 billion, with European Commission review underway as of early 2025 reporting) is noted in the ecosystem context.² Final closure status should be confirmed against EC and SEC primary filings.

Other Israeli-Origin Cybersecurity Vendors

Check Point Software Technologies issued external consumer-facing phishing-awareness commentary following the May 2025 Dior data breach.⁵⁶ This constitutes independent threat-intelligence publication by a third party, not evidence of a vendor relationship. Check Point and Wiz announced a strategic partnership in 2024 covering end-to-end cloud security,⁷ but Dior or LVMH are not documented parties to that arrangement.

CyberArk and SentinelOne announced a joint endpoint and identity security partnership in 2024,⁸ and CyberArk separately entered a cloud-identity partnership with Wiz in 2024.⁹ None of these inter-vendor agreements document Dior or LVMH as a customer, user, or referenced deployment site.

For Verint, Nice Systems, Palo Alto Networks, and Claroty: no public evidence of direct licensing, subscription, integration, or services relationships with Christian Dior SE or LVMH has been identified in corporate filings, vendor press releases, procurement records, or credible trade reporting.

Digital Transformation Integrators

Publicis Sapient is publicly documented as a digital transformation integrator for Dior and the broader LVMH portfolio, engaged on unified commerce experiences and immersive retail activations.¹⁰ Publicis Sapient maintains global delivery operations including Israel-based resources, but no public evidence identifies Publicis Sapient as having mandated, procured, or deployed Israeli-origin cybersecurity or analytics products specifically within its Dior or LVMH engagement scope. No public evidence identified that these engagements introduced Israeli-origin technology products.

LVMH Innovation Award & Startup Ecosystem Pipeline

LVMH operates a structured startup co-development pipeline — La Maison des Startups (Station F, Paris)¹¹ and the annual LVMH Innovation Award¹² — through which technology startups are onboarded as commercial partners for Maisons including Dior. This pipeline has produced at least two confirmed Israeli-origin technology vendor relationships (detailed under Sections 2 and 6).

Surveillance, Biometrics & Retail Technology

Virtual Try-On Biometric Litigation (Illinois)

A proposed class-action was filed against Christian Dior Inc. in the United States alleging that the company unlawfully collected Illinois residents’ biometric information through a virtual try-on feature on its e-commerce website, in violation of the Illinois Biometric Information Privacy Act (BIPA).¹³ The technology vendor powering the virtual try-on feature is not named in the public case record. The ClassAction.org case listing records the case as dismissed.¹³ No public evidence connects the underlying try-on technology to an Israeli-origin vendor.

Kahoona — Confirmed AI Behavioral Analytics Deployment

Kahoona, an Israel-headquartered AI behavioral analytics company, is a confirmed Dior technology partner. Kahoona received the “Best Business Prize” at the 2025 LVMH Innovation Award ceremony, explicitly recognized for its collaboration with Christian Dior.¹⁴¹⁵

Kahoona’s published case studies document commercially attributed performance improvements from a “global luxury fashion leader” deployment — consistent with the LVMH award citation confirming the Dior relationship — including: a 24.2% improvement in click-through rate, 19.1% increase in pages per session, 12.8% growth in average order value, and 166% more new customer acquisitions.¹⁶¹⁷

Kahoona’s technology operates by ingesting in-page micro-interactions from unauthenticated website visitors — including mouse movement patterns, scroll velocity, click cadence, and hesitation intervals — and generating real-time predictive behavioral segmentation without reliance on third-party cookies or persistent login identity.¹⁶¹⁷ This is a confirmed live commercial deployment on Dior’s digital properties, not a pilot or inferred relationship.

No public evidence has been identified that Kahoona’s platform, as deployed by Dior, has been used for workforce surveillance, physical store monitoring, social media monitoring, or any application beyond e-commerce conversion optimization.

Physical Store Surveillance Technologies

Trigo (Israeli computer vision, frictionless checkout), AnyVision/Oosto (Israeli facial recognition), BriefCam (Israeli video analytics), and Trax Retail (Israeli shelf-intelligence and image recognition): no public evidence of direct deployment of any of these Israeli-origin surveillance or retail-intelligence vendors within Dior or LVMH boutiques has been identified. Claims in prior AI research that Trax “serves brands like Dior,” sourced from a comparison aggregator page rather than any primary corporate or vendor disclosure, are assessed as insufficiently verified.¹⁸

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

AWS Infrastructure — Confirmed via Breach Forensics

The May 2025 Dior data breach is confirmed by multiple independent sources.¹⁹⁵²⁰⁶ The breach involved unauthorized access to a customer database and exposed the personal data of customers principally in Asia, with South Korea and China explicitly confirmed as affected markets.¹⁹⁵²¹ Breach analysis sources cite AWS S3 as the storage environment involved,²⁰⁶ constituting the primary public confirmation of Dior’s use of AWS for customer data storage operations.

Technically granular forensic details appearing in some secondary analyses — including specific IP attribution, script filenames, IAM policy configurations, and TLS cipher specifications — are not corroborated by any primary source (vendor disclosure, regulatory notice, or credible investigative journalism) and should be treated as unverified pending primary confirmation.

Chinese PIPL Regulatory Investigation

Chinese data protection authorities initiated a regulatory investigation into Dior’s Shanghai subsidiary over alleged violations of the Personal Information Protection Law (PIPL), including cross-border personal data transfers conducted without adequate legal basis and deficiencies in encryption safeguards.²¹ China Briefing’s reporting on this investigation is the primary English-language source of record.²¹ The final penalty amount has not been confirmed in a primary regulatory notice available in public sources as of memo date.

South Korean PIPC Enforcement

A South Korean Personal Information Protection Commission (PIPC) enforcement action involving Dior Couture, Louis Vuitton, and Tiffany & Co., with a cited penalty of KRW 36.033 billion (~$25M USD), is referenced in the prior research but is not independently confirmed in a primary PIPC regulatory decision notice within available sources. This claim requires verification against PIPC official records before it can be treated as established fact.

Project Nimbus — Indirect Infrastructure Relationship

Project Nimbus is a confirmed $1.2 billion contract between the Israeli government and Amazon Web Services and Google Cloud to construct sovereign cloud infrastructure for the Israeli government and military.²²²³²⁴ AWS opened its Israel (Tel Aviv) Region with three availability zones in 2023.²⁵²⁶

No public evidence has been identified that Christian Dior SE or LVMH routes any workloads to the AWS Israel (Tel Aviv) region specifically, holds any contractual relationship with the Nimbus programme, or provides services marketed for Israeli state digital sovereignty or military data resilience. The relationship between Dior’s documented AWS usage and Project Nimbus is structural and indirect: Dior’s global AWS spend contributes to Amazon’s corporate revenues as a company that also operates the Nimbus contract. No operational overlap has been publicly documented.

Proprietary Data Centre Presence in Israel

No public evidence has been identified that Christian Dior SE or LVMH operates, leases, or co-locates proprietary data centre infrastructure within Israel. The group’s confirmed in-country presence is limited to commercial retail.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of any contract, partnership, memorandum of understanding, or services agreement between Christian Dior SE, LVMH, or any confirmed subsidiary and the Israeli Ministry of Defence, Israel Defense Forces (IDF), or Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200 as an institutional body).

Dual-Use Technology Provision

No public evidence identified that any commercially deployed Dior or LVMH technology — including the confirmed Kahoona behavioral analytics deployment — has been reported, documented, or alleged to have been repurposed or made available for military, intelligence, or law-enforcement surveillance operations within Israel or the Occupied Palestinian Territory.

Offensive Cyber Capabilities

No public evidence identified. Christian Dior SE and LVMH are luxury goods, fashion, and retail conglomerates. No involvement in offensive cyber capability development, digital weapons programs, or state-level signals intelligence infrastructure has been identified.

AI, Algorithmic & Autonomous Systems

AI Provision to State or Security Bodies

No public evidence identified of any provision of AI systems, machine learning models, computer vision infrastructure, or autonomous decision-support technology by Christian Dior SE or LVMH to Israeli state, military, or security entities.

Confirmed Commercial AI Deployments

The confirmed AI deployment footprint at Dior includes:

• Kahoona (Israel): Real-time behavioral segmentation and predictive conversion AI deployed on Dior’s e-commerce properties, as confirmed by the 2025 LVMH Innovation Award.¹⁴¹⁶¹⁷ Documented use case is commercial conversion optimization only.
• FancyTech: Recognized at the 2024 LVMH Innovation Award Grand Prize at Viva Technology²⁷ for AI-generated video and visual content capabilities across LVMH Maisons. National origin is Chinese; no Israeli technology relationship has been identified in connection with this vendor.
• La Maison des Startups pipeline: Israeli AI startup Apply Design (computer vision, photorealistic 3D virtual staging) was named among 2023 LVMH Innovation Award finalists and onboarded into the La Maison des Startups accelerator at Station F.¹¹¹²²⁸ Apply Design’s Israeli origin is confirmed; characterization of its founding team as “Unit 8200-adjacent” appearing in prior research is not corroborated in any primary source and should be treated as unverified.

Training Data Provenance

No public evidence identified that Dior’s or LVMH’s AI or ML models have been trained on surveillance-derived datasets, occupied-territory data, or data originating from Israeli state or military operations. Where Israeli-origin startup technologies (Kahoona, Apply Design) are refined against LVMH/Dior proprietary commercial data (e-commerce behavioral data, product imagery), this is documented in a commercial context exclusively.

Autonomous Systems & Lethal Applications

No public evidence identified.

Technology Ecosystem & R&D Footprint

R&D and Engineering Presence in Israel

No public evidence identified that Christian Dior SE or LVMH operates R&D facilities, engineering offices, innovation labs, or technical centres within Israel. The group’s confirmed in-country footprint is retail-only.

Physical Retail Presence in Israel

Dior operates confirmed physical retail boutiques in Israel:

• Dior Boutique, TLV Fashion Mall (Gindi Fashion Mall), Carlibach 6, Tel Aviv-Yafo — confirmed by the mall’s own tenant directory.²⁹
• Dior Boutique, Mamilla Avenue (Alrov Mamilla), Jerusalem — confirmed by the official Dior Israel boutiques page.³⁰
• Dior Israel localized e-commerce — operating at diorboutique-il.com with Hebrew-language interface and local boutique listings.³⁰

Investment & Venture Capital — Israeli Technology Companies

• Wiz (2023): Aglaé Ventures, the investment vehicle of Bernard Arnault operating within the Financière Agache holding structure that controls Christian Dior SE and LVMH,⁴ participated in a Wiz funding round.¹² The precise stake size has not been publicly disclosed. This is a minority venture capital investment by the controlling shareholder’s family office; it is not a corporate acquisition or enterprise licensing agreement by Dior SE or LVMH.
• Apply Design (2023, La Maison des Startups): Tel Aviv-based AI/computer vision startup specializing in photorealistic virtual staging; confirmed 2023 LVMH Innovation Award finalist and La Maison des Startups participant.²⁸ No acquisition or follow-on investment has been publicly documented.
• Kahoona (2024–2025, La Maison des Startups): Israeli behavioral AI company; 2025 LVMH Innovation Award Best Business Prize recipient for Dior collaboration confirmed.¹⁴¹⁵ No acquisition has been publicly documented.

No corporate acquisitions of Israeli technology companies by Dior SE or LVMH as the direct acquiring entity have been identified.

Patent & IP Relationships with Israeli Research Institutions

No public evidence identified of patent portfolios, co-invention filings, licensing agreements, or joint research and development arrangements between Dior or LVMH and Israeli universities (Technion, Hebrew University, Weizmann Institute, Ben-Gurion University) or Israeli state research bodies.

Civil Society Scrutiny & Regulatory History

NGO and Advocacy Reporting

LSESU Palestine Society — Stakes in Settler Colonialism (2025)³¹: This document, published by the London School of Economics Students’ Union Palestine Society, addresses LVMH and Arnault in the context of the Aglaé Ventures investment in Wiz. It should be read as an advocacy document rather than a peer-reviewed academic or independent NGO report. Its factual claims regarding the Wiz investment align with independently confirmable press coverage.¹² No UN Special Rapporteur reports, peer-reviewed academic studies, or major human rights organization publications specifically auditing Dior’s or LVMH’s technology relationships with Israeli state entities have been identified in available sources.

Boycott, Divestment & Sanctions Campaigns

No major BDS organization has published a formal, structured campaign targeting Christian Dior SE or LVMH specifically on grounds of Israeli technology provision, state infrastructure participation, or military-relevant technology as of memo date. Individual activist references are consistent with the LSESU document³¹ but do not constitute an organized cross-organizational campaign.

Regulatory and Legal Actions

• Illinois BIPA class action (virtual try-on feature): Filed against Christian Dior Inc. alleging unlawful collection of biometric identifiers via e-commerce virtual try-on tool, in violation of BIPA.¹³ Case recorded as dismissed.¹³ No Israeli-origin vendor is identified in the public case record as the technology provider.

• Chinese PIPL investigation: Regulatory probe into Dior’s Shanghai subsidiary confirmed by China Briefing²¹ for alleged violations including unlawful cross-border data transfers and inadequate data protection safeguards. Final penalty quantum not confirmed in a primary regulatory notice available in public sources.

• South Korean PIPC enforcement: Cited penalty of KRW 36.033 billion (~$25M USD) attributed jointly to Dior Couture, Louis Vuitton, and Tiffany & Co. Not independently confirmed in a primary PIPC decision document available in public sources. Treat as unverified pending primary source confirmation.

• May 2025 data breach — multi-jurisdictional regulatory exposure: The confirmed May 2025 breach of Dior customer data¹⁹⁵²⁰⁶ — affecting customers in South Korea and China among others — has generated active regulatory exposure across multiple data protection regimes simultaneously. Investigations or enforcement outcomes from PIPC (South Korea), CAC/MIIT (China), and potentially CNIL (France, as Dior SE’s home regulator) have not yet been resolved in available public records.

• No export control actions, sanctions investigations, or regulatory inquiries specifically related to Dior or LVMH technology sales or services to Israeli state entities have been identified.

End Notes