INDEX / DIRECTORY / JEEP / V-DIG

Jeep V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 0.05 /10 E Jeep — BDS-1000 154
V-DIG 0.05

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

Jeep — V-DIG Audit

Subject: Jeep (brand of Stellantis N.V. / FCA US LLC) Audit Phase: V-DIG Audit Reference Date: 2024 (based on available public records)

Enterprise Technology Stack & Vendor Relationships

Corporate Structure

Jeep is a wholly owned brand of Stellantis N.V., the multinational automotive group formed from the merger of Fiat Chrysler Automobiles (FCA) and PSA Group in 2021. All enterprise technology, procurement, and vendor relationships for Jeep operate through Stellantis and its subsidiary FCA US LLC. Public disclosures are filed by Stellantis N.V. with the SEC (Form 20-F) and the company’s investor relations platform.12

Confirmed Technology Partnerships

Stellantis has publicly disclosed the following major technology partnerships relevant to its vehicle and enterprise platforms:

Israeli-Origin Cybersecurity & Enterprise Software Vendors

A survey of Israeli-origin or Israeli-founded enterprise software vendors commonly present in large automotive OEM environments was conducted against all available public records:

No public evidence identified of embedded or critical-infrastructure dependency by Stellantis/Jeep on any of the above Israeli-origin enterprise software vendors. The absence of named-customer disclosures across all relevant vendor sites, and the absence of confirmation in SEC filings or press releases, means no dependency level can be characterised from available public records.12

Upstream Security

Upstream Security (Israeli-founded, Tel Aviv-based) is an automotive-specific connected vehicle cybersecurity platform. Upstream’s 2023 Global Automotive Cybersecurity Report references unnamed Tier-1 OEM partners.15 Upstream’s public blog references automotive partnerships in general terms, but no public document names Stellantis or Jeep specifically as a contracted Upstream client.15 No confirmed Stellantis–Upstream contract identified in public records.

Argus Cyber Security

Argus Cyber Security (Israeli, Tel Aviv; acquired by Continental AG in 2017) provides automotive ECU and in-vehicle network security. Argus has conducted published research referencing FCA/Stellantis-platform vehicles in the context of vulnerability testing — specifically in the wake of the 2015 Jeep Cherokee remote exploit.16 No confirmed active vendor contract between Argus and Stellantis is identified in public procurement records.16

C2A Security

C2A Security (Israeli, Jerusalem) develops DevSecOps tooling for software-defined vehicles. C2A publicly positions the SDV transition as its primary market. No public record names Stellantis or Jeep as a C2A customer.17 No public evidence identified.

Procurement & Integrator Relationships

Industry coverage identifies Accenture and Capgemini as major IT integrators for European OEMs including Stellantis predecessors (PSA, FCA).18 No public record confirms that these integrators deployed Israeli-origin technology as part of Stellantis or Jeep engagements. No public evidence identified of an integrator-mandated Israeli technology deployment for Stellantis or Jeep.

Evidence Gap

Stellantis does not publicly disclose its full enterprise software vendor stack in annual reports or ESG disclosures. Accordingly, use of Israeli-origin cybersecurity or analytics software at the enterprise infrastructure level cannot be confirmed or ruled out without access to internal procurement records or confirmed vendor-side named-customer disclosures.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Identification

No public evidence identified of Stellantis or Jeep deploying facial recognition, biometric identification, behavioural analytics, or gait-analysis technologies from Israeli-origin vendors. Vendors surveyed with no confirmed Stellantis/Jeep relationship include:

Jeep is an automotive brand, not a retail operator. The standard deployment context for retail-focused biometric technologies (point-of-sale, shop floor footfall analytics) does not apply to Jeep’s operational model. Stellantis manufacturing facilities’ use of biometrics for workforce access control is not publicly documented in connection with Israeli-origin vendors.

Predictive Analytics & Workforce Monitoring

No public evidence identified of Israeli-origin predictive analytics, sentiment analysis, social media monitoring, or workforce surveillance tools deployed by Stellantis or Jeep.

Indirect/Third-Party Deployment

No public evidence identified of Israeli-origin surveillance technologies reaching Stellantis or Jeep indirectly via third-party platforms, managed security services, or bundled enterprise software suites.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Primary Cloud Infrastructure

Stellantis’s primary confirmed cloud infrastructure partner is Amazon Web Services, as disclosed in a public partnership announcement and AWS case study.3 No Israeli data centre footprint is disclosed in Stellantis annual reports or ESG filings.122

Data Centre Operations in Israel

No public evidence identified of Stellantis or Jeep operating, leasing, or co-locating data centre infrastructure within Israel. No Israeli data centre presence appears in any Stellantis corporate disclosure reviewed.

Project Nimbus & Israeli State Cloud Programmes

Project Nimbus is a contract between the Israeli government and Google Cloud and Amazon Web Services for sovereign cloud infrastructure provision.23 Stellantis is not a party to that contract in any publicly documented capacity. While Stellantis uses AWS as a cloud partner,3 no public evidence identifies Stellantis as a sub-contractor, participant, or beneficiary of Project Nimbus workloads or any comparable Israeli state-backed cloud infrastructure programme.23 No public evidence identified.

Data Sovereignty Services

No public evidence identified. Stellantis is an automotive manufacturer and mobility company; it does not market cloud or data sovereignty services to state institutions in any publicly documented capacity.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence identified of any contract, partnership, or service agreement between Stellantis/Jeep and the Israeli Ministry of Defence, Israel Defence Forces (IDF), Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200 alumni ventures), or related Israeli state security bodies.

Fleet Sales — Commercial Vehicle Context

Jeep as a brand has historical origins in WWII-era US military utility vehicles. Jeep-branded commercial vehicles are sold globally through authorised distributors. Commercial vehicle sales to end-users — including potentially military or government fleet purchasers in any country — do not constitute a technology contract between the manufacturer and a defence body. No Israeli MoD or IDF fleet procurement of Jeep-brand vehicles has been identified in publicly available procurement records.

In Israel, Stellantis brands including Jeep are distributed by Champion Motors (see Israeli Distributor note in Evidence Gaps below).24 The commercial terms of this distribution relationship are not detailed in public records sufficient to assess any technology data-sharing component.

Dual-Use Technology

No public evidence identified of Stellantis/Jeep commercial technology being reported, confirmed, or documented by researchers as deployed for military, intelligence, or law enforcement surveillance within Israel or occupied territories.

Offensive Cyber & Weapons Systems

No public evidence identified. Stellantis/Jeep is not a cybersecurity, offensive cyber, or weapons systems developer. Its technology outputs are commercial automotive products and associated connected-vehicle software services.

AI, Algorithmic & Autonomous Systems

Mobileye ADAS Integration

Stellantis’s most material documented relationship with an Israeli-origin AI/autonomous systems vendor is its use of Mobileye (Israeli-founded, Jerusalem; acquired by Intel in 2017; publicly listed as MBLY on NASDAQ) technology in production vehicles. Stellantis has publicly confirmed use of Mobileye-derived Advanced Driver Assistance Systems (ADAS) hardware and software within its SDV and vehicle platform strategy.6 Mobileye supplies camera-based perception systems, EyeQ chips, and driver-assistance algorithms used across multiple Stellantis platforms.

This is a commercial automotive ADAS supply relationship — the standard OEM-to-Tier-1-supplier dynamic present across the automotive industry. No provision of this technology to any Israeli state, military, or security body by Stellantis or in connection with Stellantis’s use of Mobileye has been identified in public records.

AI Provision to State Bodies

No public evidence identified of Stellantis or Jeep providing AI, ML, computer vision, or autonomous decision-support systems to Israeli state, military, or security bodies.

Training Data & Model Development

No public evidence identified of Stellantis/Jeep AI models trained on civilian population data, intercepted communications, or surveillance-derived datasets from Israel or occupied territories.

Autonomous Systems & Lethality

Mobileye’s ADAS technology, as commercially integrated in Stellantis/Jeep vehicles, is a consumer automotive safety product. No publicly documented provision of Mobileye-integrated Stellantis vehicles to Israeli military or security forces in an autonomous targeting or lethality context attributable to Stellantis has been identified.

STLA Brain Connected Vehicle Platform — Cybersecurity SOC

Stellantis operates a connected vehicle platform under the STLA Brain architecture.6 Whether the cybersecurity operations centre supporting this platform utilises Israeli-origin tooling (e.g., Upstream Security, Argus, C2A Security) is not publicly confirmed. This constitutes an evidence gap: the 2015 Jeep Cherokee remote-exploit incident25 catalysed significant automotive cybersecurity investment industry-wide, and Israeli automotive cybersecurity firms (Argus, Upstream, C2A) are active in this market.26 No confirmed deployment by Stellantis has been established in public records.

Technology Ecosystem & R&D Footprint

R&D Locations

Stellantis’s publicly documented R&D locations include facilities in Italy (Turin), France (Vélizy), Germany, the United Kingdom, the United States (Auburn Hills, MI), and Brazil.27 No Israeli R&D facility, engineering office, innovation lab, or accelerator programme is listed in any Stellantis corporate disclosure reviewed. No public evidence identified of Stellantis or Jeep operating R&D infrastructure within Israel.

Acquisitions & Strategic Investments

No public evidence identified of Stellantis or its predecessor entities (FCA, PSA Group) acquiring Israeli-origin technology companies or making strategic investments in Israeli technology startups or Israeli-domiciled venture funds.

Note: Mobileye was acquired by Intel Corporation (not Stellantis) in 2017 for approximately $15.3 billion. Stellantis’s relationship with Mobileye is that of a technology customer and OEM licensee, not an investor or acquirer.6

Israeli Technology Ecosystem Engagement

A review of Israeli technology ecosystem engagement, covering known automotive cybersecurity startups and accelerators active in the Israeli market, found no documented Stellantis or Jeep participation in Israeli startup programmes, accelerators (e.g., Ford’s Israeli accelerators would not be attributable to Stellantis), or R&D consortia.26 The Israeli automotive cybersecurity startup landscape — which includes Argus (Continental), C2A, Upstream, and others — is commercially active, but no named Stellantis/Jeep engagement is documented in available coverage.26

Patent & Intellectual Property

No public evidence identified of significant patent portfolios, licensing agreements, or co-development arrangements between Stellantis/Jeep and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute, or comparable).

Uconnect & Connected Vehicle Data

The Uconnect connected vehicle platform used across Jeep vehicles is subject to the FCA US Privacy Policy, which governs connected vehicle data handling for Jeep owners.28 No Israeli-origin data processing, analytics subcontractor, or data localisation arrangement within Israel is disclosed in the Uconnect privacy documentation reviewed.

Civil Society Scrutiny & Regulatory History

Who Profits Research Center

The Who Profits Research Center (Israeli civil society organisation documenting corporate involvement in the Israeli occupation) maintains a searchable database of companies with operational or commercial presence in occupied territories. A review of publicly available Who Profits records does not surface a dedicated profile on Stellantis or Jeep.29 Who Profits focuses primarily on companies with direct operational or commercial presence in occupied territories; no such presence by Stellantis/Jeep has been identified in their published records. The completeness of the live Who Profits database could not be independently verified through a direct query in this audit phase.29

BDS Movement Campaigns

The BDS Movement maintains public campaign lists targeting companies with documented ties to Israeli state institutions or settlement infrastructure.30 No active BDS campaign specifically targeting Stellantis or Jeep for technology provision has been identified in BDS Movement public records as of available 2024 data.30 No public evidence identified.

UN, Human Rights Watch & Amnesty International

No UN reports, Human Rights Watch publications, Amnesty International reports, or comparable international human rights organisation publications specifically addressing Stellantis/Jeep technology relationships with the Israeli state have been identified.

Regulatory & Legal Actions

No regulatory inquiries, legal challenges, export control actions, or sanctions-related investigations involving Stellantis/Jeep technology sales or services to Israeli state entities have been identified across:

No public evidence identified.

Israeli Market Operations

Jeep vehicles are sold in Israel through Champion Motors, the Israeli distributor for Stellantis brands.24 This is a conventional automotive distribution relationship. No technology-specific or data-sharing dimension to this distributor relationship is documented in public records. Stellantis’s own investor and market reports do not identify Israel as a significant or separately reported sales market.2

2015 Jeep Cherokee Remote Exploit — Historical Cybersecurity Incident

The 2015 remote hack of a Jeep Cherokee, demonstrated by researchers Charlie Miller and Chris Valasek and reported by Wired, resulted in FCA issuing a 1.4 million-vehicle recall — the first recall in the automotive industry prompted by a cybersecurity vulnerability.25 This incident is a matter of established public and regulatory record and is directly relevant to FCA/Stellantis’s subsequent investment in automotive cybersecurity capability. The incident predates Stellantis’s formation; no Israeli-origin technology was implicated in either the vulnerability or the remediation. It is noted here as context for the subsequent cybersecurity vendor landscape in which Israeli automotive security firms (Argus, Upstream, C2A) operate.25

End Notes

Footnotes

  1. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001877808&type=20-F&dateb=&owner=include&count=40 2 3 4

  2. https://www.stellantis.com/en/investors/reports-and-presentations/annual-reports 2 3 4

  3. https://aws.amazon.com/solutions/case-studies/stellantis/ 2 3

  4. https://www.reuters.com/business/autos-transportation/stellantis-amazon-partner-vehicles-2022-01-06/

  5. https://www.stellantis.com/en/news/press-releases/2021/may/stellantis-foxconn-mobile-drive

  6. https://www.stellantis.com/en/news/press-releases/2023/march/stellantis-dare-forward-2030 2 3 4

  7. https://www.checkpoint.com/industries/automotive/

  8. https://www.wiz.io/customers

  9. https://www.sentinelone.com/industry/manufacturing/

  10. https://www.cyberark.com/customers/

  11. https://www.nice.com/customers

  12. https://www.verint.com/customers/

  13. https://claroty.com/industries/automotive/

  14. https://www.paloaltonetworks.com/industries/automotive

  15. https://upstream.auto/reports/global-automotive-cybersecurity-report-2023/ 2

  16. https://argus-sec.com/customers/ 2

  17. https://c2a-sec.com/

  18. https://www.autonews.com/technology/stellantis-digital-transformation-2022

  19. https://www.forbes.com/sites/thomasbrewster/2021/03/09/microsoft-backed-facial-recognition-startup-anyvsion-rebrands-to-oosto/

  20. https://www.briefcam.com/customers/

  21. https://www.trigo.tech/customers

  22. https://www.stellantis.com/en/sustainability/esr-report 2

  23. https://www.theguardian.com/technology/2021/oct/12/google-amazon-israel-military-project-nimbus 2

  24. https://en.globes.co.il/en/article-1001407000 2

  25. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ 2 3

  26. https://www.calcalistech.com/ctechnews/article/bj02jrob2 2 3

  27. https://www.stellantis.com/en/technology/research-development

  28. https://www.driveuconnect.com/privacy-policy.html

  29. https://www.whoprofits.org/companies/company/automotive 2

  30. https://bdsmovement.net/industries 2

  31. https://www.nhtsa.gov/vehicle/2022/JEEP/WRANGLER/SUV/4WD