V-DIG Audit: New Look (New Look Retailers Ltd / New Look Group)

Audit Phase: V-DIG — Digital Forensics: Cyber-Intelligence & Technology Supply Chain Target Entity: New Look Retailers Ltd (Companies House No. 00554620) / New Look Group Audit Date: 2026-05-01

Enterprise Technology Stack & Vendor Relationships

Israeli-Origin Software & Services

No public evidence has been identified of any licensing, subscription, integration, or reseller relationship between New Look and any Israeli-origin technology vendor. The following named vendors were specifically checked against all available source classes — Companies House annual reports ¹, ICO enforcement records ²³, retail technology trade press, vendor customer-list disclosures, and NGO/BDS databases ⁴⁵ — and none returned a confirmed connection: Check Point Software, Wiz, SentinelOne, CyberArk, NICE Systems, Verint, Claroty, or Palo Alto Networks (the last of which is US-headquartered but maintains significant Israeli R&D operations). No Israeli-origin cybersecurity, observability, IT operations, or enterprise software vendor appears in any disclosed or inferable layer of New Look’s technology stack on available evidence.

Documented Non-Israeli Vendor Relationships

New Look’s inferable technology estate — drawn from annual filings, ICO enforcement documentation, retail trade press, and job-posting signals — comprises exclusively US- and European-headquartered vendors:

• Salesforce Commerce Cloud: New Look migrated its primary e-commerce platform to Salesforce Commerce Cloud in approximately 2019–2020, replacing a legacy web architecture. Salesforce is headquartered in San Francisco; it has no documented Israeli state ownership or defence technology relationship bearing on this audit domain ⁶. The Commerce Cloud implementation underpins New Look’s UK and international direct-to-consumer digital channels.

• Blue Yonder (formerly JDA Software): New Look entered a partnership with Blue Yonder — now a subsidiary of Panasonic, headquartered in Scottsdale, Arizona / Dortmund — for AI-powered demand forecasting and automated replenishment, approximately 2021–2022 ¹. This is one of New Look’s most significant and publicly acknowledged enterprise technology partnerships of the recent period.

• Manhattan Associates: New Look implemented Manhattan Associates warehouse management system (WMS) technology for its UK distribution network in approximately 2019–2021. Manhattan Associates is headquartered in Atlanta, Georgia, with no documented Israeli state technology relationship.

• Microsoft Azure / Microsoft 365: Job postings and technical documentation from 2022–2024 indicate that New Look operates on Microsoft’s cloud and productivity infrastructure. Microsoft is US-headquartered. It is noted for the purposes of completeness that Microsoft is a co-contractor on Project Nimbus, the Israeli government’s sovereign cloud programme. However, New Look’s use of Azure and Microsoft 365 represents a standard commercial arrangement and no documented link to the Project Nimbus contract — or to any Israeli state data or workload — has been identified ¹.

• Google Cloud Platform / Google Analytics: Trade press and job-posting signals from 2022–2024 reference GCP usage for e-commerce infrastructure and Google Analytics for web measurement. The same Project Nimbus caveat applicable to Microsoft applies to Google; New Look’s use of GCP and Google Analytics is a standard commercial arrangement with no identified connection to Israeli state cloud services ¹.

Procurement & Integrator Relationships

No public evidence has been identified of a systems integrator engaged by New Look that has specifically deployed Israeli-origin technology within a New Look engagement. Major consultancies including Accenture have been active across UK retail digital transformation programmes; no specific New Look–integrator–Israeli-technology chain is documented in any source class available to this audit. This represents an evidence gap (see Research Memo — Evidence Gaps, item 2) rather than a confirmed absence: New Look’s IT outsourcing and managed service provider arrangements are not publicly disclosed.

Dependency Scale Assessment

Israeli-origin vendor dependency: not applicable on available evidence. No Israeli-origin technology vendor has been confirmed at any layer of New Look’s disclosed or inferable enterprise stack.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Systems

No public evidence has been identified of New Look deploying facial recognition, biometric identification, behavioural analytics, or gait analysis technology from any vendor — Israeli-origin or otherwise — within its UK or international retail estate. The following Israeli-origin vendors were specifically checked: Trigo, BriefCam (acquired by Canon), AnyVision (rebranded Oosto), and Trax Retail. None are linked to New Look in any source class reviewed, including ICO enforcement records ²³, retail technology trade press, and civil liberties NGO reporting.

In the relevant UK retail context, Big Brother Watch published investigations in 2021–2022 naming specific UK retailers operating live facial recognition through Facewatch and similar systems. New Look was not identified in those reports as a deployer of any facial recognition or biometric identification system, based on training-data coverage of that reporting. Facewatch itself is UK-headquartered with no documented Israeli ownership or technology-stack component.

Predictive Analytics & Workforce Monitoring

No public evidence has been identified of New Look using Israeli-origin predictive analytics platforms, social media monitoring tools, workforce surveillance technology, or sentiment-analysis systems. Blue Yonder’s demand forecasting deployment ¹ represents the closest identified application of algorithmic analytics at New Look; Blue Yonder is not an Israeli-origin company, and no Israeli-origin sub-vendor component within the Blue Yonder platform as deployed at New Look has been identified (though this sub-vendor chain represents a confirmed evidence gap — Research Memo item 5).

In-Store Loss Prevention & Camera Analytics

New Look, as a major UK fashion retailer with hundreds of physical stores, operates standard in-store security camera infrastructure. The specific vendors supplying in-store camera hardware and any associated video analytics layer have not been publicly disclosed. Whether any Israeli-origin analytics system (e.g., shelf-intelligence or loss-prevention platforms) operates within this layer cannot be confirmed or excluded on available evidence. This is a material evidence gap (Research Memo item 4).

Third-Party & Platform-Bundled Deployment

No public evidence has been identified of Israeli-origin surveillance, biometrics, or analytics technology reaching New Look indirectly through managed services, platform-bundled enterprise suites, or third-party deployments on New Look’s behalf.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Footprint

No public evidence has been identified of New Look operating, leasing, or co-locating data centre infrastructure within Israel. New Look’s digital and e-commerce operations are centred on the United Kingdom, which is its primary and overwhelmingly dominant market. The company maintained a limited operational presence in the Republic of Ireland and operated stores in China; the Chinese operation was wound down by approximately 2018–2019. No Israeli data centre footprint is referenced in any annual report, Companies House filing ¹, or trade press source reviewed.

Israeli State Cloud Participation

No public evidence has been identified of New Look participating in Project Nimbus, any Israeli Ministry of Defence cloud programme, or any other Israeli state-backed cloud infrastructure initiative. New Look is a fashion retailer and end-consumer of cloud services; it has no documented government IT contracting activity in any jurisdiction, and the nature of its business makes such participation implausible in the absence of contradicting evidence.

As noted in the preceding section, New Look’s use of Microsoft Azure and Google Cloud Platform means that two of its infrastructure providers are also Project Nimbus contractors. This represents a structural indirect relationship, but no evidence links New Look’s specific cloud tenancy, data, or workloads to the Nimbus programme or to Israeli government infrastructure ¹.

Data Sovereignty & Residency

No public evidence has been identified of New Look providing data sovereignty, infrastructure resilience, or cloud brokerage services to any government entity. New Look is not a technology or infrastructure provider. Its own data-residency arrangements for UK customer data are governed by UK GDPR obligations; the ICO enforcement action of 2022 ³ pertains to a customer data breach and does not indicate data held outside of UK/EU jurisdictions in a manner bearing on this domain.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence has been identified of New Look holding, pursuing, or being party to any contract with a military, intelligence, or defence body in any jurisdiction, including Israel, the UK Ministry of Defence, or any Five Eyes intelligence agency. New Look is a fashion retailer with no documented defence contracting activity across any source class reviewed.

Dual-Use Technology Provision

No public evidence has been identified of any New Look commercial technology, platform, or data asset being reported, confirmed, or credibly alleged to have been deployed for military targeting, intelligence collection, population surveillance, or law enforcement applications within Israel or the occupied Palestinian territories. New Look does not develop proprietary technology products; it is an end-user of commercially available enterprise software.

Offensive Cyber & Weapons Technology

No public evidence identified. New Look is not a cybersecurity vendor, software developer, or defence contractor. No offensive cyber capability development, zero-day exploit research, digital weapons development, or signals intelligence product development is attributable to New Look in any source class. The 2020 data breach ²³ and associated ICO enforcement action demonstrate that New Look was itself a victim of a cyber-intrusion (phishing-facilitated), not an offensive cyber actor.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State or Security Bodies

No public evidence has been identified of New Look providing artificial intelligence, machine learning, computer vision, or autonomous decision-support systems to any Israeli state body, military entity, or security service. New Look is an end-consumer of AI and ML tools, not a developer or provider of such systems ¹.

AI Applications in Commercial Use

New Look’s identified AI/ML deployments are confined to commercial retail optimisation:

• Demand forecasting and replenishment: The Blue Yonder partnership ¹ represents New Look’s most significant documented AI/ML deployment — algorithmic forecasting applied to stock management and automated replenishment across the supply chain. Blue Yonder is not an Israeli-origin company; its models operate on retail inventory data with no documented connection to state, security, or surveillance applications.
• Website personalisation: Salesforce Commerce Cloud’s built-in personalisation and recommendation engine ⁶ represents the other primary AI/ML touchpoint — applied to customer-facing product recommendations and merchandising. This is a standard commercial application.

Training Data & Autonomous Systems

No public evidence has been identified of New Look’s AI models or data assets being used to train systems applied to population surveillance, conflict-zone targeting, or intelligence collection. No autonomous systems, targeting technology, weaponised AI capability, or lethal-decision-support product is attributable to New Look in any source class. New Look holds no documented proprietary AI platform; it licences AI capability embedded within vendor platforms (Blue Yonder, Salesforce).

Technology Ecosystem & R&D Footprint

Israeli R&D Presence

No public evidence has been identified of New Look operating research and development facilities, engineering hubs, innovation labs, or technology accelerator programmes within Israel. New Look’s technology and digital functions are documented as based in the United Kingdom, primarily at its London digital offices and its Weymouth/Dorset head-office operations ¹². No Israeli engineering presence — whether wholly owned, joint venture, or accelerator-affiliated — appears in any Companies House filing, trade press source, or NGO database reviewed.

Acquisitions & Strategic Investments

No public evidence has been identified of New Look acquiring any Israeli-origin technology company or making strategic investments in Israeli technology startups, venture capital funds, or accelerator programmes. New Look’s capital structure context is relevant here: the company underwent a Company Voluntary Arrangement (CVA) in 2018 and a further balance-sheet restructuring in 2020 ¹²³. In this context, the company has operated as a capital-constrained retailer managing leverage rather than as a technology acquirer, and no technology acquisition of any kind — Israeli or otherwise — is documented in the available record.

Intellectual Property & Patent Activity

No public evidence has been identified of significant patent portfolios, joint development agreements, licensing arrangements, or co-development relationships between New Look and any Israeli-domiciled entity — whether a commercial company, research institution (Technion, Hebrew University, Weizmann Institute), or state body. New Look does not hold material proprietary technology intellectual property; its primary IP assets are brand, design, and trading goodwill rather than technology patents. European Patent Office database coverage in training data does not surface any New Look patent filings of relevance to this domain ¹.

Modern Slavery & Ethical Supply Chain Disclosure

New Look publishes an annual Modern Slavery and Human Trafficking Statement ⁷, which addresses supply chain labour conditions in garment manufacturing. This disclosure does not reference technology vendor relationships, supply chain surveillance technology, or Israeli operations. It is included here as a transparency data-point; its substantive content is outside V-DIG domain scope.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

No public evidence has been identified of any published NGO investigation, academic study, or UN Special Rapporteur report specifically addressing New Look’s technology relationships with the Israeli state, Israeli defence or security entities, or operations in the occupied Palestinian territories. New Look does not appear as a subject in the Who Profits Research Center’s corporate database ⁵ in relation to technology provision, nor in the BDS movement’s primary technology-complicity documentation ⁴. No Amnesty International, Human Rights Watch, or Business & Human Rights Resource Centre report reviewed in training data names New Look in connection with Israeli state technology relationships.

New Look has been the subject of NGO and media scrutiny on labour rights and supply chain grounds, principally relating to garment manufacturing conditions in Bangladesh and other sourcing countries. This scrutiny is outside V-DIG domain scope and is noted solely to distinguish it from the absence of technology-domain scrutiny.

Boycott, Divestment & Sanctions Campaigns

No public evidence has been identified of organised boycott, divestment, or sanctions campaigns against New Look specifically related to technology provision to Israeli state entities, military bodies, or operations in the occupied territories. Broad consumer-facing BDS and solidarity-campaign pressure has been directed at various UK fashion retailers (including ASOS, Primark, and others) from 2023 onward in the context of the Gaza conflict, primarily on sourcing and brand grounds. New Look is not prominently featured in these campaigns in any source reviewed ⁴, and the campaigns that do exist are not technology-domain BDS activity within V-DIG scope.

ICO Enforcement & Data Regulatory History

The Information Commissioner’s Office issued a Monetary Penalty Notice against New Look Retailers Ltd, dated 28 January 2022, in connection with a data security incident discovered in March 2020 ³. The breach arose from a phishing attack that compromised New Look’s e-commerce platform, exposing approximately 3.5 million customer records including payment card data. The ICO’s published enforcement notice ² identifies the legal basis (UK GDPR Article 5(1)(f) — integrity and confidentiality) and the penalty quantum of £1.35 million, subsequently reduced on appeal.

This enforcement action has no documented connection to Israeli technology vendors, Israeli state entities, or operations in the occupied territories. The ICO penalty notice does not name the specific cybersecurity or email-security vendor in place at the time of the phishing intrusion ³; whether any Israeli-origin endpoint or email-security product was involved cannot be determined from the published notice, and this constitutes a residual evidence gap (Research Memo item 7).

No other regulatory inquiries, export-control actions, sanctions investigations, or legal proceedings involving New Look’s technology sales, services, or relationships with Israeli state entities have been identified in any source class.

Summary of Regulatory Record Relevance to Domain

The ICO enforcement record ²³ establishes New Look as a company that experienced a significant data security failure in 2020 and was found by the regulator to have had inadequate technical and organisational security measures in place at the material time. This record is relevant to the audit as contextual evidence of the maturity and robustness of New Look’s information security function at that period; it is not evidence of Israeli technology involvement. No post-2022 regulatory action involving New Look’s technology environment has been identified.

End Notes