INDEX / DIRECTORY / OVO ENERGY / V-DIG

OVO Energy V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-18
V-DIG Score 0.00 /10 E OVO Energy — BDS-1000 46
V-DIG 0.00

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

OVO Energy — V-DIG Audit

Audit Scope

This audit is limited to the evidence contained in the supplied research memo and its cited public sources. It does not rely on new research, non-public records, or inferred vendor relationships beyond what the memo explicitly supports.

Executive Summary

Publicly available materials reviewed in the memo show that OVO Energy has a substantial digital and cloud-enabled operating environment, with named relationships spanning Google Cloud, Oracle Cloud/OCI, Salesforce, Aiven, Infosys, Noetic Cyber, WireMock, Workday/OneSource Virtual, Centrical, and consulting support from Stott and May.123456789 The clearest current AI-related disclosure is OVO’s January 2026 announcement of a collaboration with Google Cloud to use Gemini and related AI capabilities for customer experience, energy-use support, and proactive identification/support of vulnerable customers, with OVO stating that the work is underpinned by Kaluza’s Energy Intelligence platform.1

The reviewed evidence also supports that OVO uses cloud and data infrastructure in operationally important functions, including digital switching, customer service migration, smart-meter data processing, and multi-cloud data pipelines.21034 OVO’s FY2024 annual report further indicates active internal security governance, including third-party security due diligence, creation of an attack surface management team, and materially reduced mean time to resolve critical and high cloud security defects during 2024.11

For the Israel/occupied territories-specific lines of inquiry covered by the memo, the evidence base is predominantly negative: no public evidence identified of Israeli-domiciled subsidiaries, Israeli data-centre operations, participation in Project Nimbus, contracts with Israeli state, military, or intelligence bodies, biometric/facial-recognition deployments, Israeli R&D centres, Israel-linked patent relationships, or civil-society campaigns specifically focused on OVO’s technology relationships with Israel/occupied territories.11121314 The memo also found no public evidence identified in the reviewed sources that OVO uses the specifically named Israeli-origin software/services listed in the brief, including Check Point, Wiz, SentinelOne, CyberArk, NICE, Verint, Claroty, or Palo Alto Networks.123451112136789

1. Company Profile and Digital Context

OVO presents itself publicly as a UK-based energy technology company, and its parent annual report lists the registered office in Bristol, UK.1214 OVO’s corporate site also states that, across its retail brands, it serves more than 4 million customers with digital energy services, and describes Kaluza as its intelligent grid technology company.14

That public positioning is consistent with the reviewed technology case studies, which depict OVO as operating customer-facing digital platforms, cloud-based switching systems, data-intensive smart-meter architecture, and software-enabled service operations rather than as a conventional non-digital utility alone.210347

Enterprise Technology Stack & Vendor Relationships

Publicly identified technology and service providers

OVO publicly announced a collaboration with Google Cloud on 28 January 2026 to use Google Cloud AI capabilities, including Gemini models, to redesign customer energy experiences, improve understanding of energy use, and identify/support vulnerable customers through signals such as financial hardship, usage changes, and personal needs.1 The same announcement states that this work is underpinned by Kaluza’s Energy Intelligence platform.1

Infosys publicly states that OVO used Oracle Cloud in a digital switching programme and identifies Oracle CX Cloud, Oracle Integration Cloud, Autonomous Transaction Processing Database, OCI Gen2 Services, and Oracle Cloud Infrastructure Services as components of that stack.2 Infosys also describes itself as OVO’s “strategic technology partner” for that programme.2

A Potens case study states that OVO selected Google BigQuery for data architecture, processing, and storage, and that OVO was receiving more than 40 million smart-meter readings per day at the time of the case study.10 An Aiven case study further states that OVO operates a multi-cloud architecture, with data processed in pipelines in one public cloud and later analysed in another cloud, and that Aiven’s Kafka services bridge those environments.3

Desynit states that in 2023 OVO partnered with it to complete migration of SSE-acquired customers onto OVO’s Salesforce platform, with references to Service Cloud and Knowledge Base.4 WireMock states that OVO adopted WireMock Cloud as a managed service for development/testing of customer journeys and simulation of third-party APIs.7

OneSource Virtual states that OVO selected it for AP automation and that OSV had previously deployed OVO’s Workday financial solution in 2016.8 Centrical states that OVO selected its platform to support employee engagement and enablement for Zero Carbon Living Advisors in customer care.6 Stott and May Consulting also presents an OVO case study concerning IT service management gap analysis and consulting support.9

Security governance and third-party risk posture

OVO’s FY2024 annual report states that the company maintained a “robust approach to security due diligence and contracting measures” for third-party security.11 The same report states that OVO created a new attack surface management team and reduced mean time to resolve critical cloud security defects by 89% and high cloud security defects by 63% in 2024.11

Israeli-origin vendor review outcome

Across the reviewed OVO corporate materials, annual reports, privacy policy, partner case studies, and related public materials cited in the memo, no public evidence identified that OVO uses the specifically named Israeli-origin software/services listed in the brief, including Check Point, Wiz, SentinelOne, CyberArk, NICE, Verint, Claroty, or Palo Alto Networks.123451112136789 The publicly verifiable named vendors identified in the reviewed material were instead Google Cloud, Oracle/OCI, Salesforce, Aiven, Noetic Cyber, WireMock, Workday/OneSource Virtual, Centrical, Infosys, and Stott and May Consulting.123456789

Dependency and criticality observations

The reviewed public materials support that Google Cloud/BigQuery, Oracle Cloud, Salesforce, and multi-cloud data infrastructure are used in customer, switching, and data-processing workflows that appear material to OVO’s operations.121034 However, the sources reviewed in the memo do not disclose spend levels, seat counts, contract values, software bills of materials, or exact criticality tiers for any vendor, and therefore do not support precise dependency mapping at the procurement or architectural level.12341113

Surveillance, Biometrics & Retail Technology

The memo found no public evidence identified in reviewed corporate materials, annual reports, privacy materials, case studies, or related public sources that OVO uses facial recognition, biometric identification, gait analysis, or named Israeli-origin retail/computer-vision systems such as Trigo, BriefCam, AnyVision/Oosto, or Trax.11121314

The strongest public evidence of predictive or monitoring-related analytics is OVO’s January 2026 Google Cloud announcement, which states that AI will be used to identify and support vulnerable customers by detecting signs of financial hardship, changes in energy usage, and personal needs.1 The reviewed source base does not connect that activity to Israeli-origin technology, policing/surveillance products, or workforce surveillance tools.1

Centrical’s case study relates to employee engagement and enablement for customer-care advisors, but the memo does not treat it as evidence of behavioural surveillance tooling or Israeli-origin monitoring systems.6 More broadly, the memo found no public evidence identified that facial recognition, biometrics, sentiment analysis, social-media monitoring, or Israeli-origin surveillance tools reach OVO indirectly through the reviewed third-party providers or managed security partners.51113678

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

The reviewed evidence supports that OVO has meaningful public-cloud adoption across several functions: Google Cloud AI collaboration, Oracle Cloud/OCI in switching operations, Google BigQuery for smart-meter data architecture, and Aiven services spanning a multi-cloud environment.12103

OVO’s 2023 parent annual report lists subsidiaries and registered offices in the UK, Spain, Germany, Guernsey, and Australia among the reviewed entities, and the memo reports that no Israel-domiciled subsidiary or office was identified in the reviewed annual-report listings.12 The memo also found no public evidence identified that OVO operates, leases, or colocates data-centre infrastructure in Israel in the reviewed annual reports, corporate materials, or partner announcements.111214

For sovereign cloud and state-backed programmes, the memo found no public evidence identified that OVO participates in Project Nimbus or any comparable Israeli state-backed cloud programme.1111214 Likewise, the reviewed source set did not identify public evidence of OVO providing data-sovereignty or resilience services to Israeli state institutions or military bodies.111214

Defence, Intelligence & Security Sector Technology Relationships

Noetic Cyber announced in June 2022 that OVO selected its platform to deliver visibility into cybersecurity posture and cyber risk across the organisation.5 On the evidence in the memo, that announcement concerns enterprise cyber asset/control management and readiness rather than defence-sector service provision.5

OVO’s FY2024 annual report references enhanced attack detection on core infrastructure, third-party security due diligence, email security improvements, and Smart Energy Code audit compliance.11 However, the reviewed materials do not identify Israeli defence, intelligence, or state-security customers, contracts, or programmes involving OVO.5111214

The memo found no public evidence identified of military or intelligence contracts with Israeli state bodies, dual-use technology provision into Israel or occupied territories, or offensive cyber/weapons-related technology development by OVO.15111214

AI, Algorithmic & Autonomous Systems

OVO’s January 2026 Google Cloud announcement is the clearest public evidence of current AI activity in the reviewed record.1 According to that announcement, OVO intends to use Google Cloud AI and Gemini for customer support, improved understanding of energy use, and proactive support for vulnerable customers.1

OVO’s corporate site states that Kaluza is its intelligent grid technology company, and OVO describes itself as serving over 4 million customers with digital energy services across its retail brands.14 The memo notes broader public technology activity around EV/grid software via Kaluza and UK innovation programmes, but the reviewed sources do not connect those systems to Israeli state, military, or security-body procurement.114

For higher-risk AI categories, the memo found no public evidence identified that OVO provides AI/ML to Israeli state bodies, uses training data or model-development inputs derived from Israeli civilian surveillance or intercepted communications, or operates autonomous systems connected to lethality or military applications.111121314

Technology Ecosystem & R&D Footprint

The reviewed materials position OVO as a UK-based energy technology group with a corporate base in Bristol and no Israel-domiciled entity identified in the reviewed subsidiary listings.1214 OVO’s public site describes Kaluza as its intelligent grid technology company, but the reviewed sources do not disclose Israeli R&D centres, accelerators, or innovation hubs.14

The memo found no public evidence identified of acquisitions or investments by OVO in Israeli-origin technology companies, startups, or funds in the reviewed annual reports and corporate materials.111214 It also found no public evidence identified of patent or intellectual-property relationships with Israeli-domiciled entities or institutions such as Technion, Hebrew University, or the Weizmann Institute in the reviewed material.111214

Civil Society Scrutiny & Regulatory History

The memo found no public evidence identified of NGO or academic reports specifically addressing OVO’s technology relationships with the Israeli state or operations in occupied territories.111214 It likewise found no public evidence identified of boycott or divestment campaigns specifically tied to OVO’s technology provision involving Israel/occupied territories.111214

The reviewed corporate filings, annual reports, and public-source set also yielded no public evidence identified of regulatory or legal actions involving OVO’s technology sales or services to Israeli state entities.111214 Separately, the reviewed OVO materials do show ordinary compliance and governance disclosures around information security, Smart Energy Code audits, and supplier/data-processor handling, but not Israel-related regulatory or legal matters.1113

9. Evidence Gaps and Audit Limitations

The memo states that publicly available sources reviewed do not disclose a full vendor-of-record list, software bill of materials, MSSP roster, or procurement ledger for OVO.1113 That materially limits the ability to verify whether Israeli-origin security or software products are present below the level of public announcement or case-study disclosure.1113

The reviewed sources also do not provide contract values, licence counts, or architecture diagrams sufficient to measure exact dependency depth for the cloud and security vendors that are publicly named.12345 In the same vein, no public procurement records were identified in the memo showing OVO buying Israeli-origin enterprise software directly, and no reviewed integrator materials state that Israeli-origin products were mandated into OVO programmes.2489

For the Israel/OPT-specific questions covered by this audit—including state contracts, occupied-territory operations, Project Nimbus, defence/intelligence links, biometric surveillance, Israeli R&D, patent co-development, and boycott/regulatory history—the memo’s conclusion is consistently that no public evidence was identified from the source classes reviewed: OVO corporate materials, annual reports, privacy/security disclosures, vendor case studies, PR/news databases, and related public-source searches referenced in the memo.1511121314

Current Public-Evidence Position

Based on the supplied memo alone, the public record supports a picture of OVO Energy as a digitally intensive, cloud-enabled energy company with named relationships across mainstream enterprise and cloud vendors, including Google Cloud, Oracle/OCI, Salesforce, Aiven, Infosys, Noetic Cyber, WireMock, Workday/OneSource Virtual, and Centrical.12345678 The same record does not publicly substantiate Israel-linked technology, sovereign cloud, defence/intelligence, biometric surveillance, or Israeli R&D relationships of the kinds examined in this V-DIG Audit.11121314

End Notes

Footnotes

  1. https://company.ovo.com/ovo-will-collaborate-with-google-cloud-to-use-ai-to-redesign-the-energy-experience-for-customers/ 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

  2. https://www.infosys.com/services/oracle/case-studies/digital-switching-service-platform.html 2 3 4 5 6 7 8 9 10 11 12 13 14

  3. https://aiven.io/case-studies/aiven-for-apache-kafka-helps-ovo 2 3 4 5 6 7 8 9 10 11 12

  4. https://www.desynit.com/case-study/salesforce-expertise-for-innovative-energy-and-utilities-giants-ovo-energy/ 2 3 4 5 6 7 8 9 10 11 12

  5. https://www.prnewswire.com/news-releases/ovo-energy-partners-with-noetic-cyber-to-deliver-critical-insights-into-cybersecurity-posture-and-readiness-across-the-organization-301561335.html 2 3 4 5 6 7 8 9 10 11 12

  6. https://centrical.com/case-studies/ovo-energy-boosts-engagement-with-zero-carbon-living-advisors/ 2 3 4 5 6 7 8

  7. https://www.wiremock.io/case-study/ovo 2 3 4 5 6 7 8

  8. https://21689811.fs1.hubspotusercontent-na1.net/hubfs/21689811/OSV_2022/Images/Case-Studies/PDF/case_study_ovo_energy_v1.0.pdf 2 3 4 5 6 7 8

  9. https://consulting.stottandmay.com/ovo-energy-case-study 2 3 4 5 6

  10. https://www.potens.io/wp-content/uploads/2019/04/Potens_OVO_Case-Study_3.5.19.pdf 2 3 4 5

  11. https://company.ovo.com/wp-content/uploads/2025/09/OVO-ANNUAL-REPORT-FY24-FINAL-SEPT-2025.pdf 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

  12. https://company.ovo.com/wp-content/uploads/2024/09/OVO-Report.pdf 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  13. https://www.ovoenergy.com/privacy-policy 2 3 4 5 6 7 8 9 10 11 12

  14. https://company.ovo.com/ 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21