INDEX / DIRECTORY / SKODA / V-DIG

Skoda V-DIG

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-05-19
V-DIG Score 1.80 /10 D Skoda — BDS-1000 225
V-DIG 1.80

Evidence-only forensic audit. Scoring happens downstream — see the main dossier for the composite assessment.

V-DIG Audit — Škoda Auto

Audit Phase: V-DIG Audit Target Company: Škoda Auto a.s. (subsidiary of Volkswagen AG) Audit Date: 2026-05-01

Enterprise Technology Stack & Vendor Relationships

Confirmed Israeli-Origin Software & Services

Upstream Security (automotive cloud XDR — confirmed, ongoing): Škoda Auto entered a publicly announced multi-year strategic partnership with Upstream Security, an automotive cybersecurity firm founded in Israel and headquartered in Tel Aviv, for cloud-based connected-vehicle protection.123 The stated scope of the engagement covers ingestion and analysis of vehicle telematics data, mobile application data, and backend API traffic for anomaly detection and threat response. The partnership is also framed around compliance with UN ECE WP.29 Regulation 155, the international automotive cybersecurity standard.14 The Upstream platform operates via an agentless architecture, meaning vehicle telemetry is processed centrally at the fleet level rather than via per-vehicle endpoint agents,1 positioning Upstream as a critical node in Škoda’s connected-vehicle security infrastructure across its global fleet.2 Upstream has separately disclosed partnerships in the broader electric fleet market,5 illustrating the company’s trajectory in automotive-sector OEM engagements, though the Škoda relationship is confirmed independently.123

XM Cyber (attack path management — partially evidenced): Škoda Auto DigiLab Israel press materials reference XM Cyber — an Israeli attack path management firm co-founded by former Mossad director Tamir Pardo — in the context of DigiLab’s cybersecurity startup scouting programme.67 The DigiLab–XM Cyber association is publicly known. However, no standalone press release, published case study, or procurement record has been identified that independently confirms XM Cyber as an active, production-deployed enterprise security tool within Škoda Auto’s IT infrastructure. The relationship should be treated as evidenced at scouting/pilot level, not confirmed production deployment.

Check Point, Wiz, CyberArk, SentinelOne (not confirmed as Škoda vendors): The inter-vendor technology partnership announcements between these Israeli-origin or Israeli-linked firms8910 document integrations among themselves, not named Škoda Auto or Volkswagen AG customer deployments. No public procurement record, contract announcement, corporate filing, or case study has been identified naming Škoda Auto as a direct customer of any of these four vendors. Their citation elsewhere as Škoda vendors is not verifiable from the available evidence base.

Claroty (OT/ICS security — not confirmed at Škoda level): Claroty markets to the automotive OEM sector generically. No public record has been identified confirming a Claroty deployment specifically at Škoda Auto manufacturing plants, as distinct from Volkswagen Group entities broadly. No public evidence identified of a confirmed Škoda-specific Claroty deployment.

Procurement & Integrator Relationships

Adastra (data analytics platform): Škoda Auto is a confirmed Adastra client for analytics platform management and data transfer monitoring, as documented in a published Adastra case study.11 Adastra is a Czech-Slovak data and analytics consultancy. No evidence has been identified that this engagement involves Israeli-origin technology components, nor that Adastra has mandated such technology within the Škoda programme.

Publicis Sapient (not confirmed for Škoda): Publicis Sapient is active in automotive OEM digital transformation as a systems integrator1213 but no public record confirms a specific Škoda Auto engagement. No public evidence identified of a confirmed Publicis Sapient–Škoda contract.

Scale of Dependency

The Upstream Security integration is described by both parties as covering the full global connected-vehicle fleet — telematics servers, mobile applications, and backend APIs.12 This positions the Upstream relationship as a tier-one, cross-fleet cybersecurity dependency rather than a peripheral or geographically limited function. Upstream’s SaaS model means Škoda vehicle telemetry data flows through Upstream’s cloud platform on an ongoing basis.1

Surveillance, Biometrics & Retail Technology

In-Cabin Sensing & Biometric Monitoring — DigiLab Collaborations (2018–2019)

Škoda Auto DigiLab Israel engaged a cohort of Israeli startups focused on in-cabin sensing and physiological monitoring as part of its scouting and proof-of-concept programme. These were publicly confirmed in official Škoda Storyboard press releases.6714 None has been independently confirmed as reaching series-production integration in shipping Škoda vehicles:

The DigiLab programme was explicitly structured as a proof-of-concept and startup scouting operation. The absence of subsequent series-production announcements for any of the above across the Škoda model range means their in-cabin biometric sensing capabilities — which include inherent dual-use potential — have not been confirmed as deployed in commercially available vehicles.

Behavioural Analytics & Mobility Profiling

Anagog (edge AI / smartphone sensor fusion — confirmed investment, 2018–2019): Škoda Auto DigiLab Israel made a confirmed strategic investment in Anagog, an Israeli startup that constructs behavioural profiles of users from smartphone sensor data (accelerometers, gyroscopes, GPS) to enable urban mobility prediction.6714 The stated commercial application was the “Citymove” urban mobility and parking service. The investment amount was not publicly disclosed. Integration status following the DigiLab Israel liquidation process is unknown.

Retail Technology

Trigo (vision AI frictionless checkout): Referenced in the prior research memo as illustrative of Israeli retail AI capabilities but with no identified Škoda Auto engagement. No public evidence identified of any Škoda Auto engagement with Trigo.1516

AnyVision/Oosto, BriefCam, Trax: No public evidence identified of any Škoda Auto engagement with these vendors.

Workforce & Predictive Monitoring

No public evidence identified of Škoda Auto deploying Israeli-origin predictive policing, workforce surveillance, sentiment analysis, or social media monitoring tools, whether directly procured or delivered via managed service bundles.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence identified that Škoda Auto operates, leases, or co-locates data centre infrastructure within Israel. Škoda’s primary cloud infrastructure is associated with the broader Volkswagen Group’s partnerships with Microsoft Azure and AWS, with deployments centred in European data centre regions.

Project Nimbus

Project Nimbus is the Israeli government’s $1.2 billion sovereign cloud contract (awarded 2021) to Google Cloud and Amazon Web Services, requiring locally domiciled infrastructure in Israel and continuity of service for all government bodies including the Israeli Ministry of Defence and the IDF.1718192021 Google’s own blog confirmed the cloud services selection,21 and subsequent reporting — including an exclusive TIME investigation — documented the scope of the MoD contract.20 Worker opposition from both Google and Amazon employees was publicly documented.19

Regarding Škoda / VW Group participation: the inferential chain that links Champion Motors’ vehicle supply to the MoD (see Section 4) with Nimbus infrastructure is not supported by any verified contractual or operational relationship. No public evidence identified that Škoda Auto or Volkswagen AG is a participant, subcontractor, technology provider, or data-processing entity within Project Nimbus.

Data Sovereignty & Resilience Services

No public evidence identified that Škoda Auto provides services contracted or marketed to ensure digital sovereignty, data residency, or infrastructure resilience for Israeli state or military institutions.

VW Group Cloud Data Incident (for completeness)

A 2024 incident involving Cariad, Volkswagen AG’s automotive software subsidiary, resulted in the exposure of data from approximately 800,000 vehicles across VW Group brands (including Škoda) via a misconfigured AWS cloud storage instance.22 This was a data security and cloud hygiene incident. It is documented here for completeness; it is not a regulatory action related to Israeli technology relationships.

Defence, Intelligence & Security Sector Technology Relationships

Vehicle Supply to Israeli Security Sector

Champion Motors — police, border police, and MoD supply (ongoing hardware relationship): Champion Motors, the exclusive Israeli importer for Škoda and other VW Group brands, supplies vehicles to the Israel Police, Israel Border Police, and the Israeli Ministry of Defence. The Who Profits Research Center documents this relationship in its Volkswagen Group corporate entry,23 and Škoda’s own Storyboard materials depict Škoda vehicles in police livery internationally, including Israel.24 Who Profits’ occupation-industry worksheets further document VW Group’s presence across these accounts.2526 The relationship is described as ongoing. This is a hardware (vehicle) supply relationship mediated by an independent national importer, not a direct digital, IT services, or cybersecurity contract between Škoda Auto and Israeli security bodies.

Specific models documented: Škoda Octavia and Škoda Superb are documented as patrol and operational vehicles used by Israel Police and Border Police via Champion Motors.2324

MAN Truck & Bus (VW Group Subsidiary) — Riot Control Vehicles

Who Profits documents MAN Truck & Bus — a Volkswagen AG subsidiary — as supplying truck chassis that serve as the platform for armoured riot control vehicles deployed by the Israel Border Police and the YASAM special patrol unit. These vehicles are documented as configured for water cannon, tear gas dispersal, and “skunk” water deployment.2325 MAN is a Volkswagen Group entity; Škoda Auto is a separate subsidiary under the same parent. This finding is attributed to VW Group and is relevant to Škoda only insofar as both entities are consolidated under Volkswagen AG.

MAN Buses to Egged Group (Settlement Routes)

Who Profits further documents MAN buses supplied to the Egged Group, which operates bus lines connecting Israeli settlements in the occupied West Bank to Israeli population centres.2326 The same subsidiary/parent caveat applies.

Direct IT, Cybersecurity, or Intelligence Contracts

No public evidence identified of a direct IT services, cybersecurity, cloud, or analytics contract between Škoda Auto (the Czech manufacturer) and the Israeli MoD, IDF, or Israeli intelligence agencies.

Dual-Use Technology Considerations

The Upstream Security partnership involves centralised processing of Škoda vehicle telematics at fleet scale.12 Upstream’s research team has independently documented specific vulnerabilities in Škoda hardware — including the Superb III — and presented findings at automotive security conferences.27 The technology is civilian automotive in stated purpose. No public evidence has been identified of the Škoda–Upstream platform being deployed for military or intelligence surveillance by Israeli state actors.

The DigiLab-scouted in-cabin biometric technologies (Neteera, Guardian Optical, ContinUse Biometrics) carry inherent dual-use characteristics. No public evidence identified of any of these technologies being operationalised by Israeli state or military bodies via the Škoda relationship.

Offensive Cyber & Weapons Technology

No public evidence identified that Škoda Auto develops, sells, licenses, or maintains offensive cyber capabilities, zero-day exploit tools, or digital weapons systems.

AI, Algorithmic & Autonomous Systems

Autonomous Vehicle Joint Venture

“New Mobility in Israel” (VW Group / Mobileye / Champion Motors — announced 2018, launch unconfirmed): In 2018, Volkswagen Group, Mobileye (an Intel subsidiary providing Israeli-origin autonomous driving technology), and Champion Motors jointly announced a venture to deploy Israel’s first Level 4 autonomous ride-hailing service.2829 The structure allocated fleet operations and a central control centre to Champion Motors, the autonomous driving stack to Mobileye, and vehicle supply to VW Group. The Israeli government committed regulatory support and infrastructure data access.2829 The service was targeted for commercial launch in 2019; no public source confirms that the commercial launch occurred as planned, and current operational status is unconfirmed.

Škoda Auto is a VW Group subsidiary but was not named as the specific vehicle supplier in the venture’s public announcements. This finding is attributed primarily to VW Group.

AI Provision to State Bodies

No public evidence identified of Škoda Auto (as distinct from VW Group broadly) directly providing AI or ML systems to Israeli state, military, or security bodies.

Training Data & Model Development

No public evidence identified of Škoda’s AI or machine learning models being trained on civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the occupied territories.

Autonomous Systems & Lethality

No public evidence identified of Škoda Auto providing autonomous targeting, fire-control AI, kill-chain automation, or lethality-oriented autonomous systems to Israeli military or security forces.

Technology Ecosystem & R&D Footprint

Škoda Auto DigiLab Israel Ltd. — Establishment, Structure, and Liquidation

Establishment (2017): Škoda Auto DigiLab Israel Ltd. was established in 2017 as a joint venture between Škoda Auto DigiLab (the Czech parent innovation unit) and Champion Motors, physically located in Tel Aviv within the broader Volkswagen Group “Konnect” campus.303132 The stated mandate was scouting Israeli startups in big data, cybersecurity, automotive sensors, and electromobility.3031 The entity’s launch was described as part of VW Group’s broader Konnect / Tel Aviv campus initiative housing multiple brand DigiLab entities.33

Early scouting activity (2017–2018): The DigiLab rapidly onboarded an initial cohort of Israeli startups in cybersecurity and mobility: CytRx (cybersecurity), Nexar (dashcam AI), Modus-V (driver safety), and others were cited in early collaboration rounds.732 A second round in 2019 added Guardian Optical Technologies, Neteera, ContinUse Biometrics, and SaverOne.614

Liquidation (confirmed in VW AG 2022 and 2023 filings): Volkswagen AG’s annual financial statements for both 2022 and 2023 list “SKODA AUTO DigiLab Israel Ltd., in liquidation” as a subsidiary in wind-down.3435 The 2024 VW AG annual financial statements are publicly available36 but were not fully reviewed for final winding-up confirmation; the liquidation status as of that filing should be independently verified.

VW Group Campus Tel Aviv / Konnect: The broader VW Group campus in Tel Aviv housed multiple brand-level DigiLab entities.33 Current operational status of the Konnect campus following the DigiLab liquidation is not confirmed in reviewed sources.

Strategic Investments

Anagog (confirmed strategic investment, 2018–2019): Škoda Auto DigiLab Israel made a confirmed strategic equity investment in Anagog, an Israeli edge-AI firm building behavioural profiles from smartphone sensor fusion data for urban mobility applications.6714 The precise investment amount was not publicly disclosed.

Guardian Optical Technologies, Neteera, ContinUse Biometrics, SaverOne (collaboration agreements — equity status unconfirmed): These startups are documented as DigiLab collaboration and co-development partners.67 Whether Škoda made equity investments in any of these entities — as distinct from collaboration or proof-of-concept agreements — is not confirmed in reviewed public sources.

No full acquisitions of Israeli companies by Škoda Auto have been identified in reviewed sources.

Historical Context: VW Group and Israel

A 2024 peer-reviewed article in Business History (Taylor & Francis) documents Volkswagen AG’s historical management of the Arab League boycott between 1960 and 1977, and the appointment of Champion Motors as VW’s exclusive Israeli importer during that period.37 This is historical corporate context for the VW Group–Champion Motors relationship. The Allied Group / Gutwirth family history as Champion Motors’ parent is further documented in contemporaneous press.3839

Patent & IP Co-Development with Israeli Institutions

No public evidence identified of significant patent portfolios, formal licensing agreements, or co-development arrangements between Škoda Auto and Israeli-domiciled research institutions (Technion, Hebrew University, Weizmann Institute). The Weizmann Magazine source documents Allied Group / Gutwirth Foundation philanthropic ties to the Weizmann Institute40 but contains no reference to Škoda Auto IP arrangements.

Pointer Telocation & Ituran (fleet telematics — VW Group ecosystem context)

Pointer Telocation and Ituran Location & Control are Israeli-origin fleet telematics and vehicle tracking firms active in the VW Group vehicle ecosystem in Israel and regionally.41424344 No public record confirms either company as a direct Škoda Auto enterprise vendor outside of the general Israeli vehicle market context.

Civil Society Scrutiny & Regulatory History

NGO Documentation

Who Profits Research Center (ongoing): The Israeli NGO “Who Profits” maintains a corporate database documenting companies involved in Israel’s occupation infrastructure. The Volkswagen Group corporate entry23 documents the following findings relevant to Škoda:

Who Profits classifies the Volkswagen Group — under which Škoda operates as a subsidiary — within its “Israeli Occupation Industry” category.232526 The database is described as ongoing and current.

No dedicated NGO report specifically analysing Škoda Auto’s digital or technology relationships with Israeli state entities — as distinct from the hardware vehicle supply documented by Who Profits — has been identified in reviewed sources.

Boycott & Divestment Campaigns

Who Profits’ database is used as a reference resource by BDS (Boycott, Divestment, Sanctions) campaign organisations. Volkswagen Group, and Škoda specifically as the model supplier, appear in BDS-adjacent campaign materials in the context of police vehicle supply.23 No dedicated, organised boycott campaign specifically targeting Škoda Auto’s technology relationships (cybersecurity vendors, DigiLab, autonomous vehicle projects) has been identified in reviewed sources.

The VW Group’s historical navigation of the Arab League boycott and its resolution via continued Champion Motors engagement is documented in the academic record.37

Regulatory & Legal Actions

No public evidence identified of regulatory inquiries, export control actions, sanctions-related investigations, or legal challenges involving Škoda Auto’s technology sales or services to Israeli state entities.

GuardKnox (Israeli automotive cybersecurity — sector context): GuardKnox, an Israeli automotive cybersecurity firm that had operated in the VW Group ecosystem, sought court protection in 2024,45 illustrating instability in the Israeli automotive cybersecurity vendor landscape. No Škoda-specific GuardKnox engagement has been confirmed.

Cariad data exposure (2024): The Volkswagen Cariad subsidiary’s misconfiguration of AWS cloud storage exposed data from approximately 800,000 vehicles across VW Group brands including Škoda.22 This was a data security incident with no identified connection to Israeli technology relationships. It is noted for completeness as a VW Group-level data governance finding.

End Notes

Footnotes

  1. https://upstream.auto/press-releases/skoda-partners-with-upstream-to-strengthen-cyber-resilience-across-its-connected-vehicle-ecosystem/ 2 3 4 5 6 7

  2. https://www.scworld.com/brief/skoda-auto-partners-with-upstream-security-for-connected-vehicle-cybersecurity 2 3 4 5

  3. https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-883191 2

  4. https://www.skoda-storyboard.com/en/skoda-world/cybersecurity-for-cars-the-responsibility-of-manufacturers-and-drivers/

  5. https://upstream.auto/press-releases/upstream-security-and-volta-trucks-team-up-to-safeguard-the-future-of-electric-fleets/

  6. https://www.skoda-storyboard.com/en/press-releases/skoda-auto-digilab-israel-ltd-showcases-new-services-and-collaborates-with-more-start-ups/ 2 3 4 5 6 7 8 9 10

  7. https://www.skoda-storyboard.com/en/press-releases/skoda-auto-digilab-israel-ltd-starts-collaboration-with-israeli-start-ups/ 2 3 4 5 6 7 8 9

  8. https://www.checkpoint.com/press-releases/check-point-software-technologies-and-wiz-enter-strategic-partnership-to-deliver-end-to-end-cloud-security/

  9. https://www.cyberark.com/press/cyberark-and-sentinelone-team-up-to-enable-step-change-in-endpoint-and-identity-security/

  10. https://www.cyberark.com/press/cyberark-and-wiz-team-up-to-provide-complete-visibility-and-control-for-cloud-created-identities/

  11. https://adastracorp.com/success-stories/managing-and-monitoring-data-transfers-on-skodas-analytics-platform-with-adoki/

  12. https://www.publicissapient.com/insights/accelerating-generative-AI-experiences-for-automotive-customers

  13. https://www.publicissapient.com/insights/automotive-retail-transformation-starts-from-within

  14. https://www.calcalist.co.il/local/articles/0,7340,L-3739270,00.html 2 3 4

  15. https://www.viola-group.com/wp-content/uploads/2019/03/deep-dive-into-the-israeli-retail-tech-2019-c.original.pdf

  16. https://www.trigoretail.com/

  17. https://en.wikipedia.org/wiki/Project_Nimbus

  18. https://www.972mag.com/project-nimbus-contract-google-amazon-israel/

  19. https://www.theguardian.com/commentisfree/2021/oct/12/google-amazon-workers-condemn-project-nimbus-israeli-military-contract 2

  20. https://time.com/6966102/google-contract-israel-defense-ministry-gaza-war/ 2

  21. https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-selected-to-provide-cloud-services-to-the-state-of-israel 2

  22. https://www.bankinfosecurity.com/volkswagen-subsidiary-exposed-data-800000-cars-online-a-27174 2

  23. https://www.whoprofits.org/companies/company/7374 2 3 4 5 6 7 8 9 10 11

  24. https://www.skoda-storyboard.com/en/skoda-world/skoda-cars-in-police-livery/ 2 3

  25. https://www.whoprofits.org/companies/excel?Presence=61&Type=Table&page=2 2 3 4

  26. https://www.whoprofits.org/companies/excel?Text=West%20Bank&Type=Table 2 3 4

  27. https://sos.asrg.io/sos-2023/

  28. https://en.globes.co.il/en/article-vw-mobileye-champion-motors-plan-israeli-autonomous-vehicle-service-1001258595 2

  29. https://nocamels.com/2018/10/volkwagen-mobileye-israel-autonomous/ 2

  30. https://www.skoda-storyboard.com/en/press-releases/skoda-auto-digilab-champion-motors-establish-joint-venture-israel/ 2

  31. https://www.skoda-storyboard.com/en/skoda-world/innovation-and-technology/skoda-launches-its-start-up-story-in-israel/ 2

  32. https://www.skoda-storyboard.com/en/press-releases/skoda-auto-digilab-enters-innovation-partnership-israel/ 2

  33. https://www.automotive-iq.com/autonomous-drive/articles/list-of-carmaker-rd-centers-in-israel 2

  34. https://uploads.vw-mms.de/system/production/documents/cws/001/645/file_en/fc6bdd9685c37f2a6110b19c43cb1db3d136deba/Annual_Financial_Statements_of_Volkswagen_AG_as_of_December_31_2022.pdf

  35. https://uploads.vw-mms.de/system/production/files/cws/040/258/file/1922d3dae2f2b8b03f0482dd134f3ca0f6de59f8/Annual_Financial_Statements_of_Volkswagen_AG_as_of_December_31_2023.pdf

  36. https://uploads.vw-mms.de/system/production/documents/cws/002/935/file_en/e6b8c7125561b9e53e1ea68e0c59952742af0d19/Annual_Financial_Statements_of_Volkswagen_AG_as_of_December_31_2024.pdf

  37. https://www.tandfonline.com/doi/full/10.1080/00076791.2024.2340622 2

  38. https://www.jpost.com/opinion/article-828516

  39. https://en.globes.co.il/en/article-allied-group-buys-51-autodeal-stake-for-nis-100m-1001303803

  40. https://ecwis.org/wp-content/uploads/2024/09/Weizmann-Magazine-Summer-2024-B.pdf

  41. https://mayafiles.tase.co.il/rpdf/1153001-1154000/P1153863-00.pdf

  42. https://mayafiles.tase.co.il/RPdf/435001-436000/P435498-00.pdf

  43. https://www.sec.gov/Archives/edgar/data/1337117/000117891325001365/zk2533014.htm

  44. https://www.sec.gov/Archives/edgar/data/920532/000114420417022493/v460831_20f.htm

  45. https://en.globes.co.il/en/article-car-cybersecurity-co-guardknox-seeks-court-protection-1001500872