V-DIG Domain Audit: Subaru Corporation (TYO: 7270)

Audit Phase: V-DIG Audit Date: 2026-05-01 Target Entity: Subaru Corporation (富士重工業株式会社), Tokyo Stock Exchange: 7270

Enterprise Technology Stack & Vendor Relationships

Connected Vehicle & Telematics Infrastructure

Subaru’s primary consumer-facing connected technology is the STARLINK Connected Services platform, operated principally through Subaru of America’s infrastructure¹. Amazon Web Services has been publicly cited as a cloud partner for Subaru’s connected vehicle data pipelines², situating Subaru within AWS’s automotive industry ecosystem. AWS is a US-origin platform; no Israeli-origin cloud layer has been identified within Subaru’s STARLINK architecture in any public disclosure reviewed for this audit.

Subaru was publicly identified as an early participant in the BlackBerry IVY connected vehicle intelligence platform³ — a Canadian-origin product jointly developed by BlackBerry and Amazon Web Services. No Israeli-origin component within this arrangement has been identified in public documentation. The BlackBerry IVY integration represents Subaru’s most prominent publicly confirmed third-party connected vehicle data dependency, and its technology lineage is Canadian and American.

Israeli-Origin Cybersecurity & Enterprise Software Vendors

A systematic review of public customer reference lists and named partnership disclosures for the principal Israeli-origin or Israeli-founded enterprise technology vendors active in the automotive sector was conducted. The following findings apply:

• Check Point Software Technologies: Check Point’s published customer and partner disclosures⁴ do not include Subaru Corporation as a named reference. No positive evidence of a licensing, subscription, or integration relationship has been identified.
• CyberArk Software: CyberArk’s public customer reference materials do not list Subaru as a named client. No privileged-access management or identity security contract between CyberArk and Subaru has been identified in public records⁵.
• SentinelOne: SentinelOne’s public automotive sector customer disclosures do not name Subaru⁶. No endpoint detection and response contract has been identified.
• Wiz: Wiz’s published customer announcements do not include Subaru⁷. No cloud security posture management relationship has been identified.
• NICE Systems: NICE’s published enterprise client disclosures do not list Subaru⁸. No workforce engagement, analytics, or contact-centre platform relationship has been identified.
• Verint Systems: Verint’s annual report on Form 20-F and associated customer disclosures⁹ do not name Subaru as a client. No intelligence-driven customer engagement or surveillance analytics relationship has been identified.
• Palo Alto Networks (Israeli-founded, US-headquartered): Palo Alto Networks’ public automotive customer reference materials¹⁰ do not name Subaru. No network security platform relationship has been identified.

The absence of a named customer reference is not equivalent to confirmed absence of a commercial relationship. However, no positive evidence supporting any such relationship has been located across the source classes reviewed.

Evidence Gap: Internal IT Vendor Stack

Subaru does not publish a comprehensive vendor list for enterprise IT, endpoint security, or network security infrastructure. It is therefore not possible to confirm or exclude the use of Israeli-origin cybersecurity products within Subaru’s internal corporate network without access to procurement records or non-public disclosures. This constitutes the most significant evidentiary gap in this section.

Dealership-Level Procurement

Subaru’s approximately 3,700 North American dealerships retain independent procurement authority for operational technology, surveillance, analytics, and workforce monitoring tools. No aggregated public record of dealership-level technology procurement exists; Israeli-origin tools could be present at this tier without appearing in corporate-level disclosures reviewed for this audit.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometric Surveillance

No public evidence identified. Subaru is an automotive original equipment manufacturer (OEM), not a retail operator. No deployment of Israeli-origin facial recognition or biometric technology — including AnyVision/Oosto¹¹, BriefCam¹², Trigo, or comparable platforms — has been identified in any Subaru manufacturing facility, corporate campus, or dealership context in public records, investigative reporting, or NGO databases reviewed for this audit.

Predictive Analytics & Workforce Monitoring

No public evidence identified. NICE and Verint are the primary Israeli-origin vendors active in enterprise workforce analytics and contact-centre intelligence. Neither vendor’s public customer disclosures⁸⁹ list Subaru in any capacity relevant to workforce surveillance, call recording, or operational monitoring.

Third-Party Managed Services

No public evidence identified. No managed security service provider, systems integrator, or bundled enterprise suite deployed to Subaru has been identified in public records as carrying an Israeli-origin biometric, surveillance, or analytics component.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Geographic Footprint

Subaru’s disclosed data centre and IT infrastructure footprint is concentrated in Japan (domestic manufacturing and corporate operations) and the United States (North American vehicle operations and STARLINK services)¹³⁵. No Israeli co-location arrangement, data centre lease, or cloud node presence has been identified in corporate annual reports, integrated reports, or sustainability disclosures reviewed¹³¹⁵.

Project Nimbus & Israeli Sovereign Cloud

No public evidence identified. Project Nimbus is a multi-billion-dollar Israeli government cloud infrastructure contract awarded to Amazon Web Services and Google Cloud. While Subaru has a publicly documented relationship with AWS for connected vehicle data pipelines², no evidence identifies Subaru as a sub-contractor, named tenant, participant, or beneficiary of the Project Nimbus contract or any comparable Israeli state-backed cloud programme. Subaru is an automotive OEM with no identified role as a cloud infrastructure provider or government cloud participant.

Data Sovereignty & Infrastructure Resilience Services

No public evidence identified. Subaru does not operate as a cloud or infrastructure service provider. No contract or arrangement under which Subaru provides data sovereignty, infrastructure resilience, or continuity-of-operations services to Israeli state institutions or Israeli military bodies has been identified in any source class reviewed.

Defence, Intelligence & Security Sector Technology Relationships

Historical Defence Context (Domestic Japan Only)

Subaru Corporation’s predecessor entity, Fuji Heavy Industries, maintained a Japanese domestic defence relationship through its aerospace division, producing military trainer aircraft — including variants of the T-7 — for the Japan Air Self-Defense Force¹³. This activity is domestic to Japan and falls outside the scope of Israeli defence sector relationships. It is noted here for completeness and to contextualise the corporate structure accurately.

Israeli Defence, Intelligence & Law Enforcement Relationships

No public evidence identified. No contract, partnership, licensing arrangement, or service agreement between Subaru Corporation and the Israeli Ministry of Defence, Israel Defense Forces, Shin Bet, Mossad, Israel Police, or affiliated procurement agencies has been identified in corporate filings, investigative reporting, NGO databases, or official procurement records reviewed for this audit.

Dual-Use Technology Provision

No public evidence identified. No instance of Subaru commercial technology — including STARLINK telematics, EyeSight driver assistance systems, or enterprise software — being deployed for Israeli military, intelligence, or law enforcement surveillance applications has been identified in public reporting, NGO investigations, or official sources¹⁴¹⁵.

Offensive Cyber Capabilities

No public evidence identified. Subaru does not develop, sell, or license offensive cyber capabilities or digital weapons systems. Export control records reviewed¹⁶ and NGO databases including BDS National Committee¹⁷ and Who Profits¹⁴ contain no relevant findings implicating Subaru in offensive cyber or weapons technology provision to Israeli state entities.

AI, Algorithmic & Autonomous Systems

Proprietary AI & Driver Assistance Systems

Subaru’s primary AI and machine learning activity is concentrated in automotive applications. The EyeSight Driver Assist Technology system — Subaru’s flagship active safety platform — is a proprietary stereoscopic camera-based system developed entirely in-house in Japan¹³¹. EyeSight performs real-time object recognition, lane-keeping, pre-collision braking, and adaptive cruise control functions using Subaru-developed algorithms running on Subaru-specified hardware. No Israeli-origin AI component, model, or dataset contribution has been identified within EyeSight’s architecture in public disclosures.

AI/ML Provision to State Bodies

No public evidence identified. No provision of AI or machine learning systems — whether for predictive policing, population monitoring, targeting assistance, or border control — to Israeli state, military, or security bodies has been identified. Subaru’s AI development roadmap as disclosed in annual and integrated reports¹³¹ is exclusively oriented toward civilian road vehicle applications.

Training Data Provenance

No public evidence identified. No public report identifies Subaru AI models as trained on datasets derived from civilian population surveillance, intercepted communications, or other data collected in Israel or occupied territories. NHTSA filings relevant to Subaru’s autonomous and semi-autonomous vehicle development¹⁸ contain no relevant findings.

Autonomous Systems & Dual-Use Risk

No public evidence identified. Subaru’s autonomous and semi-autonomous driving systems are purpose-built for civilian passenger vehicles operating on public roads. No identified military application in Israel or elsewhere has been identified in corporate technical disclosures, defence procurement databases, or METI export control records¹⁶.

Telematics & OTA Vendor Gap

The specific software vendors providing over-the-air update management, vehicle security operations centre services, or telematics cybersecurity for the STARLINK platform are not publicly disclosed by Subaru¹¹⁹. Israeli-founded firms including Upstream Security are active in this market segment²⁰, and Upstream’s published threat intelligence is widely cited in automotive cybersecurity literature. However, no named commercial relationship between Upstream Security and Subaru has been identified in any public source.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres & Innovation Labs

No public evidence identified. Subaru does not appear in the Israel Innovation Authority’s registry of foreign R&D centres²¹. No Subaru engineering office, innovation laboratory, accelerator programme, or scouting office in Israel has been identified in corporate disclosures¹³¹, Israeli technology press, or startup ecosystem records reviewed for this audit.

Acquisitions of Israeli-Origin Technology Companies

No public evidence identified. Subaru’s acquisition and investment activity in the 2020–2025 period has focused on domestic Japanese technology partnerships and incremental investments in connected and autonomous vehicle technology relevant to its core automotive business. No acquisition of an Israeli-origin technology company and no strategic investment in an Israeli startup or Israeli venture fund has been identified in Crunchbase records²², corporate IR disclosures¹³¹, or Israeli financial press.

Academic & Research Institution Partnerships

No public evidence identified. No co-development arrangement, sponsored research agreement, or intellectual property licensing relationship between Subaru and Israeli academic or research institutions — including the Technion–Israel Institute of Technology²³, Hebrew University / Yissum technology transfer office²⁴, or the Weizmann Institute of Science — has been identified in patent literature, corporate disclosures, or institutional announcements.

Patent & Intellectual Property

No public evidence identified. Review of J-PlatPat⁸ and general patent literature does not surface co-inventors, co-assignees, or licensing arrangements linking Subaru patent filings to Israeli-domiciled entities or the aforementioned Israeli research institutions. Subaru’s patent activity reviewed through J-PlatPat reflects a concentrated domestic Japanese R&D footprint in drivetrain, ADAS, and vehicle dynamics domains.

Corporate Venture Capital & Private Investment

Subaru’s corporate venture activity is not fully disclosed in English-language sources, and undisclosed minority investments in Israeli startups cannot be ruled out from available evidence alone. No public evidence of such investments has been identified in Crunchbase²², Israeli startup media, or Subaru’s published IR materials¹³¹.

Supply Chain: Tier-2 and Tier-3 Israeli IP

A structural evidence gap exists at the sub-supplier level. Subaru’s automotive components supply chain — encompassing semiconductors, infotainment modules, and ADAS hardware from Tier-1 suppliers — may incorporate Israeli-origin intellectual property or software at sub-supplier level. The most prominent example of this market dynamic is Mobileye (Intel subsidiary, Jerusalem) supplying ADAS processing chips to Tier-1 automotive suppliers who then integrate them into systems sold to OEMs including Subaru. No Subaru-specific public disclosure confirms or denies the presence of Mobileye or comparable Israeli-origin semiconductor IP in Subaru’s supply chain. Japan Automobile Manufacturers Association supply chain disclosure guidelines¹⁵ do not require public disclosure at sub-supplier level sufficient to resolve this gap.

Civil Society Scrutiny & Regulatory History

NGO Investigations & Published Reports

No public evidence identified. The BDS National Committee campaign registry¹⁷, Who Profits Research Center database¹⁴, Amnesty International Technology and Human Rights unit report index¹⁵, and the OHCHR Business and Human Rights database²⁵ contain no published investigations, corporate profiles, or adverse findings specifically addressing Subaru Corporation’s technology relationships with the Israeli state, Israeli military, or operations in Israeli-occupied territories as of the training-data cutoff for this audit.

Boycott & Divestment Campaigns

No public evidence identified. Subaru has not been identified as a named target of organised BDS campaigns specifically related to technology provision to Israel or to commercial activity in Israeli-occupied territories. Source classes reviewed include the BDS National Committee campaign registry¹⁷, StopTheWall, the American Friends Service Committee (AFSC) Investigate database, and Palestinian civil society organisational statements.

Regulatory & Export Control Actions

No public evidence identified. No regulatory inquiry, legal challenge, export control enforcement action, or sanctions-related investigation involving Subaru’s technology sales or services to Israeli state entities has been identified in the source classes reviewed. These include METI export control records and dual-use technology licensing records¹⁶, US Commerce Department Bureau of Industry and Security Entity List and enforcement actions, EU dual-use export control registers, and Israeli procurement watchdog publications.

Data Privacy Regulatory Context

Subaru of America’s privacy policy and data sharing disclosures¹⁹ address the collection, processing, and sharing of connected vehicle data under US state privacy law frameworks (including the California Consumer Privacy Act). No enforcement action specifically concerning Subaru’s vehicle data practices in the context of Israeli state access, cross-border data transfer to Israel, or surveillance-relevant data sharing with Israeli entities has been identified in regulatory records reviewed for this audit. Nikkei Asia reporting on Japanese automakers and data sovereignty in connected vehicles⁴ addresses the general policy environment but does not cite Subaru-specific regulatory findings in an Israeli context.

End Notes