Digital Audit: Lloyds Banking Group plc

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Lloyds Banking Group plc (LSE: LLOY) Registered Address: 25 Gresham Street, London EC2V 7HN, United Kingdom Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor and corporate press releases, trade and technology press, NGO research, and regulatory/biometric-policy reporting. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Lloyds procuring technology from Israeli-origin vendors - is a customer relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: an Israeli vendor’s other clients, its founders’ military backgrounds, or a parent group’s separate activities are not attributed to Lloyds. US-entity relationships (e.g. Microsoft, Google, Oracle, Broadcom, IBM) are not Israeli-origin and are noted only for completeness. Cyberattacks or breaches suffered by Lloyds are recorded as incidents done to the company, not as provision.

Enterprise Technology Stack & Vendor Relationships

Strategic Technology Partnerships (Direction: Lloyds as customer)

Lloyds Banking Group’s principal disclosed enterprise technology relationships are with US-headquartered hyperscalers and infrastructure vendors, contracted as part of a multi-year transformation programme reported at £4 billion ($5.2bn).¹

• Microsoft - In January 2020, Lloyds and Microsoft announced a partnership tied to Lloyds’ £3 billion technology commitment, covering Microsoft Managed Desktop, Office 365, Windows 10, and Microsoft Azure. Jen Tippin (then Group People and Productivity Director), John Chambers (then Group Chief Information Officer), and Cindy Rose (then CEO, Microsoft UK) were quoted on the announcement.² Microsoft is a US-incorporated entity; this is not an Israeli-origin vendor relationship and is recorded for completeness only.
• Google Cloud - In March 2020, Google Cloud announced a five-year strategic collaboration with Lloyds.³ Lloyds is the customer; Google is a US-incorporated entity.
• Oracle - In March 2025, at Oracle CloudWorld Tour London, Lloyds announced an expanded multi-year agreement to adopt Oracle Database@Azure and Oracle Exadata Cloud@Customer, migrating Oracle databases to run on Oracle Cloud Infrastructure inside Microsoft Azure data centres, with some databases operated in Lloyds’ own data centres.¹⁴
• Broadcom - In September 2025, Lloyds announced an extended strategic partnership with Broadcom, deepening use of Broadcom’s infrastructure software portfolio including VMware Cloud Foundation and mainframe solutions to support data-centre consolidation.⁵ Broadcom is a US-incorporated entity.
• IBM - In 2017, Lloyds signed a ten-year IT outsourcing deal with IBM reported at £1.3 billion, transferring around 1,900 staff and outsourcing approximately 2,000 of the bank’s 3,200 applications across Windows, Unix, Linux, and IBM i-Series platforms, with datacentre operations including sites at Copley (West Yorkshire) and Edinburgh.⁶ IBM is a US-incorporated entity.

Israeli-Origin Technology Vendors in the Lloyds Stack (Direction: Lloyds as customer)

No public evidence identified of a named, confirmed contractual relationship between Lloyds Banking Group and any Israeli-origin or Israeli-founded technology vendor. Specific vendors commonly present in UK financial-services technology stacks (including Check Point Software Technologies, CyberArk, SentinelOne, Verint Systems, NICE Ltd, Wiz, and Claroty) were searched; no Lloyds-specific named contract, deployment, or reference was identified in reviewed corporate filings, vendor press releases, or trade press.⁷

Procurement, Integrator, and Sub-Vendor Chains

Lloyds’ outsourcing and integrator partners - including IBM⁶ and Broadcom⁵ - operate their own multi-vendor delivery models. The specific technology sub-vendors deployed by these integrators within the Lloyds engagement are not publicly disclosed; no public evidence identified that confirms or excludes Israeli-origin sub-vendor products within these delivery chains.

Surveillance, Biometrics & Retail Technology

Facial Recognition and Biometric Authentication (Direction: Lloyds as customer)

Lloyds Bank offers biometric authentication within its mobile and business banking apps, using device-native fingerprint and face recognition (Face ID, Touch ID, Android fingerprint) to log in and authorise payments.⁸ These rely on device operating-system biometric APIs rather than a disclosed third-party biometric platform vendor.

In April 2017, Lloyds piloted biometric login for its Lloyds Bank, Halifax, and Bank of Scotland internet banking sites using Microsoft’s Windows Hello on Windows 10 devices, using infrared facial recognition and fingerprint capabilities native to the device.⁹ Microsoft is a US-incorporated entity.

In 2023, Lloyds launched its “Smart ID” reusable digital identity app built on technology from Yoti, incorporating facial biometrics and liveness detection; Lloyds had invested £10 million in Yoti earlier that year, and Yoti CEO Robin Tombs was quoted on the launch.¹⁰ Yoti Ltd is a British company headquartered in London, founded in 2014.¹¹ This is a procurement (inbound) relationship with a UK-origin vendor; no Israeli-origin vendor is involved.

No public evidence identified of Lloyds deploying facial recognition, gait analysis, emotion recognition, or live surveillance biometric systems in branch or retail environments from any Israeli-origin vendor (e.g. AnyVision/Oosto, BriefCam, Corsight AI).

Predictive Analytics, Fraud Detection, and Workforce Monitoring

Lloyds’ disclosed fraud and analytics capabilities are built on its own secure AI platform (“Envoy”) and on Google Cloud’s Vertex AI (see AI section); Lloyds reported preventing more than £1 billion of fraud in 2025 and investing £100 million in new fraud technology since 2023.¹² No public evidence identified of Israeli-origin predictive analytics, social-media monitoring, or workforce-surveillance platforms in Lloyds’ disclosed technology estate.

Contact-Centre Analytics

No public evidence identified of a named Lloyds contract or deployment of Israeli-origin contact-centre analytics or workforce-engagement-management platforms (e.g. Verint, NICE).

Third-Party and Indirect Deployment

No public evidence identified that Israeli-origin surveillance or biometric technologies reach Lloyds indirectly through managed security service providers, bundled enterprise suites, or platform intermediaries.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Estate and UK Residency

Lloyds has pursued a multi-year data-centre consolidation programme, including the planned closure of its Copley (West Yorkshire) data centre and the sale/operation of facilities by IBM under the 2017 outsourcing deal; historic facilities have been reported at Copley, Pudsey, Peterborough, and Corby.⁶¹³ Lloyds’ principal technology and operations hubs are in the United Kingdom, including London, Edinburgh, Halifax, and Bristol.¹⁴ No public evidence identified that Lloyds operates, leases, co-locates, or processes material customer data at facilities within Israel.

Multi-Cloud Architecture

Lloyds operates a multi-cloud architecture spanning Microsoft Azure², Google Cloud³, Oracle Database@Azure¹⁴, and Broadcom/VMware private-cloud and mainframe infrastructure⁵. Its expanded Oracle arrangement runs Oracle databases on OCI inside Azure data centres and on Exadata Cloud@Customer within Lloyds’ own facilities.¹⁴

Project Nimbus and Israeli State Cloud Contracts

Lloyds is a commercial customer of Google Cloud³ and runs workloads on Microsoft Azure². No public evidence identified that Lloyds participates in, benefits from, or is contractually linked to Project Nimbus (the Israeli government cloud contract awarded to Google and AWS) or any Israeli state cloud programme; Lloyds is a consumer of commercially available hyperscaler services.

Sovereign Cloud and State Infrastructure Services

No public evidence identified that Lloyds Banking Group provides data-sovereignty services, infrastructure-resilience services, or managed cloud capabilities to any Israeli state institution, government ministry, or military body. Lloyds is a retail and commercial bank, not a cloud service provider or managed-infrastructure operator for third-party state entities.

Defence, Intelligence & Security Sector Technology Relationships

Military and Intelligence Contracts

No public evidence identified of any contract, partnership, memorandum of understanding, or service agreement between Lloyds Banking Group and the Israeli Ministry of Defence, the Israel Defense Forces, Shin Bet, Mossad, Unit 8200, or any other Israeli state security or intelligence body.

Dual-Use Technology Provision

No public evidence identified of Lloyds’ commercially available financial technology, data analytics, or software platforms being reported, confirmed, or documented as deployed in military, intelligence, or law-enforcement surveillance applications within Israel or the Occupied Palestinian Territories.

Offensive Cyber and Weapons Technology

No public evidence identified. Lloyds Banking Group is a financial-services group and does not develop, sell, license, or maintain offensive cyber tools, digital weapons, or military-application surveillance platforms.

AI, Algorithmic & Autonomous Systems

AI/ML Deployment - Scope and Application (Direction: Lloyds as customer/developer)

In April 2025, Lloyds announced it had migrated its core machine-learning and generative-AI platforms to Google Cloud’s Vertex AI, moving 15 modelling systems comprising hundreds of individual models from on-premise infrastructure to the cloud, with more than 300 data scientists and AI developers using the platform.¹²¹⁵ Lloyds reported initiating over 80 new ML use cases and launching over 18 GenAI systems into production, with further GenAI systems and an agentic-AI prototype planned. Ranil Boteju (Group Chief Data and Analytics Officer) and Josh Cunningham (Head of Data and AI Culture) were quoted; Tara Brady of Google Cloud also commented.¹²¹⁵

In 2026, Lloyds disclosed deployment of agentic AI for real-time fraud protection, with multiple autonomous agents performing identity verification, transaction monitoring, and scam-risk analysis, built and tested on Lloyds’ secure AI platform “Envoy” and running on the Vertex AI infrastructure.¹² Lloyds also disclosed plans to launch an AI financial assistant in 2026.¹⁶

All disclosed AI/ML applications are confined to Lloyds’ own UK-regulated retail and commercial banking functions (credit decisioning, fraud detection, customer service, productivity).

Provision of AI to Israeli State Bodies

No public evidence identified of Lloyds providing AI systems, machine-learning models, computer-vision platforms, or autonomous decision-support technologies to any Israeli state body, military institution, or security service.

Model Inputs and Population Datasets

No public evidence identified that Lloyds’ AI/ML models are trained on, or given access to, civilian population datasets, intercepted communications, surveillance-derived data, or datasets sourced from or relating to Israel or the Occupied Palestinian Territories.

Autonomous Systems and Lethal Applications

No public evidence identified. Lloyds does not develop or operate autonomous weapons, lethal autonomous systems, or military decision-support systems.

Technology Ecosystem & R&D Footprint

UK Innovation and Technology Offices

Lloyds’ disclosed technology and innovation footprint is concentrated in the United Kingdom, with principal hubs in London, Edinburgh, Halifax, and Bristol.¹⁴

In-House Cyber R&D and Patents

In March 2025, Lloyds announced UK and US patents for its in-house-developed “Global Correlation Engine” (GCE), which cross-references alerts from multiple security tools and uses AI to reduce false-positive security alerts. Matt Rowe (Chief Security Officer, Lloyds Banking Group) was quoted; the technology was developed in-house by Lloyds’ cybersecurity teams.¹⁷

Investments, Ventures, and Academic Partnerships

Lloyds invested £10 million in UK digital-identity company Yoti in 2023.¹⁰ Lloyds has partnered with the University of Edinburgh in connection with the spin-out Aveni, which develops AI solutions for financial services.¹³ No public evidence identified of Lloyds making disclosed investments into Israeli technology startups or Israeli venture funds, or of acquiring any Israeli-origin or Israeli-domiciled technology company.

Academic and Research Partnerships (Israel)

No public evidence identified of formal R&D collaboration agreements, joint patent filings, or funded research programmes between Lloyds Banking Group and Israeli universities, research institutions, or Israeli government research bodies.

Civil Society Scrutiny & Regulatory History

Cybersecurity Incidents (Direction: done to Lloyds)

In January 2017, Lloyds Banking Group’s online services for Lloyds, Halifax, and Bank of Scotland were disrupted over roughly two days by a distributed denial-of-service (DDoS) attack; no accounts were reported breached and no ransom was paid.¹⁸ In March 2026, Lloyds disclosed a data-confidentiality incident caused by an internal coding error in its banking app - not a cyberattack - which exposed transaction details of other customers to a number of users; the bank reported around 446,915 customers potentially exposed and paid compensation, and the Treasury Committee chair described it as an “alarming breach of data confidentiality.”¹⁹ These are incidents experienced by Lloyds, not provision of technology.

NGO and Solidarity-Campaign Scrutiny (Direction: financing/investment, not technology provision)

War on Want’s 2017 “Deadly Investments” report named Lloyds Bank among UK financial institutions said to finance or invest in companies supplying weapons and technology to Israel; this scrutiny concerns Lloyds’ financing and investment activity (a Economic / Political matter), not Lloyds’ provision of digital or surveillance technology.²⁰ In May 2024, Lloyds’ AGM in Glasgow was disrupted by pro-Palestinian and climate protesters (associated with the Tipping Point campaign) demanding divestment from fossil-fuel and Israel-linked defence companies; the grievance again concerned financing/investment rather than technology supply.²¹ No public evidence identified of a civil-society campaign naming Lloyds specifically on grounds of digital, surveillance, or data-technology provision to Israel.

Who Profits and Big Brother Watch

No public evidence identified of a dedicated Who Profits Research Centre profile for Lloyds Banking Group, or of Big Brother Watch reporting naming Lloyds in connection with Israeli-origin biometric or surveillance technology.

Regulatory History (Technology Nexus)

No public evidence identified of regulatory inquiries, enforcement actions, export-control investigations, or sanctions-related proceedings involving Lloyds Banking Group in connection with the provision of technology services to Israeli state entities.

End Notes