INDEX / DIRECTORY / PRIMARK / DIGITAL

Primark DIGITAL

DIGITAL INFRASTRUCTURE AUDIT UPDATED 2026-06-15
Digital Score 0.00 /10 E Primark - BDS-1000 128
Digital 0.00

Evidence-only forensic audit. Scoring happens downstream - see the main dossier for the composite assessment.

Digital Audit: Primark

Audit Phase: Digital (Digital / Technology Forensics) Subject Entity: Primark (trading as Penneys in Ireland); retail division of Associated British Foods plc (LSE: ABF) Registered/Operational Base: Dublin, Ireland (origin) and Reading, United Kingdom (head office) Audit Date: June 2026 Evidence Base: Published corporate disclosures, vendor press releases and case studies, trade and technology press, NGO/boycott-campaign material, and Primark’s own privacy and CCTV notices. All factual claims are drawn from publicly available sources cited in the End Notes.

Scope and directionality note: Digital assesses the digital/technology nexus to Israel. The serious case is the provision of surveillance, digital, data, or cyber technology to the Israeli state, military, or security services. The reverse direction - Primark procuring technology from Israeli-origin vendors - is a customer relationship and is recorded explicitly as such, weighted far lower than provision. No transitive guilt is imputed: a vendor’s other clients, its founders’ backgrounds, or a parent group’s separate activities are not attributed to Primark. US-entity relationships (e.g. Microsoft, Salesforce) and other non-Israeli-origin vendors are noted only for completeness. Any cyberattack suffered by Primark is recorded as an event done to the company, not as provision.

Enterprise Technology Stack & Vendor Relationships

Strategic Technology Partnerships (Direction: Primark as customer)

Primark’s documented digital-transformation programme is built on a “composable”/MACH (microservices, API-driven, cloud-native, headless) architecture assembled from named best-of-breed vendors, none of which is Israeli-origin.12 Public vendor case studies and trade reporting identify the following components of Primark’s commerce and digital stack:

Primark engaged EPAM Systems as its digital implementation/transformation partner, including the standing-up of an in-house digital technology organisation and a nearshore delivery centre.13 EPAM is a US-headquartered (Newtown, Pennsylvania), NYSE-listed software-engineering firm founded in 1993 by Arkadiy Dobkin and Leo Lozner with roots in Belarus/Central-and-Eastern-Europe delivery; it is not an Israeli-origin vendor.4 In every case above the direction is Primark as the customer procuring commercial software or services.

Cloud and Infrastructure Vendors (Direction: Primark as customer)

Primark’s infrastructure consolidation is contracted with non-Israeli vendors. The company implemented VMware Cloud Foundation (now under Broadcom, US-origin) to migrate four data centres into two private facilities plus a third built on Microsoft Azure VMware Solution, with UK consultancy Triangle Technology Services designing and implementing the migration.56 Stephen Byrne, Primark’s head of global infrastructure, is quoted on the Triangle/VMware partnership.6 Microsoft and Broadcom are US-entity relationships and are recorded for completeness only; no Israeli-origin vendor is named in this programme.56

Israeli-Origin Software, Services & Cybersecurity Vendors

No public evidence was identified that Primark holds a licensing, subscription, or integration relationship with any Israeli-origin enterprise-software or cybersecurity vendor - including Check Point, Wiz, CyberArk, SentinelOne, Claroty, Verint, or NICE Systems. None of these firms was linked to Primark’s environment in any independently sourced record reviewed; searches connecting Primark to Israeli technology suppliers returned no such relationship.7

Procurement Transparency Constraints

Primark is a private-sector retail division within Associated British Foods plc and is not subject to public-procurement disclosure obligations. It publishes no vendor or technology-procurement register. Vendor relationships below the level of named, publicly announced partnerships are not in the public domain, and the full security/IT vendor stack (including any sub-vendors, resellers, or managed-security providers) is undisclosed. This is the principal evidence gap in this domain.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics - Primark’s Own Position

Primark’s published CCTV and Body-Worn Cameras notice (UK and Ireland versions) states that video recordings are not used for automated decision-making or biometric evaluation, and that its video-surveillance systems are operated by third-party security services on Primark’s behalf, with footage normally retained no longer than 30 days unless relevant to a legal claim.89 The same notice describes a trial in a small number of stores of overhead cameras monitoring customer behaviour at and around self-checkout areas, with captured imagery used to generate aggregated statistical information and real-time alerts to improve self-checkout efficiency.8 No vendor is named for these systems in the public notice, and no facial-recognition capability is disclosed.89

Israeli-Origin Surveillance / Biometric Vendors

No public evidence was identified that Primark has deployed facial-recognition, biometric, gait-analysis, or in-store behavioural-analytics technology of Israeli origin (e.g. Oosto/AnyVision, BriefCam, Trigo, Trax). No public source links any such vendor to Primark. No public evidence identified.

Project Pegasus / UK Police Facial-Recognition Schemes

No public evidence was identified that Primark is a named participant in Project Pegasus (the UK Home Office/police retail data-sharing and retrospective facial-recognition scheme) or in any live facial-recognition retail deployment. No public evidence identified.

Predictive Analytics, Workforce Monitoring & Social-Media Surveillance

No public evidence was identified of Primark using Israeli-origin predictive-analytics, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools.

Third-Party Loss Prevention & Store-Level Security

Primark operates a large physical store estate (more than 470 stores across 18+ countries) and discloses that its video-surveillance systems are operated by third-party security services.810 The identities and technology stacks of these store-level security sub-contractors are not publicly disclosed, and it cannot be confirmed or excluded from public evidence whether any such sub-contractor deploys Israeli-origin technology within its own platform. No public evidence identified linking any to an Israeli-origin vendor.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

No public evidence was identified that Primark operates, leases, or co-locates data-centre infrastructure within Israel. Primark’s disclosed infrastructure consolidated four data centres into two private facilities plus a third on Microsoft Azure VMware Solution; no Israeli location is named in any public source.56

Project Nimbus & Israeli State Cloud Infrastructure

Not applicable. Project Nimbus is the Israeli-government cloud contract awarded to Google Cloud and Amazon Web Services; Primark is neither a participant nor a sub-provider. No public evidence was identified of Primark involvement in any Israeli state-backed digital-infrastructure programme.

Data-Sovereignty or Resilience Services to Israeli State Institutions

No public evidence identified. Primark is a consumer retailer and does not operate as a cloud, hosting, or infrastructure-service provider to any state body, Israeli or otherwise.

GDPR & Data Residency

Primark operates as a data controller under UK and Irish/EU data-protection law, consistent with its UK and Ireland registered presence; its commerce platform and infrastructure are described in UK/EU terms in public vendor and corporate material.89 No data-transfer arrangement involving Israel or an Israeli-domiciled processor was identified in any public privacy or vendor disclosure reviewed.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No public evidence was identified of any contract, partnership, or service agreement between Primark and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (including Unit 8200-linked commercial entities). Primark is a value-retail apparel and homeware business and does not publicly operate in the defence-technology or security-services sector.

Provision of Technology / Data to the Israeli State or Military

No public evidence was identified of Primark providing surveillance technology, data, software, cloud capacity, or digital services to the Israeli state, military, or security services. This is the directionally serious Digital case, and no qualifying evidence of it was found. No public evidence identified.

Dual-Use Technology Provision

No public evidence was identified of any Primark commercial technology being reported or confirmed as deployed for military, intelligence, or law-enforcement surveillance applications in Israel or the Occupied Palestinian Territories. Primark does not develop, sell, or license software or technology products; its commercial activity is the retail sale of apparel, accessories, and homeware.

Offensive Cyber Capability & Cyber Incidents

No public evidence identified that Primark develops, licenses, or sells offensive cyber capability. The publicly documented security incident affecting Primark is a 2016 payment-card skimming event at US stores (Pennsylvania, New Jersey, Connecticut), in which physical skimmer devices were placed over card readers and subsequently removed, with law-enforcement involvement.11 This incident was done to Primark, involved no Israeli nexus, and is recorded here as factual digital context only.11

Israeli Market Presence - Digital Infrastructure Overlap

No public evidence was identified that Primark operates stores or commercial operations in Israel. As of February 2026, Primark’s entry into the Israeli market was the subject of unconfirmed press speculation only, with several Israeli retail groups reported as potential franchise candidates and no agreement announced.12 Primark’s confirmed Middle East expansion runs through a franchise partnership with the Kuwait-based Alshaya Group, covering the UAE, Bahrain, and Qatar.13 No sharing of central IT systems, customer-data platforms, or digital-commerce architecture with any Israeli entity is documented. No public evidence identified.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to Israeli State Bodies

No public evidence identified. Primark is a consumer retailer and is not known to develop or sell AI/ML, computer-vision, or autonomous decision-support systems to any external party; no public evidence was identified of Primark providing AI capability, model access, training corpora, or inference services to any Israeli state, military, or security body.

Internal AI Deployment - Israeli-Origin AI Tooling

Primark’s documented digital-transformation and infrastructure programmes run through non-Israeli vendors (commercetools, Fluent Commerce, Salesforce, Bloomreach, EPAM, VMware/Broadcom, Microsoft Azure).125 No public evidence was identified of any Israeli-origin AI vendor embedded in Primark’s stack; the undisclosed full vendor list means secondary embedding within managed services cannot be positively excluded, but no such instance was identified.

Model Training Corpora & Model Development Involving Israeli Population Data

No public evidence was identified of Primark contributing to, commissioning, or benefiting from AI model development involving Israeli population datasets, intercepted communications, or surveillance-derived data.

Autonomous Systems & Lethality

No public evidence identified. The development or deployment of autonomous or lethal systems is not within Primark’s business domain.

Technology Ecosystem & R&D Footprint

Israeli R&D Facilities

No public evidence was identified that Primark operates any R&D facility, engineering office, innovation lab, or accelerator programme within Israel. Primark’s disclosed digital-delivery footprint centres on its in-house technology organisation and an EPAM-built nearshore delivery centre, with no Israeli location named.13

Acquisitions & Investments in Israeli Technology Companies

No public evidence was identified of Primark or its parent Associated British Foods plc acquiring, or taking a corporate-venture stake in, any Israeli technology company. The vendors identified in this audit are commercial software suppliers (Primark as customer), not Primark investments.

Patents & IP Co-Development with Israeli Institutions

No public evidence was identified of patent portfolios, licensing, or co-development arrangements between Primark and Israeli-domiciled entities or research institutions (Technion, Hebrew University, Weizmann Institute).

Digital Retail Footprint

Primark, historically a store-only value retailer, has extended into digital via click-and-collect (rolled out across the UK estate) and online product/gifting capability, operated through the composable commerce stack identified above.12 No Israeli-origin technology vendor was identified as a component of this digital retail infrastructure.

Supplier Code of Conduct - Technology Supply-Chain Provisions

Primark and Associated British Foods publish responsible-sourcing, ethical-trade, and modern-slavery frameworks addressing product supply-chain risks, but no public version reviewed contains provisions governing the national origin or geopolitical exposure of technology vendors, software suppliers, or digital-infrastructure providers. No technology-supply-chain geopolitical due-diligence framework specific to Primark is publicly documented.

Civil Society Scrutiny & Regulatory History

NGO & Academic Scrutiny - Technology Supply Chain

No public evidence was identified of an NGO investigation, academic study, or UN report addressing Primark’s technology relationships with the Israeli state, Israeli defence entities, or Israeli-origin vendors. The Who Profits Research Centre database (which profiles corporate involvement in the settlement economy and occupation) was searched and returned no profile for Primark or Associated British Foods in the records reviewed.14

Boycott, Divestment & Sanctions Campaigns

Primark appears on consumer boycott listings circulated by BDS-aligned and pro-Palestinian campaign sources.1516 The publicly documented grounds in that material relate to fast-fashion labour and environmental conduct and to generalised claims of “entanglement with Israeli supply chains,” not to any documented Israeli-origin technology procurement, software licensing, or digital-infrastructure provision.1516 No public evidence was identified of a BDS or NGO campaign specifically targeting Primark’s technology relationships.

Regulatory & Legal Actions - Technology Sales to Israeli State Entities

No public evidence was identified of any action by the UK Information Commissioner’s Office, the Irish Data Protection Commission, UK export-control authorities, HMRC, the Office of Financial Sanctions Implementation (OFSI), the US Bureau of Industry and Security, or any equivalent body relating to Primark technology sales, services, or data transfers to Israeli state entities. No public evidence identified.

Evidence Gaps

  1. Full IT and security vendor stack (highest priority) - As a private retail division, Primark does not publicly disclose its sub-strategic IT and security vendor relationships, sub-vendors, resellers, or any managed-security provider. The resident security-product stack is undisclosed, so Israeli-origin cybersecurity vendor exposure cannot be positively excluded on public evidence.

  2. Store-level surveillance sub-contractors - Primark discloses that its video-surveillance systems are operated by unnamed third-party security services across a large multi-country store estate; the technology and provenance of those systems are not publicly named.

  3. Self-checkout overhead-camera trial - The vendor and underlying analytics technology for the behavioural-monitoring camera trial at self-checkout areas are not publicly identified.

  4. Group-level (ABF) infrastructure - The boundary between Primark-specific procurement and any shared Associated British Foods group technology infrastructure is not publicly delineated; Israeli-origin tooling embedded at group level cannot be assessed from public sources.

  5. Israeli market entry - Primark’s reported potential entry to Israel is unconfirmed speculation as of early 2026; should an Israeli franchise materialise, any associated digital/customer-data infrastructure overlap would require fresh assessment.

End Notes

Footnotes

  1. https://fluentcommerce.com/resources/blog/primarks-digital-transformation-oms/ 2 3 4 5 6 7 8 9

  2. https://www.epam.com/services/client-work/transforming-how-primark-uses-digital-to-complement-its-stores 2 3 4 5 6

  3. https://retailtechinnovationhub.com/home/2026/5/18/primark-insists-that-its-position-on-online-home-delivery-remains-unchanged-amid-click-and-collect-push 2

  4. https://en.wikipedia.org/wiki/EPAM_Systems

  5. https://news.broadcom.com/customers/primark-fashions-cloud-future-with-broadcom 2 3 4

  6. https://techinformed.com/primark-moves-data-to-cloud-support-expansion/ 2 3 4

  7. https://en.wikipedia.org/wiki/Israeli_cybersecurity_industry

  8. https://www.primark.com/en-gb/cctv-bodycams-notice 2 3 4 5

  9. https://www.primark.com/en-ie/cctv-bodycams-notice 2 3

  10. https://www.ynetnews.com/business/article/rylfsesu11l

  11. https://fashionunited.com/news/business/primark-faces-security-incident-with-credit-card-skimmers/2016110213482 2

  12. https://www.jpost.com/business-and-innovation/article-885624

  13. https://corporate.primark.com/en-gb/a/news/corporate-news/primark-set-to-reach-21-markets-as-it-confirms-next-steps-of-middle-east-expansion-in-bahrain-and-qatar

  14. https://whoprofits.org/companies/

  15. https://bdsmovement.net/news/consumer-boycott-uk 2

  16. https://directory.abbottandkeefer.com/brand-entry/primark 2