The UK government is poised to reconsider its £330 million contract with Palantir, the US data analytics firm powering NHS’s Federated Data Platform. This review could lead to terminating the deal early in 2027, raising serious questions about data security and sovereignty.

Concerns have mounted from lawmakers and public officials who view Palantir’s growing influence in critical public services as a national vulnerability. The parliamentary Science, Innovation and Technology Committee labeled Palantir’s role an “unacceptable point of weakness,” citing risks tied to foreign dependence and opaque governance.

Palantir’s NHS contract began in late 2023, aiming to connect vital health information across the system. The company claims its software processes data strictly under NHS instructions, protected by granular access controls. Yet, reports surfaced revealing broad access rights for Palantir personnel to identifiable patient data, sparking fears about privacy and ethical boundaries.

Critics also highlight Palantir’s close ties to US defense and immigration agencies, which clash with UK values and raise the specter of foreign influence in sensitive health and policing data. The Ministry of Defence awarded Palantir a £240 million contract without competition, adding to concerns about unchecked power in government tech procurement.

Government officials have not dismissed the benefits Palantir brings, such as improving NHS operations and speeding up cancer diagnoses. Still, the current chief of NHS England has acknowledged the escalating cyber threat environment, underscoring the need for robust protection against potential breaches.

Vendor Lock-in and Data Sovereignty

MPs warn that relying heavily on a single US provider risks “vendor lock-in,” which could trap the NHS in a costly, inflexible system. Migrating away from Palantir would be technically complex and expensive, limiting future options. The committee urges the government to explore alternatives, including in-house development or UK-based solutions.

The debate taps into wider anxieties about digital sovereignty. As the UK pushes to become a “truly digital state,” dependence on foreign technology giants contradicts ambitions for technological independence. The committee calls for smarter procurement policies that support domestic providers and reduce reliance on a handful of large US firms.

Transparency also remains a sticking point. Palantir’s proprietary software is difficult to audit, raising questions about how AI-driven decisions impact patient care. Lawmakers demand clearer oversight and independent audits to ensure algorithms operate fairly and safely.

Palantir’s UK head dismissed critics as politicizing technology. He argued that Palantir’s tools lead to more NHS operations, crime reduction, and enhanced military capabilities. Still, the government must weigh these claims against the pressing need to safeguard public trust and national security.

The Road Ahead for NHS Data Strategy

The government has two months to respond to the committee’s recommendations. Activating the break clause in 2027 would open procurement for new vendors prioritizing data protection, ethical compliance, and cybersecurity resilience. This shift signals a broader recalibration of how the UK handles AI and data in public services.

For now, the NHS remains caught between innovation and caution. The stakes involve patient privacy, national security, and the integrity of public healthcare infrastructure. The outcome will set a precedent for future AI contracts and digital governance in the public sector.

The Palantir saga underscores a key lesson: digital transformation can’t sacrifice transparency and sovereignty for speed or convenience. The UK government’s next moves will test its commitment to balancing these competing demands in an era of escalating cyber risks.