Dear Government,

Ditch Palantir

Why the UK government must cease its dealings with Palantir.

There are many reasons, and the evidence goes deep. Expand each point to read more.

The deals do not represent good value for money.
The headline cost is £330m of public money over seven years

NHS England awarded the Federated Data Platform to a consortium led by Palantir — with Accenture, PwC, NECS and Carnall Farrar — in November 2023. The deal is worth up to £330m over a maximum seven-year term. The health minister told the Commons that around £210m had already been spent by spring 2026, before the contract has even reached its first break point.

Source

Reported initial value of £182m, potentially reaching £330m over the contract period.

The Lowdown, "Palantir, the controversy, the contracts and the campaign," April 2026. link

Figures confirmed by Health Minister Zubir Ahmed in the Commons ("up to £330 million... £210 million has been invested"), 16 April 2026. Hansard, 16 April 2026

The software itself is worse than what it replaced

Ministers sell the platform as a modernisation, but the people who use it are unconvinced. An internal NHS briefing seen by reporters called it "slow and clunky" with a "poor user experience", noting that a task taking 30 seconds in the old system took four to five minutes in Palantir's. A Freedom of Information investigation found harder evidence still: of the trusts using the platform's inpatient-scheduling tool, about a third were carrying out fewer operations than before they adopted it — some 9,000 fewer in total. Palantir disputes the comparisons, pointing to extra activity and reduced discharge delays elsewhere.

Source

Palantir's £330 million NHS tech platform is "slow and clunky" with a "poor user experience," according to an internal NHS document.

Democracy for Sale (Lucas Amin), May 2026. link

Foxglove, FOI investigation: "about 30% report they have carried out fewer operations," June 2026. link

Novara Media: a daily FDP user rated it "five out of ten" and did not find it intuitive, May 2026. link

After £330m, the NHS will own nothing it can keep

Ministers insist the NHS keeps what it pays for. The contract, and Palantir's own standard terms, tell a different story — and even the work already done inside the platform may not survive the end of the deal.

The contract leaves the NHS with no software and no IP — and the minister's reassurance is disputed

Health minister Zubir Ahmed told the Commons the NHS owns the intellectual property for the products and can migrate them to other providers, and that Palantir "does not own the data, the products or the intellectual property." But Martin Wrigley MP, reading from the unredacted contract, said it "delivers no software – not one line – just a subscribed service; a permanent lock-in," with all rights retained by the supplier. Palantir's own published terms are blunter still: "No ownership rights are conveyed to Customer."

Source

The contract delivers no software – not one line – just a subscribed service; a permanent lock-in.

Martin Wrigley MP, reported by The Register, 20 April 2026. link

Palantir's own Terms and Conditions: "No ownership rights are conveyed to Customer." Palantir T&Cs

Work done inside the platform would be lost on exit — as staff say has already happened once

Because the analysis is built inside Palantir's environment rather than in exportable files, ending the contract could mean losing the work itself. A senior NHS user put it starkly: "If we lost the contract today, I don't see how we wouldn't absolutely lose the work" — something staff say happened before, when the earlier COVID data store was switched off. Independent data-governance experts make the same point: switching off tools like Cancer360 would break the live clinical pathways the NHS has come to depend on.

Source

If we lost the contract today, I don't see how we wouldn't absolutely lose the work.

Novara Media, May 2026. link

medConfidential: "Turning off Cancer360 means breaking cancer pathways," June 2026. link

The contracts were never won in open competition, so their value has never been tested

Price discipline comes from competition, and here there was almost none. The platform grew out of the COVID-19 Data Store, handed to Palantir in 2020 for £1 under emergency rules with no open tender, then renewed for £23m — again without evidence of competition — and disclosed only under legal pressure. The £330m deal that followed was published so heavily redacted, with roughly 200 pages blacked out, that its terms cannot be scrutinised either.

Source

The initial COVID contract was made public only under legal pressure, then renewed for £23m without evidence of competition.

The Conversation, "Palantir and the NHS — 10 things you need to know," April 2026. link

Adoption has had to be bought and coerced — which is not what happens to products that deliver value

A tool that clearly worked would sell itself. Instead, uptake of the platform has been pushed with money, pressure, and — some staff say — threats.

NHS England paid £8.5m to a consultancy just to promote uptake

Rather than let clinical benefit drive adoption, NHS England spent £8.5m on a consultancy firm whose job was to encourage trusts and integrated care boards to sign up. That is money spent selling the platform internally, on top of the cost of the platform itself — an odd expense for something billed as a clear improvement.

Source

NHS England spent £8.5m on a consultancy firm to promote adoption of the platform.

Novara Media, May 2026. link

Trusts were pressured into "voluntary" adoption, and work on alternatives was stopped

Adoption is officially voluntary, but staff describe sustained pressure to sign up, and say technicians building alternative systems were told to stop. One official described warning letters that threatened to escalate to a trust's chief executive — producing, in their words, compliance rather than genuine agreement.

Source

Staff said organisations were pressured to adopt the system and that work on alternatives was told to stop.

Novara Media, "NHS staff told 'stop criticising Palantir or lose your job,'" April 2026. link

Staff who criticised the platform say they were threatened with their jobs

The pressure has reportedly extended to silencing critics. An NHS analytics official who questioned the platform said he received a phone call from a senior figure threatening his job if he spoke publicly again — and that he was not the only one warned off. Suppressing internal criticism is not how confidence in a good product is built.

Source

An official who raised concerns was reportedly threatened with his job if he criticised the platform again.

Financial Times reporting, via Digital Health, April 2026. link

The centralised design is a worse fit for the NHS than what it replaces

The NHS is not one organisation but many: trusts run their own systems, close to the clinicians and patients who use them. Forcing a single central platform on top both creates a single point of failure and cuts across the local data systems staff already trust. A Commons debate in April 2026 heard that infrastructure this critical should be fully owned and controlled by the NHS — the opposite of what this contract delivers.

Source

A single central system can become a single point of failure; such infrastructure should be fully owned and controlled.

Commons debate on the FDP, April 2026. Hansard, 16 April 2026

Data protection guarantees are weak.
Access has already gone beyond what was promised

The clearest sign that the safeguards are weak is that they have already been exceeded. Within the platform's first years, access to patient data widened in ways the public was never told about — and in at least one case the regulator only found out after the fact.

External staff, including Palantir's, were given "unlimited access" to identifiable patient data — and the watchdog did not know

NHS England reportedly granted staff from outside companies, Palantir among them, "unlimited access" to identifiable patient data in a national "safe haven." The National Data Guardian — the official watchdog for patient confidentiality — had to ask how this had come about, having been unaware of it. A safeguard the regulator learns about only after the fact is not a safeguard at all.

Source

The FT reported external companies including Palantir were granted "unlimited access" to identifiable patient data.

Novara Media, citing Financial Times, May 2026. link

The doctors' union says its worst fears about scope creep have been realised

The British Medical Association said the reports confirmed its worst fears about scope creep and the erosion of patient trust. It warned that data used beyond what patients understood threatens the confidential relationship between doctor and patient on which the whole system depends.

Source

The BMA said the access realised "worst fears about scope creep" and the erosion of patient trust.

Novara Media, May 2026. link

Data described as "anonymised" turns out to be only pseudonymised, and can be re-identified

Reassurances about anonymisation do not always hold. A staff member said vaccination data described as anonymised was in fact only pseudonymised, and not hard to re-identify for anyone with local knowledge. The distinction matters: pseudonymised data is still personal data, and still exposed to everything that follows.

Source

A staffer said data meant to be anonymised was actually pseudonymised and re-identifiable with local trust knowledge.

Novara Media, May 2026. link

The contractual guarantees cannot survive US law

NHS England's assurances are real: it says Palantir is a data processor, not a controller, cannot commercialise NHS data or train its own models on it, and that all processing happens in the UK. But a contract clause is only as durable as the legal system standing behind it — and the system standing behind Palantir is American.

Source for the guarantees

NHS England states Palantir acts as a processor and cannot use NHS data for its own products.

NHS England, FDP contract explainer. link

The US CLOUD Act reaches data wherever it is stored, and a contract cannot block it

The CLOUD Act lets US authorities compel any provider under US jurisdiction — including American parent companies and the subsidiaries they control — to hand over data in their "possession, custody, or control," wherever in the world it physically sits. Legal analysis is clear that these statutory duties override private contracts, so "UK-only" hosting and data-processing clauses do not remove the exposure; they simply sit beneath a law that outranks them.

Source

Statutory obligations override contracts, and jurisdiction follows US corporate control regardless of data location.

Congressional Research Service, "Cross-Border Data Sharing Under the CLOUD Act" (R45173). link

Kiteworks analysis of the CLOUD Act and UK data protection, December 2025. link

Microsoft's own lawyers have admitted they cannot guarantee protection from US demands

This is not hypothetical. In 2025 Microsoft's legal director for France told a French Senate hearing that the company could not guarantee French public-sector data would be shielded from US authorities, even when it was held in Europe under a "sovereign" offering. If Microsoft — with all its resources — cannot promise this, neither can Palantir.

Source

Microsoft told French lawmakers it "cannot guarantee" that data held under public contracts would be protected from US authorities.

SDxCentral, reporting a French Senate hearing, July 2025. link

For US national-security requests, there is no meaningful process at all

Ordinary legal process is thin enough; for foreign-intelligence gathering it barely exists. Under Section 702 of the Foreign Intelligence Surveillance Act, the government does not need a court to approve an individual target, the proceedings before the court are one-sided, and the person affected is never notified. The standard effectively covers any non-US person abroad — which, in practice, means essentially every UK patient.

Source

The government does not need a court's approval to target a particular foreigner; targeting proceedings are ex parte.

Brennan Center for Justice, on FISA Section 702. link

Congressional Research Service, Report R48592, on Section 702. CRS R48592

The reassurances don't survive scrutiny

Defenders of the deal offer three reassurances. Each is true as far as it goes — and each is answered by something already on the record.

"There is a UK–US treaty with safeguards."

The UK–US Data Access Agreement, in force since October 2022, does add process: a request must meet a legal standard, and a provider can try to challenge it. But it still permits those requests; its gag provisions can stop a customer ever learning one was made; and it plainly did not protect the ICC's chief prosecutor when the US decided to act.

Source

Lawfare on the UK–US Data Access Agreement. link

Lawfare, "When Governments Pull the Plug" (the ICC / CLOUD Act link), September 2025. link

"AWS has never handed over foreign data."

AWS says it has disclosed no enterprise or government content stored outside the US to the US government since it began reporting in 2020 — a genuinely good record. But Microsoft shows the limits of such assurances: after the US sanctioned the ICC's prosecutor, he lost access to his Microsoft email, and Microsoft's account of who decided that was inconsistent enough that it later had to correct evidence it had given to a UK parliamentary committee. A clean record so far is not a guarantee for what comes next.

Source

AWS on the CLOUD Act (its zero-disclosure claim). link

PBS/Associated Press: the prosecutor was forced off Microsoft email onto Proton Mail, May 2025. link

The Register: Microsoft asked Parliament to correct its evidence on the ICC account, February 2026. link

"The CLOUD Act requires legal process — it isn't automatic access."

It does require process — but process only protects you against a government willing to be bound by it. This administration sanctioned an international prosecutor by executive order and pressured the institutions around him; and for intelligence requests under FISA 702 there is no adversarial process at all. Legal process is worth exactly as much as the government's respect for it.

Source

The White House, Executive Order 14203 sanctioning the ICC, 6 February 2025. link

Brennan Center for Justice, on FISA Section 702's one-sided process. link

Palantir is a risk to national security.
The Ministry of Defence's own officials call Palantir a national-security threat

The concern is not confined to privacy campaigners. Two Ministry of Defence officials reportedly told journalists that Palantir's deepening knowledge of the British state is itself "a national security threat to the UK." That reframes the whole issue: a supplier that understands your systems this intimately is a strategic vulnerability, not merely a data-protection question.

Source

MoD officials reportedly said Palantir's knowledge of the British state is "a national security threat to the UK."

Novara Media, April 2026. link

The US has already weaponised tech dependence against an international institution

There is a live precedent for exactly this risk. After President Trump sanctioned ICC chief prosecutor Karim Khan by executive order in February 2025, Khan lost access to his Microsoft email and moved to a Swiss provider; reporting indicated the court was warned that either his access would end or the whole organisation's email would be cut off. Commentators treated it as a demonstration of how dependence on US technology can be switched into leverage for political ends.

Source

The saga shows how deep dependencies on US technology companies can be weaponised for political objectives.

Justice Info, "How sanctions can weaponize US tech against the ICC," March 2026. link

The White House, Executive Order 14203, 6 February 2025. link

PBS/Associated Press, on the prosecutor losing Microsoft email access, May 2025. link

The exposure keeps growing, against the government's own "sovereign tech" ambition

Even as ministers say they want a more sovereign technology base, Palantir's UK public-sector footprint has kept expanding through 2026 — a Financial Conduct Authority trial, a quarter-billion-pound follow-on Ministry of Defence agreement, and a contract to run police firearms licensing. Each new deal hands the company a deeper map of the British state, and makes the dependence harder to unwind.

Source

Palantir's UK government footprint expanded in 2026 despite the government's stated aim of more sovereign tech buying.

The Register, "NHS staff resist using Palantir software," April 2026. link

UK Find a Tender notice 006088-2026: MoD £240.6m follow-on enterprise agreement, December 2025. Find a Tender

Palantir's founders are openly anti-democratic.

The company's controlling founder holds, funds and promotes explicitly anti-democratic politics, and its chief executive has made a hard-power worldview the company's stated mission. When a firm asks to be custodian of a nation's most sensitive data, the values of the people who own and run it are a fair question.

Chairman Peter Thiel rejects democracy in his own words

Palantir's chairman and largest early backer has spent more than a decade stating, funding and promoting the view that democracy is a problem to be managed rather than a value to be defended.

He wrote that freedom and democracy are not compatible

In a 2009 essay for the Cato Institute, Thiel wrote, in his own words, "I no longer believe that freedom and democracy are compatible" — attributing the difficulty partly to welfare recipients and to the extension of the vote to women. These are not remarks reported at second hand; they are his own published argument.

Source

"I no longer believe that freedom and democracy are compatible."

Peter Thiel, "The Education of a Libertarian," Cato Unbound, 2009. link

He funds the thinkers and candidates of the anti-democratic right

Thiel put money behind Curtis Yarvin — the writer who argues democracy should be replaced by a monarch or a CEO-style dictator — investing in his startup and giving $100,000 to his co-founder in 2011. He later spent more than $10m backing the 2022 campaigns of J.D. Vance and Blake Masters. This is a worldview he actively promotes, not merely one he privately holds.

Source

Thiel invested in Yarvin's startup Tlon and gave $100,000 to its co-founder in 2011.

Curtis Yarvin, Wikipedia (citing reporting). link

See also The Conversation on neoreaction entering US politics (2022). link

He is openly hostile to the NHS itself

The man whose company now holds NHS data has said the NHS should be privatised, and likened Britons' affection for it to Stockholm Syndrome. Whatever one makes of the opinion, it is a strange qualification for the custodian of the nation's health records.

Source

Thiel has said the NHS "makes people ill" and should be privatised.

The Conversation, "10 things you need to know," April 2026. link

CEO Alex Karp has made a hard-power ideology the company's official mission

This is not only the chairman. The chief executive has put a militarised, civilisation-ranking worldview at the centre of how the company describes itself in public.

Palantir published a manifesto calling for the military draft and ranking cultures

In April 2026 Palantir published a 22-point summary of Karp's book The Technological Republic, arguing that Silicon Valley owes a "moral debt" to the state, calling for the reinstatement of the military draft, and asserting that some cultures have proved "regressive and harmful." This is not a critic's characterisation; it is the company's own public statement of what it believes.

Source

The manifesto claimed some cultures have proved "regressive and harmful" and called for national service.

Fortune, April 2026. link

The company describes its own work in terms of killing

Palantir's chief technology officer told the New York Times the firm is known for helping the military find targets, describing its role as optimising the "kill chain" from sensor to shooter. That is the business the government is quietly embedding inside its health and civil systems.

Source

Palantir's CTO described its role as optimising the military "kill chain" from sensor to shooter.

France 24, April 2026 (citing New York Times). link

The point is about trust, not the company's origins

It is worth being precise. Palantir was not founded as a vehicle for strongman politics: it began in 2003 as a post-9/11 data-analytics firm, backed early by In-Q-Tel, the CIA's venture arm, and Thiel is understood no longer to run it day to day. The argument is not about origins but about values and trust — the people who own and lead it hold openly anti-democratic views and now advertise a hard-power ideology as their mission. The Health Secretary has himself acknowledged that the founders' politics are a legitimate concern.

Source

Founded in 2003 by Karp and Thiel with support from In-Q-Tel, the CIA's venture arm.

Al Jazeera, April 2026. link

Time is running out.
The contract ends by default in March 2027 — and the decision to extend it is being taken this year

The platform runs on a 3+2+1+1 structure: a three-year initial term ending March 2027, then extensions the Department of Health and Social Care must actively choose to trigger. Do nothing, and the contract simply ends. Ministers have said the decision will be taken this year, and the minister told the Commons the break clause is the moment to "evaluate it and find out if there are other providers that can do the job better." This is a real decision, and one that MPs can influence — now, not after it is made.

Source

The first term ends March 2027; to continue, the department must actively trigger the first extension.

Stotles, "What the FDP break clause means," June 2026. link

Minister Zubir Ahmed on evaluating other providers at the break clause, via The Register, May 2026. link

New Palantir contracts keep being signed — several without open competition

While attention is on the NHS deal, Palantir's reach across government is widening on other fronts, often awarded directly rather than competed. Every new contract is another reason walking away will be harder next year than it is this year:

  • Ministry of Defence — a £240.6m follow-on enterprise agreement, signed in December 2025 as a direct award with no competition.
  • Financial Conduct Authority — a £375,000 AI "enterprise search" trial across the regulator's entire data lake, run in early 2026, with a wider rollout still open.
  • Police, all 43 forces in England and Wales — a £9m contract to run the national firearms licensing system, awarded in May 2026.
  • Metropolitan Police — a £50m analytics deal blocked by the Mayor's office for lack of competition, which Palantir is now challenging in the High Court.
Source

Follow on enterprise agreement... for continued licencing and support to data analytics capabilities.

UK Find a Tender notice 006088-2026 (Ministry of Defence), December 2025. Find a Tender

UK Find a Tender notice 051257-2026 (national firearms licensing system), May 2026. Find a Tender

UK tender record: FCA enterprise-search proof of concept, 2026. tender record

Reuters (via Free Malaysia Today): Palantir challenges the blocked Met Police contract, July 2026. link

Delay is itself a decision: the longer it runs, the harder it is to leave

Waiting is not neutral. Every month the deals continue, more clinical and operational work moves inside a platform it cannot easily be exported from, and every new department contract deepens the dependence. The moment of maximum leverage is now, before the extension is triggered; afterwards, the government negotiates from inside the lock-in.

Once entrenched, Palantir is almost impossible to remove.

This is a warning about a foreseeable danger, not a claim that it has already happened. But the trajectory is not hard to read — embed, entrench, expand — and once Palantir runs the systems, three questions decide everything. None of the answers are comfortable.

Once it runs the systems, the only safeguard left is trusting Palantir not to misuse the data

The documented pattern is consistent: embed analysts inside the organisation, become the system of record, widen data access over time. At contract award, specialists warned the real danger was military-style "mission creep" — the argument that the job could be done a little better with a little more data. Once that has run its course, what stands between the data and its misuse is not a technical control but our trust in the company holding it — the same company whose owners reject democracy and whose stated mission is hard power.

Source

An IT specialist warned the main threat is "mission creep" — the push to justify access to ever more data.

pharmaphorum, "Concerns voiced as Palantir wins £330m NHS data contract," 2023. link

We would also be trusting the US government not to reach through Palantir for it

Sovereignty over the data would no longer be ours alone. As the earlier sections set out, US law can compel an American company to hand over data wherever it is held; the current administration has already turned tech dependence into leverage against the ICC; and even Microsoft's own lawyers say they cannot guarantee otherwise. To entrench Palantir is to bet that this capability will never be turned on the UK.

Source

The ICC episode set Brussels on edge over the extraterritorial reach of the CLOUD Act.

Lawfare (Theodore Christakis), "When Governments Pull the Plug," September 2025. link

And by the time we wanted out, we might not be able to leave

The exit is the weakest point of all. Palantir's own terms convey "no ownership rights" to the customer; the NHS contract leaves it with no software and no intellectual property; and switching off tools already woven into live services — cancer pathways among them — would break those services. In June 2026 a Commons committee called the UK's growing reliance on Palantir "an unacceptable point of weakness" and warned the country was "seriously exposed" to vendor lock-in. Dependence, once complete, is hard to tell apart from control.

Source

Britain's reliance on Palantir is "an unacceptable point of weakness"; the country is "seriously exposed" to vendor lock-in.

Commons Science, Innovation and Technology Committee report, via The Register, June 2026. link

Palantir's own Terms and Conditions: "No ownership rights are conveyed to Customer." Palantir T&Cs

medConfidential on operational lock-in: "Turning off Cancer360 means breaking cancer pathways," June 2026. link