Dear Government,

Ditch Palantir

Why the UK government must end the NHS’s contract with Palantir.

Palantir now holds contracts across the British state, and all of them raise the same questions. But the argument here concerns the largest and most contested deal: the £330m NHS Federated Data Platform. Every statement below unfolds into the statements that support it, all the way down to the sources.

The NHS deal does not represent good value for money.
The contract commits up to £330m of public money over seven years, and around £210m has already been spent.

NHS England awarded the Federated Data Platform to a consortium led by Palantir in November 2023. The health minister told the Commons that around £210m had already gone out the door by spring 2026 — before the contract has even reached its first break point.

Reported initial value of £182m, potentially reaching £330m over the contract period.

The Lowdown, "Palantir, the controversy, the contracts and the campaign," April 2026. link

Figures confirmed by Health Minister Zubir Ahmed in the Commons ("up to £330 million... £210 million has been invested"), 16 April 2026. Hansard, 16 April 2026

The people who use the software say it is worse than what it replaced.
An internal NHS briefing called the platform “slow and clunky”, with tasks taking ten times longer than in the old system.

The briefing, seen by reporters, noted that a task taking 30 seconds in the old system took four to five minutes in Palantir’s, and described a “poor user experience”.

Palantir's £330 million NHS tech platform is "slow and clunky" with a "poor user experience," according to an internal NHS document.

Democracy for Sale (Lucas Amin), May 2026. link

About a third of the trusts using its scheduling tool carried out fewer operations than before they adopted it — some 9,000 fewer in total.

Palantir disputes the comparisons, pointing to extra activity and reduced discharge delays elsewhere.

About 30% report they have carried out fewer operations.

Foxglove, FOI investigation into trusts using the FDP's inpatient-scheduling tool, June 2026. link

A daily user rated the platform five out of ten and said it was not intuitive.

A daily FDP user rated it "five out of ten" and did not find it intuitive.

Novara Media, May 2026. link

After £330m, the NHS will own nothing it can keep.
Ministers say the NHS owns the products, but the MP who read the unredacted contract says it delivers “no software – not one line”.

Health minister Zubir Ahmed told the Commons the NHS owns the intellectual property and can migrate the products to other providers. Martin Wrigley MP, reading from the unredacted contract, said it delivers “just a subscribed service; a permanent lock-in”, with all rights retained by the supplier.

The contract delivers no software – not one line – just a subscribed service; a permanent lock-in.

Martin Wrigley MP, reported by The Register, 20 April 2026. link

Palantir’s own published terms state that no ownership rights are conveyed to the customer.

No ownership rights are conveyed to Customer.

Palantir's own Terms and Conditions. Palantir T&Cs

Work built inside the platform would be lost on exit — and staff say that has already happened once.

Because the analysis is built inside Palantir’s environment rather than in exportable files, ending the contract could mean losing the work itself, as staff say happened when the earlier COVID data store was switched off. Independent data-governance experts add that switching off tools like Cancer360 would break the live clinical pathways the NHS has come to depend on.

If we lost the contract today, I don't see how we wouldn't absolutely lose the work.

A senior NHS user, quoted by Novara Media, May 2026. link

medConfidential: "Turning off Cancer360 means breaking cancer pathways," June 2026. link

The contract was never won in open competition, so its price has never been tested.
The platform grew out of a COVID-era contract handed to Palantir for £1 under emergency rules, with no open tender.

The initial COVID contract was made public only under legal pressure, then renewed for £23m without evidence of competition.

The Conversation, "Palantir and the NHS — 10 things you need to know," April 2026. link

That contract was renewed for £23m without evidence of competition, and disclosed only under legal pressure.

The initial COVID contract was made public only under legal pressure, then renewed for £23m without evidence of competition.

The Conversation, "Palantir and the NHS — 10 things you need to know," April 2026. link

The £330m contract that followed was published with roughly 200 pages blacked out, so its terms cannot be scrutinised either.

The contract was published so heavily redacted — roughly 200 pages blacked out — that its terms cannot be scrutinised.

The Conversation, "Palantir and the NHS — 10 things you need to know," April 2026. link

Adoption has had to be bought and coerced, which is not what happens to products that deliver value.
NHS England paid a consultancy £8.5m just to promote uptake of the platform.

That is money spent selling the platform internally, on top of the cost of the platform itself — an odd expense for something billed as a clear improvement.

NHS England spent £8.5m on a consultancy firm to promote adoption of the platform.

Novara Media, May 2026. link

Trusts describe sustained pressure to adopt a system that is officially voluntary, and technicians building alternatives were told to stop.

One official described warning letters that threatened to escalate to a trust’s chief executive — producing, in their words, compliance rather than genuine agreement.

Staff said organisations were pressured to adopt the system and that work on alternatives was told to stop.

Novara Media, "NHS staff told 'stop criticising Palantir or lose your job,'" April 2026. link

Staff who criticised the platform say they were threatened with their jobs.

An NHS analytics official who questioned the platform said he received a phone call from a senior figure threatening his job if he spoke publicly again — and that he was not the only one warned off.

An official who raised concerns was reportedly threatened with his job if he criticised the platform again.

Financial Times reporting, via Digital Health, April 2026. link

A single central platform is a worse fit for the NHS than the local systems it cuts across.

The NHS is not one organisation but many: trusts run their own systems, close to the clinicians and patients who use them. Forcing a central platform on top creates a single point of failure and cuts across the local data systems staff already trust.

A single central system can become a single point of failure; such infrastructure should be fully owned and controlled.

Commons debate on the FDP, April 2026. Hansard, 16 April 2026

The safeguards on NHS patients’ data are weaker than ministers claim.
Access to patient data has already gone beyond what was promised.
Staff from outside companies, Palantir among them, were reportedly given “unlimited access” to identifiable patient data — and the confidentiality watchdog did not know.

The National Data Guardian — the official watchdog for patient confidentiality — had to ask how this had come about, having been unaware of it. A safeguard the regulator learns about only after the fact is not a safeguard at all.

The FT reported external companies including Palantir were granted "unlimited access" to identifiable patient data.

Novara Media, citing Financial Times, May 2026. link

The doctors’ union says its worst fears about scope creep have been realised.

The British Medical Association warned that data used beyond what patients understood threatens the confidential relationship between doctor and patient on which the whole system depends.

The BMA said the access realised "worst fears about scope creep" and the erosion of patient trust.

Novara Media, May 2026. link

Data described as “anonymised” turned out to be merely pseudonymised, and not hard to re-identify.

The distinction matters: pseudonymised data is still personal data, and still exposed to everything that follows.

A staffer said data meant to be anonymised was actually pseudonymised and re-identifiable with local trust knowledge.

Novara Media, May 2026. link

The contractual guarantees cannot survive US law.
The guarantees are real, but they are only contract clauses — and the legal system standing behind Palantir is American.

NHS England says Palantir is a data processor, not a controller, cannot commercialise NHS data or train its own models on it, and that all processing happens in the UK. All of that is on the record. A contract clause, though, is only as durable as the law that outranks it.

NHS England states Palantir acts as a processor and cannot use NHS data for its own products.

NHS England, FDP contract explainer. link

The US CLOUD Act reaches data wherever it is stored, and a private contract cannot block it.

The CLOUD Act lets US authorities compel any provider under US jurisdiction — including American parent companies and the subsidiaries they control — to hand over data in their “possession, custody, or control”, wherever in the world it physically sits. Legal analysis is clear that these statutory duties override private contracts, so “UK-only” hosting clauses simply sit beneath a law that outranks them.

Statutory obligations override contracts, and jurisdiction follows US corporate control regardless of data location.

Congressional Research Service, "Cross-Border Data Sharing Under the CLOUD Act" (R45173). link

Kiteworks analysis of the CLOUD Act and UK data protection, December 2025. link

Microsoft’s own lawyers have admitted they cannot guarantee protection from US demands, and neither can Palantir.

In 2025 Microsoft’s legal director for France told a French Senate hearing that the company could not guarantee French public-sector data would be shielded from US authorities, even when held in Europe under a “sovereign” offering. If Microsoft, with all its resources, cannot promise this, neither can Palantir.

Microsoft told French lawmakers it "cannot guarantee" that data held under public contracts would be protected from US authorities.

SDxCentral, reporting a French Senate hearing, July 2025. link

For US national-security requests, there is no meaningful legal process at all.

Under Section 702 of the Foreign Intelligence Surveillance Act, the US government does not need a court to approve an individual target, the proceedings are one-sided, and the person affected is never notified. The standard effectively covers any non-US person abroad — which, in practice, means essentially every UK patient.

The government does not need a court's approval to target a particular foreigner; targeting proceedings are ex parte.

Brennan Center for Justice, on FISA Section 702. link

Congressional Research Service, Report R48592, on Section 702. CRS R48592

The standard reassurances do not survive scrutiny.
The UK–US data treaty adds process, but it still permits the requests — and it can gag the provider so the NHS never learns one was made.

The UK–US Data Access Agreement, in force since October 2022, does add safeguards: a request must meet a legal standard, and a provider can try to challenge it. But it still permits those requests, its gag provisions can stop a customer ever learning one was made, and it plainly did not protect the ICC’s chief prosecutor when the US decided to act.

Lawfare on the UK–US Data Access Agreement. link

Lawfare, "When Governments Pull the Plug" (the ICC / CLOUD Act link), September 2025. link

AWS’s record of never handing over foreign data is genuine, but Microsoft’s record shows what such assurances are worth once Washington decides otherwise.

AWS says it has disclosed no enterprise or government content stored outside the US to the US government since it began reporting in 2020. But after the US sanctioned the ICC’s prosecutor, he lost access to his Microsoft email — and Microsoft’s account of who decided that was inconsistent enough that it later had to correct evidence given to a UK parliamentary committee. A clean record so far is not a guarantee for what comes next.

AWS on the CLOUD Act (its zero-disclosure claim). link

PBS/Associated Press: the prosecutor was forced off Microsoft email onto Proton Mail, May 2025. link

The Register: Microsoft asked Parliament to correct its evidence on the ICC account, February 2026. link

The CLOUD Act’s legal process only protects against a government willing to be bound by it, and this one sanctioned a prosecutor by executive order.

It is true that the CLOUD Act requires legal process rather than granting automatic access. But this administration sanctioned an international prosecutor by executive order and pressured the institutions around him, and for intelligence requests under FISA 702 there is no adversarial process at all. Legal process is worth exactly as much as the government’s respect for it.

The White House, Executive Order 14203 sanctioning the ICC, 6 February 2025. link

Brennan Center for Justice, on FISA Section 702's one-sided process. link

Palantir is a risk to national security.
The Ministry of Defence’s own officials have called Palantir a national-security threat to the UK.

The concern is not confined to privacy campaigners. Two MoD officials reportedly told journalists that Palantir’s deepening knowledge of the British state is itself a threat — reframing the company as a strategic vulnerability, not merely a data-protection question.

MoD officials reportedly said Palantir's knowledge of the British state is "a national security threat to the UK."

Novara Media, April 2026. link

The United States has already weaponised technology dependence against an international institution.

After President Trump sanctioned ICC chief prosecutor Karim Khan by executive order in February 2025, Khan lost access to his Microsoft email and moved to a Swiss provider; reporting indicated the court was warned that either his access would end or the whole organisation’s email would be cut off. Commentators treated it as a demonstration of how dependence on US technology can be switched into leverage for political ends.

The saga shows how deep dependencies on US technology companies can be weaponised for political objectives.

Justice Info, "How sanctions can weaponize US tech against the ICC," March 2026. link

The White House, Executive Order 14203, 6 February 2025. link

PBS/Associated Press, on the prosecutor losing Microsoft email access, May 2025. link

Palantir’s map of the British state keeps growing, against the government’s own ambition of sovereign technology.

Even as ministers say they want a more sovereign technology base, Palantir’s UK public-sector footprint has kept expanding through 2026. Each new deal hands the company a deeper map of the British state, and makes the dependence harder to unwind.

Palantir's UK government footprint expanded in 2026 despite the government's stated aim of more sovereign tech buying.

The Register, "NHS staff resist using Palantir software," April 2026. link

UK Find a Tender notice 006088-2026: MoD £240.6m follow-on enterprise agreement, December 2025. Find a Tender

Palantir’s founders are openly anti-democratic.
Chairman Peter Thiel rejects democracy in his own words.
He wrote: “I no longer believe that freedom and democracy are compatible.”

In a 2009 essay for the Cato Institute, Thiel attributed the difficulty partly to welfare recipients and to the extension of the vote to women. These are not remarks reported at second hand; they are his own published argument.

"I no longer believe that freedom and democracy are compatible."

Peter Thiel, "The Education of a Libertarian," Cato Unbound, 2009. link

He funds the thinkers and candidates of the anti-democratic right.

Thiel put money behind Curtis Yarvin — the writer who argues democracy should be replaced by a monarch or a CEO-style dictator — investing in his startup and giving $100,000 to his co-founder in 2011. He later spent more than $10m backing the 2022 campaigns of J.D. Vance and Blake Masters. This is a worldview he actively promotes, not merely one he privately holds.

Thiel invested in Yarvin's startup Tlon and gave $100,000 to its co-founder in 2011.

Curtis Yarvin, Wikipedia (citing reporting). link

See also The Conversation on neoreaction entering US politics (2022). link

He is openly hostile to the NHS itself, saying it should be privatised.

The man whose company now holds NHS data has likened Britons’ affection for the health service to Stockholm Syndrome. Whatever one makes of the opinion, it is a strange qualification for the custodian of the nation’s health records.

Thiel has said the NHS "makes people ill" and should be privatised.

The Conversation, "10 things you need to know," April 2026. link

Chief executive Alex Karp has made a hard-power ideology the company’s official mission.
Palantir published a manifesto calling for the return of the military draft and asserting that some cultures are “regressive and harmful”.

In April 2026 Palantir published a 22-point summary of Karp’s book The Technological Republic, arguing that Silicon Valley owes a “moral debt” to the state. This is not a critic’s characterisation; it is the company’s own public statement of what it believes.

The manifesto claimed some cultures have proved "regressive and harmful" and called for national service.

Fortune, April 2026. link

The company describes its own work in terms of killing.

Palantir’s chief technology officer told the New York Times the firm is known for helping the military find targets, describing its role as optimising the “kill chain” from sensor to shooter. That is the business the government is quietly embedding inside its health and civil systems.

Palantir's CTO described its role as optimising the military "kill chain" from sensor to shooter.

France 24, April 2026 (citing New York Times). link

None of this is about the company’s origins; it is about whether these are people to trust with the nation’s health records.

It is worth being precise. Palantir was not founded as a vehicle for strongman politics: it began in 2003 as a post-9/11 data-analytics firm, backed early by In-Q-Tel, the CIA’s venture arm, and Thiel is understood no longer to run it day to day. The argument is about values and trust — the people who own and lead it hold openly anti-democratic views and now advertise a hard-power ideology as their mission. The Health Secretary has himself acknowledged that the founders’ politics are a legitimate concern.

Founded in 2003 by Karp and Thiel with support from In-Q-Tel, the CIA's venture arm.

Al Jazeera, April 2026. link

Time is running out.
The NHS contract ends by default in March 2027, and the decision to extend it is being taken this year.

The platform runs on a 3+2+1+1 structure: a three-year initial term ending March 2027, then extensions the Department of Health and Social Care must actively choose to trigger. Do nothing, and the contract simply ends. The minister told the Commons the break clause is the moment to “evaluate it and find out if there are other providers that can do the job better”. This is a real decision, and one that MPs can influence — now, not after it is made.

The first term ends March 2027; to continue, the department must actively trigger the first extension.

Stotles, "What the FDP break clause means," June 2026. link

Minister Zubir Ahmed on evaluating other providers at the break clause, via The Register, May 2026. link

Beyond the NHS, new Palantir contracts keep being signed across government — several without open competition.

While attention is on the NHS deal, Palantir’s reach is widening on other fronts, often awarded directly rather than competed. Every new contract is another reason walking away will be harder next year than it is this year:

  • The Ministry of Defence signed a £240.6m follow-on enterprise agreement in December 2025, as a direct award with no competition.
  • The Financial Conduct Authority ran a £375,000 AI “enterprise search” trial across its entire data lake in early 2026, with a wider rollout still open.
  • All 43 police forces in England and Wales moved to a Palantir-run national firearms licensing system under a £9m contract awarded in May 2026.
  • The Metropolitan Police’s £50m analytics deal was blocked by the Mayor’s office for lack of competition — and Palantir is now challenging that decision in the High Court.

Follow on enterprise agreement... for continued licencing and support to data analytics capabilities.

UK Find a Tender notice 006088-2026 (Ministry of Defence), December 2025. Find a Tender

UK Find a Tender notice 051257-2026 (national firearms licensing system), May 2026. Find a Tender

UK tender record: FCA enterprise-search proof of concept, 2026. tender record

Reuters (via Free Malaysia Today): Palantir challenges the blocked Met Police contract, July 2026. link

Delay is itself a decision: the longer the deal runs, the harder it becomes to leave.

Waiting is not neutral. Every month the contract continues, more clinical and operational work moves inside a platform it cannot easily be exported from, and every new department deal deepens the dependence. The moment of maximum leverage is now, before the extension is triggered; afterwards, the government negotiates from inside the lock-in.

Turning off Cancer360 means breaking cancer pathways.

medConfidential, "One plan to move away from Palantir," June 2026. link

Entrench Palantir, and the nation’s most sensitive data rests on nothing but trust.

This is a warning about a foreseeable danger, not a claim that it has already happened. But the pattern — embed, entrench, expand — is documented, and once Palantir runs the systems, no technical control stands between the data and the people described above. Only trust does. So ask three questions.

If a billionaire believed democratic government should be overturned, and happened to hold a nation’s most sensitive data, what might he do with it?

This is not a hypothetical billionaire. Palantir’s chairman has written that freedom and democracy are incompatible, funds the movement that wants to replace elected government with a CEO-king, and thinks the NHS should not exist. The health records of sixty million people — their diagnoses, their medications, their histories — are exactly the kind of leverage that political project has never had before. At contract award, specialists warned the real danger was “mission creep”: the argument that the job could be done a little better with a little more data. Once that has run its course, the only thing standing between the data and its misuse is his company’s good faith.

An IT specialist warned the main threat is "mission creep" — the push to justify access to ever more data.

pharmaphorum, "Concerns voiced as Palantir wins £330m NHS data contract," 2023. link

Peter Thiel, "The Education of a Libertarian," Cato Unbound, 2009. link

If a US president set out to strong-arm a foreign government, would he refrain from reaching into its citizens’ private data — data already sitting in an American company’s hands?

The question is not whether he could: the CLOUD Act and FISA 702 give him the reach, and no NHS contract clause can take it away. The question is whether he would hold back — and the current administration has already answered it. It sanctioned the ICC’s chief prosecutor by executive order and cut him off from his own email to make an institution bend. A government willing to do that to an international court will not agonise over a database of foreign medical records, if the day comes when Britain has something it wants.

The saga shows how deep dependencies on US technology companies can be weaponised for political objectives.

Justice Info, "How sanctions can weaponize US tech against the ICC," March 2026. link

The White House, Executive Order 14203, 6 February 2025. link

Congressional Research Service on the CLOUD Act's reach (R45173). link

Would we hand this data to a Chinese or Russian company? If not, what exactly is the difference?

The difference is an assumption: that America is an ally and will stay one. It used to be a solid assumption. But the past eighteen months have brought things that were inconceivable five years ago — a US president sanctioning the International Criminal Court’s prosecutor, an American company switching off his email, Europe openly debating whether its data is safe in American hands. The alliance the contract quietly depends on is being renegotiated in real time. Nobody can say what it will look like in another five years; the data, and the dependence, will still be there.

The ICC episode set Brussels on edge over the extraterritorial reach of the CLOUD Act.

Lawfare (Theodore Christakis), "When Governments Pull the Plug," September 2025. link

Microsoft telling French lawmakers it "cannot guarantee" protection from US demands, July 2025. link

And if the answer some day becomes “leave”, we may find that we cannot.

The exit is the weakest point of all. Palantir’s own terms convey no ownership rights to the customer; the NHS contract leaves it with no software and no intellectual property; and switching off tools already woven into live services — cancer pathways among them — would break those services. In June 2026 a Commons committee called the UK’s growing reliance on Palantir “an unacceptable point of weakness” and warned the country was “seriously exposed” to vendor lock-in. Dependence, once complete, is hard to tell apart from control.

Britain's reliance on Palantir is "an unacceptable point of weakness"; the country is "seriously exposed" to vendor lock-in.

Commons Science, Innovation and Technology Committee report, via The Register, June 2026. link

Palantir's own Terms and Conditions: "No ownership rights are conveyed to Customer." Palantir T&Cs

medConfidential on operational lock-in: "Turning off Cancer360 means breaking cancer pathways," June 2026. link