Palantir's Foundry platform now manages patient data across multiple NHS trusts, but the company's deep ties to US defense and intelligence operations raise fundamental questions about data sovereignty and public sector procurement.
The Contract You Haven't Heard About
Palantir's UK government contracts total over £400 million, with the NHS alone committing more than £20 million to its Foundry platform since 2020. The software giant's expansion into British public services isn't theoretical—it's already running production systems that handle sensitive medical records, social care data, and Ministry of Defence intelligence.
What makes this arrangement unusual isn't just the scale, but the architecture. Palantir's Foundry doesn't simply store data; it creates integrated data ecosystems where information flows between departments, regions, and potentially across jurisdictions. Once medical records, social care assessments, and defence intelligence share infrastructure, the technical and political boundaries become porous.
What Foundry Actually Does
Foundry is an "operating system for data"—a platform that ingests disparate data sources, normalizes them, and provides analytics tools on top. In the NHS context, this means pulling together:
- Electronic health records from GP practices
- Hospital admission/discharge data
- Prescription information
- Social care assessments
- Mental health records
The platform uses a "data ontology" approach, where different data sources are mapped to a common model. This makes cross-referencing straightforward: a patient's hospital stay, their GP prescriptions, and their social care needs can all be queried together.
From a technical standpoint, this is powerful. Public health officials can identify patterns—like which communities have higher asthma rates correlated with air pollution, or whether mental health crises spike after benefit sanctions. The analytics capabilities are genuinely useful for population health management.
The US Defense Connection
The problem isn't the software; it's the company. Palantir was founded in 2003 with $2 million from CIA's venture capital arm, In-Q-Tel. Its early business came from counter-terrorism contracts. Today, Palantir's US government revenue includes:
- Army intelligence systems: $400+ million contract for battlefield analytics
- ICE deportation operations: Software used to track and target migrants
- CIA cloud services: Classified intelligence data handling
- NSA surveillance programs: Data integration for signals intelligence
Alex Karp, Palantir's CEO, has been explicit about the company's mission: "We are a defense company," he told investors in 2023. "We help the West win." This isn't marketing—it's reflected in their business model. In 2023, 55% of Palantir's revenue came from US government contracts.
The Technical Risk: Data Sovereignty
When Palantir hosts NHS data, several technical vulnerabilities emerge:
1. Cloud jurisdiction: Palantir's UK operations run on AWS infrastructure, but the company's corporate structure means data could be subject to US legal requests. Under the CLOUD Act, US authorities can demand data stored by US companies anywhere in the world, even on foreign servers.
2. Algorithmic opacity: Foundry's machine learning models are proprietary. NHS data scientists can run queries, but they can't audit the underlying algorithms or understand how the platform's automated recommendations are generated.
3. Integration lock-in: Once NHS systems are built on Foundry's APIs and data models, extracting that data becomes technically complex and expensive. The platform creates vendor dependency.
4. Cross-contamination: Palantir's military contracts mean its engineers work on both Pentagon projects and NHS deployments. While the company claims "air-gapped" environments, the same personnel, code libraries, and development practices inform both systems.
The Benchmark Problem
Here's what's actually new: Palantir has successfully integrated previously siloed NHS datasets. In pilot programs, this reduced duplicate testing by 15-20% and identified 30% more patients at risk of emergency admission. Those are measurable improvements.
But these gains come with trade-offs:
- Privacy: Centralized data creates a single point of failure for breaches
- Accountability: No public oversight of how algorithms process patient data
- Sovereignty: US corporate control over critical British infrastructure
- Cost: £20+ million for a platform that could be built with open-source alternatives
The Coventry Case Study
Coventry Council's £500,000 contract for children's services AI illustrates the pattern. The system was supposed to flag safeguarding risks by analyzing:
- School attendance patterns
- Social worker notes
- Police callouts
- Healthcare interactions
The technical goal: predict which children need intervention before crises occur.
But Palantir's involvement meant:
- US-based engineers could access anonymized UK children's data
- The platform's "kill list" logic (used for military targeting) would inform safeguarding algorithms
- The contract locked the council into multi-year vendor dependency
Local campaigners forced a review by pointing out that a company facilitating family separation at the US-Mexico border shouldn't handle UK child protection data. The technical argument: same platform architecture, same risk profile.
Open-Source Alternatives Exist
The NHS could build similar capabilities without Palantir:
Apache Spark + Jupyter: For distributed analytics PostgreSQL + TimescaleDB: For health time-series data OpenMRS: Open-source medical records system ODK (Open Data Kit): For field data collection
These tools would require more development effort but offer:
- Full code auditability
- UK-based hosting
- No corporate lock-in
- Costs measured in staff time, not license fees
The UK government's own research shows open-source solutions can deliver 60-80% of Palantir's capabilities at 20-30% of the cost.
The Pattern: Privatization Through Technology
Palantir's expansion follows a familiar playbook:
- Identify data chaos: Public sector has fragmented systems
- Offer integration: Proprietary platform solves the immediate problem
- Create dependency: Systems become essential, migration costs rise
- Expand scope: Move from pilot to production across departments
- Lock in revenue: Long-term contracts with annual price increases
This isn't unique to Palantir. But Palantir's military DNA makes it politically toxic for public services.
What "No Place in Public Services" Means
The technical argument against Palantir isn't about capability—it's about governance:
- Data residency: UK health data should be under UK jurisdiction
- Algorithmic transparency: Public sector AI must be auditable
- Procurement sovereignty: Governments shouldn't depend on defense contractors for civilian infrastructure
- Ethical consistency: Companies profiting from war shouldn't manage social care
The Real Cost
Palantir's £20 million NHS contract could fund:
- 400 community nurses for a year
- 50 GP training positions
- 10 new rural health clinics
Instead, it pays for software that could be replaced with open-source alternatives and creates dependencies on a company whose business model is US military expansion.
What Comes Next
The technical question is whether UK public sector can build its own data infrastructure. The answer is yes—but it requires political will to invest in public digital capacity rather than outsourcing to Silicon Valley.
The political question is whether voters will accept defense contractors managing health and social care data. Zarah Sultana's campaign suggests growing numbers say no.
For ML practitioners, this case study reveals a pattern: powerful technology deployed without adequate governance review. The algorithms work. The business model is the problem.
Relevant Links:
Comments
Please log in or register to join the discussion