Palantir’s fight over NHS patient data is no longer just a health service privacy dispute. It is becoming a test of how far governments are willing to let private AI vendors into public infrastructure.
Palantir has spent years trying to make itself indispensable to governments. In Britain, that strategy is now running into a harder question: who should be trusted with the most sensitive public data when the software promise is speed, scale and better decisions?
The latest flashpoint is NHS England’s Federated Data Platform, the national system built to connect health data across a fragmented service. MPs have warned that allowing Palantir and other external contractors access to identifiable patient information before it is pseudonymised is dangerous, and the timing matters. The criticism landed days before London mayor Sadiq Khan blocked a proposed £50 million Palantir contract with the Metropolitan Police, citing a serious breach of procurement rules.
This is not the same contract, and the issues are not identical. But taken together, they point to a more difficult environment for companies selling AI and analytics into public services. The question is no longer whether the technology can do useful work. It is whether the public believes the governance around it is strong enough.
NHS England awarded Palantir a seven-year contract worth up to £330 million in 2023 to help build and run the Federated Data Platform. The official argument is straightforward. The NHS sits on vast amounts of operational data, but too much of it is trapped in separate systems. A shared platform could help manage waiting lists, theatre capacity, supply chains and planning across local and national services.
That is a real problem. Anyone who has dealt with a large public health system knows that poor data flow can waste money and slow care. Better information can make hospitals more efficient and give managers a clearer view of pressure points before they become crises.
But health data is not ordinary enterprise data. It includes details that people disclose because they have little choice. The public does not hand this information to the NHS in the same way a customer signs up for a software product. That changes the burden of proof for every vendor involved.
According to the Guardian’s reporting on the NHS row, the concern centres on access to the National Data Integration Tenant, the part of the platform that holds information before it is pseudonymised. NHS England’s own privacy material identifies Palantir Technologies UK Ltd as a processor acting on behalf of NHS England, while also saying that most national products will usually use data that does not identify individuals.
That distinction is where the controversy lives. If the system is designed around privacy enhancing technology and de-identified information, then any route to identifiable data needs to be tightly explained, narrowly controlled and independently credible. It is not enough to say access is logged or operationally necessary. In public health, confidence is part of the infrastructure.
Palantir is facing a wider public sector backlash
The Metropolitan Police dispute shows how quickly technical procurement can become political risk. Khan blocked the proposed £50 million deal after City Hall said the process had failed to properly consider alternatives. Palantir responded by accusing him of putting politics above public safety, which gives a clear sense of how high the stakes have become.
For Palantir, Britain is an important market because it validates the company’s broader public sector pitch. The company is not selling a narrow tool that sits quietly in one department. It sells operating systems for complex institutions, the kind that can become deeply embedded once adopted. That is attractive to governments trying to modernise old systems, but it also raises the cost of getting trust wrong.
The reputational issue is sharpened by Palantir’s wider history. Critics regularly point to its work with defence, intelligence and immigration agencies, especially in the United States. Supporters argue that those associations do not make the company unfit for health or policing work. Both points can be true, but only one matters commercially if public bodies start deciding that the political cost is too high.
This creates an opening for rivals. A vendor that can offer stronger privacy architecture, clearer data minimisation, local control and transparent auditability will have a better argument in Europe than one that simply promises powerful analytics. The winning pitch may be less about AI ambition and more about institutional restraint.
There is also a lesson here for startups chasing government contracts. Public sector deals can look attractive because they are large, sticky and prestigious. But they come with scrutiny that normal enterprise sales rarely face. The more sensitive the data, the more the vendor becomes part of a public trust debate.
The NHS needs better systems, and the Met Police may well need better intelligence tools. That does not automatically settle who should build them or how much access contractors should have. The next phase will turn on governance: procurement that can survive challenge, privacy controls that people can understand, and contracts that do not ask the public to accept trust as an article of faith.
For AI companies, this is the practical takeaway. In public infrastructure, technical capability gets you into the room. Trust decides whether you stay there.
Also read: Huawei shows how AI storage can route around chip sanctions • Uber is testing how much delivery consolidation regulators will tolerate • Tech layoffs pass 100,000 as companies fund AI ambitions
