On 21 May 2026, London Mayor Sadiq Khan blocked what would have been Palantir’s biggest contract with UK police: a 50 million pound deal for AI-powered intelligence analysis across the Metropolitan Police.
Khan cited a “clear and serious breach” of procurement rules. The Met had not submitted its procurement strategy to the Deputy Mayor for Policing and Crime for approval, as required. Khan’s office also flagged risks of vendor lock-in and questioned whether the deal demonstrated value for money.
On the surface, this is a procurement story. Underneath, it is about something much bigger.
The Scale of Palantir in UK Government
An investigation by The Nerve, published in February 2026, identified at least 34 current and past UK state contracts across at least 10 government departments with Palantir, totalling a minimum of 670 million pounds. That figure is likely higher. Multiple contracts remain unacknowledged or heavily redacted.
The major ones include:
- NHS Federated Data Platform (FDP): 330 million pounds over seven years, awarded November 2023
- Ministry of Defence: 240.6 million pounds for data integration, analytics, and AI platforms, signed December 2025
- Met Police (blocked): 50 million pounds for AI-powered criminal intelligence
That is over 620 million pounds across just three contracts with a single US-headquartered company. A company whose software, by its own documentation, is designed to be deeply integrated and difficult to remove.
The NHS Break Clause
The NHS FDP contract has a break clause on 15 February 2027. Government officials have begun quietly exploring the technical process of removing Palantir from NHS systems.
The British Medical Association passed a motion opposing the FDP rollout based on concerns about data governance, privacy, and NHS independence. In February 2026, the BMA told doctors to limit their engagement with the platform. Their briefing warned that the “highly interoperable nature” of Palantir’s software could enable “data-driven state abuses of power.”
NHS users have reported that the platform is “awful to use.” MPs, unions, and pressure groups have joined the pushback. Palantir’s UK boss has been publicly urging the government to keep the contract.
The decision on whether to trigger the break clause is expected later in 2026.
The Sovereignty Question Nobody Is Asking Loudly Enough
Here is what sits beneath the procurement arguments and usability complaints.
Palantir is a US company. It is subject to the US CLOUD Act. Its software handles some of the most sensitive data the UK government holds: patient health records, criminal intelligence, military operations data.
Chi Onwurah, chair of the Commons Science and Technology Committee, welcomed Khan’s intervention, saying authorities needed to guard against “vendor lock-in” and excessive reliance on overseas suppliers. The phrasing is diplomatic. The concern is jurisdictional.
When the Dutch government blocked Kyndryl from buying their national ID host, they cited the CLOUD Act explicitly. When France banned US videoconferencing from government use, they cited the same law. The UK has not yet had that explicit conversation at the policy level, but individual decisions, Khan blocking the Met deal, the BMA pushing back on the FDP, keep bumping into the same underlying question.
Who controls the data? And who can compel access to it?
What This Means for IT Professionals
The UK government does not have an overarching digital sovereignty policy. A landmark report by the Open Rights Group in April 2026 warned of a “crisis of digital dependency.” Green Party MP Sian Berry has tabled an early day motion calling for a UK digital sovereignty strategy.
Whether that strategy materialises or not, the skills required are clear. Monitoring, intelligence dashboards, security baselines, log aggregation, data analysis. All of these can be built on open-source tools without jurisdictional complications.
You do not need Palantir to build an intelligence dashboard. You need Grafana, Prometheus, structured logging, and the security fundamentals to protect it.
Try It Yourself
The underlying capabilities that make platforms like Palantir valuable, data aggregation, visualisation, pattern detection, security monitoring, are all achievable with open-source tooling. The difference is who controls the infrastructure.
- Grafana and Prometheus for Homelab Monitoring shows you how to build the same kind of data visualisation and alerting infrastructure that underpins intelligence platforms, on hardware you control.
- SSH Server Hardening covers securing the access layer, because a monitoring platform is only as trustworthy as the infrastructure it runs on.
- Secure Linux Servers with Ansible automates the security baseline across your entire environment, the same principle as hardening production infrastructure at scale.
670 million pounds. One vendor. One jurisdiction. The question is not whether the UK will eventually address this. The question is whether IT professionals will be ready when it does.
Sources: Novara Media, Computing, The Nerve, Digital Health
ReadTheManual is run, written and curated by Eric Lonsdale.
Eric has over 20 years of professional experience in IT infrastructure, cloud architecture, and cybersecurity, but started with PCs long before that.
He built his first machine from parts bought off tables at the local college campus, hoping they worked. He learned on BBC Micros and Atari units in the early 90s, and has built almost every PC he’s used between 1995 and now.
From helpdesk to infrastructure architect, Eric has worked across enterprise datacentres, Azure environments, and security operations. He’s managed teams, trained engineers, and spent two decades solving the problems this site teaches you to solve.
ReadTheManual exists because Eric believes the best way to learn IT is to build things, break things, and actually read the manual. Every guide on this site runs on infrastructure he owns and maintains.
Enjoyed this guide?
New articles on Linux, homelab, cloud, and automation every 2 days. No spam, unsubscribe anytime.