Britain had allowed itself to become dependent on a single vendor for systems it could not afford to lose.
In the spring of 2026, Britain found itself confronting a question that modern democracies have been slow to ask: when a nation's most intimate data — the health records of its sick, the firearms registry of its police — flows through systems owned by a foreign company, who truly governs? UK lawmakers have challenged two Palantir contracts worth over £339 million, covering NHS patient records and a national police firearms database, arguing that the arrangements represent not merely a security risk but a quiet surrender of sovereignty. The episode invites a deeper reckoning with how states have allowed the architecture of governance to drift into private, foreign hands without public deliberation or democratic consent.
- A £330M NHS deal and a £9M police firearms database contract have placed the health records of millions and the registry of licensed weapons in the hands of a single US technology firm — with little prior parliamentary debate.
- Lawmakers are sounding the alarm over what they call an 'unacceptable' dependency: if Palantir fails, degrades its service, or faces pressure from US authorities, Britain has no domestic alternative ready to step in.
- The spectre of 'enshittification' — the gradual, quiet deterioration of a service once a vendor has locked in a client — is being named openly in political circles as a systemic risk to critical national infrastructure.
- A legal fault line runs beneath the contracts: as a US-incorporated entity, Palantir could be compelled by American law to hand over British patient or police data, leaving the UK with limited legal recourse.
- Parliament is now pushing for renegotiated terms, enforceable data sovereignty guarantees, and a more rigorous vetting process — signalling that the era of quietly signed tech mega-contracts may be drawing to a close.
By spring 2026, two contracts had placed some of Britain's most sensitive data under the stewardship of Palantir Systems, a US technology firm. One deal, worth £330 million, handed the company management of NHS patient records — diagnoses, prescriptions, medical histories belonging to millions of people. A second, smaller contract gave Palantir control of the national police firearms database. Neither arrangement had emerged from meaningful public debate, and when the details became widely known, Parliament reacted sharply.
The criticism moved along two tracks. The first was practical: Palantir, however capable, is a foreign entity subject to US law. Should American authorities demand access to NHS or police data, Britain's legal position would be precarious. The second concern was strategic. By concentrating so much critical infrastructure in a single vendor, the country had created a dependency it could not easily escape — a vulnerability that critics described using the term 'enshittification,' the gradual degradation of service that can follow once a client is locked in with no alternative.
The firearms database sharpened the stakes further. A national registry of licensed weapons and their owners is security infrastructure of the first order. Its failure or compromise would not be an administrative inconvenience — it would ripple through law enforcement operations across the country.
What troubled many lawmakers most was the process, or the absence of one. These contracts had been signed with little fanfare and less scrutiny. Only after the fact did Parliament begin asking whether anyone had properly weighed what was being given away.
As summer approached, the political temperature was rising. Lawmakers signalled their intention to push for renegotiated terms, stronger data sovereignty protections, and a more rigorous framework for future contracts of comparable sensitivity. The Palantir episode had exposed something larger than a procurement misstep — it had revealed how thoroughly the infrastructure of modern governance had drifted into foreign private hands, and how few mechanisms existed to pull it back.
In the spring of 2026, British lawmakers began raising alarms about a pair of contracts that had quietly handed control of some of the country's most sensitive data to Palantir Systems, a US-based technology firm. The company had secured a £330 million deal to manage NHS records—the health information of millions of patients—and a separate £9 million contract to operate the police national firearms database. The scale of these arrangements, and the questions they raised about who controlled Britain's most critical systems, prompted a sharp rebuke from Parliament.
The concern was not merely about data security, though that loomed large. Politicians flagged what they called an "unacceptable" risk: the degree to which the country had become dependent on a single American technology company for infrastructure that touched the lives of nearly every citizen. If something went wrong—whether through technical failure, breach, or the kind of gradual degradation of service that critics termed "enshittification"—there was no clear British alternative waiting in the wings. The NHS records alone represented a vulnerability of staggering proportions. Patient data, diagnoses, prescriptions, medical histories: all of it now flowed through systems owned and operated by a foreign firm.
The police firearms database presented a different but equally acute problem. The national registry of licensed firearms, the people permitted to carry them, and the weapons themselves—this was security infrastructure of the first order. Entrusting it to Palantir meant that a foreign company held a key to one of Britain's law enforcement systems. If that system failed, or if access were somehow compromised, the consequences would ripple through police operations across the country.
What made the situation particularly fraught was the lack of transparency around how these contracts had come to be. The deals had not emerged from public debate or parliamentary scrutiny. They had been negotiated and signed with relatively little fanfare, and only when the arrangements became public did lawmakers begin asking hard questions about whether anyone had properly weighed the risks.
The criticism centered on two distinct but related anxieties. The first was practical: data security and system reliability. Palantir was a capable firm, but it was also a foreign entity, subject to US law and US government pressure. If American authorities demanded access to NHS records or police data, what legal recourse would Britain have? The second anxiety was strategic. Britain had allowed itself to become dependent on a single vendor for systems it could not afford to lose. That dependency was itself a weakness—a point of leverage that could be exploited, or simply a single point of failure that could cripple critical services.
Parliamentarians began calling for stronger safeguards, clearer data protection protocols, and a fundamental rethinking of how Britain approached contracts for sensitive infrastructure. Some suggested that the government should explore alternatives, or at least ensure that it retained the ability to move away from Palantir if circumstances demanded it. The broader question—whether Britain should be outsourcing control of its health and security systems to any foreign company—hung over the debate.
As summer approached, the expectation was that parliamentary scrutiny would intensify. Lawmakers signaled they would push for renegotiation of the terms, stronger guarantees around data sovereignty, and a more rigorous process for vetting future contracts of this magnitude. The Palantir deals had exposed a gap in how Britain thought about its relationship with technology companies and the infrastructure those companies now controlled. Closing that gap would require difficult conversations about what it meant to govern a country whose most sensitive systems were increasingly dependent on foreign firms.
Notable Quotes
Britain's reliance on a US technology company for critical health and security systems represents an unacceptable strategic weakness— UK lawmakers, via parliamentary statements
The Hearth Conversation Another angle on the story
Why did this become a scandal now, rather than when the contracts were first signed?
Because the contracts were signed quietly, without the kind of public debate that would normally accompany such a decision. It was only when people started paying attention that the full scope of what had been handed over became clear.
What exactly is the risk here? Palantir is a legitimate company.
Legitimacy isn't the issue. The risk is dependency. If Palantir fails, or if the US government demands access to the data, Britain has no backup plan and limited legal recourse. You've put all your eggs in one basket.
But surely the NHS and police vetted the company before signing?
Apparently not thoroughly enough, or not with the right questions in mind. The politicians are saying the vetting process itself was inadequate—that nobody properly weighed whether Britain should be outsourcing control of health records and firearms databases to a foreign firm at all.
What does "enshittification" mean in this context?
It's the gradual degradation of a service over time. A company starts out good, then slowly cuts corners, raises prices, or reduces quality once customers are locked in. With critical infrastructure, you can't just switch providers.
What happens next?
Parliament will push back. Expect demands for renegotiation, stronger data protections, and probably a broader review of how Britain awards contracts for sensitive systems. The government may have to prove it can exit these deals if needed.
Could this actually be reversed?
Theoretically, yes. But it would be messy and expensive. That's partly why the politicians are so angry now—they're trying to prevent a situation where Britain becomes trapped.