Britain is trying to build a more digital state. That aim makes sense. Public services already run on records, databases, booking systems, cloud storage and software contracts.
Hospitals need better ways to manage waiting lists. Councils need working case systems. Government departments need information to move safely between teams. Technology can make those services faster and less wasteful.
The risk starts when a private supplier becomes hard to remove.
A House of Commons committee has warned that parts of the public sector are becoming too dependent on a small number of large technology companies. It names Palantir, Microsoft and Amazon Web Services. Palantir receives the strongest criticism because of its growing role in UK public services, including the NHS Federated Data Platform.
The committee describes Palantir’s position as an “unacceptable point of weakness”. That phrase is doing important work. It is about control.
A supplier can be useful, lawful and competent while still creating a long-term public risk. The risk grows when the public body struggles to switch provider, inspect the system, move the data, or rebuild the work inside the public sector.
This is vendor lock-in.
Vendor lock-in means the buyer becomes trapped by the system it has bought. Switching supplier may cost too much, staff may be trained around one platform, data may be organised in a way that makes transfer difficult, and competing suppliers may struggle to bid because the first company already understands the machinery of the service.
The contract remains public. The practical power starts to move elsewhere.
The NHS Federated Data Platform shows why this matters. NHS England says the platform is meant to connect information across the NHS and help with patient care, waiting lists, theatre use, discharge planning and other pressures.
Those are real problems. NHS staff often work around old systems that waste time and hide information. A better data platform could help hospitals spot blocked capacity and plan care more safely.
The issue is control over the platform once it becomes part of daily NHS work.
The Federated Data Platform contract was awarded to a consortium led by Palantir. It is worth £330 million over a maximum seven-year period. The committee says the first three-year period ends in February 2027, when there is a break clause.
It recommends using that break clause and preparing either an in-house replacement or a UK-owned and UK-based alternative. That recommendation is serious. MPs are asking the government to build a way out.
Public services need exit power.
Exit power means a hospital, council or government department can leave a supplier without damaging the service. Patient care, benefits, tax systems, local services and public safety should keep working if a contract ends or a supplier changes direction.
Without that power, public accountability becomes weaker. A minister can promise reform while the operational knowledge sits with a contractor. A department can promise value for money while the supplier gains pricing power. Parliament can ask questions while key details remain inside commercial contracts, proprietary systems and technical arrangements most people cannot see.
This is why the Palantir warning reaches beyond Palantir.
The company matters because the committee singled it out. Palantir has links to military, intelligence and immigration work in the United States. Its co-founder Peter Thiel has made hostile comments about the NHS. The committee says this creates a poor fit with UK public-service values.
Palantir rejects the criticism. It says it supports democratically elected governments and that NHS data belongs to the NHS.
Those points deserve to be stated plainly. The sharper public question is still about dependence. A supplier gains power when a service relies on it every day. That can happen even when the contract is followed.
Digital government is also about more than better websites. A health data system can shape how patients move through care. A benefits system can shape who receives support and how quickly. A digital identity system can shape how people prove who they are.
These systems do administrative work, but they also affect ordinary people’s rights, access and daily life. The state should know who can inspect the code, who can access the data, where that data is held, who audits the system, and how easily the service can move to another supplier. These are public questions because the systems are public systems.
The committee’s warning about Microsoft and Amazon Web Services broadens the issue. Britain’s public sector often lacks enough internal digital skill. Old systems need repair. Departments buy technology separately. Procurement tends to favour large suppliers because they look safer and can handle complex bids.
That can create a cycle. Public bodies lose technical capacity. They buy more from outside suppliers. Those suppliers become more embedded. Rebuilding public capacity then becomes harder.
Over time, the state can lose software control and institutional knowledge at the same time. That is the hidden cost of weak digital reform.
The public is promised faster services, lower costs and better planning. Those gains are possible. They become fragile when the state depends on systems it cannot properly inspect, understand or replace.
Private technology can have a useful place in public services. Old public systems also need serious repair. The test is whether the public sector keeps enough control to act in the public interest.
That means stronger contracts, open standards, better public-sector technical skill, clear audit rights, data portability and a credible exit plan before a system becomes essential.
The public should still be able to see who is responsible. Staff should still be able to challenge bad systems. Parliament should still be able to scrutinise major contracts. Patients and citizens should still have rights they can use.
A supplier that becomes impossible to leave has moved beyond an ordinary contract. It has become part of the state’s machinery.
Digital reform can improve public services, but only when public control is built in from the start. The Palantir warning shows what happens when that control is treated as a detail for later.
One contract at a time, the public sector can become dependent on private systems that increasingly shape public life.
The real test is simple: can the public service still walk away?