Tipstour - stock.adobe.com
Palantir: Can anyone else do what it does?
Palantir is a US defence-intelligence company, born from the CIA's venture arm that now operates inside the UK public sector. We examine the claim that its technology does what no other supplier can
Founded in 2003 with seed funding from the CIA’s venture arm, In-Q-Tel – a body whose explicit purpose is to bridge the gap between Silicon Valley and the US intelligence community – Palantir Technologies now holds contracts with the Metropolitan Police and runs the NHS Federated Data Platform (FDP), a system that touches the health records of 67 million people.
At the Met police, its Culture Standards and Integrity Ecosystem (CSIE) pilot – a Palantir Foundry-based platform – ingested sickness records, complaint histories, custody data and stop-and-search records across more than 50,000 current and former staff.
Meanwhile, the NHS Federated Data Platform is a £480m, seven-year contract to connect data across NHS trusts that aims to track and optimise data points such as patient flows, bed occupancy, theatre utilisation, waiting lists and discharge pathways.
This has not been without some pushback, however. Two Parliamentary committees have urged the government to scrap the NHS deal, while the London Mayor’s block on the Met’s deployment will soon be contested in court by Palantir.
But in both cases, the claim from government buyers and the supplier provides a consistent theme: Palantir delivers capabilities no other can match.
This article examines what Palantir is, how its technology works at the component level, which UK and European suppliers offer comparable – and, in some cases, identical – capabilities, and whether the claim that “only Palantir can do this” survives a detailed comparison.
The answer matters because the UK is now at a decision point: in February 2027, the government can exercise a break clause in the FDP contract – and the Science, Innovation and Technology Committee has urged it to do exactly that.
From In-Q-Tel to NHS
Palantir was co-founded by Peter Thiel, Alex Karp, Stephen Cohen and Joe Lonsdale. Thiel’s vision, articulated across years of essays and interviews, framed technology as a geopolitical weapon – an instrument of national power, not a neutral utility. In-Q-Tel’s $2m investment in 2004 embedded the company inside the US intelligence community from its first days.
The original product, Gotham, was built for and deployed by the CIA and special forces. It fused data from signals intelligence, human intelligence and geospatial sources into a single analytical environment to enable analysts to perform link analysis, pattern-of-life surveillance and target identification.
It was deployed in Iraq and Afghanistan for counter-IED [improvised explosive device] operations. In 2016, Palantir successfully sued the US Army when it was passed over for contracts. In 2019, it took over Project Maven, the Pentagon’s AI-driven drone targeting programme, when Google withdrew after an employee revolt.
Today, Palantir’s government footprint spans all six branches of the US military, 36 federal agencies, the Israeli military – which has used the technology to plan attacks in Gaza and Lebanon – and police forces in the UK, Germany, Australia and Denmark. In a New York Times profile, CEO Alex Karp said: “Our weapons software is in every combat situation I’m aware of.”
The company’s financial trajectory reflects this government-first orientation. In FY2025, Palantir reported $4.5bn in revenue – up from $2.9bn the prior year – with 54% from government customers. It serves 954 customers, with 74% of revenue from the United States.
In the prior fiscal year, the top 20 customers generated an average of $64.6m each, while total remaining deal value grew 40% to $5.4bn. The numbers describe a company with extreme customer concentration, overwhelmingly dependent on US government spending, but rapidly diversifying into international and commercial markets.
What Palantir really sells
Palantir’s product offer spans four platforms, but the one deployed at the Met and NHS is named Foundry. Understanding what Foundry does – at the component level – is essential to evaluating whether it is genuinely unique.
Pipeline Builder is Foundry’s data integration layer. It ingests structured and unstructured data from databases, application programming interfaces (APIs), spreadsheets, sensor feeds and legacy systems. It transforms, cleans and models that data into a consistent format. This is a well-understood category: Informatica, Fivetran, dbt, Azure Data Factory, AWS Glue, and UK-founded suppliers such as SnapLogic and Matillion all perform the same function.
“The Ontology” is Palantir’s architectural centrepiece and the source of most claims about uniqueness. Unlike a traditional data warehouse – where data lives in tables defined by schemas – the Ontology maps digital objects to real-world counterparts: a “hospital bed”, a “police office”, a “waiting list”, a “complaint.” It defines semantic relationships between these objects. An analyst – or an AI agent – does not query table joins, they work with concepts that correspond to how the organisation thinks about its operations.
The Ontology also provides a write layer: applications built on Foundry can trigger transactional updates back to source systems, not merely read data. This read-write semantic model is what Palantir means when it describes Foundry as an “operating system for the enterprise”.
Workshop is the application layer. It provides a low-code application-building layer for operational applications – such as “hospital operations” for the NHS – that run on the Ontology. These are workflow tools where users can schedule interventions, flag risks, update records and trigger actions that write back to underlying systems.
What is Ontology – and who else builds one?
In enterprise data platforms, three terms describe different levels of the same idea as we move from raw data to a model of the real world.
A knowledge graph stores data as a network of entities (nodes) and relationships (edges). Instead of tables with rows and columns, it represents “Officer A (a node) is connected to Complainant X (a node), which involves Incident M (an edge)”. The leading graph database is Neo4j (Sweden/US); others include TigerGraph (US), Amazon Neptune and Microsoft Graph Engine.
A semantic layer sits on top of a knowledge graph – or any data source – and defines what those entities mean in business terms. It translates database columns into concepts such as “bed occupancy rate” or “officer sickness pattern.” Suppliers include AtScale (US), Cube.dev (US) and dbt Semantic Layer (US).
Ontology – in Palantir’s usage – combines both, plus an operational workflow layer. It not only models the world but allows applications to act on that model – flag a risk, schedule an intervention, update a record. Palantir’s Ontology is a read-write semantic knowledge graph that human analysts and AI agents interact with.
This is not magic. It is a well-understood architectural pattern that combines graph storage, semantic modelling and API-driven operations which Palantir has pre-integrated more tightly than any competitor.
But sovereign alternatives exist:
- DataWalk (Poland) – explicitly positions its ontology-based link analysis as a Palantir alternative for government intelligence.
- Scrydon (EU) – sovereign ontology platform designed to run on open table formats inside the customer’s own perimeter, from air-gapped on-premise to cloud.
- Itemis Analyze (Germany) – European governance layer for data-driven decision-making, marketed as a sovereign alternative to Foundry.
- d.AP (EU) – ontology-driven operational intelligence platform.
None matches Palantir’s full breadth of pre-integrated components – but none carries US Cloud Act jurisdictional exposure either.
Apollo handles deployment. It delivers Foundry and Gotham to multicloud, hybrid-cloud, on-premise, air-gapped and edge environments – managing CI/CD [continuous integration and continuous delivery/deployment], updates and failover autonomously. This is the infrastructure layer that lets Palantir deploy to environments where internet connectivity is intermittent or prohibited.
Artificial Intelligence Platform (AIP) adds LLM-augmented agents and automations on top of the Ontology. Rather than dropping raw data into a language model – the approach that creates the governance nightmares most enterprises fear – AIP gives LLMs governed, access-controlled queries to semantic objects. The model asks the Ontology for what it needs, under the same permissions as any human analyst.
How it works in UK practice
The Met Police CSIE pilot, which ran from October 2025 to April 2026, brought together data from Centurion – the force’s system for recording public complaints, conduct allegations, grievances and civil claims – alongside sickness records, HR data, duty-rostering, custody data and stop-and-search interactions. The target population exceeded 50,000 current and former staff. Foundry ingested this data, built an Ontology mapping officers to behaviours, complaints and organisational units, and surfaced approximately 90 metrics across three tiers of prevention.
The results were dramatic. Within a week of roll-out, the Met’s Professionalism Directorate identified hundreds of potential misconduct breaches and several alleged criminal offences including abuse of authority for sexual purposes, fraud and sexual assault. Two officers were arrested. Another 98 were assessed for misconduct and 500 received prevention notices after being flagged for abusing the IT duty-rostering system.
A Met spokesperson told Computer Weekly: “Our pilot with Palantir allows the Met, for the first time, to bring together data it already lawfully holds in one place.”
But the Data Protection Impact Assessment (DPIA) – obtained by Computer Weekly in June 2026 – revealed significant governance gaps, and the Met’s data protection officer noted it was “not currently clear” whether Palantir would retain Met Police data after the pilot or use it for its own AI model training.
The NHS Federated Data Platform contract was awarded in November 2023 to a consortium led by Palantir that includes Accenture, PWC, Carnall Farrar and NECS. The contract was originally reported at £330m over seven years, later described as £480m. It is a cloud-based SaaS platform built on Foundry’s Ontology that maps NHS concepts – patients, beds, appointments, clinicians, Trusts – as linked objects.
NHS England estimated the FDP will deliver returns of five times its cost. But Greater Manchester Integrated Care Board reported the FDP “does not currently have any system-level products that offer the same or better functionality compared to the custom-built system already in use for NHS GM”.
Meanwhile, the British Medical Association (BMA) voted to oppose the roll-out at its June 2025 annual meeting. South Warwickshire NHS Foundation Trust has declined adoption. In July 2026, the Health and Social Care Select Committee urged the government to scrap the contract entirely.
The future of the FDP contract with Palantir is under scrutiny. Cross-party MPs, including the Health and Social Care Select Committee and the Science and Technology Committee, have pushed for the NHS to invoke a break clause in February 2027 to replace Palantir with UK-based alternatives or an in-house alternative.
The comparison test: who else can do this?
Here, we are not looking at the question of whether the company’s platform works – it does, although MPs have questioned reported outcomes. The question is whether it contains unique components – and whether any UK or European supplier could assemble equivalent capability without the jurisdictional baggage of a US-headquartered company whose CEO describes it as a weapons software provider.
The answer, broken down by component, is outlined in the table below:
The conclusion this table supports is nuanced but clear. Palantir’s individual components – data integration, warehousing, graph-based semantic modelling, machine learning, workflow applications, deployment automation – are all available from other suppliers.
No single European supplier ships them all pre-integrated in the way Palantir does. But the capability to assemble equivalent platforms from sovereign components exists. Germany’s decision to award ChapsVision a domestic intelligence contract over Palantir is evidence of that.
The lock-in mechanism
The Ontology is Palantir’s greatest technical achievement and its most powerful lock-in mechanism. As an organisation feeds more data sources through Foundry’s Pipeline Builder, maps more objects into the Ontology, and builds more operational workflows on top, the cost and complexity of exit increase.
The Met’s DPIA warned of “risk of lock-in with multiple data sources routing outside of EDP”. But to transition away from Palantir means unpicking an Ontology-based deployment, reconstructing the semantic model, re-mapping every relationship and re-building every operational application that depended on it.
Tom Bartlett is founder of Bartlett Data and former deputy director of data engineering at NHS England, where he led the approximately 150-person engineering team that built the national FDP products. His argument is that the individual components do not equal the end-to-end provision that Palantir provides. He said alternative suppliers “cannot replicate the Palantir ontology. The ontology stores the data alongside the semantics, in what Palantir calls the object store.”
Describing the way Palantir packages the entire stack required, Bartlett added: “Within each object there are not just the data and the semantics, but also predefined rules that encode the write actions that an application or AI sitting on the ontology can take with the data in that object. It contains a security model that is enforced not only in the objects but in any derived object. It contains active link types which mean no query has to run for the objects to be connected. Nothing like this exists in any other software platform and this is what makes Foundry the market leader.”
Analyst Tony Lock, director of engagement and distinguished analyst at Freeform Dynamics, argues the challenges of migrating away from an existing deployment are nearly always the same irrespective of what you are moving away from: “Namely, how do you ensure your new solution, or package of linked tools, delivers what you need today, and expect to need tomorrow, how much effort will building and testing the new solution require, especially in this context ensuring its resilience, availability and security, and do you have the funds and resources available to make the migration in your required timeframe?
“Then you have to consider the two biggest – namely, how do you minimise the risk of the migration, and what’s the risk of staying with what you have in place? To make the migration work, you need answers to all of these.”
Lock-in and structural risks
Four structural risks compound the lock-in concern.
First, jurisdictional exposure. Palantir is a US-headquartered company subject to the US Cloud Act and FISA Section 702. US agencies can compel disclosure of data – even data held outside the United States – without notifying UK authorities. The DPIA’s advice section flagged unresolved questions about data retention and Palantir’s potential role as an independent controller. Computer Weekly separately raised the Cloud Act and FISA jurisdictional exposure with the Met in a second tranche of questions, which the force declined to answer.
Second, opacity. The NHS FDP contract is 586 pages and heavily redacted. Also, when Computer Weekly submitted questions to the Met covering the absence of competitive tender, the jurisdictional risk assessment and the final disposition of MPS data held by Palantir, the force declined to respond.
Third, democratic accountability. The Met’s CSIE pilot marked workforce consultation as “Considered and not required”. The FDP was opposed by the BMA, the Doctors’ Association UK, patients’ groups and privacy campaigners – but the contract was awarded regardless. The Fable 5 kill switch affair of June 2026 – a US government emergency directive that forced Anthropic to disable its flagship AI models globally – demonstrated in real time what happens when a critical service depends on a single foreign supplier subject to emergency directives outside UK control.
Fourth, there is the question of what alternatives were considered. The Met’s DPIA dismissal of all alternatives in a single unsupported sentence – “considered but not viable”, without naming a single evaluated supplier – raises uncomfortable questions about the rigour of procurement governance for high-risk data processing in UK policing.
The SIT Committee’s June report, which was published as MPs scrutinised the government’s digital strategy, proposes specific remedies – a cloud consumption dashboard to publicly track contract awards by supplier, mandatory SME spending targets, mandatory break clauses in foreign supplier contracts, and a requirement for the Procurement Act 2023 to prioritise open-source solutions. The EU’s four-level cloud and AI sovereignty framework – ranging from data residency (Level 1) to full independence from third-country interference (Level 4) – aims to provide a template for sovereign procurement.
So, it seems, an honest assessment is this: Palantir sells the tightest pre-integration of data ingestion, ontology-based semantic modelling, analytics, AI agents, operational applications and multicloud deployment on the market. No competitor replicates the full stack exactly – but no competitor needs to. The individual components are commodity or near-commodity capabilities available from UK and European-headquartered suppliers. The question for the UK public sector is whether the convenience of pre-integration is worth the sovereignty cost.
Read more about Palantir, NHS data and digital sovereignty
- Data dive: Kill switch and catch-up – can Europe close the sovereignty gap? As the US demonstrates it can wield an AI ‘kill switch’, the EU and UK unleash a wave of sovereign tech measures. Can state-led industrial policy bridge a $2tn revenue chasm?
- Met Palantir pilot: The DPIA that raises more questions than it answers: Computer Weekly’s investigation into the Data Protection Impact Assessment for the Met's Foundry pilot, exposing governance gaps around surveillance, transparency, and staff consultation.
