SIT Committee urges Palantir exit in push to end US cloud grip

Copyright TechTarget - All rights reserved ComputerWeekly’s best articles of the day https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Fri, 05 Jun 2026 22:33:03 GMT https://www.computerweekly.com editor@computerweekly.com <p>MPs on the Science, Industry and Technology Committee have called for a “period of over-correction” to break the cycle of supplier lock-in and foster <a href="https://www.computerweekly.com/resources/Cloud-computing-services">a domestic UK cloud ecosystem</a> through mandatory re-competition and open source standards.</p> <p>One notable measure recommended in the report – <em><a href="https://committees.parliament.uk/publications/53352/documents/298462/default/">Rewiring the state: Delivering digital government</a></em> – is that the UK government should exercise the break clause with <a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">Palantir and the Federated Data Platform (FDP)</a> in the NHS and publish a fully costed exit plan by the end of 2026.</p> <p>Elsewhere, the report highlights a “lack of competition” in government cloud spending, which totals about £10bn per year. It cites the March 2026 HM Revenue & Customs (HMRC) contract with Amazon Web Services (AWS) as a primary example of market failure. AWS was the sole bidder for <a href="https://www.computerweekly.com/news/366640606/Flaws-in-government-procurement-show-in-HMRC-473m-AWS-award">the 10-year, £472m deal</a>, despite concerns over restrictive licensing practices. </p> <p>Meanwhile, the report recommends the establishment of a unit to monitor and disseminate digital government best practices from the European Union (EU), including how member states encourage the development of sovereign alternatives to incumbent providers. </p> <section class="section main-article-chapter" data-menu-title="Dangerous levels of lock-in"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Dangerous levels of lock-in</h2> <p>The report warns that the <a href="https://www.computerweekly.com/news/366643799/Data-dive-Mapping-the-UK-public-sectors-hyperscale-dependence">UK public sector’s heavy reliance on a small group of US-based technology providers</a> – specifically Microsoft, AWS and Palantir – creates <a href="https://www.computerweekly.com/feature/Is-cloud-data-sovereignty-all-just-a-case-of-Trust-me-bro">dangerous levels of supplier lock-in and systemic fragility</a>.</p> <p>The committee’s report argues that these dependencies, often driven by proprietary software and complex, opaque contracts, undermine competition, hinder innovation by small and medium-sized enterprises (SMEs), and expose the government to significant operational risks, including potential data access by the US under the Cloud Act.</p> <p>To address such vulnerabilities, the committee recommends a comprehensive strategy to achieve “technology sovereignty” and that the government should prioritise open source alternatives and mandate that a defined percentage of procurement budgets go to UK-based startups.</p> <p>Key interventions include exercising the break clause for the NHS FDP, implementing a rigorous cloud consumption dashboard to monitor supplier power, and legally requiring public bodies to favour open standards over proprietary systems to ensure the government retains the ability to make strategic choices independent of dominant incumbents.</p> </section> <section class="section main-article-chapter" data-menu-title="Key recommendations in the report"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Key recommendations in the report</h2> <p><strong>Federated Data Platform:</strong> The government should commit to exercising the February 2027 break clause in the Palantir FDP contract and develop an in-house replacement or seek an alternative from UK-owned and UK-based providers, with a fully costed exit plan for the FDP published by the end of 2026.</p> <p><strong>Data access and transparency:</strong> The government must confirm the nature of Palantir’s access to patient data, the statutory basis for this authorisation, when and by whom it was authorised, and whether the information commissioner was consulted.</p> <p><strong>NHS single patient record</strong>: The government should prioritise using UK-owned and UK-based suppliers <a href="https://www.computerweekly.com/news/366643138/NHS-Modernisation-Bill-promises-single-patient-record-by-2028">to develop and implement this</a> and award all contracts through open and transparent procurement processes.</p> <p><strong>Ministry of Defence and Palantir:</strong> The government must set out the reasons for awarding a £240m Ministry of Defence contract to Palantir without a competitive tender process.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">What is the Science, Innovation and Technology Committee?</h3> <p>The Science, Innovation and Technology Committee is a cross-party body of MPs tasked with scrutinising the expenditure, policy and administration of its parent department. Via formal inquiries, it gathers evidence from ministers, officials and experts to produce research-backed reports. While the committee’s findings are not legally binding, they serve as a powerful mechanism for parliamentary oversight and provide ammunition that can hold the government accountable for digital strategy.</p> <p>The committee’s influence is exercised through mandatory government responses (usually within 60 days), public pressure and the ability to shift the national debate. Even when the government does not adopt specific recommendations, the committee’s oversight can lead to increased transparency, policy adjustments and internal reviews.</p> </div> </div> <p><strong>Procurement and SMEs:</strong> Central departments and public bodies should be required to spend a defined minimum percentage of their technology procurement budgets on products from UK-based and UK-owned startups and SMEs, with quarterly progress updates published.</p> <p><strong>Ending supplier lock-in:</strong> The Government Digital Service (GDS) should produce a strategy to end supplier lock-in, including targets for supplier diversification across departments and public bodies, with quarterly reporting.</p> <p><strong>Cloud consumption dashboard:</strong> The government’s promised cloud dashboard should include a breakdown of contract awards by company, their value, details of break clauses, specific licensing terms, and a value-for-money assessment.</p> <p><strong>All of Government cloud contract:</strong> The government should detail how this contract will prevent supplier lock-in, including its engagement with the Competition and Markets Authority (CMA) and how it will embed a pro-competition approach.</p> <p><strong>Technology sovereignty strategy:</strong> The government should define technology sovereignty. The definition should be reviewed annually, and it should set out how the government intends to support sovereign alternatives to incumbent providers.</p> <p><strong>Open source in the Procurement Act 2023:</strong> The government should use the update to this act to require public sector bodies to prioritise open source tools and technology over proprietary offerings.</p> <p><strong>Data access contingencies:</strong> The government should detail its contingencies for safeguarding citizens’ data should the US trigger data access provisions under the Cloud Act 2018, and share relevant impact assessments.</p> <p><strong>Monitor EU digital government initiatives:</strong> As part of the government’s “wider reset” in relations with the EU, DSIT should establish a unit to monitor and disseminate digital government best practice from, with a remit to engage with European Commission and member state-level bodies, in particular to focus on how the EU and member states develop sovereign alternative providers.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Industry reaction: Welcomed but measured</h3> <p>Nicky Stewart, senior advisor to the Open Cloud Coalition, said: “We agree with the need to reduce vendor lock-in across the public sector and to move towards a system that rewards choice, interoperability and fair competition for all providers.”</p> <hr> <p>Conservative peer Lord Chris Holmes said: “This is an important report from the committee which the government must consider seriously and respond to. The most important recommendation is to increase competition in the UK cloud market. This is a critical question of resilience. The cloud concentration risk for the UK right now is beyond worrying. It is also a question of economic value and growth for UK business and a key consideration for any serious discussion around sovereign capability and capacity.”</p> <hr> <p>Bill McCluggage, director of IT strategy and policy in the Cabinet Office and deputy government CIO from 2009 to 2012, said: “I applaud the committee’s thoroughness, but we need to be honest about what select committees actually do. They shine a light; they don’t drive change. This is Parliament holding the executive to account, not the government committing to act.</p> <p>“With the current political pressures bearing down on the government, economic headwinds, a crowded legislative agenda, and an ever-present lobbying machine from the big tech players, I’d be really surprised if more than a handful of these recommendations make it into policy in any meaningful timeframe. We’ve seen this film before.”</p> <hr> <p>Owen Sayers of Secon Solutions, an enterprise architect with more than 20 years’ experience in delivering national policing systems, said: “It’s the most radical set of recommendations I’ve seen in any Parliamentary report in 10 years. The title of the report clearly means they are laying out – or seeking to reset – government policy.</p> <p>“I doubt the government can fully ignore it, but some of the measures – such as following Europe’s lead, which is very sensible right now in technical and compliance/derisking terms – might be hard for Whitehall and the government to stomach. Are they brave enough to take the recommendations and work through them to develop a new, more balanced and less US-centric policy? I seriously doubt it.”</p> </div> </div> </section> A Science, Innovation and Technology Committee report contains recommendations that would radically alter UK public sector IT, procurement and relationship with hyperscalers if adopted https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Westminster1-fotolia.jpg https://www.computerweekly.com/news/366643883/SIT-Committee-urges-Palantir-exit-in-push-to-end-US-cloud-grip Wed, 03 Jun 2026 12:41:00 GMT SIT Committee urges Palantir exit in push to end US cloud grip <p>Back in 2024, research at Harvey Nash found that just over 10% of businesses already had or were planning to appoint a <a href="https://www.techtarget.com/searchenterpriseai/feature/C-suite-shakeup-Demand-for-chief-AI-officers-accelerates?_gl=1*114guyy*_ga*MTMxMDQ1OTgxMi4xNzc3OTY4NDc4*_ga_TQKE4GS5P9*czE3ODA0ODA2MDYkbzc2JGcxJHQxNzgwNDgwNjcyJGo1OCRsMCRoMA..">Chief AI Officer</a> (CAIO). This was an exciting development – but would it last, or would AI roles perhaps become subsumed into existing tech leadership briefs such as CIO, CTO, CDO as AI became business as usual?</p> <p> A couple of years later, the answer is clear: it is here to stay – and it’s spreading fast. We see this ourselves in the mandates we work on with clients who are increasingly looking to appoint senior postholders with direct responsibility for AI. Of course, the job title for this may not be CAIO specifically – there are a host of titles emerging such as Head of AI, Chief AI Scientist, AI Transformation Officer, Responsible AI Director and more.</p> <section class="section main-article-chapter" data-menu-title="Sector hotspots"> <h2 class="section-title"><i class="icon" data-icon="1"></i> Sector hotspots</h2> <p>These appointments are especially prominent in financial services where organisations are generally advanced in their technology systems and data platforms, and where AI is a natural fit with the tech-enabled operating models of digital banking. <a href="https://www.computerweekly.com/news/366640627/HSBC-gets-its-first-artificial-intelligence-chief">HSBC has recently announced the appointment of a CAIO</a>, for example, while <a href="https://www.computerweekly.com/news/366639140/NatWest-hails-progress-after-12bn-spent-on-tech-last-year-but-true-AI-transformation-to-come">NatWest</a> appointed a Chief AI Research Officer last year.</p> <p>Senior AI roles are also widespread in highly regulated sectors such as energy, where there is a particular focus on ensuring there is strong governance over the deployment of AI, managing the risks and maintaining compliance with data privacy and security rules. Other sectors where AI is really on the march include legal, accountancy and consultancy. The Big Four firms, for example, have CAIOs or equivalent and are driving significant efforts to integrate AI into both internal ways of working and solutions for clients. Graduate recruitment has reportedly dropped as AI begins to do more and more analytical work.</p> <p>In general terms, it is the large FTSE and Fortune enterprises where AI roles are proliferating. At the mid-market level, it is more likely that the CIO or equivalent retains the lead on AI, perhaps with the appointment of a role a level below to lead on data, automation and the factors that lay the foundations for AI. The reality, after all, is that many organisations are still a long way from being AI-ready: there is still a considerable amount of modernisation and digitisation that needs to happen first.</p> <p>Nevertheless, the CAIO role is rapidly reaching into more and more businesses. Indeed, an <a href="https://newsroom.ibm.com/2026-05-04-ibm-study-ceos-are-reshaping-c-suite-roles-for-the-ai-era">eye-catching piece of research from IBM</a> finds that as many as three-quarters of organisations (76%) now have a CAIO or equivalent, a huge jump from 26% in 2025.</p> </section> <section class="section main-article-chapter" data-menu-title="Qualities of a CAIO"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Qualities of a CAIO</h2> <p>So what are the skills and attributes of this new generation of CAIOs? Needless to say, a strong track record in and passion for technology comes with the territory. Many postholders have a CTO type background. But they are not merely ‘techies’ excited by the inner workings of an LLM. We have in fact seen quite a marked evolution of the CAIO role over the last couple of years. In the early days, they were often positioned as ‘evangelists’ whose function was in essence to raise awareness of AI, spread the word, and prepare the way for adoption. Now, as AI has matured and agentic deployment is the buzzword, the CAIO role has become much more about ‘doing’: commercially credible leaders who are driving ROI, engaging with boardrooms, managing enterprise change, reshaping operating models and managing governance and risk controls too.</p> <p>It is not an overstatement to say that there is now a new, fixed career path for technology professionals to aspire to: the CAIO position is becoming a career goal for many, alongside the traditional targets of CIO, CTO, CDO, CISO etc. The role may sit slightly below the CIO and CTO in terms of seniority and remuneration, but it is becoming an established feature of the tech leadership org chart.</p> <p>In some ways, this reflects the wider reality that tech roles are always evolving. Another post on the rise, for example, is Chief Product Officer (CPO). We are seeing this especially in fintech organisations where products need a tech solution for their channels to market. We are even seeing the appointment of some Chief Product and Technology Officers (CPTO) as a result. </p> </section> <section class="section main-article-chapter" data-menu-title="CAIO here to stay"> <h2 class="section-title"><i class="icon" data-icon="1"></i>CAIO here to stay</h2> <p>Looking ahead, we expect the ubiquity of the CAIO to only increase. AI is the fastest moving market we have ever seen. The pace of development is incredible, so that organisations need to constantly check themselves, via a CAIO or equivalent, against key questions such as: Do we have the best utilisation possible? Are we keeping up with our competitors? Are we governing this appropriately and managing the risks?</p> <p> This brings us back to the business as usual (BAU) question at the start. With AI moving so fast, it feels like it will never just be BAU. How could it be, when AI never stands still? For that reason, a CAIO or equivalent feels like a necessity for more and more organisations. Say ‘ciao’ to the CAIO therefore – they’re spreading and are here to stay.</p> <p><i>Kirsteen Bell and Peter Birch are Directors of technology & digital executive search at Harvey Nash</i> </p> </section> Chief AI Officers are proliferating as organisations look to deploy agentic AI, make a return on investment, and meet their governance obligations. https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Artificial_intelligence_AI.jpg https://www.computerweekly.com/opinion/The-unstoppable-rise-of-the-Chief-AI-Officer Wed, 03 Jun 2026 06:20:00 GMT The unstoppable rise of the Chief AI Officer <p>SAP changed direction on its “journey” to becoming a wholescale business artificial intelligence (AI) provider “around eight or nine months ago”, according to its CEO Christian Klein.</p> <p>The company aimed to communicate to attendees of its Sapphire events in Orlando and Madrid 2026 that it had changed its focus somewhat to de-emphasise AI technology in favour of business outcomes that add up to, in its view, “<a href="https://www.computerweekly.com/news/366643054/Sapphire-2026-SAP-heralds-dawn-of-autonomous-enterprise">autonomous enterprise</a>”.</p> <p>The supplier said its AI technology stack is being retuned to capture more of the specific business context of each customer. At Sapphire, the supplier <a href="https://www.techtarget.com/searcherp/news/366642871/SAP-unveils-agentic-AI-tools-to-partially-automate-ERP-suite">unveiled a raft of AI applications and development and data management tools</a> under new brands, SAP Business AI and SAP Autonomous Suite.</p> <p>At a press and analyst conference immediately after the day one keynote at Sapphire in Madrid, Klein responded to a Computer Weekly question about when the “penny had dropped” that the supplier’s AI messaging was missing the mark with customers in search of business value.</p> <p>“I guess the penny dropped only around eight, nine months ago, [when] we were looking at the end user feedback about <a href="https://www.techtarget.com/searchsap/news/366624180/SAP-sits-Joule-at-helm-of-apps-data-flywheel">Joule</a>, about our AI, and what we found was there was some really positive feedback, but the biggest challenge was still that on our <a href="https://www.techtarget.com/searchsap/definition/SAP-HANA-Cloud-Platform">Business Technology Platform</a> we had our agent builder, then we have BDC [<a href="https://www.techtarget.com/searchsap/feature/SAP-BDC-strives-to-be-an-AI-catalyst-but-clarity-is-needed">Business Data Cloud</a>], where you have the data content, but they were not really connected,” he said. “And then on the governance side, this was also again completely independent.</p> <p>“So, you could pick Anthropic as a standalone model, build an agent, and you get the same results as if you had built it on BTP,” said Klein.</p> <p>“And that was the moment in time where we said: ‘Let’s build and engineer the new AI platform, where you can build with any LLMs you want’. We are not competing here. But what we can do is give right away the business context into the agent so that when I’m using, for example, Anthropic on the SAP AI platform, the agent immediately understands my business goals, my business data.</p> <p>“That’s when we had our Code Red moment as a company and brought all of our engineers together,” added Klein. “It was really hard work to show what we have announced. The customers were not all negative, but they said: ‘The accuracy, the outcome was not being 100% accurate. And when you’re asking business questions, you need higher reliability on the results you’re getting.</p> <p>“With the new platform, with the agents now, we are very confident from the first customers and partners testing the platform that this experience will be much, much better than <a href="https://www.computerweekly.com/news/366624161/Sapphire-2025-SAP-mints-business-AI-flywheel-with-Palantir-on-board">what we delivered a year ago</a>.”</p> <section class="section main-article-chapter" data-menu-title="Manos Raptopoulos: avoid agentic chaos"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Manos Raptopoulos: avoid agentic chaos</h2> <p>Manos Raptopoulos, global president of customer success for Europe, APAC, the Middle East and Africa at SAP, told Computer Weekly in an interview at Sapphire in Madrid that “in terms of adoption of AI, I wouldn’t say there is a particular industry or type of customer that is more sceptical than others, other than the more or less obvious consideration these days about sovereignty”.</p> <p>“If there is a growing consideration – which is a consideration, not a concern – it is how do you make all the agents controllable in your estate and avoid an agentic chaos type of situation. That I would consider the CEO or C-level nightmare – having uncontrolled agents roaming across your most valuable data and publishing those data to people that shouldn’t see them. That’s a security concern, a governance concern.</p> <p>“If you go to any country, it could be a European country or it could be an APAC country, or even in the Middle East, it doesn’t make a difference, you have the same issue,” he said. “And that is not so much about ‘can you bring me AI or not?’ It’s firstly making sure that you have a relevance in the conversation because your AI is providing outcomes to the customer.</p> <p>“And secondly, it’s about the pace because of sovereignty requirements – if SAP needs to do some type of engineering in order to make sure that it’s compatible with those,” added Raptopoulos.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Sapphire 2026</h3> <ul class="default-list"> <li><a href="https://www.techtarget.com/searcherp/news/366643487/Disrupted-by-AI-SAP-grapples-with-exposing-its-ERP-data">Disrupted by AI</a>, SAP grapples with exposing its ERP data.</li> <li>The AI technology <a href="https://www.techtarget.com/searcherp/news/366642887/The-AI-technology-behind-SAPs-Autonomous-Enterprise-pitch">behind SAP's Autonomous Enterprise pitch</a>.</li> <li>SAP unveils agentic AI tools to <a href="https://www.techtarget.com/searcherp/news/366642871/SAP-unveils-agentic-AI-tools-to-partially-automate-ERP-suite">partially automate ERP suite</a>.</li> <li>How <a href="https://www.techtarget.com/searchhrsoftware/news/366643078/How-SAP-sees-the-future-of-HR-in-the-age-of-AI">SAP sees the future of HR in the age of AI</a>.</li> </ul> </div> </div> <p>At Sapphire, in Orlando and Madrid, SAP harped on a knowledge management theme of “company memory”.</p> <p>Raptopoulos expanded a little on this concept. “Basically, every company has its own golden rules somehow: the way things are done around here, the diligence that you have,” he said. “It’s not even coded. Sometimes it exists in some type of a manual, but you often don’t find it in a manual. It’s just how things are done.</p> <p>“So, you need to make the system be able to learn from that behaviour, and that’s the company memory concept.</p> <p>“Plus, on top of that, we have the privilege to be in the very detail of how companies are running their processes, end to end. <a href="https://www.techtarget.com/searchsap/news/252495495/SAP-acquires-process-mining-software-vendor-Signavio">SAP Signavio</a> does that. With that, you have the digital twin of the processes that the customer is running, which is another layer of context and company memory. You can see which processes are automated, which processes present opportunity for automation, which are non-standard versus standard functionality, and you can actually visualise the outcome of an agentic workflow.”</p> <p>Raptopoulos conceded that customers could use other process mining software, such as the one offered by <a href="https://www.computerweekly.com/news/366642978/Celonis-acquires-MIT-linked-decision-intelligence-firm-Ikigai">Celonis</a>. “Yes, they can, and some do,” he said. “The differentiation, we believe, it’s always, if you think about SAP, we’ve always been talking about integration, that means fewer friction points, less interfacing, more tight collaboration between processes, but customers do have optionality, always. And we are committed to an open ecosystem, an open collaboration.”</p> </section> <section class="section main-article-chapter" data-menu-title="Haleon: out-of-the-box agentic preference"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Haleon: out-of-the-box agentic preference</h2> <p>One customer at Sapphire who said SAP’s messaging is resonating was Claire Dickson, chief digital and technology officer at Haleon, which is a British multinational consumer healthcare company formed in 2022 through the merger of portfolios from GSK, Pfizer and Novartis.</p> <p>She said, in an interview with Computer Weekly: “When we entered into the partnership with SAP, we made some assumptions that there would be more agentic capability coming, and therefore the partnership was premised on being [SAP] “<a href="https://www.techtarget.com/searchsap/news/366631222/There-are-50-shades-of-clean-core-for-SAP-customers">clean core</a>” and we trust that the agents are coming.</p> <p>“So, we were delighted with the announcement here because clearly a lot of that comes out of the box as standard,” said Dickson. “Our AI strategy is to leverage as standard out-of-the-box from our suppliers where possible. We don’t want to be systemically building huge numbers of agents ourselves. We are building some, but we don’t want to do that as a strategy.”</p> </section> SAP shifted its AI strategy eight to nine months ago to focus on business outcomes over tech, launching an SAP Business AI platform said to integrate business context with AI agents https://cdn.ttgtmedia.com/rms/computerweekly/SAP-sapphire-2026-christian-klein-hero.jpg https://www.computerweekly.com/news/366643794/Sapphire-2026-SAP-executives-admit-route-change-on-high-road-to-business-AI Mon, 01 Jun 2026 05:30:00 GMT Sapphire 2026: SAP executives admit route change on high road to business AI <p>Artificial intelligence (AI) is increasingly being positioned as the key to faster software development, smarter customer experiences and more efficient operations.</p> <p>Yet as organisations rush to build AI-powered applications, there is a growing recognition that success depends not only on the technology itself, but on the controls surrounding it. The challenge is no longer simply how to use AI, but how to do so safely, securely and in a way that aligns with business goals and customer expectations. Building apps with AI should make processes smoother, but a human needs to be in the loop to add guardrails to development and ensure that an app works safely and as intended.</p> <p>At its summit in London in March, Datadog – a supplier which provides an observability service for cloud-scale applications and monitors servers, databases, tools and services through a SaaS-based data analytics platform – promises the audience that it will demonstrate its knowledge and prowess around AI use, showcasing where it believes the capability of AI to drive modern business operations could be realised.</p> <p>In a year when AI capital spending is expected to reach <a target="_blank" href="https://www.fool.com/investing/2026/04/07/dimon-says-ai-capital-spending-will-hit-725-billio/?msockid=301b91e18b0f6afe284787598aaf6b5d" rel="noopener">$725bn in 2026</a>, this surge in investment is driving business transformation as organisations increase their spending and reshape their operations around AI.</p> <p>At the Datadog summit, Yrieix Garnier, vice-president of product management, says that the “numerous kinds of AI agents” launched by the company are helping to identify context and problems, as well as recommend fixes, because every additional change introduced creates more “stress on your system”.</p> <p>“This is very siloed, repetitive and fairly slow,” Garnier says. “This is what we already solve at Datadog; we help customers close that end-to-end loop and make sure we continuously monitor systems for cycle stress. We like to give customers the right information to detect issues and the information needed to remediate them.”</p> <section class="section main-article-chapter" data-menu-title="Governance requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Governance requirements</h2> <p>The company made announcements in London, specifically about its UK datacentre presence, with the opening of a new site. Datadog says this will help customers to meet data governance and security requirements as those demands continue to evolve in the wake of questions around <a href="https://www.computerweekly.com/feature/European-digital-sovereignty-Storage-surveillance-concerns-to-overcome">European digital sovereignty</a>.</p> <p>With <a target="_blank" href="https://www.lseg.com/en/resources/reports/cloud-strategies-financial-services?utm_campaign=3008165_CloudSurveyReport2025&elqCampaignId=28535&utm_source=Other&utm_medium=Referral&utm_content=Report&utm_term=CloudSurvey&referredBy=PressRelease#report" rel="noopener">82% of firms</a> surveyed in a recent London Stock Exchange Group study saying they operate in multicloud or hybrid environments, companies are adapting to changing UK data governance requirements as cloud adoption continues to accelerate across regulated organisations.</p> <p>Garnier says the company has invested in adding “more AI into our product to make sure that we give you those correlations of what’s happening in your environment, so you can cut through the noise and really accelerate resolution times”.</p> <p>This increased use of AI provides a more automated view and fuller visibility across an entire estate, Garnier claims, as well as bringing AI into infrastructure monitoring. “It’s really about helping you detect and remediate very quickly what’s happening inside <a href="https://www.techtarget.com/searchitoperations/definition/Google-Kubernetes">Kubernetes</a> environments,” he says. “Understanding what’s happening inside that environment gives you the right recommendations, but also applies fixes on top of it, changing your environment.”</p> </section> <section class="section main-article-chapter" data-menu-title="Meet the Concierge"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Meet the Concierge</h2> <p>At the summit, Mark O’Neill, senior manager of AI software engineering at Datadog customer Virgin Atlantic, speaks about Virgin Atlantic’s AI achievements. The company’s investment and development centred on a chatbot for its website, intended to take chatbots a step beyond simply answering questions and guiding visitors through a series of prompts, and instead to provide genuine assistance.</p> <p>O’Neill describes the concept of implementing a customer-facing AI chatbot as “daunting”, particularly as it was launched over a period of just 90 days and “especially when brand reputation is so important”.</p> <p>As Virgin Atlantic’s brand is built on service, personality and trust, he says, the Concierge chatbot had to fit within those parameters and support help and Q&A, Flying Club queries, flight search and holiday discovery, adding: “For trip planning, we didn’t just prompt an LLM, we observed how our frontline teams support our customers and then built those patterns directly into Concierge.”</p> <p>Negative experiences with AI-powered chatbots, and their failure to solve problems rather than send users round in circles, have created the need for companies such as Virgin Atlantic to build better chatbot experiences.</p> <p>O’Neill says that traditional chatbots take users down a fixed path, whereas generative AI (GenAI) can effectively tackle any starting point in a journey, which is a development Virgin Atlantic is “most proud of”. In particular, the holiday discovery function allows a user to find a flight to a specific destination on a particular date through Concierge. “The beauty of this technology is that it gives you the flexibility to have more varied conversations,” he adds.</p> <p>Developed with OpenAI, O’Neill admits that there were three concerns about Concierge’s delivery: providing the wrong information to customers, personally identifiable information (PII) leakage, and not “authentically being Virgin Atlantic” by ensuring the brand’s tone was present.</p> <p>To protect PII, O’Neill says a decision was made that Concierge would not contain any personal data within its system. “So, we don’t allow the model to access or process personal customer data,” he adds. “Concierge has no account context, no booking retrieval, no session memory tied to identity and we only support read-only operations.”</p> <p>Perhaps with an eye on the British Airways data breach in 2018, Concierge can source information, but it cannot conduct transactions, change bookings or update account details.</p> </section> <section class="section main-article-chapter" data-menu-title="Build your own LLM?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Build your own LLM?</h2> <p>Should businesses build out their own LLM to support the use of GenAI? O’Neill says Virgin Atlantic used OpenAI’s models and application programming interfaces (APIs) as the foundation of Concierge rather than building its own LLM, adding custom prompts and a retrieval-augmented generation (RAG) database that can answer common questions.</p> <p>He says the company recognised that it did not necessarily have the knowledge or skills in-house to build the system, so it worked with OpenAI’s consultancy arm, TomorrowAI. He says this provided the knowledge and expertise needed to get the project moving.</p> <p>“We had the experts in the room explaining this is how you can make it safe, this is how you make it secure, and that was certainly something I pushed,” says O’Neill. “What we recognised as a business is that we fundamentally believe in this technology, and it’s here for the long term.”</p> <p>So, where does Datadog fit into Concierge? O’Neill says it acts as the end-to-end observability platform. From the front end through to every interaction with OpenAI, “we’ve got that full trace of everything that’s going on: we use it for our monitoring, alerting and running evaluations”.</p> <p>O’Neill says Datadog is also used in testing and in checking the accuracy of answers during development, meaning it is involved across the entire lifecycle.</p> </section> <section class="section main-article-chapter" data-menu-title="AI meets the human element"> <h2 class="section-title"><i class="icon" data-icon="1"></i>AI meets the human element</h2> <p>The message from both Datadog and Virgin Atlantic is clear: AI can accelerate development, automate operations and improve customer experiences, but only when it is supported by strong visibility, careful governance and clear boundaries around what it is allowed to do. Human oversight remains essential, whether that means monitoring infrastructure, validating responses or ensuring that AI systems reflect the values and tone of a brand.</p> <p>As businesses continue to increase investment in AI, the winners will likely be those that balance speed with control. Organisations that combine observability, security and human judgement will be best placed to build applications that are not only more capable, but also more trustworthy.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI safety</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366643439/AI-safety-cannot-wait-for-a-Chernobyl-moment-experts-warn">AI safety</a> cannot wait for a ‘Chernobyl moment’, experts warn.</li> <li>Second ever <a href="https://www.computerweekly.com/news/366638957/Second-ever-international-AI-safety-report-published">international AI safety report</a> published.</li> <li>Technology secretary Liz Kendall urges Britain’s business community to pay attention to <a href="https://www.computerweekly.com/news/366641649/UK-businesses-must-face-up-to-AI-threat-says-government">emerging AI threats, following debut of Anthropic’s new frontier model, Mythos</a>.</li> </ul> </div> </div> </section> Virgin Atlantic’s adoption of AI for customer service might indicate the fruits of a safety-first approach https://cdn.ttgtmedia.com/visuals/German/Hero-Danger-by-Muhammad-Adobe-06.jpg https://www.computerweekly.com/feature/How-safer-AI-applications-could-be-built Fri, 29 May 2026 10:53:00 GMT How safer AI applications could be built <p>Members of the European Parliament (MEPs) have written to the European Commission raising concerns over “systematic governance” failures in the European police agency, Europol, and the European Union’s (EU) <a href="https://www.frontex.europa.eu/">border and coast guard agency</a>, Frontex.</p> <p>The letter, signed by 19 MEPs, follows an investigation by <a href="https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system">Computer Weekly</a>, <a href="https://wearesolomon.com/en/mag/focus-area/accountability/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/">Solomon</a> and <a href="https://correctiv.org/en/europe/2026/05/05/they-protect-the-law-while-breaking-it-inside-europols-shadow-it-system/">Correctiv</a> that revealed Europol had stored huge volumes of sensitive data on shadow IT systems without adequate governance, auditing or security controls.</p> <p>The MEPs warn that it has become increasingly clear that Europol and the border agency are processing, storing and transferring data in ways that raise serious concerns under EU data protection law and the fundamental principles of the rule of law.</p> <p>Supported by <a href="https://left.eu/">left group</a> members, Germany’s <a href="https://www.europarl.europa.eu/meps/en/197468/OZLEM_DEMIREL/home">Özlem Demirel</a>, Spain’s <a href="https://www.europarl.europa.eu/meps/en/257012/ESTRELLA_GALAN/home">Estrella Galán</a>, Belgian Green MEP <a href="https://www.europarl.europa.eu/meps/en/197470/SASKIA_BRICMONT/home">Saskia Bricmont</a>, and other political groups, the letter warns that imminent plans to expand the remit of Europol and <a href="https://www.computerweekly.com/news/366571020/Home-Office-signs-tech-and-data-sharing-deal-with-Frontex">Frontex</a> should only go ahead if the agencies are fully compliant with EU law and data protection principles.</p> <section class="section main-article-chapter" data-menu-title="MEPs call for robust independent oversight"> <h2 class="section-title"><i class="icon" data-icon="1"></i>MEPs call for robust independent oversight</h2> <p>“These reforms cannot be limited to operational or efficiency considerations … they must be firmly conditioned on full compliance with the <a href="https://fra.europa.eu/en/eu-charter">EU Charter of Fundamental Rights</a>, strict adherence to data protection principles, and the establishment of robust, independent, and enforceable oversight mechanisms,” the MEPs wrote.</p> <p>The letter cites investigative reporting from Computer Weekly, Solomon and Correctiv, revealing that Europol ran an internal shadow IT infrastructure where large volumes of sensitive personal data were processed for years “outside of properly governed and auditable systems”.</p> <p>“These parallel environments appear to have enabled analytical work without sufficient access controls, incomplete logging and, in some instances, circumvention of established internal and external oversight mechanisms,” the MEPs wrote.</p> <p>The unregulated systems identified include a clandestine intelligence tool – known internally as the “pressure cooker” and built to extract information from the internet – that had been concealed from Europe’s privacy regulator until 2019.</p> <p>The EU’s top privacy watchdog, the European Data Protection Supervisor that oversees Europol, has confirmed that the <a href="https://www.computerweekly.com/news/366642721/MEPs-call-for-greater-scrutiny-of-Europol-following-concerns-over-Shadow-IT">available evidence</a> “may point to a broader pattern of uncontrolled data processing than previously acknowledged”.</p> </section> <section class="section main-article-chapter" data-menu-title="Frontex transferred tens of thousands of people’s data to Europol"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Frontex transferred tens of thousands of people’s data to Europol</h2> <p>The MEPs have also raised concerns over the transfer of personal data related to tens of thousands of people interviewed by Frontex to Europol without adequate legal safeguards or individual assessments of the necessity and proportionality of sharing the data.</p> <p>An investigation by <a href="https://www.lemonde.fr/en/les-decodeurs/article/2025/07/07/frontex-illegally-shared-thousands-of-people-s-personal-data-with-european-police_6743113_8.html">Le Monde</a>, <a href="https://english.elpais.com/international/2025-07-13/for-years-the-eus-border-agency-illegally-transferred-data-on-migrants-and-activists-to-europol.html">El País</a> and <a href="https://wearesolomon.com/en/mag/format/investigation/frontex-unlawfully-shared-thousands-of-peoples-personal-data-with-europol/">Solomon</a> in 2025 revealed that Frontex had collected data from 13,000 people during “debriefing interviews” and had systematically transferred it to Europol between 2019 and 2023.</p> <p>The data included contact details, social media identifiers and often unverified suspicion-based information. In several cases, the data was used in criminal investigations into migrants and civil society actors.</p> <p>The automated and bulk data transfers between Frontex and Europol are incompatible with core principles of EU data protection law, including purpose limitation, data minimisation and lawfulness, according to the MEPs.</p> <p>Taken together, the disclosures about Europol and Frontex suggest a systemic governance failure.</p> <p>“Data obtained in legally and ethically sensitive contexts is being transferred into institutional environments where compliance with EU requirements on legality, accountability and transparency is not sufficiently guaranteed,” the MEPs wrote. “This undermines not only data protection standards, but also the broader integrity of EU law enforcement cooperation.”</p> </section> <section class="section main-article-chapter" data-menu-title="European commissioners urged to act"> <h2 class="section-title"><i class="icon" data-icon="1"></i>European commissioners urged to act</h2> <p>The letter is addressed to <a href="https://commission.europa.eu/about/organisation/college-commissioners/michael-mcgrath_en">Michael McGrath</a>, commissioner for democracy and justice, <a href="https://commission.europa.eu/about/organisation/college-commissioners/magnus-brunner_en">Magnus Brunner</a>, commissioner for migration and home affairs, and <a href="https://commission.europa.eu/about/organisation/college-commissioners/henna-virkkunen_en">Henna Virkkune</a>, executive vice-president for tech sovereignty, security and democracy.</p> <p>It asks whether the European Commission will expand the investigatory and oversight powers of EDPS over Europol and Frontex, and what steps have been taken to hold senior officials to account at the police and border agency for the breaches identified.</p> <p>“Can Europol and Frontex, in their current institutional and technical configurations, ensure lawful and rights-compliant processing of personal data at all, and how can it be ensured that such data breaches do not happen again?” the MEPs wrote.</p> <p>They are urging the commission to consider holding back a proportion of Europol’s budget that will only be released when Europol is compliant with data protection and other fundamental rights.</p> <p>“The upcoming decisions on the future of both agencies therefore constitute a decisive test of the European Union’s credibility as a community governed by the rule of law,” they wrote.</p> <p>An <a href="https://left.eu/app/uploads/2025/07/Letter-Frontex-Europol-data-July-2025-with-signatures-final.pdf">earlier letter signed by 41 MEPs</a> from four political groups in July 2025, calling for an independent investigation into co-operation between Europol and Frontex, remains unanswered.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Europol</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366642525/They-protect-the-law-while-breaking-it-Inside-Europols-shadow-IT-system">‘They protect the law while breaking it’ – inside Europol’s shadow IT system</a>: Under pressure to deliver in the fight against serious cross-border crime, Europol built and operated a shadow data analysis platform containing large volumes of sensitive information, which operated without key legal and technical safeguards</li> <li><a href="https://www.computerweekly.com/news/366642721/MEPs-call-for-greater-scrutiny-of-Europol-following-concerns-over-Shadow-IT">MEPs call for greater scrutiny of Europol following concerns over shadow IT</a>: Expansion of Europol’s mandate should be paused while allegations investigated, say MEPs.</li> <li>The <a href="https://www.computerweekly.com/news/366634419/Hungry-for-data-Inside-Europols-secretive-AI-programme">EU’s law enforcement agency has been quietly amassing data to feed an ambitious but secretive AI development programme</a> that could have far-reaching privacy implications.</li> <li>Europol wants <a href="https://www.computerweekly.com/news/366618230/Europol-seeks-evidence-of-encryption-on-crime-enforcement-as-it-steps-up-pressure-on-Big-Tech">examples of police investigations hampered by end-to-end encryption</a> as it pressures tech companies to provide law enforcement access to encrypted messages.</li> </ul> </div> </div> </section> MEPs have written to the European Commission calling for action following revelations that Europol and Frontex processed, stored and transferred personal data in ways that raise serious concerns about compliance with EU law https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/Europol-building-2-PR-hero.jpg https://www.computerweekly.com/news/366643585/MEPs-urge-European-Commission-to-take-action-over-Europol-shadow-IT Fri, 29 May 2026 08:24:00 GMT MEPs urge European Commission to take action over Europol’s shadow IT <p>The UK’s signals intelligence agency, GCHQ, has confirmed plans to build a national cyber shield using artificial intelligence (AI) agents to defend against cyber attacks.</p> <p>“In the past few months, GCHQ has developed the blueprint for a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence,” GCHQ director Anne Keast-Butler said yesterday.</p> <p>The system, which is planned to be up and running within five years, will use AI agents to identify threats to critical national infrastructure, including energy, water, healthcare, transport and financial services.</p> <p>The project, described by ministers as a “generational endeavour”, aims to protect UK infrastructure from sophisticated attacks, such as that on Jaguar Land Rover, which is <a href="https://cybermonitoringcentre.com/2025/10/22/cyber-monitoring-centre-statement-on-the-jaguar-land-rovercyber-incident-october-2025/">estimated to have cost the economy £1.5bn</a>.</p> <p>The GCHQ director said the agency was using AI to “reimagine” cyber security, reflecting a government vision to develop defensive AI technology with the capability to identify and repair security vulnerabilities in software at “machine speed”.</p> <p>Her comments follow growing concerns about the impact of frontier AI models, such as Anthropic’s Claude Mythos, <a href="https://www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide">which are capable of uncovering thousands of unknown security vulnerabilities</a> across commonly used software applications.</p> <p>The latest frontier AI is “rapidly unearthing fault lines in technologies our society relies on every single day”, she said.</p> <p>GCHQ is also building frontier AI “responsibly and ethically” into its own algorithms for analysing data collected for intelligence purposes, Keast-Butler confirmed.</p> <p>Uses include translating foreign languages and finding needles in a haystack of data faster than ever before.</p> <section class="section main-article-chapter" data-menu-title="Requirement for AI-powered cyber defence"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Requirement for AI-powered cyber defence</h2> <p>Keast-Butler said Russia has scaled up actions against the UK and Europe, targeting undersea cables and launching cyber attacks. These “hybrid attacks” are designed to undermine critical infrastructure, democratic processes, supply chains and public trust.</p> <p>“GCHQ is working tirelessly with intelligence and defence partners to degrade and reduce the Russian threat,” she said.</p> <p>The National Cyber Force is delivering high-impact cyber operations every day to counter state threats and undermine terrorists and criminals. A priority area is protecting the data and energy flowing through the critical undersea cables and pipelines.  </p> <p>“We’re also disrupting Russia’s attempts to smuggle Western tech, fending off its cyber attacks, and countering reckless sabotage and assassination attempts,” said Keast-Butler.</p> <p>UK security minister Dan Jarvis first <a href="https://www.computerweekly.com/news/366641790/UK-to-build-national-cyber-shield-to-protect-against-AI-cyber-threats">announced plans for a “national cyber shield” in April</a>. He said protecting critical national infrastructure would require a “fundamentally different approach” in the age of AI. “We will not secure the central pillars of the UK state simply by purchasing off-the-shelf vendor solutions.”</p> <p>The Cabinet Office has asked leading AI companies to work with the government to develop AI-powered cyber defence capabilities.</p> </section> <section class="section main-article-chapter" data-menu-title="Sovereign IT"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Sovereign IT</h2> <p>The GCHQ director said that as nations grapple with sovereign IT, it is not realistic for countries to shut out foreign technology.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Tech sovereignty is about the agency, ability and agility of nations to shape their own digital future </figure> <figcaption> <strong>Anne Keast-Butler, GCHQ</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>“For me, tech sovereignty is about the agency, ability and agility of nations to shape their own digital future,” she said.</p> <p>That means backing UK tech companies and academic research, “whilst not limiting our ability to harness the best of the world’s technology”.  </p> <p>“Sovereignty doesn’t have to mean ‘made in the UK’, so long as we carefully manage our supply chains, dependencies and data,” she said.</p> </section> <section class="section main-article-chapter" data-menu-title="Quantum future needs action now"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Quantum future needs action now</h2> <p>Keast-Butler, a mathematician, said that usable <a href="https://www.techtarget.com/searchcio/definition/What-is-quantum-technology-Use-cases-and-future-implications">quantum technology</a> has always been a decade away, but that has changed.</p> <p>“Quantum sensing is here – our new cutting-edge work with academia and industry is identifying the fingerprints of stealth, such as detecting missile launches,” she said.</p> <p>Once they are operational, quantum computers will be able to complete tasks that currently take years in a matter of seconds.</p> <p>That includes <a href="https://www.computerweekly.com/news/366631279/Arqit-to-support-NCSCs-post-quantum-cryptography-pilot">breaking encryption</a>, she said, urging businesses to follow advice from the National Cyber Security Centre to phase in encryption algorithms that are secure from attacks by quantum computers.</p> </section> <section class="section main-article-chapter" data-menu-title="Space-based tech is a critical asset"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Space-based tech is a critical asset</h2> <p>China and Russia are investing heavily in space to support both peacetime and war ambitions. And Iran has used satellite images to support its attacks on Gulf states.</p> <p>In three years, more than 10,000 new objects have been launched into space as more satellites are required to support the growing volume and speed of data crossing the planet.  </p> <p>“Space-based tech is critical to both our way of life and our national security, and that’s why GCHQ is working with partners to harness, secure and defend it,” she said.</p> </section> <section class="section main-article-chapter" data-menu-title="Cryptography for the quantum era"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cryptography for the quantum era</h2> <p>Keast-Butler said GCHQ’s ability to design world-leading encryption was fundamental for protecting the integrity of technology and for national security.</p> <p>GCHQ pioneered public key cryptography in the 1970s, which is still used to protect the security of the internet. The agency’s mathematicians are developing <a href="https://www.techtarget.com/searchsecurity/video/An-explanation-of-post-quantum-cryptography">new forms of encryption</a> that will allow data to be managed safely.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the security of critical national infrastructure (CNI)</h3> <ul class="default-list"> <li>GSMA calls for targeted regulatory reform from European governments to close the €205bn 5G funding gap that is <a href="https://www.computerweekly.com/news/366642836/GSMA-205bn-funding-gap-leaving-Europes-critical-infrastructure-at-risk">leaving Europe’s critical infrastructure at risk</a>.</li> <li>Geopolitical tensions are stoking cyber threats to UK critical infrastructure. State actors and ransomware groups are targeting industrial systems. <a href="https://www.computerweekly.com/opinion/Global-conflicts-accelerate-cyber-threats-against-UK-CNI">Operators must improve visibility</a>.</li> <li>After years of lobbying, the <a href="https://www.computerweekly.com/news/366611074/UK-government-adds-datacentres-to-CNI-regime-Why-did-it-take-so-long">UK government has agreed to classify datacentres as critical national infrastructure</a>, with the tech industry claiming the move is long overdue, but also recognition of the importance of server farms to the economy.</li> </ul> </div> </div> </section> GCHQ director Anne Keast-Butler confirms plans to build a national cyber defence capability using AI agents to defend critical infrastructure at ‘machine speed’ https://cdn.ttgtmedia.com/visuals/German/Hero-Data-Protection-by-kasinv-Adobe-02.jpg https://www.computerweekly.com/news/366643734/National-cyber-shield-could-be-ready-in-five-years Thu, 28 May 2026 12:08:00 GMT National cyber shield could be ready in five years <p>Conflicts in Ukraine and the Middle East as well as growing tensions between Western nations and Russia and China are having direct consequences for the security of critical national infrastructure worldwide. And for UK operators of essential services, they are driving measurable increases in cyber threats that target the industrial systems that keep energy flowing, water clean, and manufacturing fully operational.</p> <section class="section main-article-chapter" data-menu-title="From the perimeter to the process"> <h2 class="section-title"><i class="icon" data-icon="1"></i>From the perimeter to the process</h2> <p>While there have been cases of state-sponsored attacks to <a href="https://www.techtarget.com/whatis/definition/critical-infrastructure">critical infrastructure</a>, most cyber adversaries have focused the vast majority of their efforts on breaking into corporate IT systems to gather information and credentials. During this time, industrial organisations were not the primary target because of their industrial nature – they were collateral. But cyber attackers have grown more aware of industrial organisations as high value targets in recent years.</p> <p>Take last year’s <a href="https://www.computerweekly.com/news/366630592/Jaguar-Land-Rover-admits-data-has-been-compromised-in-cyber-attack">ransomware attack on Jaguar Land Rover</a>. This attack wasn’t targeting industrial equipment, yet production lines stopped, supply chains seized, and disruption ensued. The incident highlighted how the connections between organisations matter as much as the defences within them. And while ransomware like the JLR attack causes disruption from the outside in, a different category of threat is now emerging from groups that have moved far deeper into industrial environments.</p> <p>Of the three newly identified threat groups tracked by Dragos last year, two have demonstrated Stage 2 capability, meaning they have crossed from IT into OT networks and are now able to interact with specific industrial control system technologies. These groups are probing port, interfacing with industrial protocols, mapping devices, and building an understanding of the physical processes those devices govern, from power generation and water treatment to manufacturing lines.</p> <p>These <a href="https://www.techtarget.com/searchsecurity/tip/What-is-threat-hunting-Key-strategies-explained">tactics, techniques and procedures (TTPs)</a> are consistent with pre-positioning reported by public sources.  The US government and allied nations have publicly attributed Chinese-linked groups to a sustained campaign of pre-positioning inside critical infrastructure, believed by these agencies to be establishing persistent access intended for activation during a Taiwan contingency to disrupt power, communications, or essential services. Separately, groups with ties to Iranian interests have been tracked targeting industrial environments as Middle Eastern instability continues to escalate. In both cases, the access is being built now, against the backdrop of active conflicts, as preparation for future disruption.</p> <p>The barrier to entry for targeting industrial environments is falling in other ways too. Threat intelligence teams have recently observed adversaries using large language models to automate target development at a pace that manual operations cannot match.</p> </section> <section class="section main-article-chapter" data-menu-title="Ransomware is compounding the problem"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ransomware is compounding the problem</h2> <p>State-sponsored pre-positioning is not the only threat intensifying globally. The number of ransomware groups targeting industrial entities rose 49% over the past year, with 119 groups affecting more than 3,300 organisations. The true number is almost certainly larger: ransomware hitting a Windows machine running a human-machine interface or process control software is routinely classified as an IT incident because the device runs a familiar operating system, even when the function the device performs is entirely OT. This reporting gap means the sector is making risk decisions on incomplete data and underestimating the true scale of industrial ransomware exposure.</p> <p>Manufacturing sits at the top of ransomware’s target list because the sector embraces newer technologies and cycles through equipment faster than energy or water. Every upgrade cycle widens the gap between what’s deployed and what’s defended. Newer devices run standard operating systems and open-source libraries, removing the specialist knowledge barrier that once stood between adversaries and OT environments.</p> </section> <section class="section main-article-chapter" data-menu-title="What UK operators should do now"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What UK operators should do now</h2> <p>UK infrastructure operators do not control the geopolitical forces driving this escalation, but they do control their readiness. Firstly, UK organisations need to realise the boundary has been crossed. With 81% of architecture reviews revealing poor IT-OT segmentation, operators should be assessing whether an adversary with IT access has a viable path into their OT systems - and acting on the findings rather than just documenting them.</p> <p>There is also an urgent need for UK organisations to close the <a href="https://www.computerweekly.com/opinion/Why-asset-visibility-matters-in-industrial-cybersecurity">visibility gap</a>. Less than 10% of OT networks are monitored globally, and what isn’t seen isn’t detected. Monitoring OT network traffic is no longer a discretionary investment for any organisation whose operations underpin public services.</p> <p>Reporting blind spots across the sector need to be addressed before the true scale of industrial ransomware exposure can be understood. Ransomware affecting devices performing OT functions needs to be classified by the operational role of the system, not by the IT system running on the affected machine. Without accurate classification, the sector will never build an honest picture of its exposure. In parallel, tabletop exercises and incident response planning need to be designed to reflect the threat as it exists today, not the threat of three years ago. Tabletop exercises testing a single organisation's response to an isolated intrusion no longer reflect the operating environment. Exercises need to simulate disruption across dependency chains and test whether suppliers and partners can continue operating under simultaneous pressure from the same adversary or campaign.</p> </section> <section class="section main-article-chapter" data-menu-title="Where next?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Where next?</h2> <p>State-sponsored attacks and the surge in ransomware groups targeting industrial organisations are not separate trends. They are compounding pressures on the same set of UK infrastructure operators, and they are increasing in parallel. The threat groups tracked over the past year are building capability inside industrial environments now, and they are doing so against the backdrop of conflicts that show no sign of easing.</p> <p>UK infrastructure operators won’t out-run adversaries. What they can do is shut the gaps that adversaries depend on – poor segmentation, missing visibility, ransomware misclassified as IT, and exercises that test individual perimeters rather than the full dependency chain. More information on these best practices can be found in the framework published by the SANS Institute, The Five ICS Cybersecurity Critical Controls.</p> <p><em>Magpie Graham is VP, Strategic Intelligence at Dragos</em></p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Critical National Infrastructure security</h3> <p>Overconfidence in cyber security: <a href="https://www.computerweekly.com/opinion/Overconfidence-in-cyber-security-a-silent-catalyst-for-CNI-breaches">a silent catalyst for CNI breaches</a></p> <p><a href="https://www.computerweekly.com/news/366642032/Nation-states-responsible-for-nationally-significant-cyber-attacks-against-UK-says-NCSC-chief">Nation states responsible for ‘nationally significant’ cyber attacks</a> against UK, says NCSC chief</p> <p>Interview: <a href="https://www.computerweekly.com/news/366641946/Interview-Critical-local-infrastructure-is-missing-link-in-cyber-resilience">Critical local infrastructure is missing</a> link in UK cyber resilience</p> </div> </div> </section> Geopolitical tensions are stoking cyber threats to UK critical infrastructure. State actors and ransomware groups are targeting industrial systems. Operators must improve visibility https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/energy-power-electricity-pylons-АртурНичипоренко-adobe.jpg https://www.computerweekly.com/opinion/Global-conflicts-accelerate-cyber-threats-against-UK-CNI Thu, 28 May 2026 11:57:00 GMT Global conflicts accelerate cyber threats against UK CNI <p>Throughout history, transformative technologies have generally stirred the masses with a mixture of fear, suspicion and misunderstanding. With AI, however, those misunderstandings have taken a surprising turn.</p> <p>Most people aren’t afraid of AI. In fact, confidence is high and anxiety is low. But dig a little deeper and a more complicated picture emerges. Because, while people feel comfortable with AI in the abstract, most fail to recognise it even in their own daily lives.</p> <p>This is the AI Knowledge Gap. Not a fear of the future, but a blindness to the present. And if we don’t close it urgently and deliberately we risk squandering the most significant technological moment of our lifetimes, with knock-on effects for <a href="https://www.computerweekly.com/resources/IT-careers-and-IT-skills">IT skills</a> and <a href="https://www.computerweekly.com/news/366641901/AI-adoption-is-rapid-but-many-stuck-at-basic-levels-says-AWS">the development of AI in the economy</a>.</p> <h3>Gap spans geographies, ages and genders</h3> <p>Drilling down into data collected from 6,000 respondents across Europe, Equinix found that 77% of those surveyed weren’t worried about the growing role of AI, with 57% of UK people feeling confident about using it already. All of which suggests that AI is being widely embraced, and will continue to <a href="https://www.computerweekly.com/opinion/What-the-UK-is-getting-right-and-wrong-about-AI-adoption">be adopted</a> quickly.</p> <p>But the survey also identified a clear knowledge gap. Only 33% of respondents recognised that they use AI-powered services or applications daily, and 18% said they never use them at all, rising to 28% in the UK. This suggests a lack of understanding about what AI is, how it works, or where it is being woven into everyday life. </p> <p>It is a misconception to believe AI only impacts your life when you actively log onto an LLM. AI has been embedded into all walks of digital life. It powers apps on your smartphone or smartwatch and is embedded in your email and calendar. It suggests what you might want to stream or buy online, it navigates your fastest route home, and even monitors your health. AI supports countless digital services that many consumers now take for granted. </p> <p>More broadly, AI can design drug molecules that reach clinical trials in under 18 months, enable smart home thermostats to learn daily routines or track the carbon intensity of the grid to save costs, optimise production processes and reduce waste. It also helps improve supply chains, enhance food quality, and make industrial systems more efficient and sustainable.</p> <p>The fact that so many people benefit from AI without recognising its presence shows how embedded the technology has already become and why public understanding has failed to keep pace with its adoption.</p> <p>The knowledge gap transcends regions, with patterns also existing according to age and gender. Nearly three quarters (72%) of under-35s felt confident about using the technology, compared to just 41% of those aged 55 or over. That disparity is particularly stark in the UK, where those gaps widened to 80% and 33% for the same age groups. Between men and women, meanwhile, confidence in understanding AI stood at 62% and 50% respectively.</p> <p>These disparities matter because confidence often shapes participation. Those who feel less confident may be less likely to adopt new tools, access the benefits they provide, or adapt to rapid changes in the workplace. If these patterns persist, we could witness an ever-widening digital gap where the benefits of AI are not shared equally across society, and reinforce existing differences or inequalities across communities.</p> <p>The practical applications outlined above demonstrate that AI is not an abstract future concept but a technology already delivering measurable benefits across healthcare, energy and manufacturing. For AI to reach its full potential, governments and companies need to focus on education, and not just regulation.</p> <p>However, if governments, local communities and individuals don’t fully understand how AI is already improving their lives, they might not support the policies or investments needed to grow the technology.</p> <p>Public trust is essential to sustaining the investment required for innovation, and when people do not recognise the benefits AI already delivers, they may be less likely to support the infrastructure, regulation and long-term investment that will be needed to develop AI responsibly and at scale.</p> <h3>How to close the gap</h3> <p>Governments should prioritise AI education alongside technological development to ensure it is embraced with clarity and understanding. Yet, this requires reactive and proactive thinking. </p> <p>Reactively, by dispelling the “myth” that AI is just an LLM. And proactively, in the sense of building hands-on knowledge and experience by investing in training programmes.</p> <p>People need help to understand where AI is already present in their lives, what benefits it can deliver, and what limitations it has. Practical pathways should be created that enable people to build confidence – through workforce training, apprenticeships, or education programmes – that are designed to equip them with the <a href="https://www.computerweekly.com/news/366637953/Skills-key-to-successful-AI-adoption-says-IBM">digital skills</a> they need in our increasingly AI-driven economy.</p> <p>Without this effort, technological progress may continue, but public understanding will lag, limit adoption and weaken support for future innovation.</p> <h3>Close the gap or fall behind</h3> <p>Innovation starts with education. When the internet first appeared, it was viewed as a fad for academics and teenagers. Today, it underpins virtually every aspect of how we live, work and connect. AI is on a faster, steeper trajectory and the window to get ahead of it is narrow.</p> <p>History is unambiguous on this point. Societies that moved fastest to understand new technologies didn’t just survive the disruption. They led it. They set the standards, built the industries and captured the opportunities that others were too slow to see.</p> <p>We need to close the AI Knowledge Gap so everyone, regardless of age, gender or geography, understands how AI works, where it already exists in their lives, and where it is likely to lead. The technology is ready. Now public understanding needs to catch up.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI skills</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/opinion/The-UK-governments-AI-skills-programme-betrays-UK-workers-and-our-digital-sovereignty">The UK government’s AI skills programme betrays UK workers and our digital sovereignty</a>. The government's plans to offer AI skills training to the public depends almost entirely on US big tech companies - how is this meant to support the aim of supporting homegrown AI firms and enhancing sovereignty?</li> <li><a href="https://www.computerweekly.com/news/366637838/UK-government-signs-more-partners-to-boost-AI-skills-across-the-country">UK government signs more partners to boost AI skills across the country</a>. The government is seeking to educate 10 million adults in the UK on how to use artificial intelligence tools to streamline their work. </li> </ul> </div> </div> <p></p> Equinix found big gaps in people’s knowledge about AI and how it is used in everyday life. MD James Tyler says we need to close that gap to nurture AI skills and to support AI projects https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/puzzle-skills-gap-adobe.jpeg https://www.computerweekly.com/opinion/The-AI-knowledge-gap-and-how-to-close-it Thu, 28 May 2026 11:56:00 GMT The AI knowledge gap and how to close it <p><i>This is the final article in a five-part series on what FDP is for. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data">Part 1 described how the NHS data architecture</a> accumulated and named eight interconnected problems. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">Part 2 defined the seven Frontline-First dimensions</a> and how FDP delivers them. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-3-The-data-architecture-that-makes-it-work">Part 3 described the ontology</a>, object types and actions that make FDP structurally different. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-4-The-NHS-data-model">Part 4 analysed the shared data model</a>. Author Tom Bartlett led the 150-person team that built the <a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">Federated Data Platform</a>.</i></p> <p>The <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data">previous four articles in this series</a> have described a connected set of problems the NHS has never addressed, an approach called Frontline-First that would address them, the architecture that makes it possible, and the data model and consistent products that make it work at national scale.</p> <p>The case for delivering this is strong, and the platform to deliver it exists.</p> <p>The supplier has been chosen – despite the strong opinions that supplier, Palantir, arouses - and there is nothing practical that can be done to change that unless the NHS is forced to go backwards and then stand still until another supplier emerges, perhaps in five years, perhaps in 10, perhaps never.</p> <p>While our heroic NHS teams press on with making the Federated Data Platform (FDP) work for them, they are doing so against a relentless backdrop of controversy that puts delivery at risk, and not because the architecture is wrong.</p> <p>Trust chief executives who could be leading adoption are hesitant, uncertain about what the system actually does, never mind whether the political environment will support them. I have spoken to senior NHS staff in Trusts who are asking whether they should invest locally, whether they should push their staff on this, whether they should get involved at all.</p> <p>Technology companies who could be building products for the Solution Exchange are holding back - at a recent supplier event I heard companies say they had read about a contractual break clause in the press and could not justify the investment if the programme might be pulled.</p> <p>Local data leaders who built impressive platforms over many years feel their work is being sidelined rather than integrated, and their frustration is genuine.</p> <p>And MPs who see an opportunity to build political capital with their base have turned FDP into a proxy for broader anxieties about US technology, public sector outsourcing, data privacy, and the ethics of Western governments.</p> <p>Meanwhile, patient opt-outs from NHS data sharing have accelerated sharply, causing long-term damage to the very people opting out and to other citizens who share their demography and health needs.</p> <p>The cumulative effect is organisational drift, where the people who need to act are waiting for clarity that the debate is not providing. Public trust matters, and the UK government's unsuccessful attempts to secure it have had real consequences.</p> <p>Some commentators have drawn parallels with <a href="https://www.computerweekly.com/news/2240216751/Analysis-Caredata-where-next">Care.data</a>, the national programme withdrawn in 2016 after public concern made it politically costly to defend. I do not think we are there. Cross-party political will for FDP remains strong, and the Westminster Hall debate attracted barely a dozen backbenchers.</p> <p>The risk is not that FDP will be cancelled. It is that it will drift while the noise consumes the bandwidth of the people who should be delivering it. The answer to a trust deficit is not to abandon the approach - it is to be transparent about what the platform does, why it matters, and how the data is protected. That is part of what this series has tried to do.</p> <p>The government's reorganisation of the NHS has accelerated the drift. Arbitrary and untargeted cuts to central services have made it harder for the national team to coordinate the most ambitious data programme the NHS has ever attempted. No staff group or programme has been protected - all are subject to disruption with no apparent strategy beyond reducing headcount.</p> <p>This article engages with the objections that are causing that drift, takes them on their merits, and makes the case for why constructive engagement matters more than any of the individual arguments.</p> <p>These are the arguments I have heard, in good faith, from NHS leaders, clinicians, technology companies, and parliamentarians since I left NHS England. Some of them I might once have made myself, before I saw FDP up close.</p> <section class="section main-article-chapter" data-menu-title=""We don't need it. We already have platforms that do this.""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"We don't need it. We already have platforms that do this."</h2> <p>This is the objection I hear most often, and it rests on a misunderstanding of what FDP is.</p> <p>It takes several forms. Senior Integrated Care Board (ICB) leaders have reported to their boards that local capability exceeds anything FDP currently offers. Trusts have told NHS England in FOI responses that adopting FDP tools would cause them to "lose functionality rather than gain it."</p> <p>The <a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">Chief Data and Analytical Officer (CDAO) Network wrote in an open letter</a> that Trusts "already have similar tools in use that presently exceed the capability of what the FDP is currently trying to develop."</p> <p>In Parliament, FDP has been framed as an overpriced analytics subscription, or "an expensive data warehouse." Freedom of Information responses from multiple Trusts described FDP as "a step backwards" compared to existing tools.</p> <p>But every one of these statements frames FDP as an analytics platform competing with existing business intelligence (BI) tools. That is not what FDP is.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Could a home-grown system do what FDP does? In principle, yes. The ideas underneath the Foundry application are knowable and implementable. But </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The confusion is understandable - when you describe FDP it genuinely does sound like a cloud data platform, with waiting list dashboards, productivity metrics, care coordination insights and so on. But operational FDP products are already running in production across adopting Trusts - theatre scheduling, discharge coordination, waiting list validation, pathway tracking.</p> <p>These are workflow applications where clinicians and operational staff make decisions, record them, and have those decisions update the underlying data. They are not dashboards. They are tools.</p> <p>The Frontline-First vision that this series has described was in the original procurement specification, which explicitly required operational tools, a marketplace for sharing products, and the capability for Trusts to develop their own digital solutions.</p> <p>But the programme's communications did not land this. The result is that even people inside the NHS data community describe FDP using analytics vocabulary, talking about dashboards and data warehousing, when its production applications are operational products designed for clinical and operational workflows.</p> </section> <section class="section main-article-chapter" data-menu-title=""This is not what we procured""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"This is not what we procured"</h2> <p>The CDAO Network wrote in their open letter of February 2025 that the original business need for FDP was "about creating a data connection capability" and "about federating data and interoperable standards," and that it "should not be about imposing or advancing adoption of specific software solutions." The group described the shift toward operational tools as "programme drift."</p> <p>These statements reveal the scale of the misunderstanding. The contract explicitly covers operational applications and the Solution Exchange. The original procurement prospectus, published in January 2023, explicitly stated that the platform would "provide Trusts and Integrated Care Systems (ICSs) with the capability to develop their own digital tools that address their most pressing operational challenges" and that its connectivity would "enable us to rapidly scale and share innovative solutions."</p> <p>A separate Marketplace procurement was published in May 2023 covering "the creation and delivery of use cases and products by other suppliers and subsequent publishing of operational products and solutions."</p> <p>Operational tools, use cases, and a marketplace for sharing products were in the procurement from the start. They were not added later as programme drift. The community either did not read the procurement closely enough or read it through a reporting-first lens and assumed "tools" meant dashboards.</p> <p>How has this misunderstanding happened? Look at the programme's own communications, largely confined to the NHSE website. The language used reinforces the misunderstanding by describing FDP in phraseology used extensively in analytics. </p> <p>The programme's communications were narrower than the procurement, and the Frontline-First vision was never publicly articulated. Where NHS England leaders have described the system it has often been indirect, at times over-simplified to the point where meaning is lost, and at times wrapped in Palantir marketing, an immediate turn off to many who might otherwise have listened.</p> <p>The message should have been clear - FDP supports a Frontline-First approach that requires operational products at the point of care, and those products need to sit on the same platform as the data to deliver the benefits.</p> <p>I described this at length in <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">Parts 2</a> and <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-3-The-data-architecture-that-makes-it-work">3 of this series</a>. The name of the programme was never going to do the communication on its own, but it is in itself confusing. Data federation alone doesn't give a clinician a useful product, doesn't replace the spreadsheet, doesn't produce better data at source. What drifted was the communication, not the programme.</p> </section> <section class="section main-article-chapter" data-menu-title=""Why not build our own?""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"Why not build our own?"</h2> <p>This is the most politically prominent objection. Martin Wrigley, MP, has called in Parliament for "a staged exit with a retender for British companies to build a replacement for Palantir" and argued that "a UK tech consortium" could "build UK sovereign solutions, tech skills and competencies."</p> <p>An NHS developer, quoted by Julian Smith, MP, in the same debate, wrote: "There are any number of reassuringly boring companies that could deliver this contract, many of them based in the UK." The BMA has called for termination of the Palantir contract.</p> <p>Could a home-grown system do what FDP does? In principle, yes. The ideas underneath the Foundry application are knowable and implementable.</p> <p>But "in principle" is doing a lot of work. Foundry is not a product that was built by a project team. It is the output of a $328bn company that has employed thousands of engineers over 20 years, unconstrained by NHS pay scales, headcount ceilings, or recruitment timelines, and funded by billions of dollars in commercial and government contracts across defence, intelligence, and the private sector.</p> <p>The NHS would not be replicating a team - it would be replicating a company. <a href="https://www.computerweekly.com/news/366560657/Palantir-awarded-NHS-FDP-data-contract">A contract worth £330m over seven years</a> is not remotely close to that. It is enough to use Foundry. It is not enough to build it.</p> <p>Critics will say they would do it differently, using a combination of existing open-source components and cloud services, and they may be right that a different route is possible. But nobody has yet demonstrated an alternative that delivers the combination of capabilities described in Part 3 at the scale the NHS requires.</p> <p>The UK consortium version is the argument that gets put to me most often when the home-grown option runs out of road. The UK does have genuine data companies. Quantexa, which bid for the FDP contract in 2023 alongside IBM, is a serious UK-founded firm with strong entity resolution and decision intelligence capability. Voror Health Technologies, Eclipse and Black Pear formed an all-British consortium that also bid. Both lost to Palantir.</p> <p>The reason matters more than the result. Neither Quantexa nor any other UK data company currently offers a platform with the combination of capabilities I described in Part 3 – that is, object types that hold data and descriptions together, live navigable relationships between them, actions that create new data through operational applications, writeback into the same data fabric, and a national data model hosted in the same layer.</p> <p>The UK has strong data companies solving adjacent problems. Since I began writing publicly about FDP, I have invited anyone who knows of an alternative platform that delivers this combination to tell me about it. Several have tried, but nobody has come close to describing the functionality needed. I acknowledge that I can only speak to what I have seen - there may be a platform in development that has not yet declared its capability. I would welcome being shown one, and I will need more than vague declarations or lists of company names.</p> <p>FDP is a multi-year endeavour even with Palantir's two decades of platform R&D behind it. Anyone hoping for a different answer in the next 18 months, whether by intervention or by break clause, is asking for a delivery timeline that does not exist on any platform of this scale anywhere in the world.</p> </section> <section class="section main-article-chapter" data-menu-title=""Why does it have to be one platform?""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"Why does it have to be one platform?"</h2> <p>This is the most substantive objection, because it accepts most of the argument I have been making and proposes a different deployment model. Martin Wrigley, MP, called in Parliament for "a distributed, interoperable UK sovereign solution," comparing it to "how massive systems, such as the internet or mobile phone networks, work. They do not rely on one single system or supplier." The CDAO Network's open letter argued that the original business need was to federate data, not to impose a single platform.</p> <p>There is broad agreement across the NHS data community, including from the strongest critics of FDP, that a common data model is needed. The disagreement is not about whether the NHS needs a canonical data model (CDM). It is about whether the NHS needs a single platform to implement it.</p> <p>The alternative position is that different parts of the NHS can run different platforms, all conforming to the same CDM but implementing it locally on their own technology. This position has surface appeal - it preserves local autonomy, avoids single-vendor dependency, and lets each region use the tools its teams know best.</p> <p>But there are things it cannot deliver that a single platform with the CDM can.</p> <p>First, application portability. An application built on FDP cannot run on an Advanced Data Services Platform (ADSP) any more than an iPhone app can run on Android, even if both work with the same underlying data model.</p> <p>On a single platform, a Trust in Dorset builds an application and a Trust in Newcastle installs it through the Solution Exchange without rewriting. On multiple platforms, the application has to be rebuilt for each one. That is the difference between interoperability – where systems can talk - and portability, where the same thing runs in both places.</p> <p>Second, semantic consistency. As I argued in Part 4, a consistent data model is necessary but not sufficient. You also need consistent products that constrain recording to produce data of known meaning. On a single platform with the Solution Exchange, those products are portable and enforceable. On multiple platforms, conformance becomes aspirational rather than structural.</p> <p>My view is that a single platform makes national consistency structurally achievable. Multiple platforms make it aspirationally possible but operationally much harder, and we can already see this if we look at the current state of electronic patient records (EPRs).</p> <p>There is one area where the distributed model has a legitimate case - the analytical layer. As I acknowledged in Part 3, Foundry's native analytics are less mature than a well-configured Power BI or Tableau environment, and Trusts with strong analytical infrastructure should not be forced to abandon tools that work well for that purpose. Their data team will have to justify to their CFO each year why they have to rebuild and maintain analytics locally when every other Trust is collaborating on shared infrastructure.</p> <p>But for the operational layer, where the Frontline-First products sit, the case for a single platform with a shared data model and portable products is structural, not a matter of preference. The evidence from the next few years of FDP delivery will make this clearer. But it is worth naming the category error in this objection.</p> <p>Consider a fleet of mobile phones. Nobody argues there should be five competing operating systems on the same device. The operating system is standard; the apps are diverse. Apple’s iOS does not compete with the apps that run on it - it enables them. In this analogy, FDP is the operating system, not the device. The Solution Exchange is the App Store. The CDM is the API standard. The products that run on the platform are built by Trusts, by NHS England, and by third-party suppliers, all competing on the basis of clinical usefulness. The interoperability that critics, including Wrigley, call for is the very thing the platform provides.</p> <p>A related argument deserves attention.</p> <p>There is strong NHS data work at regional level, where dedicated teams have spent years linking data across acute, primary, mental health, and community settings, applying population-level risk scoring, and embedding analytics inside clinical systems.</p> <p>But this work tends to produce a collection of separate specialist tools for separate use cases - one for the shared care record, another for waiting list prioritisation, another for GP prescribing interventions, another for the system control centre. The tools do not share a common data model. They are not portable to other regions. They are not built using AI-assisted development that allows non-engineers to contribute. And they are not integrated into a single operational workflow where data created in one tool is immediately available to every other. This is excellent analytics infrastructure with operational extensions bolted on. It is not a Frontline-First approach.</p> <p>The question is whether 26 ICBs can each build their own version independently, maintain semantic consistency across them, and make the resulting tools available to every Trust in the country. The CDM and the Solution Exchange exist because the answer is no.</p> </section> <section class="section main-article-chapter" data-menu-title=""The cost is too high""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"The cost is too high"</h2> <p>Senior NHS data leaders have asked for independent evaluation of costs and benefits and they are right to do so. The published contract value of £330m significantly understates the true cost of FDP adoption, and as I described in Part 2, implementation costs vary significantly depending on how a Trust approaches adoption.</p> <p>There are also operational costs that early adopters are still defining - incident management, change control, monitoring, and the service management model for a platform that runs clinical tools. These day-to-day realities of running FDP in production are not yet fully established, and Trusts considering adoption should factor them in.</p> <p>But the evaluation must also account for the costs of the status quo. The hidden costs of operating without a Frontline-First approach are real and large - data quality failures that distort commissioning decisions and funding allocations; clinical variation that persists for years because enrichment never reaches the consultant; the information governance and data loss risks created by shadow IT that sits outside the formal data estate; analyst time spent reconciling data that should have been consistent at source; and the downstream research and policy consequences of working from data that looks reasonable but is silently wrong.</p> <p>The information governance risks presented by current practice of using whiteboards, spreadsheets and paper have not gone away, and are costing the NHS millions each year. These costs are harder to quantify but they are borne every day by every Trust in the country. An honest evaluation would put the cost of FDP adoption alongside the cost of not adopting it, and let the numbers speak.</p> <p>There is a further cost that is harder to see but may prove the largest of all - the opportunity cost of falling behind on AI.</p> <p>Every major health system in the world is investing in AI capabilities that depend on consistent, structured, semantically coherent data. Implementing AI across the pre-FDP data landscape, with its fragmented systems, inconsistent semantics, and data locked in siloed warehouses, would require building bespoke grounding and integration for every Trust, every data source, and every use case.</p> <p>The operational AI capabilities on the platform (Ask FDP, AI-FDE, the emerging agentic workflows described in Part 3) work because the ontology provides the semantic layer that AI needs to reason across the data. Without that layer, AI in the NHS will be confined to isolated local experiments that cannot scale.</p> <p>Other countries are not waiting. The cost of delay is not just what the NHS loses today - it is the widening gap between what the NHS can do with its data and what comparable health systems will be able to do with theirs.</p> <p>The cost comparison that puts this in context is the EPR investment. The NHS has spent roughly £2bn on electronic patient records over the past five years, with single geographies spending £200m on a single EPR upgrade. In that context, £330m for a national operational data platform looks like what it is - a modest beginning, not an extravagance.</p> <p>The objections so far have been about whether FDP is needed and whether it is worth the cost. The next set are about the supplier - who owns what, how dependent the NHS becomes, and whether Palantir is an acceptable partner.</p> </section> <section class="section main-article-chapter" data-menu-title=""The NHS owns no intellectual property""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"The NHS owns no intellectual property"</h2> <p>This is the most disingenuous claim in the debate. Martin Wrigley stated in Westminster Hall that the FDP contract delivers "no software, not one line" and that "all the specially written software and intellectual property rights belong to the supplier." I wrote to Wrigley before the debate explaining why this was wrong. He repeated the claim regardless. The minister, Zubir Ahmed, contradicted him in the debate: "The NHS owns the intellectual property for all products and it is possible to migrate them to other providers."</p> <p>The accompanying diagram shows the layered architecture and where intellectual property (IP) ownership sits at each level.</p> <p>The NHS Trust owns its network infrastructure, its connection agent host, its connector configurations, and its ETL pipeline logic, all written in standard open-source languages (SQL, Python, PySpark, React) that can be lifted and run on any platform.</p> <p>The Canonical Data Model belongs to the NHS, is licensed via the Open Government Licence, and is available to all on GitHub.</p> <p>Every FDP product built by NHS engineers belongs to the NHS. Every Trust-built application, dashboard, and report belongs to the Trust.</p> <p>What Palantir retains is intellectual property in Foundry itself - the platform engine, and the proprietary tools like Quiver, Workshop, Contour, and the Ontology Engine. This is no different from Microsoft retaining IP in Excel while users own the spreadsheets they create.</p> <p>If Palantir lost the contract tomorrow, the NHS would retain all of its data, all of its code, all of its products, and all of the CDM. Only the Foundry platform engine and Palantir's own tools would need replacing. That is a significant migration task, but it is not "no software, not one line."</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.computerweekly.com/rms/computerweekly/fdp_architecture_v5.png"> <img data-src="https://www.computerweekly.com/rms/computerweekly/fdp_architecture_v5_mobile.png" class="lazy" data-srcset="https://www.computerweekly.com/rms/computerweekly/fdp_architecture_v5_mobile.png 960w,https://www.computerweekly.com/rms/computerweekly/fdp_architecture_v5.png 1280w" alt="FDP architecture diagram" height="780" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>FDP integration architecture </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The IP ownership question is separate from the vendor lock-in question, and it is worth being clear about both. Everything built on FDP is technically portable - the code is in open source languages, the CDM belongs to the NHS, the data belongs to the Trusts. But portability on paper and migration in practice are very different things.</p> <p>If the break clause were triggered and Palantir's software became unavailable, the migration task would be monumental. Every pipeline, every ontology configuration, every application would need to be rebuilt on whatever platform replaced it. The CDM would need to be reimplemented. The integrations with Trust source systems would need to be reconnected. And the NHS would need to have a platform to migrate to, which, as I have argued above, does not currently exist.</p> <p>This is not unique to FDP - any platform migration at this scale is a multi-year programme in its own right. The SAS to Foundry migration that NHS England undertook was a significant project and that was one analytical platform within one organisation. Migrating 220 Trusts' operational products would be orders of magnitude harder.</p> <p>The challenge to migrate away from FDP is significant, but it is operational rather than legal, and it is the same kind of challenge that applies to every EPR, every data warehouse, and every enterprise system the NHS runs.</p> </section> <section class="section main-article-chapter" data-menu-title="Data sovereignty and the Cloud Act"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Data sovereignty and the Cloud Act</h2> <p>A persistent claim in the debate is that the NHS has handed its data to Palantir. It has not. The data remains under NHS data controllership. Palantir provides the platform software under contract - it does not own, control, or have the right to use NHS data for any purpose outside the contracted services.</p> <p>The contract explicitly prohibits commercial or research use of the data by the supplier. This is the same arrangement that applies to every other technology supplier the NHS uses - Microsoft hosts NHS data on Azure, Epic hosts clinical records, and neither owns the data they process. The minister confirmed this in the Westminster Hall debate - the NHS owns the data and can migrate it to other providers.</p> <p>A related concern is that Palantir is a US company and that the US Cloud Act could theoretically compel disclosure of NHS data to the US government. This is a legitimate concern in principle. It is also one that applies equally to any US company including Epic, Microsoft, Apple, and Google. There is unlikely to be anyone in England who has not already willingly shared their personal data with at least one of those firms. The NHS runs on Microsoft infrastructure. Most Trusts use Microsoft 365. Many are migrating to Azure. Epic and Oracle Health, both US companies, provide the EPR systems that hold the most sensitive patient data in the NHS.</p> <p>The Cloud Act requires US law enforcement to obtain a warrant from a US court, demonstrating probable cause that the data sought contains evidence of a crime. The warrant must describe with particularity the data to be obtained, and the provider can challenge the order in court. It is a targeted legal process, not a mechanism for bulk data extraction.</p> <p>Campaigners have suggested that FISA, separate US surveillance legislation designed for counter-terrorism, could be used to compel bulk access to NHS data without individual warrants, bypassing the safeguards described above. FISA authorises the surveillance of foreign intelligence targets, not the bulk extraction of datasets from commercial platforms. Using it to obtain NHS patient records would require a US intelligence agency to persuade the FISA Court that millions of NHS patient records are relevant to a foreign intelligence investigation.</p> <p>There is no credible technical mechanism by which this could happen without triggering every alarm in NHS England's cyber security monitoring and becoming instant headline news. The fact this has never happened to any US-hosted NHS data, despite UK citizens using US software since the start of the information age, is telling. The concern is understandable given the political climate and media coverage, but it is not supported by the evidence of how these legal instruments work in practice.</p> <p>If data sovereignty from US jurisdiction is the standard, the NHS would need to exit not just Palantir but its entire cloud and EPR infrastructure. That is not a realistic proposition, particularly when the UK government is actively inviting US technology companies to invest in the UK.</p> <p>The sovereignty argument is worth having as a matter of national policy. It is not a credible basis for singling out FDP while leaving every other US technology dependency in the NHS untouched.</p> </section> <section class="section main-article-chapter" data-menu-title="The ethics of the supplier"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The ethics of the supplier</h2> <p>There is a further objection that this series has deliberately not addressed until now, because it sits outside the architectural argument - the ethics of Palantir as a company.</p> <p>Palantir's involvement in military operations, immigration enforcement, and intelligence work is a matter of public record. The company has attracted intense criticism, and some of the language used to describe it and its employees has been extreme. NHS staff, including data analysts who are asked to work on the platform, have raised sincere objections to working with a company whose other contracts they find morally unacceptable.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> I have listened to the frustration local leaders feel and it is real. The programme was operating under continual, near-unmanageably high pressure for years. Both things are true, and both need to be acknowledged if the relationship between the national programme and the local teams is going to work. </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The tension is understandable. The NHS is built on values of care, compassion, and the equal treatment of every patient. Military and security organisations operate on different values - national defence, deterrence, and the use of force where necessary. Both sets of values exist within British society.</p> <p>The UK funds its armed forces, operates intelligence services, and contracts with companies that support them. These are not fringe activities - they are functions of a democratic state. The discomfort that NHS staff feel when those two worlds intersect through a shared supplier is real, but it is a tension between values that coexist in the same society, not a choice between right and wrong.</p> <p>These objections are legitimate. They are also personal. We each make choices about who we vote for, what we buy, where we work, and which companies we are willing to do business with. Those choices reflect our values and nobody should be told their values are wrong. But this series is about whether the Frontline-First approach works, whether the architecture delivers it, and whether the NHS should build on it. The ethics of the supplier are a question for individuals, for lawmakers, and for the democratic process. They are not a question this series can answer, and they should not be used to avoid engaging with the substance of the argument, nor to judge those who work within an imperfect framework to try to do good for patients and the public.</p> <p>I find it hard to watch decent colleagues be heckled as "genocide supporters" for expressing the opinion that the software is helpful in improving the NHS. This sort of behaviour diverges from NHS values and it materially dampens collaboration and delivery.</p> </section> <section class="section main-article-chapter" data-menu-title=""The programme has not worked with us""> <h2 class="section-title"><i class="icon" data-icon="1"></i>"The programme has not worked with us"</h2> <p>The objections above are about the platform, the supplier, and the architecture. There is a separate set of concerns that are about how the programme itself has been run. These deserve their own acknowledgement because they come from people who are not opposed to FDP in principle but who have been frustrated by their experience of working with it.</p> <p>The FDP programme is led by a national team at NHS England, but the platform is adopted and operated by individual NHS Trusts and Integrated Care Boards, each with its own data team, infrastructure, and priorities.</p> <p>Trusts and ICBs have at times felt that the national programme worked around them rather than with them. Concerns raised locally were treated as the Trust's responsibility to resolve, resourcing requirements have at times been too optimistic, and opportunities for shared learning between organisations were constrained.</p> <p>Combined with insufficient communication about what FDP is and what it requires, this has created frustration and disengagement. I have heard directly and with feeling from senior people who say they are valued in their own organisations but felt undervalued by the national programme.</p> <p>Data teams in the NHS have historically operated at one step removed from the frontline. A Frontline-First approach changes that - it moves data capability closer to the point of care, into environments where the pace is relentless and the tolerance for friction is low.</p> <p>Combine that with AI capabilities delivered via FDP, and that is a significant shift for teams who are used to working in the back office, and it is a change that requires strong and purposeful leadership across the technical professions. The need for this leadership is urgent, both nationally and in Trusts.</p> <p>That is not to judge the national FDP programme whose task was herculean from the start. Problems with communication and engagement are not unique to FDP, and any national programme working in public, at technical depth, across 250 autonomous organisations will create friction. The context makes it harder for the FDP programme to get right - it was delivering through a period in which NHS England itself was being reorganised, workforce reductions were affecting every level of the system, and the political environment was hostile. It is not possible to please everyone when working at this scale under those conditions.</p> <p>I have listened to the frustration local leaders feel and it is real. The programme was operating under continual, near-unmanageably high pressure for years. Both things are true, and both need to be acknowledged if the relationship between the national programme and the local teams is going to work.</p> </section> <section class="section main-article-chapter" data-menu-title="What is actually happening on the ground"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is actually happening on the ground</h2> <p>The debate about FDP has been conducted largely in the abstract - procurement politics, supplier ethics, theoretical capabilities. Meanwhile, Trusts that have committed to the platform are building.</p> <p>One NHS group has re-platformed all its core FDP products into a shared cross-Trust space, with both Trusts running single instances of theatres, Optica and shared patient tracking lists backed by permissions-based access. The same group is decommissioning its local data warehouse and moving entirely to FDP. Its national submissions are being automated through the Health Decision Suite (HDS), the FDP product that provides cloud-based data warehouse functionality, with ECDS and CDS complete and 14 further priority reports in progress.</p> <p>The same group is building local products for ward accreditation, programme management, and quality improvement, with working groups involving corporate nursing teams and ward leaders. The implementation cost has been significantly lower than the figures most often cited in the debate, because the Trust embedded FDP adoption into its existing transformation programmes rather than running it as a separate digital programme. I was told four products were built side of desk and the organisation is now recruiting a developer to frontline teams to quality-control AI-assisted product prototypes into production.</p> <p>This is one example. There are others. Trusts are building DNA prediction tools, clinical quality products, cross-Trust shared patient lists, and nursing quality applications.</p> <p>Third-party technology companies are also beginning to engage, working with Trusts and NHS England to bring their products onto the platform through the Solution Exchange. The teams doing this work are not waiting for the debate to conclude. They are building, and the gap between what is happening on the ground and what is being discussed in the media and in Parliament is growing wider by the month.</p> <p>The platform's long-term sustainability depends on the NHS developing its own Foundry expertise. Trusts need to invest in building internal capability rather than remaining dependent on Palantir's engineering support. This should be a priority for every Trust that adopts FDP, and the example above shows it is already happening.</p> </section> <section class="section main-article-chapter" data-menu-title="The cost of the distraction"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The cost of the distraction</h2> <p>There is a collective cost to the debate that none of the individual objections acknowledges - while the NHS argues about who won the contract, the Frontline-First approach is being delivered by the Trusts that have committed, but not at the pace or scale the NHS needs.</p> <p>The CDM governance described in Part 4 needs investment and attention now, not after the debate concludes. The Solution Exchange needs a commercial framework and early adopter engagement now. The Trusts that are building local products need support, access to the governance process, and a community contribution model that scales. Trusts that have not yet engaged need to understand what FDP is for, which is the purpose of this series.</p> <p>None of this is happening at the pace it should, because the bandwidth of senior leaders in the system is consumed by the political noise rather than the delivery challenge.</p> <p>There is a quieter cost that receives less attention. Every patient who opts out of NHS data sharing on the basis of the campaigners' framing makes themselves less visible to the system trying to look after them.</p> <p>The research datasets that power studies into cancer, dementia, and cardiovascular disease become not just smaller but biased, because the patients who opt out are not randomly distributed. The campaigners are sincere in their concern about data privacy, and patients must have the right to opt out. But the current dynamic, where the Palantir controversy is used to drive opt-outs that damage both care and research, is causing real harm.</p> <p>The objections are not wrong to exist. But they are wrong to dominate. Realists know that there is no alternative, despite the prospect of contractual break clauses. The real question is not whether Palantir should be the supplier - that ship has sailed. The focus should be on how collectively we can support the Frontline-First approach, the CDM, and the consistent products that enforce it to be delivered, reducing the harms of a debate that has already gone on long enough.</p> </section> <section class="section main-article-chapter" data-menu-title="Why this matters now"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why this matters now</h2> <p>There are two ticking clocks that the debate has not acknowledged.</p> <p>The first is the NHS App. It is a central feature of the 10-Year Health Plan and is connecting to more Trusts every month. As it expands, it will expose more of the patient record directly to the public. Patients will see records that do not match what they were told - missing information, stale data, inconsistencies between what their GP recorded and what the hospital has. The data quality problems described in Part 1 are about to become publicly visible in ways that will erode patient confidence in how the NHS manages their information.</p> <p>The second is the pace of change in data and AI. The rest of the world is not waiting. Every major health system is investing in AI capabilities that depend on consistent, structured data, and the gap between what those systems can do and what the NHS can do is widening. The NHS data landscape described in Part 1 was already behind. With AI accelerating the pace of change, standing still means falling further behind, faster.</p> <p>The public debate about FDP has been dominated by questions of ethics and trust - who supplies the platform, what the supplier's track record looks like, whether the procurement was right. Those questions matter and they deserve answers. But they have crowded out the question that matters most: does the Frontline-First approach work, and what will it take to deliver it?</p> <p>The answer will not come from a single supplier. Palantir provides the platform software, but FDP is built by the NHS. It is built by Trust data teams configuring it for their clinical services, by ICB teams linking data across their systems, by the national engineering team designing the architecture, and by the third-party suppliers who will build products for the Solution Exchange.</p> <p>The approach should not be in doubt - the evidence from early adopters, the architectural case, and the absence of any credible alternative all point the same way. What should be in doubt is whether the system can stop arguing long enough to deliver it.</p> <p>The conversation needs to move from who supplies the software to how we make the approach work. If the government is serious about moving resources to the frontline, it should understand that investing in data solutions for clinicians is how data supports that ambition, and it should ensure the programme does not stall because the central team is consumed by organisational upheaval. Campaigners and MPs should focus on building what comes next, for example a sovereign competitor to Palantir.</p> <p>Everyone who has a role in this should be careful not to tear down what has been built, or criticise the NHS staff who are building, as that helps no one - not the patient, the taxpayer, or the clinician.</p> <p>Find ways to constructively engage and find solutions. The NHS has the platform, the data model, the early products, and a growing community of Trusts and technology companies who want to build on it.</p> <p>What it needs is collective commitment to the Frontline-First approach and the willingness to adapt on all sides - the national team listening to local leaders, local leaders engaging with the architecture rather than dismissing it, and the supplier community building products that the frontline actually wants to use.</p> <p>Together, we can make the NHS safer, easier and quicker to access. We can achieve higher quality patient outcomes and a better patient experience. We can make more efficient use of taxpayer funds. All of this starts with getting the data to work harder and giving the frontline what it needs. That is what Frontline-First means, and it is within our reach if we choose to build it together.</p> <p>I left NHS England in March 2026 after three years inside the FDP programme. I wrote this series because I believed the public debate was missing the most important part of the story - what the platform is actually for.</p> <p>I have tried to be honest about what works, what does not, and what needs to change. The Frontline-First approach is not perfect and neither is the programme delivering it. But it is the best answer I have seen to problems the NHS has failed to solve for 20 years, and I would rather help build it than watch the debate consume it. I intend to keep writing, and I intend to keep building.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about NHS data</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/Electronic-health-records-are-still-creating-issues-for-patients">Electronic health records are still creating issues for patients</a> - Almost every NHS trust will have moved onto a digital system by this spring. Experts have cautioned many patients are still struggling to access their own health data.</li> <li><a href="https://www.computerweekly.com/news/366639993/Child-rapist-could-have-profiled-victims-through-unaudited-access-to-NHS-databases">Child rapist could have profiled victims through unaudited access to NHS databases</a> - NHS analyst’s conviction for child sexual abuse offences raises concerns over unaudited access to patient data.</li> <li><a href="https://www.computerweekly.com/news/366574914/Women-In-Data-panel-NHS-needs-to-get-data-basics-right-before-rushing-into-AI">NHS needs to get data basics right before rushing into AI</a> - During a panel discussion at a Women in Data event, speakers from across the public healthcare sector outlined the groundwork that has to be laid for artificial intelligence to take the NHS by storm.</li> <li><a href="https://www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data">NHS investigating how API flaw exposed patient data</a> - NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer.</li> <li><a href="https://www.computerweekly.com/news/366641178/NHS-digital-drive-hit-by-usability-gaps-despite-progress-national-survey-finds">NHS digital drive hit by usability gaps despite progress, national survey finds</a> - The shift from analogue to digital across the NHS is hindered by usability issues in electronic patient record (EPR), but the newly launched frontline productivity programme could be the answer.</li> </ul> </div> </div> </section> Many people - in the NHS, in Parliament, in the tech sector and beyond - have raised objections to FDP and its supplier. Some have merit, others less so https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/healthcare-medical-doctor-ipopba-adobe.jpg https://www.computerweekly.com/opinion/Inside-FDP-part-5-Addressing-the-objections Thu, 28 May 2026 04:00:00 GMT Inside FDP - part 5: Addressing the objections <p>The UK and its allies have only a “narrowing window” to stay ahead of technology threats from Russia and China, the head of the UK’s spy agency GCHQ will warn today.</p> <p>Director of GCHQ Anne Keast-Butler will say that the UK needs to step up cyber security and make it “10 times more urgent” in the face of “increasingly brazen behaviour” from adversaries.</p> <p>The world is facing a “new era of radical uncertainty, contested geopolitics and rapidly changing technology,” the director will say in a lecture at Bletchley Park, the war time home of the organisation that became GCHQ.</p> <section class="section main-article-chapter" data-menu-title="Russia scaling up threats"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Russia scaling up threats</h2> <p>“Russia is scaling up its daily hybrid activity against the UK and Europe,” Keast-Butler will tell experts, academics and government officials. “[The country is] relentlessly targeting critical infrastructure, democratic processes, supply chains and public trust.”</p> <p>Groups linked to Russia were responsible for a series of <a href="https://www.computerweekly.com/news/366638859/Russias-cyber-attacks-on-Polish-utilities-draws-NCSC-alert">cyber attacks on Poland’s energy infrastructure</a> last year, which targeted <a href="https://www.gov.pl/web/primeminister/poland-stops-cyberattacks-on-energy-infrastructure">two combined head and power plants and an energy management system</a> for renewable energy.</p> <p>GCHQ and allies need to fend off cyber attacks, “counter reckless sabotage and assassination attempts”, and attempts by Russia to smuggle Western technology, as the UK continues its support for Ukraine, the director will say.</p> <p>“Putin is going backward on the battlefield,” she is expected to say.</p> <p>The spy chief acknowledges that the pace of technological change is the highest it has ever been throughout her 30-year career in national security, and says that the UK and its allies have only a narrow window to stay ahead.</p> <p>“China is now a science and tech superpower – with sophisticated capabilities across their intelligence, cyber and military agencies,” she will say. The rapid development of AI technology means the “ground beneath our feet is shifting”.</p> </section> <section class="section main-article-chapter" data-menu-title="Need to accelerate cyber security"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Need to accelerate cyber security</h2> <p>In an inaugural annual lecture, Keast will argue that everyone in the country “from board rooms to living rooms” has a role to play in national security.</p> <p>“At home, that means taking important action now to <a href="https://www.computerweekly.com/news/366642156/NCSC-heralds-end-of-passwords-for-consumers-and-pushes-secure-passkeys">switch passwords for passkeys</a>; and for wider society, it means hardwiring security into new technologies, protecting supply chains and making cyber security 10 times more urgent,” she will say.</p> <p>Nation states – such as China or Russia – were responsible for the majority of “nationally significant” cyber security attacks against the UK, the National Cyber Security Centre, part of GCHQ, <a href="https://www.computerweekly.com/news/366642032/Nation-states-responsible-for-nationally-significant-cyber-attacks-against-UK-says-NCSC-chief">disclosed in April</a>.</p> <p>China’s intelligence and military agencies were capable of an “eye-watering level of sophistication” in offensive cyber operations, its CEO Richard Horne said.</p> <p>The Chinese hacking group Volt Typhoon has targeted multiple operators of critical national infrastructure (CNI) in Asia and across the US, as it <a href="https://www.computerweekly.com/news/366640484/UK-Cyber-Monitoring-Centre-plans-expansion-in-US-amid-risk-of-Category-5-attack">pre-positions for future cyber attacks</a>.</p> </section> <section class="section main-article-chapter" data-menu-title="Need for partnerships"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Need for partnerships</h2> <p>GCHQ’s director, marking the 80<sup>th</sup> anniversary of the UKUSA intelligence sharing agreement, the origin of the special relationship between the UK and the US, will argue that partnerships “are the crux of our resilience and prosperity”.</p> <p>Referring to letters from <a href="https://www.gchq.gov.uk/information/dennistons-x-factor-what-made-him-stand-out">Alastair Denniston</a>, the first director of what became GCHQ, Keast-Butler will say that during its more than 100-year history, GCHQ has always prided itself of “foresight, practicality…and partnerships” to protect the UK and its allies. “When humanity is at its worst, we are at our best,” she will say.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more on nation-state cyber threats</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366641790/UK-to-build-national-cyber-shield-to-protect-against-AI-cyber-threats">UK to build ‘national cyber shield’ to protect against AI cyber</a> threats: Security minister Dan Jarvis calls for artificial intelligence companies to work with government to develop AI-driven cyber defences.</li> <li><a href="https://www.computerweekly.com/news/366642032/Nation-states-responsible-for-nationally-significant-cyber-attacks-against-UK-says-NCSC-chief">Nation states responsible for ‘nationally significant’ cyber attacks against UK, says NCSC chief</a>: The UK is facing four nationally significant cyber attacks a week, the majority from hostile states, NCSC chief, Richard Horne, will warn at the CyberUK conference.</li> </ul> </div> </div> </section> UK needs to treat cyber security 10 times more urgently in the wake of threats from Russia, China and other adversaries, says GCHQ director Anne Keast-Butler https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/cyber-security-attack-virus-malware-Skorzewiak-adobe.jpg https://www.computerweekly.com/news/366643654/UK-has-narrowing-window-to-stay-ahead-of-tech-threats-says-GCHQ-chief-Keast-Butler Wed, 27 May 2026 09:39:00 GMT UK has ‘narrowing window’ to stay ahead of tech threats, says GCHQ chief Keast-Butler <p>Social media providers are facing a blizzard of regulation and legal action over children and teenagers’ use of social media. Last December, Australia banned under-16s from logging in to major social media services, and numerous other countries are following suit.</p> <p>The <a href="https://www.computerweekly.com/news/366639654/UK-government-consults-on-social-media-ban-for-under-16s">UK government is consulting on blocking under-16s from social media</a>, artificial intelligence (AI) chatbots, gaming services and virtual private networks. “Addictive algorithms, clearly to my mind, shouldn’t be permitted,” prime minister Keir Starmer <a href="https://www.mirror.co.uk/news/politics/keir-starmer-vows-go-after-36933930">told the <em>Sunday Mirror</em></a> on 28 March 2026. “This is the platforms trying to get children to stay on for longer, to get addicted. I can’t see that there’s a case for that, and therefore I can see we’re going to have to act.” Starmer referred to a <a target="_blank" href="https://www.bbc.co.uk/news/articles/c747x7gz249o" rel="noopener">Los Angeles jury’s decision on 25 March</a> that found that Meta and Google deliberately built their services to be addictive as a “turning point”.</p> <p>In his 2024 book <em>The Anxious Generation</em>, psychologist Jonathan Haidt discussed social media addictive design features such as pulling to refresh, autoplaying, “infinite scrolls” of algorithmically selected material and streaks that praise users for doing something every day. Haidt is partly responsible for Australia’s legislation; South Australia’s premier Peter Malinauskas introduced restrictions on social media in his state <a target="_blank" href="https://www.reuters.com/world/asia-pacific/australian-social-media-ban-started-with-call-act-by-poiliticans-wife-2024-11-29/" rel="noopener">after his wife told him to read it</a>.</p> <p>At present, governments and lawyers are focusing on children and teenagers, but adults are increasingly concerned. Recent <a target="_blank" href="https://www.ofcom.org.uk/media-use-and-attitudes/media-habits-adults/passive-social-media-use-ai-companionship-and-online-side-hustles-uk-adults-media-and-online-lives-revealed" rel="noopener">research by regulator Ofcom</a> found that two-thirds of online adults say they sometimes spend too long on their devices, with some setting time limits, deleting apps and leaving their smartphones at home.</p> <p>While no one is talking about banning any business software, some have adopted techniques used by social media. So, how should employers balance effective use of such software with their employees’ digital wellbeing?</p> <section class="section main-article-chapter" data-menu-title="Employee wellbeing in the digital age"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Employee wellbeing in the digital age</h2> <p>Justin Megawarne, managing partner of London-based technology consultancy Megaslice, lets the company’s 15 employees choose where to work – whether that be at home, the office or at a client site. “That extends out to how you control your head space,” he says. “If you want to turn all your notifications off for five hours, do it. Do whatever you have to do to make the client happy – sometimes that means being available for interruptions, sometimes it doesn’t.”</p> <p>The company discourages staff from using social media – given the toxicity of some discussions and their echo chamber tendency which can lessen diversity of thought – and encourages them to talk to each other, whether face to face or through a call. The company currently uses Google Chat but is considering a move to <a target="_blank" href="https://twistapp.com/" rel="noopener">Twist</a>, an asynchronous messaging app with fewer notifications and no presence indicator.</p> <p>Megawarne says that he does not see the appeal of <a href="https://www.techtarget.com/searchhrsoftware/definition/gamification">gamification</a> and other social media techniques. “If I see a tool and I think an intelligent person would baulk at this, I probably will not adopt it,” he says. “If it has all these shiny things going ‘ping!’ and I can’t see a thoughtful person wanting to use this, then that’s it.”</p> <p>He is keen on his staff taking breaks from what is often intellectually and creatively demanding work: “You have to let the mind sit fallow. There are things that happen in the unconscious and the subconscious that don’t happen if you are constantly on it, constantly interrupted, constantly switched on.” He sometimes intervenes if he sees staff working late online: “I will tell them, you have to stop right now, close the laptop now, don’t answer your phone, don’t look at your messages.” To set an example, if he has an idea at 9.30pm, he may write an email but schedule it to send at 8am the following morning.</p> <p>Megawarne says employers should ask themselves if software notifications increase either customer satisfaction or employee morale, and if not, shut them down. Some employers say they do not matter as their staff are not that creative, but he adds: “They are very creative at trying to get work done and gaming all these stupid measures. People are genuinely ingenious when it comes to working around something.”</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> When you stop measuring inputs like when people are online, and you start measuring what they actually deliver, you give them agency over their relationship with that technology </figure> <figcaption> <strong>Danny Coleman, Adaptavist</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Danny Coleman, director of strategic services and operations at UK-headquartered technology consultancy Adaptavist, runs a team that helps clients to use work management platform Monday.com. “My thesis is that organisations should measure outputs, not inputs,” he says. “When you stop measuring inputs like when people are online, and you start measuring what they actually deliver, you give them agency over their relationship with that technology. That’s what frees people up to use this technology in ways that benefits them without succumbing to some of those gamification techniques.”</p> <p>He adds that practice is more important than theory: “Policy plays a role, but trusting people to manage their own time and how they use those tools plays a bigger role.” If organisations say there is no expectation to respond to messages out of business hours, but reward those who do or punish those who don’t, staff will draw their own conclusions.</p> <p>Coleman says that configuring systems to work for neurodivergent staff can help: “If every AI feature and every engagement mechanic in enterprise software is optimised for engagement, then that’s not going to serve those neurodivergent users. Neurodivergent-friendly design is better for everybody, it just happens to be necessary for people require different ways of engaging with technology. If you design for people who are most sensitive to that digital noise, you end up building a better experience for the whole user base.”</p> <p>It also means that neurodivergent users may be able to use systems without changes, helping them and meeting legal requirements for necessary adjustments without extra work.</p> </section> <section class="section main-article-chapter" data-menu-title="The problem with default software features"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The problem with default software features</h2> <p>Coleman states that suppliers such as social media providers can set up business software to maximise engagement – in their case, to boost sales. “Engagement mechanics work, at least by the vendors’ definition of work,” he adds.</p> <p>A good starting point is to turn off all the features that are not essential, rather than accepting the default settings, then reinstate features only when there are clear reasons to do so: “The default is a decision, it’s just one someone else made for you,” he says, adding that it is worthwhile to ask whether a feature solves a problem for you rather than the software provider, whether it gives staff more autonomy or takes up their time, and whether they can opt-out without penalty. “If you can’t answer those clearly, you should probably leave it off,” he says.</p> <p>Coleman adds that it is then worth testing settings with a pilot group including a cross-section of the workforce. “The worst-case scenario looks like enabling a feature for 5,000 people because it looked good in a vendor presentation. You need to see it in action and get real feedback,” he says.</p> <p>He warns against attention-grabbing features such as red badges, push notifications and pop-up banners, particularly if they use the same visual weight regardless of importance. “When everything looks urgent, nothing is actually urgent and the employee’s brain has to do the sorting work that the software should have done,” he says. “That’s exhausting. It trains people into a reactive mode, where they are constantly triaging rather than doing deep-focused work.”</p> <p>He is also no fan of presence indicators: “It sounds harmless but it creates an invisible leash,” he says, as people may feel judged for taking the time to think, go for a walk or eat lunch without their laptop. “The green dot becomes a proxy for the question, ‘Are you working?’, and it turns availability into a performance metric, rewards being perpetually interruptible over being productive.”</p> <p>Coleman says that, ideally, human resources (HR) professionals would be involved in decisions over business software, although IT procurement processes are rarely designed to support this. “Technology decision are behaviour decisions. If you are choosing a collaboration platform like Slack or Monday.com or Teams, you are not just choosing the feature set, you are really making a decision about what your employees’ workday feels like. That should be relevant to an HR team or a People team.”</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Technology should be an enabler of performance and productivity, rather than adding to people’s workload and creating stress </figure> <figcaption> <strong>David D’Souza, CIPD</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>David D’Souza, director of profession at the CIPD, the professional body for HR, takes a similar view. “People should be at the heart of thinking around technology, and the role technology plays is central to the way we think about the performance and development of people in the workplace,” he says.</p> <p>“Our findings around ‘techno-stress’ suggest that there’s no clear link between digital working and wellbeing, but factors such as a lack of boundaries around technology use can lead to staff feeling pressure to be ‘always on’ and struggle to switch off,” D’Souza adds. “Education, expectation and setting standards are key to ensuring that people are in a position to give their best, and organisations should be committed to finding the right solution for their context. Technology should be an enabler of performance and productivity, rather than adding to people’s workload and creating stress.” </p> <p>A few companies have combined their leadership of IT and HR, including US vaccine-maker <a target="_blank" href="https://www.bbc.co.uk/news/articles/cy0w8gvq84xo" rel="noopener">Moderna</a>. D’Souza says that a merger is challenging given the different skills required, but a positive collaborative relationship is essential.</p> <p>“I think HR and IT ultimately have the same goal: make workplaces work,” says Meg Donovan, chief people officer of employee experience software company Nexthink. “Digital wellbeing is a shared responsibility between HR and IT.”</p> <p>She says this goes wider than the design of specific applications, such as reliability: “If I was talking to a multimillion-dollar potential client and the internet went down five times during that call, they might not be willing to listen to me and I might lose that sale.”</p> <p>Research by Nexthink using telemetry data from 474 of its customers gathered in May 2025 found that employees experienced an average of 14 technology-based disruptions every week, including crashes and blue screens of death. The average disruption lasted for 167 seconds, enough to hit people’s quality of work and make errors more likely.</p> <p>Donovan says that technologies such as presence indicators can be useful if an organisation has the right culture, as they can help collaboration by showing how likely you are to get a quick response. A small fraction of staff abuse such systems by always setting the indicator to ‘do not disturb’: “It’s probably the same number of managers who are using that red light indicator as a performance metric. Neither end of that spectrum is OK,” she says.</p> <p>Similarly, tools such as Slack or Teams that combine messaging and input from multiple applications can lessen digital fatigue by providing a single interface rather than staff having to open different applications.</p> <p>Like Megawarne and Coleman, Donovan sees organisational culture as a key element in how business software affects staff. Nexthink does not have a formal policy on working outside office hours: “We don’t have a policy because I don’t think we necessarily need one. There’s not an expectation that people are answering emails at two in the morning or 10 o’clock at night,” she says. “Because we’re a Swiss-based, a European-based organisation, we have a really healthy respect for people’s boundaries outside of working hours. Culturally, that’s just part of our DNA.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about social media’s influence on business applications</h3> <ul class="default-list"> <li><a href="https://www.techtarget.com/whatis/definition/social-networking">What is social networking</a> and how does it work?</li> <li><a href="https://www.techtarget.com/searchcontentmanagement/feature/10-content-collaboration-platforms-for-the-enterprise">12 content collaboration platforms</a> for enterprises in 2026.</li> <li>Battle of the bots: <a href="https://www.techtarget.com/searchenterpriseai/feature/Battle-of-the-bots-Best-GenAI-chatbots-for-business">Best GenAI chatbots for business</a>.</li> </ul> </div> </div> </section> Governments are regulating social media for children, but adults can also suffer from addiction by design. How can employers balance business tech usage with digital well being? https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/social-media-apps-Viktor-adobe.jpg https://www.computerweekly.com/feature/Social-media-addiction-by-design-poses-hard-questions-for-business-use Thu, 21 May 2026 11:33:00 GMT Social media addiction by design poses hard questions for business use <p><i>This is the fourth article in a five-part series on what FDP is for. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data">Part 1 described how the NHS data architecture</a> accumulated and named eight interconnected problems. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">Part 2 defined the seven Frontline-First dimensions</a> and how FDP delivers them. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-3-The-data-architecture-that-makes-it-work">Part 3 described the ontology</a>, object types and actions that make FDP structurally different. This post is about how Frontline-First scales beyond a single Trust, and why the combination of a shared data model and the consistent products built against it is the most important asset in the entire programme.</i></p> <p>The NHS has had data standards for decades. National submissions enforce schemas, coding frameworks define vocabularies, and the data is still inconsistent. The reason is that the meaning of data is not determined only by the model that describes it - it is determined by the product that captures it, and its fit to the clinical process it supports.</p> <p>The problem is not just within individual organisations - it is across the whole NHS. Two hundred and twenty Trusts, each running differently configured systems, each producing data that uses the same labels but carries different meanings.</p> <p>A referral in one Trust may not mean the same thing as a referral in another, even though both pass the same validation rules. Nobody using the data downstream can tell. National submissions exist to impose consistency after the fact, but they are a sticking plaster on a structural problem. The data was not consistent when it was created - no amount of downstream processing can fully restore what was lost at the point of entry.</p> <p>Two teams using the same model, the same codes, and the same <a href="https://www.computerweekly.com/news/366641178/NHS-digital-drive-hit-by-usability-gaps-despite-progress-national-survey-finds">electronic patient record (EPR)</a> system can produce data that means fundamentally different things. The model was faithfully implemented but the data diverged because the product allowed it.</p> <p>The Canonical Data Model (CDM) is the standard data model that FDP uses to define how NHS data is structured, labelled, and connected across every Trust in the country. It is what makes data produced in Dorset comparable with data produced in Newcastle.</p> <p>The CDM is essential, but it only works if the products that capture data against it constrain recording to produce data of known meaning. The data model ensures the fields and relationships are right - the consistent product ensures the meaning is right.</p> <p>Without both, the NHS will continue to produce data that looks consistent at the model level but diverges at the point of capture. The combination of the two is more important than the supplier, more important than the platform technology, and more important than any individual product.</p> <section class="section main-article-chapter" data-menu-title="What the CDM is"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What the CDM is</h2> <p>Every analyst who has worked at scale in the NHS has at some point fantasised about a world where data means the same thing in every Trust - where a patient on a waiting list in Newcastle matches a patient on a waiting list in Brighton without hand-curated lookups and without "well, when they say discharge they actually mean..."</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The Canonical Data Model is a single, standard data model that defines how NHS data is structured, labelled, and connected across every Trust instance </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The entire edifice of national submissions (- the Secondary Uses Service, the Mental Health Services Data Set, the Community Services Data Set, the Emergency Care Data Set, and others - exists precisely because the data does not naturally line up. These are reconstruction jobs, performed monthly, on data that should have been consistent in the first place.</p> <p>The CDM is a single, standard data model that defines how NHS data is structured, labelled, and connected across every Trust instance. It is what makes a product built in Dorset installable in Newcastle without rewriting code. It is what makes AI able to traverse the data and understand what a referral means, what a waiting list is, and how they relate. It is what makes the Frontline-First approach work nationally rather than just locally.</p> </section> <section class="section main-article-chapter" data-menu-title="Why standards alone have not produced consistency"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why standards alone have not produced consistency</h2> <p>To understand why the CDM matters, it helps to understand what the NHS currently has in place and where the gaps are.</p> <p>NHS Trusts do not have data modelling teams. Most do not have a formal data model at all. The closest thing to one is the EPR itself - the fields, the forms, the code sets and the workflow configurations that determine what data gets captured and in what structure. The EPR provides the de facto data model, but it was never designed to serve as one. It was designed to be the clinical record.</p> <p>Across 220 Trusts in England, multiple different EPR systems are in use: Epic, Oracle Health (formerly Cerner), System C, Nervecentre, SystmOne, RiO, and others. Each produces a different underlying data model.</p> <p>Most of the major systems were originally built for US healthcare settings, optimised for billing rather than for clinical analysis or operational management. They were exported to the UK and configured locally, and the configuration is where the divergence begins.</p> <p>The EPR is only one source. Trusts also operate workforce management systems, rostering tools, clinical audit software, quality improvement trackers, estates and facilities systems, and dozens of other operational applications, each with its own data model, none aligned to any common standard. The divergence is not just a clinical data problem. It runs through every domain the NHS operates in.</p> <p>Trusts typically have digital transformation teams who tailor the EPR to local clinical workflows. This is skilled and necessary work. But it is rarely documented in any formal sense. The changes are made in the system configuration, not written down in a data modelling tool or a design specification. There is no artefact that says, "This is what our data model is and this is why." The model is implicit in the system rather than explicit in a document.</p> <p>Even within a single Trust running a single EPR, the same operational process can output data in different formats across services and even across teams within the same service.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the NHS Federated Data Platform</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">Health workers call for Palantir to be booted from NHS contracts</a> - Health justice charity Medact warns that Palantir’s involvement in NHS data systems is a threat to patients and healthcare organisations.</li> <li><a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">NHS chief data officers concerned by FDP roll-out</a> - The Chief Data and Analytical Officers Network has raised concerns over the way the NHS Federated Data Platform is being implemented and NHS England’s approach to its adoption.</li> <li><a href="https://www.computerweekly.com/news/366616320/NHS-Federated-Data-Platform-celebrates-first-birthday">NHS Federated Data Platform celebrates first birthday</a> - In its first year, more than 100 NHS organisations have signed up to the controversial platform, aiming to bring together data from different IT systems.</li> </ul> </div> </div> <p>I saw this clearly in one London mental health Trust where the Child and Adolescent Mental Health Services (CAMHS) service had decided to open a new referral record for every appointment.</p> <p>Other service lines in the same Trust used a single referral to encapsulate all appointments across a patient's entire care episode. Both were valid approaches within the EPR's configuration - both produced referral data. But the data meant fundamentally different things.</p> <p>Reconciling them consumed hours of analyst time that nobody outside the data team ever saw. A national data model alone would not have prevented it - both teams were using the same EPR, the same logical model, the same referral object. The divergence happened because the product allowed it.</p> <p>There is a deeper problem underneath this. Building a product that fits a clinical process requires knowing what that process actually is.</p> <p>In many services, particularly in mental health and community care, the operating model is case management rather than a defined pathway. The clinician holds a caseload of patients whose care is driven by ongoing assessment, intervention, and review in a cycle that responds to changing needs. There is no predefined sequence of steps - each patient's journey is shaped by clinical judgement in the moment.</p> <p>When I was involved in building Frontline-First applications for a CAMHS waiting list at one Trust, the clinical team could not describe their process in terms that translated to a product specification. We used process mining to reconstruct a view of what was actually happening, building the picture from the event log of real activity rather than from what the service design stated should happen. The result was spaghetti.</p> <p>But the team were not disorganised - they were doing case management as it is designed to work, case by case, responding to the patient in front of them. What was missing was not a standard for their clinical practice but a product designed to capture the data their practice generates in a way that is consistent and analysable.</p> <p>I heard a senior leader in the FDP programme state that every patient is on a pathway and this should be a core concept in the implementation of the software. It is an attractive organising principle but it is aspirational rather than descriptive.</p> <p>Many clinical teams do not work to a pathway in any formal sense, and building products as if they do creates friction rather than support. These services need products designed for their operational reality, not products that impose a pathway structure on work that does not follow one.</p> <p>Even where processes are defined, they are not static. Quality improvement projects, cost improvement plans, and commissioning decisions all change clinical pathways, sometimes gradually and sometimes overnight. The tool has to be able to adapt.</p> <p>This is where the modular approach has a structural advantage - updating a focused application to reflect a process change is faster and less risky than reconfiguring a monolithic EPR.</p> <p>But variation is not just about change over time. It is also about compliance. Some clinicians follow the agreed process. Others adapt it to their own practice, sometimes for good clinical reasons and sometimes out of habit. I worked in one Trust where a psychiatrist used the EPR so differently from every other clinician that the data warehouse had to be built to accommodate his approach as a special case.</p> <p>This is not unusual. Every Trust has examples. The question is whether the tool makes compliance easy enough that most people follow the agreed process most of the time, or whether it is so burdensome that deviation is the rational choice. This is the Frontline-First argument again - the easier it is to do the right thing, the more people will do it.</p> <p>Semantic consistency therefore depends on three things working together: a shared data model, consistent products built against it, and the fit of those products to the clinical processes they support.</p> <p>Where the clinical process is well understood, this combination works. Where the process is undefined, non-standard, or not followed, the product alone cannot fix it.</p> <p>Clinical process variation across the NHS is a problem that this series of articles cannot solve. But the data model and the consistent products are the foundation. Whether consistency is achieved depends on the third element - products that fit how clinical teams actually work.</p> <p>The downstream consequences of getting this wrong are real. It means research papers built on data that appears nationally consistent but carries hidden semantic variation; service evaluations that compare unlike with unlike; policy decisions informed by metrics whose definitions differ between the Trusts that contributed them; and performance reviews that hold clinical teams to account against numbers that do not accurately reflect what happened.</p> <p>Getting the data model and the products right is not a technical nicety. It is the difference between a national data infrastructure that can be trusted and one that produces confident-looking analysis on unreliable foundations.</p> <p>Currently there is no systematic way of measuring this. <a href="https://pubmed.ncbi.nlm.nih.gov/22733976/">Weiskopf and Weng, in their 2013 framework for EHR data quality assessment</a>, introduced a specific term for it: concordance, defined as the degree of agreement between the same data elements recorded across different sites or systems. It is a measurable dimension of data quality, distinct from completeness or correctness.</p> <p>Research networks in other countries have built cross-site concordance assessments against their common data models. The NHS has nothing equivalent. Until the CDM and consistent products are in place and a concordance measurement framework is established, the scale of semantic divergence across the NHS will remain invisible, and every downstream use of the data will carry an unmeasured margin of error.</p> </section> <section class="section main-article-chapter" data-menu-title="Why the CDM is the component most at risk of being neglected"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why the CDM is the component most at risk of being neglected</h2> <p>The CDM is not more important than the products or the clinical processes they support - as this article has argued, all three are needed together. But the CDM is the component most likely to be neglected, for two reasons.</p> <p>First, it is invisible to everyone except the people who build on it. Without a common data model, Trusts resort to point-to-point mappings between systems - each one hand-built, each one expensive to maintain, each one a source of semantic divergence that compounds over time. The NHS has been building these mappings for decades and the integration costs only grow. The CDM is the alternative - define the standard once, map to it once per source system, and everything built on top of it inherits the consistency.</p> <p>Second, the CDM has ambitions beyond FDP. It is the foundation for the Single Patient Record and for every programme in the £10bn spending review allocation that depends on consistent NHS data. If the CDM is wrong, or under-governed, or under-resourced, it is not just FDP that suffers - it is the entire national data infrastructure for years to come.</p> <p>There is a further dimension that is easy to overlook - every AI capability on the platform, from Ask FDP to the decision layer to AI-FDE, is only as good as the data it operates on. If semantic consistency across the NHS remains low, every AI application built on the data inherits that inconsistency. The AI gives confident answers grounded in data whose meaning varies between the Trusts that contributed it.</p> <p>The CDM is not just the foundation for interoperability - it is the foundation for trustworthy AI in the NHS.</p> </section> <section class="section main-article-chapter" data-menu-title="Why the Frontline-First approach depends on the CDM"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why the Frontline-First approach depends on the CDM</h2> <p>Several of the <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">Frontline-First dimensions described in Part 2</a> depend on the CDM.</p> <p>Enrichment only works at national scale if the data means the same thing across Trusts. A consultant in Newcastle can only compare complication rates with peers in Brighton if both Trusts are recording procedures using the same definitions. Without the CDM, the comparison is misleading at best and dangerous at worst.</p> <p>Cross-setting collaboration only works if the data model is consistent across care settings. The mental health patient in A&E can only have their community history surfaced if the acute and mental health data conform to the same model. Without the CDM, the A&E clinician sees either nothing or something they cannot interpret reliably.</p> <p>Scalable, portable products only work if the platform the application is built on uses a standard model. Without the CDM, an application built by one Trust cannot be adopted by another without significant rework. The CDM is what makes portability possible. The Solution Exchange is the mechanism that makes it happen.</p> <p>Operational products at the point of care only produce nationally consistent data if the products themselves are built against the CDM. A Trust can build its own discharge coordinator product on FDP for local use, but it cannot share that product nationally and the data it captures will not be nationally consistent unless the CDM is underneath it. The CDM is what turns a useful local product into a nationally reusable asset.</p> </section> <section class="section main-article-chapter" data-menu-title="The Solution Exchange: how Frontline-First scales"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The Solution Exchange: how Frontline-First scales</h2> <p>The Solution Exchange is FDP's mechanism for packaging and distributing operational products across Trusts. It is the commercial and technical model that turns FDP from a platform with a handful of nationally commissioned products into a platform with hundreds or thousands of products built by the people closest to the work.</p> <p>The model works like this. A Trust team in Dorset builds a product that helps its clinical team manage patient flow. The product is not just built on FDP - it is built against the CDM, so the data it captures is nationally consistent.</p> <p>But the CDM is only part of what makes it portable. The product itself embodies a consistent design for that clinical workflow - the fields, the validation rules, the actions, the decision points are all designed for the specific process the product supports. When a Trust in Newcastle adopts the same product, they get both the consistent data model and the consistent product design. They do not need to redesign the workflow, remap the fields, or rebuild the logic. They install it and it works.</p> <p>This is made possible by Foundry's built-in Marketplace feature, which is the platform capability underpinning the Solution Exchange. Marketplace allows a product to be packaged with all of its components, object types, datasets, applications, pipelines, and functions, into a single deployable package with automatic dependency resolution and version control. When the package is installed on another Trust's FDP instance, environment-specific configuration is handled automatically and the ontology entities are remapped to the local instance.</p> <p>This is not a manual export and rebuild - it is a managed deployment that preserves the product's design integrity across every installation.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The architecture team at NHS England created a data governance function that actually got funded and staffed. That is a rare achievement in a system that has historically treated data governance as an afterthought </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The Solution Exchange is the NHS's commercial and governance wrapper around this capability. NHS England is actively developing the framework, with engagement already underway with third-party suppliers who want to build products for the marketplace.</p> <p>For technology companies, this creates a market that has never existed in the NHS - build once, deploy across 220 Trusts, with the CDM ensuring the data is consistent and the Marketplace ensuring the product installs cleanly.</p> <p>For Trusts, it means access to a growing library of operational products, some built by other Trusts, some by commercial suppliers, all guaranteed to work because the platform, the data model, and the product design are consistent.</p> <p>This is the mechanism by which the Frontline-First approach stops depending on what a central programme team can develop and starts depending on what the entire NHS and its supplier ecosystem can contribute.</p> <p>Nationally built products like Optica and the Care Coordination Solutions are the starting point. The Solution Exchange is how the platform fulfils its potential. Without the CDM, the Solution Exchange is a marketplace with nothing portable to sell.</p> </section> <section class="section main-article-chapter" data-menu-title="Where the CDM is now"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Where the CDM is now</h2> <p>I was close to this work during my time at NHS England and have seen it from the inside.</p> <p>The CDM is alive, in use across all Trust FDP instances, and backing every national FDP product. It is published openly on GitHub and Trusts are actively engineering on it. The programme has created a functioning CDM governance process that is unusual in the NHS - a fortnightly review group, a dedicated Data Model Manager tool for navigating and extending the model, a suggestions inbox for Trusts to propose changes, and 98 entities in the core model.</p> <p>The architecture team at NHS England created a governance function based on proper data management principles, using <a href="https://dama.org/">DAMA</a> concepts, that actually got funded and staffed. That is a rare achievement in a system that has historically treated data governance as an afterthought. The Trusts that are using the process are consulting with peers before submitting changes to ensure their additions are not specific to their own systems. This is encouraging and deserves credit.</p> <p>But there are problems that need honest acknowledgement. Data engineers and analysts working with the CDM are finding inconsistencies between what the model defines and what the data contains, and are questioning the relatively sparse nature of the model in areas that matter to their services.</p> <p>These are not complaints from people who have not engaged. They are questions from people who are building on the CDM and finding it does not yet cover what they need. These questions deserve answers, and quickly, because unanswered questions erode confidence in the programme at exactly the moment when adoption needs to accelerate.</p> <p>There is also a structural issue. Two parallel versions of the CDM developed during the programme.</p> <p>The architecture team within NHS England built a carefully designed data standard, published on NHS Futures. The delivery team, under pressure to get Trusts live, built the operational model that actually powers the platform, published on GitHub. Both are public. Neither has been fully converged with the other. This happened because delivery was succeeding faster than the governance could keep pace with. That is a success problem, not a failure. But it means the governance now needs to catch up.</p> <p>The governance process itself is not widely known across the adopting community. It is untested at the scale it will need to handle as more Trusts start building locally and extending the CDM for their own operational needs. The difference between adding new data items, which is relatively straightforward, and editing existing ones, which is a much harder governance challenge, has not been clearly addressed.</p> <p>If the argument of this article is right, that consistent products matter as much as a consistent model, then governance cannot stop at the CDM. The Solution Exchange also needs governance over which products are endorsed for which clinical workflows.</p> <p>Without this, the NHS risks five competing discharge products each producing a different interpretation of the same CDM fields, and the semantic consistency the CDM was designed to achieve is lost at the product layer.</p> <p>External scrutiny of both the data model and the product standards should sit above the delivery team and the supplier - local agility to build and adapt should sit within both, bounded by the standards but not blocked by them.</p> <p>There is a model for how this can work. The <a href="https://www.ohdsi.org/">OHDSI community</a> governs the <a href="https://www.ohdsi.org/data-standardization/">OMOP Common Data Model</a> across 600 million patient records in over 30 countries. Their approach is open source and community-driven - domain-specific working groups develop extensions in parallel, changes go through community review and testing across multiple sites, versioned releases provide clear migration paths, and automated tooling lets any site measure its own conformance. The model belongs to the community, not to a delivery team. It scales because it is distributed rather than centralised. It is also, in its own way, a Frontline-First approach to data modelling - the people closest to the data define what the model needs. The central role is to coordinate, quality assure, and release - not to design everything from the top down.</p> <p>The NHS CDM governance should learn from this. It needs domain-based working groups covering acute, mental health, community, workforce, and cancer that can develop extensions in parallel rather than queuing through a single bottleneck. It needs automated conformance tooling so Trusts can measure their own alignment without waiting for a manual review. It needs versioned releases with clear migration paths so that Trusts building on the CDM today are not disrupted by changes tomorrow. It needs a clear process for edits to existing data items, not just additions of new ones. It needs visibility - the process should be known to every Trust building on FDP, not just the early adopters who happen to have found it.</p> <p>All of this needs proper resourcing. The central architecture team at NHS England has been through endless recruitment freezes and headcount cuts that have left it unable to keep pace with the delivery team's progress. A governance process without the staff to do the modelling, review the contributions, and maintain the standard is governance in name only.</p> <p>The CDM should also not be built entirely by a central team. The workforce lens of the CDM is a case in point - while I was at NHS England, it was being written slowly by part-time staff, while mature workforce management systems operate at the frontline of care and could contribute their models directly.</p> <p>There are many organisations in the private sector who support the NHS mission and have built mature systems that complement the NHS data estate. A well-governed CDM with a clear contribution process could draw on that expertise rather than trying to reinvent every model centrally from scratch.</p> </section> <section class="section main-article-chapter" data-menu-title="Why this matters more than the supplier debate"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why this matters more than the supplier debate</h2> <p>The public conversation about FDP has been dominated by the question of whether Palantir should be the supplier. That question has its place. But the combination of the CDM and consistent products is more consequential than the choice of supplier.</p> <p>A well-governed data model with consistent products on a mediocre platform would still deliver national consistency. A poorly governed data model with inconsistent products on a brilliant platform would deliver fragmentation dressed up as standardisation.</p> <p>For 20 years, successive governments have left the NHS to solve its data problems on its own. It has tried its very best. I have watched some of the brightest minds in NHS informatics pour their careers into making it work with the tools and the funding available to them.</p> <p>But it has not produced the result the NHS needs, because the problem is structural and the NHS cannot create sustained bandwidth for what looks to its executive teams like a niche technical detail. At every executive meeting and every board meeting across the organisation, the data perspective is drowned out by the healthcare emergency of the day. The bandwidth is never there, and it never will be without external intervention.</p> <p>The government has boldly created the <a href="https://www.computerweekly.com/news/366637775/UK-governments-National-Data-Library-works-up-steam">Health Data Research Service</a>, recognising the need to join up data from across the four nations. But the research outputs it supports will be severely hampered if the underlying data cannot be integrated because it was never semantically consistent in the first place.</p> <p>Ministers need to recognise the critical nature of this capability. If they do not, we will spend another 20 years building data infrastructure on foundations that cannot support what we need it to do, and the NHS will continue to make decisions on data that looks right but is not.</p> <p>The CDM needs proper governance. But the organisation responsible for it cannot recruit, cannot retain, and is losing half its staff through voluntary redundancy. NHS England in its current state cannot steward the single most important piece of data infrastructure in the country. The gap is already being felt at every level.</p> <p>When Palantir needed a data model to build the national FDP products, none existed, so it built its own. Separately, the Tech and Data Integration team in NHS England's Data Services division built a parallel CDM and published it on NHS Futures. Locally, chief data officers in hospital groups who are expanding their use of FDP need a way of extending their local data models and aligning them with the national CDM. There is no single place where these three efforts converge, and no governance that connects them.</p> <p>The NHS has had eight national data strategies over the past two decades. None of them has produced a governed, funded, enduring national data model.</p> <p>The pattern is always the same - a strategy is published, a team is assembled, funding is allocated, restructuring hits, the team is dispersed, and the work is quietly absorbed into whatever comes next.</p> <p>The CDM cannot survive another cycle of this. It needs a dedicated, well-funded body whose sole purpose is to steward the data model, the product standards, and the contribution process that this article describes. That body needs to be independent of the FDP delivery programme, independent of any single supplier relationship, and protected from the restructuring cycle that has dismantled governance functions in the NHS before.</p> <p>This is not a problem the NHS can solve for itself. It is for government to establish and fund, and it is the single highest-value investment ministers could make in NHS data infrastructure. The CDM and the consistent products built against it are the one thing in this debate that supporters and critics of FDP alike agree is needed. Getting this right matters more than who supplies the platform.</p> </section> <section class="section main-article-chapter" data-menu-title="Next in the series"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Next in the series</h2> <p>The fifth and final article addresses the objections I hear most often, including whether the NHS needs a single platform at all, why we cannot just build our own, and why the answer matters more urgently than the current debate suggests.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about NHS data</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/Electronic-health-records-are-still-creating-issues-for-patients">Electronic health records are still creating issues for patients</a> - Almost every NHS trust will have moved onto a digital system by this spring. Experts have cautioned many patients are still struggling to access their own health data.</li> <li><a href="https://www.computerweekly.com/news/366639993/Child-rapist-could-have-profiled-victims-through-unaudited-access-to-NHS-databases">Child rapist could have profiled victims through unaudited access to NHS databases</a> - NHS analyst’s conviction for child sexual abuse offences raises concerns over unaudited access to patient data.</li> <li><a href="https://www.computerweekly.com/news/366574914/Women-In-Data-panel-NHS-needs-to-get-data-basics-right-before-rushing-into-AI">NHS needs to get data basics right before rushing into AI</a> - During a panel discussion at a Women in Data event, speakers from across the public healthcare sector outlined the groundwork that has to be laid for artificial intelligence to take the NHS by storm.</li> <li><a href="https://www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data">NHS investigating how API flaw exposed patient data</a> - NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer.</li> <li><a href="https://www.computerweekly.com/news/366641178/NHS-digital-drive-hit-by-usability-gaps-despite-progress-national-survey-finds">NHS digital drive hit by usability gaps despite progress, national survey finds</a> - The shift from analogue to digital across the NHS is hindered by usability issues in electronic patient record (EPR), but the newly launched frontline productivity programme could be the answer.</li> </ul> </div> </div> </section> The NHS needs both a data model and the products to enforce it - the combination will be a key measure of success for the Federated Data Platform https://cdn.ttgtmedia.com/visuals/German/article/healthcare-medication-IT-adobe.jpg https://www.computerweekly.com/opinion/Inside-FDP-part-4-The-NHS-data-model Thu, 21 May 2026 04:00:00 GMT Inside FDP – part 4: The NHS data model <p>A former police chief who faces drug trafficking charges has claimed that Spanish drug investigators fabricated fictitious intelligence reports to hide their use of intercepted phone messages from the courts.</p> <p>Former chief inspector Óscar Sánchez Gil, who is accused of running a drug trafficking operation, told a court it was a “common and systematic practice” for Spanish drug investigators to withhold intercepted messages from judges.</p> <p>The disclosures, if proved true, are likely to raise questions over the use of intercepted phone messages from encrypted phone network Sky ECC and FBI-run encrypted phone network <a href="https://www.computerweekly.com/news/252502260/FBI-planned-a-sting-against-An0m-cryptophone-users-over-drinks-with-Australian-investigators">Anom</a> in criminal prosecutions.</p> <p>Giving evidence by video link from prison on 19 May, Sánchez Gil, former head of the Economic and Fiscal Crime Unit (UDEF), claimed it was common practice to falsify the origin of information from intercepted messages by presenting them as tip-offs from overseas law enforcement agencies.</p> <p>“Most of the information supposedly communicated by the DEA [US Drugs Enforcement Agency], Soca [UK’s Serious Organised Crime Agency] and NCA [the UK’s National Crime Agency] … is false,” he told Spain’s National Court. “It is fabricated to conceal illicit sources of information or to protect informants.”</p> <p>The former police chief’s claims, first reported by news website <a href="https://www.eldiario.es/politica/ex-jefe-udef-describe-juez-sistema-policia-falsear-origen-grandes-operaciones-antidroga_1_13051186.html">ElDario.es</a> and confirmed to Computer Weekly by people present at the hearing, follow a series of international police operations to infiltrate encrypted phone networks used by organised crime groups.</p> <section class="section main-article-chapter" data-menu-title="Encrypted phone messages concealed from judges"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Encrypted phone messages concealed from judges</h2> <p>Sánchez Gil, who previously worked in the Organised Crime and Drug Enforcement Unit, said in a video testimony that it was a “common and systematic practice” to maintain “absolute secrecy” about intelligence obtained through encrypted telephone networks.</p> <p>Investigations and “relevant messages” would be concealed from judges and not included in police databases. In one case, Sánchez Gil was involved in an operation to smuggle 1,600kg of cocaine seized in Algeciras in May 2001.</p> <p>He told Judge Francisco de Jorge information that led to the seizure was obtained from encrypted messages from the Anom encrypted phone network. Commanders concealed the role of Anom by attributing the seizure to a tip-off from the Colombian Anti-Narcotics Directorate, which co-operated to create a fictitious intelligence report.</p> </section> <section class="section main-article-chapter" data-menu-title="Police informers and collaborators protected"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Police informers and collaborators protected</h2> <p>He said that when he was in the anti-drug unit, all information from encrypted phones that could implicate police informants or identify police that were collaborating with drug traffickers was “systematically concealed”.</p> <p>Police officers from the Drugs and Organized Crime Unit, and Civil Guard and Customs Officers, were among those protected.</p> <p>Sánchez Gil said that encrypted chat logs used in the case against him contained references to members of security forces, but the information had not been analysed and had not been included by investigators in their reports to the judge.</p> <p>In one case, police obtained information from the Sky ECC encrypted phone network that linked a drugs trafficker to a network under investigation. “They chose to conceal the source of the data and fabricated a report,” he said. The move was hidden from the prosecutors.</p> <p>The former head of the Economic and Fiscal Crime Unit also claims that police installed a trojan on his mobile phone, which had been used to intercept messages sent on Signal without proper judicial authorisation.</p> </section> <section class="section main-article-chapter" data-menu-title="Sánchez Gil faces charges"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Sánchez Gil faces charges</h2> <p>Sánchez Gil, who was arrested in November 2023, is accused of supporting drug trafficking gangs from his position as head of the UDEF.</p> <p>He is accused of opening fictitious investigations in police databases by entering the licence plate numbers of shipping containers that were about to enter shipping ports concealing drugs.</p> <p>If another officer entered the same container number because they were genuinely investigating it, it would be flagged to Sánchez Gil, who would alert the drug traffickers.</p> </section> <section class="section main-article-chapter" data-menu-title="Impact on fair trials"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Impact on fair trials</h2> <p>Commenting on the case, defence lawyer <a href="https://www.linkedin.com/in/mar%C3%ADabarbancho/">María Barbancho</a> said that if Sánchez Gil’s allegations were correct, it would have wider implications.</p> <p>“It means the tribunal and the defence are working from a curated file – a record from which exculpatory material, and material inconvenient to the investigators, has been removed before anyone independent is able to examine it,” she wrote in a <a href="https://www.joint-defense-team.com/post/laundering-source-encrypted-evidence-anom-skyecc-spain?s=09">blog post</a>.</p> <p>Barbancho said the allegations raise questions about the right of people to have a fair trial, which requires defendants to be able to examine how evidence was produced.</p> <p>“A police report whose stated origin is fabricated defeats that right at the very first step,” she added. “A court cannot assess the lawfulness of an interception it has been told never happened.”</p> <p>Defence lawyers have challenged the use of intercepted evidence from networks including Sky ECC in prosecutions in Europe. The Court of Appeal of Basel-Stadt in Switzerland held in May that evidence from Sky ECC failed four grounds of legal admissibility.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the Sky ECC hacking operation</h3> <ul type="square" class="default-list"> <li>Belgian <a href="https://www.computerweekly.com/news/252497531/Belgian-police-raid-200-premises-in-drug-operation-linked-to-breach-of-encrypted-phone-network">police raid 200 premises in drug operation</a> linked to breach of encrypted phone network.</li> <li>Police <a href="https://www.computerweekly.com/news/252497565/Police-crack-worlds-largest-cryptophone-network-as-criminals-swap-EncroChat-for-Sky-NCC">crack world’s largest cryptophone network</a> as criminals swap EncroChat for Sky ECC.</li> <li><a href="https://www.computerweekly.com/news/252497791/Arrest-warrants-for-Candians-behind-Sky-ECC-cryptophone-networks-used-by-organised-crime">Arrest warrants issued for Canadians behind Sky ECC cryptophone network</a> used by organised crime.</li> <li>Cryptophone supplier <a href="https://www.computerweekly.com/news/252509539/Cryptophone-supplier-Sky-Global-takes-legal-action-over-US-government-website-seizures">Sky Global takes legal action over US government website seizures</a>.</li> <li>Sky ECC <a href="https://www.computerweekly.com/news/252509539/Cryptophone-supplier-Sky-Global-takes-legal-action-over-US-government-website-seizures">provided free cryptophones to a Canadian police force</a>.</li> <li>Ex-boxer fights US government over <a href="https://www.computerweekly.com/news/366615638/Ex-boxer-fights-US-government-over-legality-of-Sky-ECC-cryptophone-intercepts">legality of Sky ECC cryptophone intercepts</a>.</li> <li>Dutch lawyers raise <a href="https://www.computerweekly.com/news/366619740/%20https:/www.computerweekly.com/news/252526497/Dutch-lawyers-raise-human-rights-concerns-over-hacked-cryptophone-data">human rights concerns over hacked cryptophone data</a>.</li> <li>French court ruling <a href="https://www.computerweekly.com/news/366631442/French-court-ruling-may-lead-to-legal-challenges-over-state-Sky-ECC-and-EncroChat-phone-hack">may lead to legal challenges over state Sky ECC and EncroChat phone hack</a>.</li> <li>Antwerp court adjourns high-profile drugs case amid <a href="https://www.computerweekly.com/news/366634892/Antwerp-court-adjourns-high-profile-drugs-case-amid-questions-over-Sky-ECC-intercept">questions over Sky ECC intercept</a>.</li> <li>Spanish court acquits suspects denied access to ‘raw’ Sky ECC intercepts in <a href="https://www.computerweekly.com/news/366637705/Spanish-court-acquits-suspects-denied-access-to-raw-Sky-ECC-intercepts-in-landmark-decision">landmark decision</a>.</li> <li>Police <a href="https://www.computerweekly.com/news/366638416/Police-intercept-evidence-from-Sky-ECC-cryptophone-network-unreliable-Antwerp-court-told">intercept evidence from Sky ECC cryptophone network ‘unreliable’</a>, Antwerp court told </li> </ul> </div> </div> <ul type="square" class="default-list"></ul> </section> Former Spanish police chief, on trial for drug trafficking, claims UK and Colombian police assisted in creating fictitious intelligence reports to hide use of intercept from encrypted phone networks Sky ECC and Anom https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/encryption-binary-code-tunnel-alexskopje-adobe.jpg https://www.computerweekly.com/news/366643318/Spanish-police-systematically-hid-cryptophone-intercepts-from-courts-claims-ex-chief Wed, 20 May 2026 14:29:00 GMT Spanish police ‘systematically’ hid cryptophone intercepts from courts, claims ex chief <p>UK MPs are backing the introduction of an artificial intelligence (AI) “kill switch” that would give the government powers to shut down datacentres and computer systems in the event of an AI system risking a large-scale emergency.</p> <p>An amendment to the <a href="https://www.computerweekly.com/news/366634283/IT-services-companies-and-datacentres-face-regulation-as-cyber-security-bill-reaches-Parliament">Cyber Security and Resilience Bill</a> (CSRB), going through Parliament, aims to give the government powers to intervene if an AI system poses a “catastrophic risk” to people’s lives, essential services or national security.</p> <p>The proposal, brought by Labour and Co-operative MP for Leeds and Headingly <a href="https://members.parliament.uk/member/4658/contact">Alex Sobel</a> and backed by Control AI, a group campaigning for stricter artificial intelligence regulation, highlights growing concerns about the potential of AI to cause catastrophic disruption.</p> <p>The plans, which have been supported by 11 MPs, highlight concerns about the potential of AI systems to undermine cyber security and disrupt critical supply chains if not properly regulated.</p> <p>Under the proposals, which have not been endorsed by government, the Secretary of State will be given emergency powers to turn off datacentres or AI systems if they are deemed to pose a significant risk.</p> <p>Risks could include adversarial uses of AI systems by state and non-state actors, the ability of autonomous AI systems to launch cyber attacks, and the development of “super-intelligent AI” that could escape human oversight.</p> <section class="section main-article-chapter" data-menu-title="Frontier AI risks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Frontier AI risks</h2> <p>The proposals follow concerns around the development of frontier AI models, which are capable of finding previously unknown security vulnerabilities and developing ways to exploit them, posing risks to critical systems.</p> <p>Last month, Anthropic made its frontier AI model, Claude Mythos, available to selected technology companies, under <a href="https://www.anthropic.com/glasswing">Project Glasswing</a>, following claims it discovered thousands of security vulnerabilities, including vulnerabilities that had been unnoticed for years.</p> <p>The amendment to the CSRB has been backed by MPs, including Labour’s John McDonnell and Dawn Butler, former Conservative science and technology minister George Freeman and Conservative MP Desmond Swayne.</p> </section> <section class="section main-article-chapter" data-menu-title="Datacentres required to install infrastructure"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Datacentres required to install infrastructure</h2> <p>The plan will require datacentre operators in the UK to install technical infrastructure to comply with the proposed powers to turn off AI systems that pose a risk, and to conduct regular emergency exercises.</p> <p>After an incident, datacentres would be required to take mitigation measures and introduce incident monitoring before they are allowed to resume.</p> <p>The government will be required to inform datacentre operators of proposals to shut down their operations or the operations of an AI system with as much notice as possible, allowing datacentres to have the option to challenge the decision in the high court.</p> </section> <section class="section main-article-chapter" data-menu-title="National security threats"> <h2 class="section-title"><i class="icon" data-icon="1"></i>National security threats</h2> <p>Control AI’s founder and CEO, Andrea Miotti, who is backing the amendment as part of a campaign for stricter controls on AI, <a href="https://x.com/andreamiotti/status/2054929938256482457">said in a post on X</a> that it would help the government intervene in cases were UK datacentres were being maliciously used to conduct cyber attacks.</p> <p>“It also helps in cases where the government has reason to believe super-intelligent AI, AI that can autonomously compromise national security, is being developed on UK soil,” he said.</p> <p>“The UK is not truly sovereign on AI if it can’t pull the plug when AI national security threats happen on its soil,” added Miotti.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the Cyber Security Resilience Bill</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/blog/When-IT-Meets-Politics/What-is-the-objective-of-the-Cyber-Security-and-Resilience-Bill">What is the objective of the Cyber Security and Resilience Bill?</a> Is the objective to change corporate behaviour and improve cyber security and resilience? Or is it to create jobs for compliance officers and consultants?</li> <li><a href="https://www.computerweekly.com/news/366621764/Top-1000-IT-service-providers-in-scope-of-UK-cyber-bill">Top 1,000 IT service providers in scope of UK cyber bill</a>: The government’s proposed Cyber Security and Resilience Bill is set to include regulatory provisions covering datacentre operators and larger IT service providers.</li> <li>Cyber Bill at risk of becoming a missed opportunity, say MPs: An APPG report warns that the government’s <a href="https://www.computerweekly.com/news/366625838/Cyber-Bill-at-risk-of-becoming-a-missed-opportunity-say-MPs">flagship cyber security legislation</a> is too narrow in its scope and risks missing opportunities to embed resilience at the heart of the British economy.</li> <li>UK government to bring in <a href="https://www.computerweekly.com/news/366628013/UK-government-to-bring-in-ransomware-payment-ban">ransomware payment ban</a>: Critical infrastructure operators, hospitals, local councils and schools will be among those banned from giving in to cyber criminal demands as the UK moves forward with proposals to address the scourge of ransomware.</li> </ul> </div> </div> <ul type="square" class="default-list"></ul> </section> An amendment to the Cyber Security and Resilience Bill proposes giving the government a ‘kill switch’ to close datacentres hosting AI if they pose a critical threat to UK infrastructure or national security https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/London-Westminster-Parliament-1-adobe.jpeg https://www.computerweekly.com/news/366643176/MPs-propose-kill-switch-to-shut-down-rogue-AI-systems Mon, 18 May 2026 09:45:00 GMT MPs propose ‘kill switch’ to shut down rogue AI systems <p>A Workday survey has found that a quarter of UK employees lose more than seven hours a week to disconnected artificial intelligence (AI) systems. The human resources (HR) and financial applications supplier describes the phenomenon as a “copy-paste economy” in which workers have to oversee many AI tools.</p> <p>“Too many employees are serving as the human middleware between disconnected AI systems,” said Daniel Pell, vice-president and country manager of UK&I at Workday. “The companies seeing the most value from AI are building it directly into the systems where their people, data and work come together.”</p> <p>The report, conducted by The Harris Poll on behalf of Workday, surveyed 2,400 UK professionals across finance, HR, IT and operations in big companies with more than 500 employees who regularly use AI.</p> <p>Despite roughly nine in 10 of these employees reported strong work satisfaction, and around four out of 10 said AI helped to reduce manual work, professionals are experiencing unnecessary friction in their AI use. Around 78% of UK workers face friction from administrative tasks and copy-pasting different AI results into prompts. As such, professionals are working hard to manage these new tools, without seeing results.</p> <p>“My day often feels busy but not genuinely productive when I’m pulled into constant coordination tasks and system‑related issues that interrupt focused, high‑value work,” a director in construction told surveyors.</p> <p>A similar effect is happening to <a href="https://www.computerweekly.com/news/366643082/Software-developers-shift-to-AI-code-reviewers">software developers</a>, as their roles become bogged down in administrative tasks such as reviewing AI output rather than writing code – six out of 10 UK workers are stuck in “busy but unproductive” tasks often or very often, according to the survey.</p> <p>The report stated that the UK is being hit harder by this problem than other countries, with only four out of 10 workers globally experience the same thing. This means that more than three-quarters of the surveyed British workers are experiencing stress due to managing these disconnected AI tools.</p> <p>A <a href="https://www.computerweekly.com/news/366642578/IT-workers-say-AI-is-making-their-jobs-more-demanding">recent survey</a> by SolarWinds shows similar results, with almost three-quarters of IT professionals experiencing “brain fry” from working with AI. Despite the fact that all surveyed companies regularly use AI, only 23% of them have built AI into their core systems.</p> <p>Another respondent said: “A significant portion of the day is lost in meetings where the adoption of AI is discussed, but the discussion consistently revolves [around] simplistic justifications rather than practical choices.”</p> <p>For Workday, the solution lies in its <a href="https://www.computerweekly.com/blog/CW-Developer-Network/Workday-acquires-agentic-AI-search-learning-specialist-Sana">2025 acquired technology Sana</a>, an AI tool which works across platforms and departments.</p> <p>Joel Hellermark, CEO of Sana, sees AI as the new user interface in “an era of custom-built software” which will operate in the background at all times, “running tasks on your behalf without you even asking for it”.</p> <p>A Workday clients that has benefitted from its AI tools is Formula 1. Alastair Goss, HR systems lead at the motorsport entertainment company, spoke at Workday’s Elevate event in London about how <a href="https://www.techtarget.com/searchhrsoftware/tip/Top-AI-recruiting-tools-and-software-of-2022">HiredScore – another acquisition by the supplier</a> – helped to get rid of this extra friction during their hiring process.</p> <p>“Before we began our Workday journey, we had one system for our HCM, our payroll, another for our time attendance, a different system that did our performance management and another system that tracked our applicants,” he said. “It takes some usage time to build trust, but now we’ve got there, they are seeing those benefits of that tool, helping them with that fundamental task of screenings.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more on AI in the workforce</h3> <ul class="default-list"> <li>IT workers say <a href="https://www.computerweekly.com/news/366642578/IT-workers-say-AI-is-making-their-jobs-more-demanding">AI is making their jobs more demanding</a>.</li> <li>Why <a href="https://www.computerweekly.com/feature/Why-AI-is-forcing-enterprises-to-rethink-observability">AI is forcing enterprises to rethink observability</a>.</li> <li><a href="https://www.computerweekly.com/news/366643082/Software-developers-shift-to-AI-code-reviewers">Software developers are spending more time reviewing AI-generated code</a>.</li> </ul> </div> </div> A Workday survey of 2,400 UK professionals reveals they are stuck in a ‘copy-paste economy’ working across disconnected AI systems https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/AI-robot-human-computer-interaction-adobe.jpg https://www.computerweekly.com/news/366642929/UK-employees-using-AI-regularly-lose-more-than-seven-hours-a-week Mon, 18 May 2026 05:14:00 GMT UK employees using AI regularly lose more than seven hours a week <p>A British company is using artificial intelligence (AI)-powered English lessons to fix education gaps around the world.</p> <p>Education First (EF) launched its AI spin-off, Efekta Education Group, in 2022, working with the Brazilian government to bring English lessons to state schools. Since then, they’ve expanded to Mexico, the Dominican Republic and Rwanda. In 2026, <a target="_blank" href="https://thepienews.com/efekta-launches-one-year-english-language-program-in-africa/" rel="noopener">Efekta started a one-year AI language learning programme</a> with Somaliland, Ethiopia, Kenya and Rwanda.</p> <p>Nick Clegg, former deputy prime minister of the UK and Meta’s former president of global affairs, joined the advisory board this year.</p> <p>Currently, Efekta is live in Brazil, Mexico, the Dominican Republic and Rwanda, with pilots in 15 other countries. It sells its product at the “cost of a textbook” – $5 per student annually.</p> <p>“We never built this technology with an intent to sell it,” said CEO Stephen Hodges at a media roundtable event in London.</p> <p>Initially, the AI agent was built for EF schools, but when it was approached by the Brazilian government to help fix the teacher shortage, it created Efekta.</p> <p>According to <a target="_blank" href="https://www.britishcouncil.org.br/sites/default/files/learning_english_in_brazil.pdf" rel="noopener">a report</a> from the British Council, 95% of Brazilians don’t speak English. Once the software was released, Efekta said the average student did “25 to 30% better” on state tests.</p> <section class="section main-article-chapter" data-menu-title="Running without internet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Running without internet</h2> <p>The full product requires good internet access, which led to Efekta building a model that could run without internet, and update when connected in Rwanda and rural Brazilian schools.</p> <p>Clegg applauded Efekta for appealing to emerging markets, calling the classes a “dramatic democratisation of high-quality education”.</p> <p>Hodges said that AI in education will be pioneered by emerging markets because they have “the most to gain” and “very few options”.</p> <p>The benefit of these emerging markets is also their scale. “The more data you’ve got, the more you can optimise your education,” the CEO explained.</p> <p>“You can’t pretend it isn’t a data-driven technology,” said Clegg. “That is what it is. Otherwise, it just doesn’t work. Data is its fuel.”</p> <p>Beyond English language lessons, Efekta hopes to expand to teaching STEM subjects.</p> <p>“If you can immerse kids in a subject, it’s much easier to teach them about it than it is staring at a dry textbook,” said Clegg.</p> </section> <section class="section main-article-chapter" data-menu-title="‘Dry textbook’"> <h2 class="section-title"><i class="icon" data-icon="1"></i>‘Dry textbook’</h2> <p>However, some countries are trying to bring back the “dry textbook”.</p> <p>Sweden – once the world leader in educational technology – is now pushing technology out of the classroom. A <a target="_blank" href="https://www.bbc.co.uk/news/articles/cly0vk77vdko" rel="noopener">BBC report</a> found that the government was mandating textbook-based learning from 2028. The policy change comes after almost a quarter of Swedish students aged 15-16 failed to reach a basic standard of reading comprehension in 2022.</p> <p>As to guardrails surrounding political risks, “those conversations have not come up”, said Hodges. Instead, Efekta promised it would follow each country’s national guidelines for curriculums, and operate in line with General Data Protection Regulation principles.</p> <p>“Student privacy and safety are fundamental to how we’ve built the platform,” he said. “The data we do collect is strictly limited to learning outcomes. We look at whether a student is progressing – for example, if they are completing their tasks, how they are performing, and where they may need additional support.”</p> <p>Outside of student welfare exceptions “such as indications of self-harm or distress” – where issues may be elevated to teachers – conversations between pupils and the AI chatbot are not recorded.</p> <p>“All the classes will have a human teacher at the heart of it, and the teacher remains in control,” said Hodges.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI in education</h3> <ul class="default-list"> <li>Scotland published <a href="https://www.computerweekly.com/news/366642510/Scottish-government-publishes-AI-guidance-for-schools">AI guidance for schools</a>.</li> <li><a href="https://www.computerweekly.com/news/366641842/UK-government-seeks-collaborators-for-AI-tutoring-tools-for-schools">Britain seeks collaborators for AI tutoring tools</a>.</li> <li>How students <a href="https://www.computerweekly.com/news/366630564/Students-an-increasing-source-of-cyber-threat-in-UK-schools">became a cyber threat</a> at UK schools.</li> </ul> </div> </div> </section> Backed by former UK deputy prime minister Nick Clegg, Efekta is rolling out AI language lessons to state schools around the world https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/computer-gamer-gaming-teens-adobe.jpeg https://www.computerweekly.com/news/366643090/Nick-Clegg-backed-company-using-AI-to-fill-global-education-gaps Mon, 18 May 2026 04:45:00 GMT Nick Clegg-backed company using AI to fill global education gaps <p>Only 5% of companies are successfully generating value from artificial intelligence (AI), <a target="_blank" href="https://www.bcg.com/publications/2025/are-you-generating-value-from-ai-the-widening-gap" rel="noopener">according to Boston Consulting Group</a>, despite IT spending on the technology rising sharply. The remaining 95% are struggling to turn that investment into cost savings or revenue growth. It’s the kind of statistic we are getting to used to seeing from consultants and analysts, but what does it mean practically?</p> <p>As so many companies embark on AI projects, a problem they are encountering is understanding how systems behave once they are live, and whether they are delivering the expected results. This raises familiar questions around complexity, legacy systems and project planning. But it also raises a question about observability, and whether the tools organisations rely on today are enough for an AI age?</p> <p>Observability is meant to give organisations visibility into how their systems are running. By bringing together metrics, logs and traces, it allows teams to monitor performance, diagnose issues and understand how services behave once they are live. Like everything though, it is also subject to the intricacies and variances of underlying data infrastructures.</p> <p>For Pejman Tabassomi, EMEA field CTO at Datadog, organisations often struggle to correlate operational data across multiple systems and environments, limiting their ability to understand how services behave end to end or how performance links to business outcomes. This, he says, becomes more pronounced with AI projects, where systems span more data sources, services and models, making behaviour harder to trace and explain.</p> <p>Jarrod Vawdrey, field chief data scientist at Domino Data Lab, takes this further. “Traditional observability tools were built to answer a simple question: is the system up and running? When an AI system is making decisions or interacting with customers, ‘up and running’ doesn’t tell you much.”</p> <p>And therein lies a problem. Systems can be technically healthy, yet still produce the wrong outputs or behave in ways that are difficult to detect through traditional monitoring tools. Organisations may be able to see that systems are running, but not whether they are working as intended.</p> <section class="section main-article-chapter" data-menu-title="Chicken and egg"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Chicken and egg</h2> <p>So, what is it that businesses hope to achieve? <a target="_blank" href="https://www.mckinsey.com/capabilities/people-and-organizational-performance/our-insights/the-state-of-organizations" rel="noopener">According to McKinsey</a>, business leaders are now moving on from “short-term resilience to sustained productivity and long-term impact”, but 86% say their organisations are not prepared to adopt AI in day-to-day operations. Why is that? Is this a visibility thing? Is it to do with upfront costs? Or perhaps something else?</p> <p>Virgin Atlantic is already dealing with this in practice. The airline has deployed an AI concierge to support customers, but monitoring the system involves far more than tracking infrastructure performance. Engineers are evaluating how the system behaves, assessing responses for accuracy, tone and appropriateness, and feeding that data back into development, effectively reviewing each customer “turn” as part of an ongoing feedback loop. The challenge also extends beyond performance into areas such as security.</p> <p>“You move away from maybe more traditional attack vectors, where you’re looking at things like injection attacks or exploiting vulnerabilities in systems, to more human, persuasive types of attack, where users are trying to manipulate the model through language,” says Mark O’Neill, senior manager for applied AI engineering at Virgin Atlantic.</p> <p>That requires a different approach to testing and monitoring, where systems are continuously evaluated in production rather than simply checked for availability or performance. The challenge is not just conceptual, but one of scale. As AI systems generate increasing volumes of data, traditional monitoring approaches are struggling to keep up.</p> <p>Jeff Champagne, field CTO at Cribl, describes the shift as a “telemetry tsunami” of metrics, logs and traces, driven by agentic systems operating at speeds far beyond human interaction. The focus, he says, is moving away from infrastructure health towards “logical integrity” whether systems are using the right data, producing accurate outputs and acting safely.</p> <p>In many cases, the root cause of a problem is not the model itself, but the data pipelines and downstream systems it depends on, making it harder to diagnose issues without visibility across the full stack. For observability platforms, this raises a question about what is actually being measured and whether current approaches can keep pace with the scale and complexity of AI systems.</p> <p>As Domino Data Lab’s Vawdrey put it, traditional observability tools were built to test whether a system is up and running. In an AI context, he argues, that is no longer enough.</p> <p>Analysts say this is not simply a tooling issue, but a reflection of how enterprise systems themselves are changing. Gartner <a target="_blank" href="https://www.gartner.com/en/newsroom/press-releases/2025-10-20-gartner-identifies-the-top-strategic-technology-trends-for-2026" rel="noopener">identifies</a> multi-agent systems and AI-native development platforms as key trends shaping enterprise IT, where applications are no longer static but made up of interacting components operating across distributed environments.</p> <p>In this model, systems are continuously evolving, with decisions and actions taken across multiple layers of infrastructure, data and models. That, Gartner argues, increases both the complexity and the operational risk of enterprise IT, making it harder to establish clear lines of cause and effect when something goes wrong.</p> </section> <section class="section main-article-chapter" data-menu-title="Intelligent observability emerging"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Intelligent observability emerging</h2> <p>That is already having an impact on how observability itself is evolving. <a target="_blank" href="https://www.ibm.com/think/insights/observability-trends" rel="noopener">According to IBM</a>, platforms are becoming more intelligent to keep pace with AI systems, with organisations increasingly using machine learning to analyse telemetry, detect anomalies and automate responses. In effect, it is becoming a case of using AI to observe AI.</p> <p>“The intelligence and speed required to keep these AI systems healthy also grows in parallel, demanding that more innovative and powerful types of intelligence are implemented,” says Arthur de Magalhaes, senior technical staff member for AIOps at IBM.</p> <p>At the same time, Forrester <a target="_blank" href="https://www.forrester.com/blogs/dont-fear-being-odd-embrace-observability-driven-development-for-faster-safer-innovation/" rel="noopener">argues</a> that observability should be “woven into the fabric” of the software development lifecycle, using real-time telemetry to inform design, testing and deployment rather than reacting to failures in production.</p> <p>These changes are already feeding into the concerns organisations are dealing with in practice. Tabassomi says CIOs are increasingly focused on understanding how systems are being used, distinguishing between human users, automated agents and external services, and identifying unusual patterns of behaviour.</p> <p>That has implications beyond performance. As AI systems expand the number of interactions across environments, they also increase the potential attack surface and the risk of unexpected resource consumption.</p> <p>“Observability is about understanding what is at risk, as well as how systems are performing,” says Tabassomi.</p> <p>In that context, observability is being used not just to monitor infrastructure, but to manage exposure, cost and operational impact across increasingly complex systems. It’s an evolution of the technology that encompasses a broader remit, to help organisations manage the frustration of fragmentation.</p> <p>Tabassomi says many CIOs are looking for greater consolidation across their technology environments, not just at a systems level, but across teams and workflows. Data, infrastructure and responsibility are often spread across different functions, making it harder to build a coherent picture of how services behave or where problems originate. As environments scale, that lack of alignment can lead to inefficiencies, slower response times and higher operational costs. Putting AI into this mix just adds more headaches.</p> <p>Perhaps this is why there is a growing expectation that observability should go beyond visibility alone. As AI systems become more autonomous, teams are less interested in dashboards that describe system behaviour and more focused on what actions to take in response.</p> <p>That places new demands on observability platforms, which are increasingly expected to identify root causes, prioritise issues and, in some cases, trigger automated responses. In that sense, observability is moving closer to decision support, rather than simply reporting on system performance.</p> <p>This leads to a rethink of what observability is for. Observability is certainly not disappearing, but it is being stretched somewhat. The core idea, bringing together data to understand how systems behave, still works. But in an AI context, behaviour is no longer defined by performance alone. It includes outputs, decisions, interactions and their impact on users and the business.</p> <p>There are already signs that organisations are responding. Gartner <a target="_blank" href="https://www.gartner.com/en/documents/6974966" rel="noopener">predicts</a> that by 2027, 70% of enterprises implementing distributed data architectures will adopt data observability tools, up from 50% in 2025, as they look to improve visibility across increasingly complex data environments.</p> <p>The same research also notes that traditional reactive monitoring approaches are no longer sufficient in these environments, particularly as AI initiatives place greater demands on data quality, governance and real-time insight.</p> <p>What organisations need is a more complete view, one that combines traditional telemetry with insight into behaviour, context and outcomes. The challenge is how to adapt observability to systems that are less predictable, more autonomous and harder to interpret. Of course, technology has a habit of solving problems, only to then create new ones. Observability is part of that cycle, trying to keep up with systems that are becoming even harder to pin down.</p> <p>As Champagne at Cribl says: “True observability in this era requires visibility across the entire stack, not just the model.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about AI and observability</h3> <ul class="default-list"> <li><a href="https://www.techtarget.com/searchcloudcomputing/tip/Improve-observability-with-AI-Real-world-success-stories">Improve observability with AI</a>: 5 real-world success stories.</li> <li><a href="https://www.techtarget.com/searchitoperations/definition/observability">What is observability?</a> The ultimate guide for IT teams.</li> <li>End-to-end <a href="https://www.techtarget.com/searchnetworking/tip/End-to-end-network-observability-for-AI-workloads">network observability for AI workloads</a>.</li> </ul> </div> </div> </section> With only 5% of companies generating value from artificial intelligence, traditional observability tools might be failing, creating a need for AI to undergo smarter monitoring https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/human-AI-interaction-laptop-PicDY-adobe.jpg https://www.computerweekly.com/feature/Why-AI-is-forcing-enterprises-to-rethink-observability Thu, 14 May 2026 11:30:00 GMT Why AI is forcing enterprises to rethink observability <p><i>Inside FDP is an exclusive series of articles written by the former deputy director of data engineering at NHS England, Tom Bartlett, who led the 150-person team that built the <a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">Federated Data Platform</a> (FDP), the <a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">controversial Palantir-supplied system</a> linking data across the health and care service. </i></p> <p><i>This is the third in a five-part series on what FDP is for. Parts 1 and 2 defined <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data">the eight problems</a>, the <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">seven Frontline-First dimensions</a>, and how FDP delivers them. This article describes the specific features of Palantir's Foundry, the commercial software platform on which FDP is built, that make those dimensions technically possible.</i></p> <section class="section main-article-chapter" data-menu-title="What the best NHS data platforms have in common"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What the best NHS data platforms have in common</h2> <p>The <a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">NHS data community</a> includes people who have built genuinely sophisticated platforms: linked datasets spanning acute, primary, mental health, and community care; population-level risk stratification; near-real-time dashboards used 24 hours a day in system control centres; embedded analytics inside clinical systems; write-back capabilities pushing data into GP records.</p> <p>These are not trivial achievements. They represent years of work by some of the most capable data professionals in the country.</p> <p>But even the best of these platforms share a common architecture - the data lives in a warehouse, the descriptions live somewhere else (in a catalogue, a wiki, or a developer's head), and the applications that capture or display the data live somewhere else again. Three separate things, connected through extracts, feeds, and bespoke integrations that the team maintains by hand.</p> <p>The analytical tools sit alongside the clinical systems, not inside the operational workflow - the clinician works in one place and the data team works in another. The two are connected, sometimes impressively, but the data, the tools, and the actions still live in separate places. A Frontline-First approach requires them to be in the same place.</p> <p>This article is about an architectural choice that collapses that separation. It is not about whether existing platforms work. Many of them do, within their scope. It is about what becomes possible when the data, the description, the application, and the action all live in the same place.</p> </section> <section class="section main-article-chapter" data-menu-title="What Palantir means by 'ontology'"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What Palantir means by 'ontology'</h2> <p>The word "ontology" has become a source of confusion in the FDP conversation because it means different things to different communities.</p> <p>In computer science and knowledge engineering, an ontology is a formal specification of what things exist in a domain, what properties they have, and how they relate to each other. It is a rigorous discipline with its own standards, including OWL (Web Ontology Language) and RDF (Resource Description Framework). It is not what <a href="https://www.computerweekly.com/news/366560657/Palantir-awarded-NHS-FDP-data-contract">the supplier of the FDP platform, Palantir</a>, means by the word.</p> <p>In Palantir’s Foundry software the ontology is something different. It is the operational layer of the platform where real-world concepts are represented as digital things that users interact with directly. It holds the data, hosts the applications, enforces access controls, and supports actions that change the state of the things it represents. It is closer to a living operational workspace than to a formal knowledge representation framework.</p> <p>The double usage causes confusion in almost every conversation I have about FDP. Data architects hear "ontology" and think of formal knowledge engineering. Palantir engineers hear "ontology" and think of the operational layer their applications run on. Both are legitimate uses of the word – but they describe fundamentally different things.</p> <p>For the rest of this article I am using the Palantir meaning - the ontology as the operational workspace, not the ontology as a formal logical framework for knowledge representation.</p> </section> <section class="section main-article-chapter" data-menu-title="Object types: the building blocks"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Object types: the building blocks</h2> <p>The foundation of Foundry's ontology is the object type. An object type is Foundry's way of representing a real-world concept that the NHS manages - a patient, a referral, a theatre session, a ward bed, a consultant, a waiting list entry, an appointment.</p> <p>Each object type does two things that a traditional database table does not.</p> <p>First, it holds both the data and its description in the same place. A theatre session object type does not just contain a row of values. It contains the definition of what a theatre session is, what its properties mean, how they relate to other concepts, and who is allowed to see or change them. The description travels with the data rather than sitting in a separate catalogue that nobody maintains.</p> <p>Second, object types are connected to each other through link types, which are defined relationships that the platform maintains and resolves automatically.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> 'Actions' are the mechanism by which FDP applications capture new data at the point of care, not just present data that was captured somewhere else </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>In a relational database, the relationship between a theatre session and a patient exists as a foreign key. How that relationship gets resolved depends on what you are trying to do.</p> <p>If you are an analyst running a query across all theatre sessions and all patients, the database engine performs an SQL JOIN, scanning both tables to find the matches. If you are a clinician looking up a single patient's theatre session, the system retrieves the linked record directly.</p> <p>These are fundamentally different workloads, and traditional architectures handle them with fundamentally different systems: an OLTP system, such as an <a href="https://www.computerweekly.com/feature/Electronic-health-records-are-still-creating-issues-for-patients">electronic patient record (EPR)</a>, for the clinician's individual lookup; and an OLAP system, such as a data warehouse, for the analyst's cross-population query. Data flows from the first to the second through overnight extracts and batch pipelines, and the two never share a live view.</p> <p>Foundry's ontology resolves both queries from the same data. When a clinician views a theatre session, the platform performs what Palantir calls a "search-around" - starting from a single object and navigating its defined links to the patient, the consultant's schedule, the recovery bed status. This is operationally instant, like an OLTP lookup, but it draws on a data estate that spans domains no single operational system covers.</p> <p>When an analyst needs to query across all theatre sessions Trust-wide, they work with what Foundry calls an "Object Set" - a filtered, aggregated view across a population of objects that supports grouping, counting, summing, and segmenting in the same way an analyst would query a warehouse, but running against the same live data the clinician is viewing.</p> <p>The links and the aggregations always reflect the current state, so neither the clinician's individual view nor the analyst's population-level view is stale, and neither required extracting data from one system into another.</p> </section> <section class="section main-article-chapter" data-menu-title="Actions: the part that changes everything"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Actions: the part that changes everything</h2> <p>Object types that store data with descriptions and link to each other are valuable. A well-designed data warehouse with a good catalogue and a good data model can approximate the descriptive part - governed definitions, documented relationships, consistent naming.</p> <p>What it cannot approximate is the live, navigable links between objects that users traverse in real time, or the dual-mode querying described above. To get that from a warehouse, you have to build an application layer on top of it, and at that point you are no longer comparing like with like.</p> <p>What a warehouse cannot do at all is host actions.</p> <p>An action in Foundry is a defined operation that a user can perform on an object type – for example: accept a referral; cancel a theatre session; discharge a patient; assign a recovery bed; escalate to a consultant.</p> <p>Actions are not just buttons on a screen. They are transactions defined in the ontology itself, with validation rules, access controls, and audit trails built in. When a user performs an action, the action updates the relevant object types and all the linked relationships update with them.</p> <p>This is the feature that makes FDP an operational platform rather than an analytical one. It is also what makes the Frontline-First approach possible, because actions are the mechanism by which FDP applications capture new data at the point of care, not just present data that was captured somewhere else.</p> <p>Consider what happens when a theatre session needs to be cancelled. In a typical Trust today, the scheduler cancels the session in whatever system the Trust uses for theatre management. That information then has to reach other systems: the waiting list, the bed management view, the operational dashboard. Depending on how those systems are connected, that might take hours, or it might happen overnight through a batch extract. In the meantime, a waiting list manager may reassign the slot or contact a patient based on information that is already wrong, because the cancellation has not reached them yet.</p> <p>In the ontology, the scheduler performs a "cancel theatre session" action. The action updates the theatre session object type, and because the theatre session is linked to the waiting list entry, the patient, the consultant, and the recovery bed, every linked concept reflects the cancellation immediately - the waiting list manager, the analyst, and the COO's dashboard all see the change at the same time. There is no overnight feed, no delay, and no reconciliation.</p> <p>For analysts who need frozen reporting for board papers or national submissions, the platform also supports submission snapshots that lock the state at the end of a reporting period - the live view and the frozen view coexist.</p> <p>Now consider something more important. A discharge coordinator uses an FDP application to manage the discharge pathway. They perform actions such as "confirm transport arranged"; "confirm pharmacy complete"; "confirm social care package in place". Each action creates new data on the platform, data that did not exist in any source system because no source system tracks the discharge pathway at this level of detail. The coordinator's spreadsheet used to hold this information. Now the FDP application holds it, with an audit trail, with access controls, and with live links to the patient, the ward, the bed state and the analytics layer above.</p> <p>Actions can also trigger automated responses: a notification to the community team that the patient is ready; an API call to the transport booking system; an alert to the ward manager that a bed will be free. The platform supports scheduled and event-driven automation, which means actions do not always require a human to trigger them - a rule that fires automatically when a patient meets discharge criteria and initiates the coordination workflow is a different proposition from a coordinator clicking a button.</p> <p>This is the point that most critics of FDP miss. They compare it to warehouses and dashboards because they are thinking about platforms that present existing data. FDP applications capture new data through actions, and that new data sits on the same platform as everything else. The discharge coordinator's "confirm transport arranged" action is as much a part of the patient record as the admission that came from the EPR. The secondary uses - such as, how many discharges were delayed by transport nationally - and the primary use - is this patient ready to go home today - are happening on the same data, on the same platform, in the same session.</p> </section> <section class="section main-article-chapter" data-menu-title="The logic layer: an area to watch"> <h2 class="section-title"><i class="icon" data-icon="1"></i>The logic layer: an area to watch</h2> <p>There is a further capability in the ontology that FDP has not yet fully exploited in the NHS context but which has significant potential.</p> <p>Palantir's description of its architecture identifies four components: data, logic, action, and security.</p> <p>The logic layer is the set of business rules, algorithms, forecast models, optimisation models, and clinical pathways that sit between data and action. In a discharge pathway, the logic might determine which actions are prompted at which stage. In theatre scheduling, it might incorporate a capacity model that optimises slot allocation across surgeons and specialties. In population health, it might run segmentation algorithms that identify patients at risk of deterioration.</p> <p>The logic layer allows these rules and models to be connected into the ontology alongside the data and the actions, so that AI agents and human users can draw on the same reasoning when making decisions. This is largely unexplored territory in the current FDP product set, but it is where some of the most significant operational value may sit in the years ahead.</p> </section> <section class="section main-article-chapter" data-menu-title="What AIP adds to the platform"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What AIP adds to the platform</h2> <p>The Artificial Intelligence Platform (AIP) adds two capabilities that change what the platform can do.</p> <p>The first is making analytics accessible without the traditional route through an analyst. <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-2-Delivering-on-the-NHS-vision-for-data">Part 2 of this series of articles</a> described the app called Ask FDP and its potential to change the culture of data use in Trusts. The technical reason it works is that the large language model (LLM) is grounded in the Trust's own data through the ontology, with the same access controls and audit trail that apply to every other interaction with the platform.</p> <p>This is not a chatbot bolted onto a database. It is an AI capability that understands the relationships between object types and can traverse the ontology to answer questions that would otherwise require a skilled analyst and an SQL query.</p> <p>The second capability is AI-FDE, or AI Forward Deployed Engineer, which provides an AI-assisted development environment powered by the latest LLMs. For professional engineers, AI-FDE accelerates their work - it can generate React applications, ontology configurations, Python scripts, and any other deliverable an engineer would normally produce by hand. For clinicians and operational staff with no engineering background, it lowers the technical barrier to entry dramatically. A discharge coordinator can describe the workflow they need and AI-FDE translates that into a working application on the platform. AI-FDE also works with Foundry's no-code features, including Workshop for building interactive applications visually, and Pipeline Builder for building data transformations without writing code.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> This is not a chatbot bolted onto a database. It is an AI capability that understands the relationships between object types and can answer questions that would otherwise require a skilled analyst and an SQL query </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>This is the mechanism by which a Frontline-First approach scales beyond what a central development team can deliver. The Build with FDP event described in Part 2 saw clinical and operational staff building working applications in two days. The paramedic, the ward clerk, the discharge coordinator all have knowledge of their workflows that no nationally commissioned product can capture. AI-FDE lets them contribute that knowledge directly rather than waiting for someone else to build it for them.</p> <p>There is also a longer-term opportunity in using AI to convert unstructured data into structured, actionable insight. <a href="https://www.computerweekly.com/news/366636205/Interview-Erik-Mayer-transformation-chief-clinical-information-officer-Imperial-College">Imperial College Healthcare NHS Trust</a> developed a natural language processing tool that analyses free-text patient feedback comments, detecting sentiment and theming responses in minutes rather than days. The tool has since been adopted by nine NHS Trusts. The free text problem <a href="https://www.computerweekly.com/opinion/Inside-FDP-part-1-Understanding-the-problems-facing-NHS-data">described in Part 1</a> – such as, DIALOG scores buried in progress notes, discharge letters sitting as inaccessible PDFs - is the same class of problem, and AIP on the ontology makes this kind of work architecturally simpler because the grounding, access controls, and audit trail are already in place.</p> <p>A team building AI features on a freely engineered stack has to integrate the LLM externally, manage grounding manually, build audit trails separately, and worry about clinical data leaving the platform. The clinical coding AI assistant that came runner-up at Build with FDP is the AIP pattern - a small team built a clinically useful AI tool in two days because the platform already handled the plumbing underneath it.</p> <p>The platform is also evolving toward autonomous agents that can orchestrate workflows across multiple steps, not just answer questions or build applications - an agent that monitors a ward's discharge readiness, identifies patients who meet criteria, and initiates the coordination workflow represents the next generation of what Frontline-First could deliver.</p> </section> <section class="section main-article-chapter" data-menu-title="Why the orthodox data stack cannot do this"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why the orthodox data stack cannot do this</h2> <p>Anyone with a technical background will be asking why the orthodox data stack cannot replicate what the earlier sections described. The short answer is that Foundry collapses architectural separations that the orthodox stack treats as fundamental.</p> <p>The standard enterprise data architecture separates the systems where things happen from the systems where things are measured.</p> <p>The EPR is an example of the first type - an Online Transaction Processing (OLTP) system that records clinical events in real time, optimised for fast writes and looking up individual records.</p> <p>The data warehouse is an example of the second - an Online Analytical Processing (OLAP) system that aggregates historical data, optimised for complex queries across large datasets.</p> <p>In simpler terms, the app the clinician uses and the database the analyst queries are built on different technology for different purposes. Data flows from one to the other through overnight extracts and batch pipelines. This separation exists because the two workloads have different performance characteristics and historically could not be served by the same infrastructure.</p> <p>Foundry's Object Storage V2 challenges this separation. It is built on a different architectural principle - data is indexed into specialised object databases through an orchestration layer (the Object Data Funnel), with indexing and querying decoupled into separate subsystems that scale horizontally.</p> <p>The architecture is closer to an inverted index search engine than to a traditional relational database. It can serve both operational queries - give me this patient's current state, with all linked objects and available actions - and analytical queries - show me all patients across this Trust matching these criteria, aggregated by specialty - from the same data store, without extracting data from one system to another.</p> <p>The difference is structural. A traditional warehouse join scans two full tables to find matches across all rows, but the ontology's search-around navigates from a single object to its linked objects, which is how a clinician thinks – “show me everything connected to this patient” - rather than how an analyst thinks – “show me all patients matching these criteria”.</p> <p>The ontology supports both modes from the same data. This is what allows it to be both an operational workspace and an analytical platform simultaneously - a genuinely new concept for most NHS data professionals, and the reason FDP does not fit neatly into the categories people try to put it in. The ontology also supports media references, which means documents such as discharge letters and clinical images can be attached to objects as properties and accessed alongside the structured data.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about the NHS Federated Data Platform</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">Health workers call for Palantir to be booted from NHS contracts</a> - Health justice charity Medact warns that Palantir’s involvement in NHS data systems is a threat to patients and healthcare organisations.</li> <li><a href="https://www.computerweekly.com/news/366620412/NHS-chief-data-officers-concerned-with-FDP-roll-out">NHS chief data officers concerned by FDP roll-out</a> - The Chief Data and Analytical Officers Network has raised concerns over the way the NHS Federated Data Platform is being implemented and NHS England’s approach to its adoption.</li> <li><a href="https://www.computerweekly.com/news/366616320/NHS-Federated-Data-Platform-celebrates-first-birthday">NHS Federated Data Platform celebrates first birthday</a> - In its first year, more than 100 NHS organisations have signed up to the controversial platform, aiming to bring together data from different IT systems.</li> </ul> </div> </div> <p>Consider what it takes to build an equivalent operational capability on Azure. To create a discharge coordination product that captures new data at the point of care, you would need to wire together Azure Functions for the business logic, Cosmos DB or SQL for the data store, a custom API layer for the front-end application, Azure AD for authentication, a separate audit logging pipeline, and a manually maintained schema that describes what the data means.</p> <p>Each component is mature and well-documented. But the integration is bespoke engineering for every product, and the semantic description of the data - what a referral means, how it relates to a patient, what actions are available on it - lives in your application code and your documentation, not in the data layer.</p> <p>On Foundry, actions are defined in the ontology itself - the validation rules, access controls, audit trail, and linked object updates are handled by the platform. The semantic description travels with the data.</p> <p>This has a direct consequence for AI. When AIP queries the ontology, it already knows what a referral is, how it relates to a patient, what properties it has, and what actions can be performed on it, because the semantics are embedded in the same layer as the data.</p> <p>To achieve something comparable with Azure and Copilot, you would need to build a retrieval augmented generation (RAG) pipeline -extracting the data, writing grounding instructions that explain the schema and its meaning, managing the context window, and maintaining those instructions every time the data model changes. The semantics and the data live in separate places, maintained separately, and they can drift apart. On Foundry, they cannot, because they are the same thing.</p> <p>Azure, Databricks and all the other reporting-first platforms are excellent at what they were designed to do. But they were designed within the orthodox OLTP/OLAP separation. Foundry was designed to collapse it. That is the architectural choice that makes the Frontline-First approach possible, and it is the reason I argue that FDP is not just another data warehouse with better marketing.</p> <p>It is worth noting that the rest of the industry is moving in this direction, which validates the principle even if the implementations differ.</p> <p>Microsoft launched Fabric IQ in late 2025, which introduces an ontology layer with entity types, relationships, and AI grounding through a unified semantic layer. Databricks has extended Unity Catalog with business semantics and AI agents. Both are building semantic layers that bring data and meaning closer together, and Gartner now treats universal semantic layers as critical infrastructure.</p> <p>But neither yet offers what Foundry has in production - defined actions that create new data through transactions in the ontology, with validation rules, access controls, audit trails, and linked object updates handled by the platform. The semantic layer is necessary but not sufficient for Frontline-First - without actions, you have a smarter way to understand data, not a platform that captures it at the point of care. That is the gap the competitors have not yet closed, and Foundry has been in production with it for over a decade.</p> </section> <section class="section main-article-chapter" data-menu-title="How this works across organisational boundaries"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How this works across organisational boundaries</h2> <p>The architecture described so far operates within a single Trust's FDP instance. But the Frontline-First approach requires data to connect across Trusts and care settings. The mental health patient who attends A&E at the acute Trust needs their community mental health data to be visible and actionable through the same platform.</p> <p>Foundry achieves this through shared spaces.</p> <p>Each Trust has its own private space with its own ontology. When two or more Trusts want to collaborate across organisational boundaries, they create a shared space with a shared ontology. Each organisation controls which data it shares - the shared space provides the common ground where cross-organisational products operate.</p> <p>One NHS Trust Group has already done this in production - they created a shared space across two Trusts, with a single cross-Trust patient tracking list that is live, with no issues of lag or latency. They are in the process of re-platforming all their core products into the shared space so that across both Trusts they run a single theatres product, a single Optica, and a single set of operational products, backed by permissions that control whether users see one organisation's data or both. Additional workflow features handle the practical realities, such as ensuring patients are not booked into the wrong site.</p> <p>This is not a central hub pulling data from the periphery. It is a peer-to-peer collaboration model where each Trust retains control of its own data and the shared space provides the integration layer. The shared ontology ensures that the data model is consistent across both organisations, so a product built in the shared space works for both Trusts without separate configuration. This is the architectural mechanism that makes the cross-setting collaboration dimension from Part 2 possible at scale.</p> <p>None of this removes the practical challenge of integrating Foundry with the existing Trust application estate. Getting data in and out of the platform, connecting to EPRs and the dozens of other systems a Trust runs, is an area the programme is actively working on and one where the experience of early adopters will be critical.</p> </section> <section class="section main-article-chapter" data-menu-title="Can EPR implementation solve the same problems?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Can EPR implementation solve the same problems?</h2> <p>One concern raised by senior digital leaders is that the problems described in Part 1 are not architectural failures requiring a new platform, but implementation failures that better EPR deployment would solve. There is some truth in this.</p> <p>Implementation quality matters enormously, and the same EPR system can be well or badly implemented. But even a perfectly implemented EPR cannot make a tool built in one Trust available to every other Trust without rebuilding it. EPR convergence programmes can link data across organisational boundaries within their footprint, but this is limited to Trusts that have adopted the same system and does not extend nationally. It cannot enforce semantic consistency across 220 Trusts running different EPR systems with different configurations.</p> <p>And while some EPR suppliers are extending into operational territory with their own features for discharge tracking, bed management, and clinical coordination, these capabilities remain local to each Trust's implementation and are not portable across the 220 Trusts running different EPR systems with different configurations.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> FDP does not replace the EPR. What it does is provide a layer alongside it where operational products can capture data that the EPR was never designed to hold </figure> <figcaption> <strong>Tom Bartlett</strong> </figcaption> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>There are also entire data domains that will always be out of scope for any EPR, notably workforce and finance, which are critical to operational management but are not clinical data. National portability, semantic consistency across 220 Trusts, and coverage of non-clinical domains like workforce and finance are architectural properties of a platform, not implementation quality issues, and the Frontline-First approach cannot work without them.</p> <p>FDP does not replace the EPR. What it does is provide a layer alongside it where operational products can capture data that the EPR was never designed to hold, in a structured form that is nationally consistent and immediately available to every other product on the platform. Trusts can choose to keep the EPR as the designated clinical record. FDP provides the operational data estate that the EPR was never asked to be.</p> <p>The platform supports multiple writeback methods including API, HL7, and FHIR - the constraint on writing data back into the EPR is not technical but commercial. To date, the programme has not achieved sufficient traction with EPR providers to establish routine writeback into the clinical record. Trusts who are awaiting this functionality should understand that the barrier is supplier engagement, not platform capability.</p> <p>FDP does not introduce divergence from the EPR. It replaces unaudited, ungoverned, invisible divergence with audited, governed, visible divergence. That is a net improvement in every dimension, even if it is not the clean single-record picture that information governance frameworks assume.</p> </section> <section class="section main-article-chapter" data-menu-title="What the platform does not do well yet"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What the platform does not do well yet</h2> <p>Foundry is structured in a genuinely novel way and this is what makes it uniquely suited to the Frontline-First approach, but it does not make it a perfect platform. Teams I have worked with who have adopted Foundry have come across limitations that they have found frustrating, and it is likely that others will too.</p> <p>The general frustration is about a tension between two types of analytical work.</p> <p>Foundry prioritises users who are building repeatable, reusable analytical processes, an approach actively encouraged in NHS England under the Reproducible Analytical Pipelines (RAP) framework. For this kind of work, the platform is excellent - governed, auditable, shareable. But a large proportion of what analysts do day-to-day is not RAP. It is exploratory - quickly viewing a dataset, sharing rough cuts with colleagues, testing an approach before committing to it.</p> <p>The platform makes the first type of work excellent and the second type harder than it needs to be. Getting data in takes more effort than analysts expect - getting data out is harder still. Analysts who needed spreadsheet functionality found it lacking, though the platform does support R, Shiny, and more recently SQL Studio, and Trusts can connect external tools like Power BI and Tableau. NHS England restricted some of this on its own instance, but individual Trusts make their own decisions.</p> <p>Beyond the analyst experience, there were engineering challenges. Foundry's branching model allows developers to branch live data the way a software engineer branches code, test changes against real-world data, and merge back.</p> <p>The national FDP team embraced this because it allowed them to move fast. But engineers who were new to the platform, many of whom had spent years managing data flows from Trusts to NHS England, found it deeply uncomfortable. They were accustomed to long-established best practices - test data, separate development, testing, and production environments, careful promotion between them. Branching real-world data on the master branch felt reckless by those standards.</p> <p>Some teams tried to reconcile the two approaches by setting up test data and then branching it, which satisfied neither philosophy - the test data could not guarantee coverage of the edge cases that would break a pipeline in production, and the branching added complexity without the benefit of working against real data.</p> <p>Foundry does support formal environment separation, but Palantir's engineers discouraged it because it added significant overhead to the development process. The result was a period where neither approach was followed cleanly, and teams were caught between two engineering cultures without a settled way of working.</p> <p>None of this invalidates the architectural case, but it does mean that the journey from architectural promise to operational reality is harder and slower than anyone would like.</p> <p>A change of this scale cannot be delivered by a national programme alone, nor Trusts developing FDP in isolation. It requires cooperation across the system - Trusts, integrated care boards (ICBs), and the national team learning together, adapting together, and being willing to change how they work.</p> <p>The pace at which Frontline-First becomes real will be determined by the level of cooperation and willingness to adapt across all of these organisations.</p> </section> <section class="section main-article-chapter" data-menu-title="Why "just an expensive data warehouse" misses the point"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why "just an expensive data warehouse" misses the point</h2> <p>One of the most persistent criticisms of FDP, repeated in parliamentary debate and in media coverage, is that it is "a very overpriced data warehouse".</p> <p>If you assess FDP as a warehouse, this is a defensible view. The dashboarding is limited. The analytical tooling is less mature than a well-configured Power BI or Tableau environment. For analysts whose entire frame of reference is the analytical layer, FDP looks underwhelming and expensive.</p> <p>But the point of this article is that FDP is not primarily a warehouse. It is an operational application platform where the data, the semantics, the applications, and the actions all live in the same place. Calling FDP an expensive data warehouse is like calling a smartphone an expensive calculator. It is technically true that both can do arithmetic, and it completely misses what makes the smartphone worth having.</p> </section> <section class="section main-article-chapter" data-menu-title="What comes next"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What comes next</h2> <p>The next article explains why the NHS needs both a shared data model and the consistent products to enforce it, and why their combination is the most important asset in the programme.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about NHS data</h3> <ul class="default-list"> <li><a href="https://www.computerweekly.com/feature/Electronic-health-records-are-still-creating-issues-for-patients">Electronic health records are still creating issues for patients</a> - Almost every NHS trust will have moved onto a digital system by this spring. Experts have cautioned many patients are still struggling to access their own health data.</li> <li><a href="https://www.computerweekly.com/news/366639993/Child-rapist-could-have-profiled-victims-through-unaudited-access-to-NHS-databases">Child rapist could have profiled victims through unaudited access to NHS databases</a> - NHS analyst’s conviction for child sexual abuse offences raises concerns over unaudited access to patient data.</li> <li><a href="https://www.computerweekly.com/news/366574914/Women-In-Data-panel-NHS-needs-to-get-data-basics-right-before-rushing-into-AI">NHS needs to get data basics right before rushing into AI</a> - During a panel discussion at a Women in Data event, speakers from across the public healthcare sector outlined the groundwork that has to be laid for artificial intelligence to take the NHS by storm.</li> <li><a href="https://www.computerweekly.com/news/366620174/NHS-investigating-how-API-flaw-exposed-patient-data">NHS investigating how API flaw exposed patient data</a> - NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer.</li> <li><a href="https://www.computerweekly.com/news/366641178/NHS-digital-drive-hit-by-usability-gaps-despite-progress-national-survey-finds">NHS digital drive hit by usability gaps despite progress, national survey finds</a> - The shift from analogue to digital across the NHS is hindered by usability issues in electronic patient record (EPR), but the newly launched frontline productivity programme could be the answer.</li> </ul> </div> </div> </section> An in-depth look at the specific features of Palantir's Foundry, the commercial software platform on which FDP is built, and how the system makes use of them https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/health-MRI-scan-results-anatoliy-gleb-adobe.jpg https://www.computerweekly.com/opinion/Inside-FDP-part-3-The-data-architecture-that-makes-it-work Thu, 14 May 2026 04:00:00 GMT Inside FDP – part 3: The data architecture that makes it work <p><a href="https://www.techtarget.com/contributor/Christian-Klein">Christian Klein</a>, SAP’s chief executive officer, led with a picture of a three-eared unicorn during the opening keynote at SAP’s global <a href="https://www.techtarget.com/searchsap/conference/SAP-Sapphire-Now-news-trends-and-analysis">Sapphire event in Orlando</a>.</p> <p>In the main press statement for the event, he added some context: “For the mission-critical processes of our customers, ‘almost right’ just isn’t good enough.</p> <p>“By uniting SAP Business AI Platform with SAP Autonomous Suite, we anchor AI agents in the business processes, data and governance so they can deliver accurate, compliant and secure outcomes, unlocking new sources of revenue and meaningful cost savings.”</p> <p>The no-frills keynote was balanced across the supplier’s top team. <a href="https://www.techtarget.com/searchsap/news/366574881/SAP-chief-AI-officer-Waiting-on-AI-is-the-wrong-strategy">Philipp Herzig</a>, chief technology officer; Muhammad Alam, executive board member responsible for product engineering; and <a href="https://www.techtarget.com/searchsap/news/366618698/Changes-to-SAP-leadership-reflect-AI-cloud-shifts">Sebastian Steinhaeuser</a>, chief operating officer, carried what came across as a collective argument.</p> <p>They were also joined onstage by SAP customers JP Morgan Chase, with its chief financial officer, Jeremy Barnum; H&M, with its chief digital and information officer, Ellen Svanström; and partner representative Rob Fisher, global head of advisory.</p> <p>What the supplier styles as an Autonomous Enterprise includes an AI platform for, avowedly, building, contextualising and governing agents. This is said to add up to an “autonomous suite that executes core business operations and a new user experience” that obviates the need to switch applications, or even be in them.</p> <p>The so-called autonomous suite will deploy more than 50 <a href="https://www.techtarget.com/searchsap/news/366632263/SAP-pitches-role-based-Joule-assistants-as-ERP-work-partners">Joule Assistants</a> across the gamut of business applications, covering finance, supply chain, procurement, human capital management and customer experience. <a href="https://www.techtarget.com/searchsap/news/366553638/SAP-joins-generative-AI-crowd-with-Joule">Joule</a> has been SAP’s term for its generative AI technology since September 2023.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about Sapphire</h3> <ul class="default-list"> <li>Sapphire 2025: <a href="https://www.computerweekly.com/news/366624161/Sapphire-2025-SAP-mints-business-AI-flywheel-with-Palantir-on-board">SAP mints business AI flywheel with Palantir on board</a>.</li> <li><a href="https://www.techtarget.com/searchsap/news/366623967/SAP-should-balance-AI-talk-with-customer-concerns-at-Sapphire">SAP will focus on Joule, agentic AI and Business Data Cloud at Sapphire</a>; experts say it should also show how it can help customers deal with real-world issues.</li> <li><a href="https://www.computerweekly.com/news/366588552/SAP-Sapphire-2024-AI-in-all-its-forms-but-not-only-AI">SAP Sapphire 2024</a>: AI in all its forms – but not only AI.</li> </ul> </div> </div> <p>These assistants will, it is said, automate end-to-end processes. One example the supplier gave is an Autonomous Close Assistant that can, it is claimed, compress the financial close process from weeks to days by automating journal entries, reconciliation and error resolution.</p> <p>The company said it will bring its <a href="https://www.techtarget.com/searchsap/definition/SAP-HANA-Cloud-Platform">Business Technology Platform</a> (BTP) and its Business Data Cloud under the banner of its SAP Business AI Platform as a single, governed environment. <a href="https://www.techtarget.com/searchsap/definition/SAP-HANA-Cloud-Platform">BTP</a> is SAP’s platform-as-a-service product that has provided a development and <a href="https://www.techtarget.com/searchsoftwarequality/definition/runtime">runtime</a> environment for building cloud-based enterprise applications.</p> <p>An SAP Knowledge Graph system, which is said to give AI agents a map of business entities, processes and relationships across a customer’s SAP landscape, will add specific business context, according to the supplier.</p> <p>SAP is also launching Joule Studio as what it describes as its AI-first system for building enterprise agents, applications and agentic workflows.</p> <section class="section main-article-chapter" data-menu-title="Agentic AI fund"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Agentic AI fund</h2> <p>The company announced a €100m fund for SAP partners to help customers deploy SAP-built AI assistants and agents. The fund is also available to partners that extend or build new partner agents on the new SAP Business AI Platform using Joule Studio, the supplier said.</p> <p>SAP also highlighted a raft of partnerships it believes to be strategic. Two are with <a href="https://www.computerweekly.com/news/366640417/Health-workers-call-for-Palantir-to-be-booted-from-NHS-contracts">Palantir</a> and Accenture for data migration, and another is with agentic AI specialist Conduct for cloud enterprise resource planning migrations.</p> <p>It is also collaborating with Anthropic, Amazon Web Services, Google Cloud and Microsoft, as well as Mistral AI and Cohere, to deliver what were described as sovereign model options on SAP’s cloud infrastructure.</p> <p>The supplier will endeavour to say what these and other announcements will mean for SAP customers in Europe next week in Madrid, from 20-21 May.</p> </section> SAP CEO Christian Klein and his top team trumpeted the advent of the ‘autonomous enterprise‘ during the opening keynote at the supplier’s global Sapphire event in Orlando https://cdn.ttgtmedia.com/visuals/ComputerWeekly/HeroImages/SAP-Sapphire-2025-Christian-Klein-hero.jpg https://www.computerweekly.com/news/366643054/Sapphire-2026-SAP-heralds-dawn-of-autonomous-enterprise Wed, 13 May 2026 04:45:00 GMT Sapphire 2026: SAP heralds dawn of ‘autonomous enterprise’ <p>Enterprise software providers are rushing to introduce artificial intelligence (AI) into their platforms, which has a consequential impact on the technologies executives buy and the roles professionals fulfil.</p> <p>Into this maelstrom of AI-enabled change comes <a href="https://www.techtarget.com/searchhrsoftware/definition/Workday">Workday</a>, a cloud-based enterprise resource planning (ERP) firm that has made significant recent changes – including co-founder <a href="https://www.techtarget.com/searchhrsoftware/news/366640361/Workdays-new-old-CEO-reveals-Sana-agentic-AI-updates">Aneel Bhusri returning as chief executive officer and the introduction of Sana</a>, a new unified AI interface for Workday – to stay competitive and adapt to the growing importance of AI in business operations.</p> <p>So, what do the changes the technology giant envisions mean for senior executives in HR, finance and other business functions, and the staff these business leaders oversee? Computer Weekly visited Workday’s EMEA headquarters in Dublin for an innovation media event to hear more about the company’s roadmap and the implications for users.</p> <section class="section main-article-chapter" data-menu-title="Workday’s competitive position"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Workday’s competitive position </h2> <p>It was clear at the event that the rapid pace of AI-powered change enabled by Workday and other technology companies is very much the initial shift in a grander transformation.</p> <p>While employees at most firms have started dabbling in generative AI (GenAI) services, Kathy Pham, vice-president for AI at Workday, says the <a href="https://www.techtarget.com/whatis/definition/large-language-model-LLM">large language models (LLMs)</a> powering these technologies are limited in their influence. These probabilistic LLMs are usually trained on information across the internet, not within the enterprise firewall, and don’t have access to contextual financial records, customer details and HR information within businesses.</p> <p>“They’re disconnected,” says Pham, referring to these LLMs, adding that successful providers will help their customers achieve better outputs via a deterministic approach to AI. That’s where Workday comes in, with the company aiming to create agents, including through its next-generation service Sana, that are powered by concrete enterprise data points.</p> <p>“We believe agents need a deep understanding of how work happens,” says Pham. “And most importantly for me, this is where the right engineering comes into play, paired with a good, responsible AI team that provides the context across security, AI, systems, data and unified processes. We bring all that together when we build systems for our customers.”</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Kathy-Pham-Workday-140x180px.jpg" alt="Photo of Workday's Kathy Pham"> </div> <p><span style="font-size: 14pt;"><strong><span style="color: #34495e;">“We believe agents need a deep understanding of how work happens. This is where the right engineering comes into play, paired with a good, responsible AI team that provides the context across security, AI, systems, data and unified processes. We bring all that together when we build systems for our customers”</span></strong></span></p> <p><em><span style="color: #34495e;">Kathy Pham, Workday</span></em></p> </blockquote> <p>Work on this shift is already underway. During the <a href="https://www.computerweekly.com/news/366634678/Workday-sets-out-to-reinvent-ERP-with-agentic-AI-platform/">Rising conference in Barcelona in November 2025</a>, senior Workday executives described the company’s desire to provide an agentic AI platform that disrupts traditional ERP services. Gerrit Kazmaier, president of product and technology at Workday, positioned the platform in his keynote as a “front door to work”.</p> <p>In Dublin, Pham says Workday will use a deterministic approach to become this front door to work. She says employees should be able to log in to Workday and use built-in agentic services to ask natural-language questions about key issues, such as payroll variations across regions, and receive personalised answers from enterprise data sources.</p> <p>At the heart of Workday’s deterministic approach to AI sits <a href="https://www.computerweekly.com/blog/CW-Developer-Network/Workday-acquires-agentic-AI-search-learning-specialist-Sana">Sana</a>. Pierre Gousset, vice-president of solutions at Workday, describes Sana as the intelligent entry point for accessing data and taking AI-enabled actions. “It’s where organisations build, orchestrate and manage agents that can deliver work across HR, finance, IT and beyond,” he says.</p> <p>“With Sana, you get access to an AI that is not only powerful, but that also lives inside Workday’s deepest understanding of your data, people, job architectures, organisational structures, approval chains and compensation bounding. That gives us an unfair advantage that we think no other AI can replicate.”</p> <p>While Workday is eager to position Sana as a step change in business-focused AI, the platform shouldn’t be seen in isolation from other enterprise applications. To that end, Gousset says integrating Sana with other providers’ services gives Workday’s agents the best possible access to data that will drive end-to-end process automation.</p> <p>“Sana is designed to work with the broader enterprise ecosystem, and we deliver this through secure integrations with platforms like Salesforce, Databricks, Snowflake, Google and Microsoft 365, and we want to make this possible because we want Sana to be used not only to answer questions in Workday, but to trigger actions across all enterprise systems.”</p> <p>Gousset detailed four key capabilities of Sana’s agents: asking questions of data across enterprise systems; helping professionals take actions based on this insight; building outputs via dashboards, reports and documents; and automating processes to create multi-step workflows. He says the final capability – automating workflows – is where Sana moves from being an assistant to a system that executes work with professionals.</p> <p>While this agentic transformation sounds powerful in practice, it’s important to remember that other providers are making similar shifts. And though embracing emerging technology allows specialists like Workday to create new data-led services, the rise of AI also creates risks for software firms, not least the potential for disintermediation.</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Clare-Hickie-1-Workday-140x180px.jpg" alt="Photo of Workday's Clare Hickie"> </div> <p><span style="font-size: 14pt;"><strong><span style="color: #34495e;">“Our success will be built on the foundations established by the deterministic guardrails we’ve put in place. These foundations will help organisations evolve successfully into the world of AI”</span></strong></span></p> <p><em><span style="color: #34495e;">Clare Hickie, Workday</span></em></p> </blockquote> <p>Some industry experts have suggested that <a target="_blank" href="https://www.deloitte.com/us/en/insights/industry/technology/technology-media-and-telecom-predictions/2026/saas-ai-agents.html" rel="noopener">as many as 35% of software-as-a-service (SaaS) tools could be replaced by AI agents</a> by 2030. In a one-to-one interview in Dublin, Computer Weekly asked Workday’s chief technology officer, Clare Hickie, whether disintermediation is on her executive team’s radar.</p> <p>“I can see why you asked the question, because I can see what’s being said in the media right now, and I can see some of the curiosity that may be applied based on where we are in the world in this transitional period from an AI perspective,” she says. “However, what I will say, and it’s no more than what we’ve said at this event, is that AI is often probabilistic, which means it can be wrong, whereas we operate via a deterministic application stack.”</p> <p>In an uncertain world, Hickie says CIOs will look for the degree of certainty that trusted software providers can supply. She says it’s here that Workday excels, with a strong history of building services for major enterprises in risk-averse sectors that will require deterministic AI solutions for intractable challenges.</p> <p>“We can never be wrong when it comes to payments,” she says. “We can’t be wrong when it comes to financial close, audits and compliance. And so our success will be built on the foundations established by the deterministic guardrails we’ve put in place. These foundations will help organisations evolve successfully into the world of AI.”</p> </section> <section class="section main-article-chapter" data-menu-title="New technologies, new skills"> <h2 class="section-title"><i class="icon" data-icon="1"></i>New technologies, new skills </h2> <p>The key to Workday becoming the “front door to work” will be the extent to which CIOs and other buyers use the firm’s technologies to support an AI-enabled workplace transformation.</p> <p>Gousset demonstrated at the event how Sana’s agents can automate processes across enterprise ecosystems to help line-of-business employees manage tasks, such as onboarding new employees and producing reports, and add repeatable workflows, such as getting executive-level sign-offs.</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Pierre-Gousset-Workday-140x180px.jpg" alt="Photo of Workday's Pierre Gousset"> </div> <p><span style="font-size: 14pt;"><strong><span style="color: #34495e;">“Think about how much time you save by not having to work across multiple systems. This is a new type of experience, where AI is the UI, and you replace dozens of enterprise systems with a conversational experience, which is more intuitive but also more intelligent”</span></strong></span></p> <p><em><span style="color: #34495e;">Pierre Gousset, Workday</span></em></p> </blockquote> <p>“Think about how much time you save by not having to work across multiple systems,” he says. “This is a new type of experience, where AI is the UI [user interface], and you replace dozens of enterprise systems with a conversational experience, which is more intuitive but also more intelligent. This capability is how businesses will transform work.”</p> <p>Hickie says the underlying aim of these and other services is to ensure agents do more than answer questions and summarise information. By combining data with enterprise context, Workday wants to develop agents that create a step change in workplace productivity.</p> <p>“By context, we mean that agents understand skills, decision lines, approvals, security and where friction points actually are,” she says. “And it’s that context that allows us to deliver 100% positive outcomes, but equally, more importantly, that layer of productivity that is really required when it comes to AI and agents in particular.”</p> <p>Examples discussed at the event included a Recruiting Agent that helps recruiters break their reliance on manual processes, allowing them to spend less time filling roles and more time discovering talent. Another example was Workday’s Payroll Agent, which unifies data and context to create a service that helps staff spend less time on compliance-focused tasks.</p> <p>“This capability is just a starting point for Workday,” says Hickie. “How we see these agents being delivered is through a level of depth and breadth. It’s not always about the singular role that an agent will explicitly perform. Many of these agents will be able to complete end-to-end workflows.”</p> <p>This higher level of automation raises important questions about the future of work, not just for the professionals who fulfil these tasks, but also for companies like Workday that are enabling this workplace transformation. Workday CEO Bhusri acknowledged the scale of change in a press conference in March.</p> <p>“What sometimes keeps me awake at night is that low-level HR work is going to be replaced by agents; there is no getting around that. And what the industry needs to own, including Workday, is that we have to find a way to take care of the employees who are dislocated.”</p> <blockquote> <div class="imagecaption alignLeft"> <img src="https://cdn.ttgtmedia.com/rms/computerweekly/Chandler-Morse-Workday-140x180px.jpg" alt="Photo of Workday's Chandler Morse"> </div> <p><span style="font-size: 14pt;"><strong><span style="color: #34495e;">“Our team has been working both in the US, at the federal and state and local level, and with the European Commission, so a policy response to issues [around AI-enabled disruption] is top of mind for us”</span></strong></span></p> <p><em><span style="color: #34495e;">Chandler Morse, Workday</span></em></p> </blockquote> <p>In Dublin, Chandler Morse, chief corporate affairs officer at Workday, acknowledged the concerns about AI-enabled disruption. He says Workday is urging lawmakers to consider employer incentives for reskilling.</p> <p>“Our team has been working both in the US, at the federal and state and local level, and with the European Commission, so a policy response to those issues is top of mind for us,” he says.</p> <p>Beyond policy, Bhusri suggested in the March press conference that Sana itself could provide a potential solution to the intractable challenge of worker dislocation, automating low-level manual tasks while helping to retrain employees in the new skills required. In Dulin, Gousset says Workday views agents as extensions of a company’s workforce.</p> <p>“Agents are not going to replace humans,” he says. “Most agents will work hand in hand with humans to accomplish certain tasks. Therefore, you need, organisationally, not only technically, to be able to define which part of your processes are going to be managed jointly by humans and agents.”</p> <p>Here, he pointed to Workday’s Agent System of Record. This tooling helps organisations to consider the permissions and skills required for agents and humans in an AI-powered workplace transformation: “It’s really about building that framework to help enterprises rethink their process gradually, together with AI.”</p> <p>What’s clear, says Hickie, is that the pace of change is only going to quicken. Yes, Workday technology is helping power a workplace transformation, but the company also wants to help employees and their bosses embrace new roles and skills required in an age of AI.</p> <p>“Our technology is helping others manage that change from a development perspective,” she says. “We’re working out where the skills gaps are in the roles that are starting to be defined, and we also want to help individuals train, learn and develop within their current roles. We’re just moving into this moment of change.”</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Read more about agentic AI and enterprise applications</h3> <ul class="default-list"> <li>Workday’s new (old) CEO reveals <a href="https://www.techtarget.com/searchhrsoftware/news/366640361/Workdays-new-old-CEO-reveals-Sana-agentic-AI-updates">Sana agentic AI updates</a>: How doing work in Workday could become simpler with agentic AI.</li> <li>Oracle is turning corporate software <a href="https://www.computerweekly.com/news/366642385/Oracle-is-turning-corporate-software-over-to-AI-agents">over to AI agents</a>: As Oracle rolls out a slew of agentic AI tools and applications, a senior company executive explains how enterprise workflows are changing and why software pricing models may be due for a shake-up.</li> <li>Inside SAP R&D on the <a href="https://www.techtarget.com/searcherp/podcast/Inside-SAP-RD-on-the-convergence-of-agentic-and-physical-AI">convergence of agentic and physical AI</a>: In this podcast, Yaad Oren, SAP’s head of research and innovation and managing director of SAP Labs US, says smarter, autonomous physical AI devices are poised for business use.</li> </ul> </div> </div> </section> On a visit to Workday’s Dublin EMEA HQ, we find the supplier aiming to leverage agentic artificial intelligence to improve enterprise operations with its Sana platform, said to enable automation and reskilling for an AI-driven workplace https://cdn.ttgtmedia.com/visuals/ComputerWeekly/Hero%20Images/HR-recruitment-leadership-staff-workforce-tomertu-adobe.jpg https://www.computerweekly.com/feature/Workday-majors-on-Sana-acquisition-to-forward-agentic-AI-programme Tue, 12 May 2026 08:30:00 GMT Workday majors on Sana acquisition to forward agentic AI programme ComputerWeekly.com 60 editor@computerweekly.com