Written questions by Wrigley.

Whether the Government has issued guidance to help ensure that AI solutions trained on NHS datasets align with NHS principles.

Artificial Intelligence (AI) solutions trained on National Health Service datasets must align with core NHS principles, including safety, fairness, transparency, and accountability. These principles are embedded in the NHS’s approach to digital innovation and data use.To support this, NHS England utilises guidance developed by the NHS Transformation Directorate, which sets out expectations for the safe, lawful, and ethical use of AI in health and care settings. This includes ensuring that AI systems are explainable, that data is used responsibly, and that decisions remain under human oversight.The guidance has been reviewed by the Health and Care Information Governance Working Group, including the Information Commissioner’s Office (ICO) and the National Data Guardian (NDG), and is publicly available on the NHS Transformation Directorate’s website:https://transform.england.nhs.uk/information-governance/guidance/artificial-intelligence/This framework helps ensure that AI innovations developed using NHS data are aligned with NHS values and are deployed in a way that benefits patients, supports clinicians, and maintains public trust.

Whether the Federated Data Platform’s architectural governance model includes constraints on cross-domain identity federation between (a) NHS instances and (b) other public sector deployments of (i) Foundry and (ii) Gotham.

Each local organisation operates its own instance of the NHS Federated Data Platform (FDP), for which it is the data controller. These instances are designed to support local autonomy and governance, allowing organisations to opt into core products that enhance patient care delivery.The architectural governance model of the FDP does not include provisions for cross-domain identity federation between National Health Service instances and other public sector deployments of Foundry or Gotham. Instead, the platform enables local organisations to connect and share information currently stored in separate systems, but only where there is a legal basis to do so. This ensures that data sharing is conducted within a safe and secure environment, respecting organisational boundaries and data protection obligations.Further technical and governance details are outlined in the information governance framework for the FDP, which confirms that all data remains within United Kingdom sovereign zones and that access is restricted to authorised personnel. The information governance framework for the FDP is available at the following link:https://www.england.nhs.uk/long-read/federated-data-platform-information-governance-framework/

Whether his Department has received representations from (a) Palantir Technologies Ltd and (b) its subsidiaries on combining data functions under a single NHS data contract.

My Rt Hon. Friend, the Secretary of State for Health and Social Care met with representatives of Palantir on 4 June 2025. The meeting was to discuss the importance of the rollout of the Federated Data Platform, including progress towards having all trusts onboarded. The meeting did not discuss combining data functions under a single National Health Service data contract, and the Department has not received representation from Palantir or its subsidiaries on that topic.

What (a) encryption key management protocols and (b) physical hosting zones are in place to ensure NHS datasets remain (i) logically and (ii) geographically partitioned from Palantir’s multi-tenant infrastructure.

Access to National Health Service health and social care data within the Federated Data Platform (FDP) is tightly controlled. The FDP incorporates advanced Privacy Enhancing Technology (PET), which has been procured from a separate supplier to ensure independence and to mitigate any conflicts of interest.It is a contractual requirement that personal data stored in the FDP and NHS PET cannot be accessed by its own personnel or contractors from outside the United Kingdom. In accordance with General Data Protection Regulation principles of transparency and accountability, NHS England has published details in the FDP Information Governance Framework. This framework is available at the following link:https://www.england.nhs.uk/long-read/federated-data-platform-information-governance-framework/

Whether (a) federated machine learning and (b) transfer learning techniques have been employed in the Federated Data Platform.

Neither federated machine learning nor transfer learning techniques are currently utilised within the NHS Federated Data Platform (FDP).The FDP is designed to support operational use cases such as elective recovery, care coordination, and discharge planning by enabling secure, real-time access to data across National Health Service organisations. While the platform supports advanced analytics and data integration, it does not currently employ federated or transfer learning methods as part of its architecture or functionality.NHS England continues to monitor developments in artificial intelligence and machine learning to ensure that any future applications involving NHS data align with core NHS principles, including safety, fairness, and accountability.

Whether NHS England has conducted data transfer impact assessments on (a) access, (b) processing and (c) codebase maintenance undertaken by overseas Palantir staff.

There is no overseas processing of data of any type by the Federated Data Platform (FDP) programme, and therefore transfer impact assessments are not required. This is laid out in the FDP Information Governance Framework, which is available at the following link:https://www.england.nhs.uk/long-read/federated-data-platform-information-governance-framework/

Whether (a) outputs and (b) intermediate artefacts generated via Foundry workflows are permitted to be retained by Palantir Technologies for the purpose of product refinement.

All products, outputs, and intermediate artefacts generated within the Federated Data Platform, funded by the National Health Service under the NHS Federated Data Platform Associated Services (FDP-AS) agreement, are the intellectual property of the NHS, and Palantir is not permitted to utilise these for their own purposes. Further information on the FDP-AS is available at the following link:https://www.contractsfinder.service.gov.uk/Notice/0f8a65b5-23a2-4294-abb1-a7fd8efb3ad0

Whether his Department has made an assessment of the potential risks of cross‑contamination risk when data from multiple NHS trusts are ingested into a single cloud environment.

In order to assess the risk and impact to data privacy, all Federated Data Platform (FDP) installations are required to complete a Data Privacy Impact Assessment (DPIA). An overarching DPIA for the FDP was also undertaken. Each FDP Tenant is a logically separated instance of the Foundry Platform. Each tenant has separate administrators, and independent control of all data ingress and egress. User access is controlled by a combination of Role Based Access Controls and Purpose Based Access Controls to ensure that access to data is only available to users with a documented and auditable reason for access. All changes to the product or platform go through a careful process of development, testing, quality assurance, and change management before they are released. This helps to prevent errors and problems. The FDP has several measures in place to keep data safe. These include:¾strong network security, namely firewalls and intrusion detection systems that monitor all network traffic to and from the platform, to block unauthorised access and detect suspicious activity;data encryption of all data stored on the platform, both when transferred, or in transit, and when stored on servers;purpose based access, as users only have access to the data they need to do their jobs. This helps to minimise the risk of unauthorised access to sensitive information;detailed logging and monitoring, as all user activity on the platform is logged and monitored for suspicious activity. This helps to identify potential security breaches quickly and maintains a full audit trail. Security logs are encrypted and stored securely;regular security testing, with the platform undergoing regular penetration testing and vulnerability scanning to identify and fix any weaknesses in its security;development lifecycle, with all changes to the product or platform going through a careful process of development, testing, quality assurance, and change management before they are released. This helps to prevent errors and problems; andmonitoring, as live services teams constantly monitor the product or platform 24 hours a day, seven days a week to quickly identify and fix any issues that may arise.

What discussions he has had with NHS England on its data cleaning specification for Palantir; and whether that specification defines how patient data are (a) extracted, (b) transformed and (c) loaded into the federated data platform.

NHS England has not had any discussions with my Rt Hon. Friend, the Secretary of State for Health and Social Care on this matter. Each local organisation has their own instance of the NHS Federated Data Platform (FDP) for which they are the data controller, and can opt into any of the core products that support delivery of patient care. Local organisations can connect and share information currently stored in separate systems to support staff to access the information they need in one safe and secure environment, where there is a legal basis to do so. Data is only ingested into an FDP Tenant following establishment of the legal basis and a specific purpose for usage of that data. Most commonly this is for use in FDP products, for example those which support the management of waiting lists, theatre scheduling, or effective discharge of patients. Data is extracted, cleaned, enriched, and transformed according to the requirements of each use case or product. The FDP program uses the concept of the NHS Canonical Data Model to ensure that data is treated consistently across FDP Tenants, and this enables the development of consistent, reusable products. Prior to ingestion from the source systems to the FDP Tenant, the NHS-Privacy Enhancing Technology (NHS-PET) service registers the flow. NHS-PET is a standalone service located between primary data sources and the FDP-Associated Services (AS) platform, providing a data orchestration and privacy service for FDP-AS data ingress and inter-tenant transfers. The NHS-PET service creates records of the types and uses of data which are used in every instance of NHS FDP. If the data is to be used for secondary uses, not direct care, the NHS-PET service can treat personal data to remove identifiers utilising techniques such as anonymisation, masking, generalisation, and pseudonymisation. Privacy treated data is modelled by FDP-AS and is then made available for specific purposes.

What intellectual property rights NHS England retains over (a) data models, (b) ontologies and (c) analytics solutions produced within the Federated Data Platform.

Within the NHS Federated Data Platform (FDP), the National Health Service retains the Intellectual Property of the solutions it funds or develops, including all associated data models, ontologies, including the NHS Canonical data model, products, and analytical solutions. Under the FDP-Associated Services Agreement between NHS England and Palantir, background Intellectual Property, prior to entering into the agreement, remains the property of the respective party.

Whether he has received recent correspondence from Palantir.

My Rt Hon. Friend, the Secretary of State for Health and Social Care received a letter from Louis Mosley, the Executive Vice President for the United Kingdom and Europe of Palantir Technologies, on 3 March 2025, offering to meet to discuss the roll-out of the NHS Federated Data Platform.

If he will make an assessment of the potential impact of working with commercial suppliers whose senior leadership have expressed overt political affiliations on the reputation of NHS England.

Commercial contracts awarded by the Department, NHS England, or other National Health Service bodies are held with a company rather than individuals.NHS bodies set their own policies on how to award contracts, but they must do so in line with the law, specifically the Public Contracts Regulations 2015 and now the Procurement Act 2023 which came into force in February 2025, and central policy. The Government uses a standard selection questionnaire that requires suppliers to confirm they meet certain standards. Suppliers can be excluded for a variety of reasons, including where they are guilty of grave professional misconduct or where they have shown significant or persistent deficiencies in the performance under a prior public contract. Full guidance on the Procurement Specific Questionnaire, which replaces the standard selection questionnaire under the Public Contract Regulations, can be found on the Government Commercial Function’s Procurement Pathways website.

What steps NHS England is taking to verify that derivative analytical outputs from the NHS Federated Digital Platform cannot be reverse‑engineered to reveal identifiable patient data.

All analytics products created by NHS England, including those developed on the NHS Federated Data Platform, are subject to a full Data Privacy Impact Assessment (DPIA) as part of the design and development process, with further information available at the following link:https://www.england.nhs.uk/long-read/overarching-data-protection-impact-assessment-dpia-for-the-federated-data-platform-fdp/#18-in-which-country-territory-will-personal-data-be-stored-or-processedAll data used by the NHS Federated Data Platform integrates with advanced Privacy Enhancing Technology (PET). This has been procured from a separate supplier to ensure independence and to mitigate any potential conflicts of interest. This technology ensures that data is processed in a secure and privacy-preserving manner.

Whether NHS‑funded analytics solutions created on the Federated Data Platform have been (a) patented and (b) registered by (i) Palantir Technologies and (ii) its subsidiaries.

Within the NHS Federated Data Platform (FDP), where the National Health Service commissions and funds the development of solutions, the intellectual property of these solutions remains with the NHS.Under the FDP-Associated Services Agreement between NHS England and Palantir, background intellectual property, prior to entering into the agreement, remains the property of the respective party.

Whether NHS England has stress‑tested the portability of (a) data schemas, (b) application programming interfaces and (c) dashboards for use on other vendor platforms.

NHS Federated Data Platform products are built using open-source technologies, for instance Python and Spark. End-user products can also be built using open market frameworks, for instance React, interfacing to the platform Application Programming Interfaces. The NHS Federated Data Platform has extensive integration capabilities. The platform has active integrations using alternative visualisation tools, for instance PowerBI. The NHS Federated Data Platform Data Schemas are published to GitHub.

What milestones are included in the Federated Data Platform contract to (a) facilitate orderly off‑boarding and (b) data migration to an alternative provider.

The NHS Federated Data Platform Associated Services (FDP-AS) agreement has a comprehensive Exit Management Schedule which sets out the contract terms for exit, including the requirements on Palantir to support in re-procurement planning, exit, and transition assistance which would facilitate the migration to a future solution/state. Data migration is in the scope of the Exit Management provisions.The terms of the FDP-AS agreement, within the context of the potential total contract duration, sets out the timeframes and periods of assistance that NHS England may utilise to facilitate exit and migration.

What assessment he has made of the potential impact of Palantir's involvement on the NHS model of being free at the point of use.

The provision by Palantir Industries of the NHS Federated Data Platform (FDP) has no impact on National Health Service care being free at the point of use.Palantir is a technology supplier providing the underlying technology that supports the FDP. They do not influence NHS policy, funding models, or decisions about access to care. Their role is limited to delivering technical services under the direction and control of the NHS.

Whether patients who are data controllers under the national data opt‑out can (a) review and (b) challenge how their records are processed within the Federated Data Platform.

The Federated Data Platform fully complies with the National Data Opt-Out policy. Confidential patient information is not used in the national instance, and only in a local instance for the purposes of direct care, and therefore the National Data Opt-Out does not apply. If this changes in the future, because a new product processes confidential patient information for a purpose other than direct care, the process for managing the opt out is laid out in the FDP Information Governance Framework, which can be found at the following link: https://www.england.nhs.uk/long-read/federated-data-platform-information-governance-framework/

What proportion of Federated Data Platform development work is carried out by UK‑based engineers; and whether data processing beyond AWS input processes is off‑shored.

All NHS Federated Data Platform (FDP) development work is carried out by United Kingdom based engineers, therefore there is no offshoring. This is documented in the contract, Information Governance Framework, and Memorandum of Understanding. It is a contractual requirement that personal data stored in the FDP and National Health Service Privacy Enhancing Technology cannot be accessed by its provider’s personnel or contractors based outside the UK. These measures collectively ensure that NHS data remains under UK jurisdiction and that all processing of patient information will be within the UK only. This is a contractual requirement, and one of the key principles of the Federated Data Platform Information Governance Framework. Data cannot be accessed or processed by non-UK Government entities.Information on how data is protected, who can access it, and under what conditions, is available at the following link:https://www.england.nhs.uk/long-read/overarching-data-protection-impact-assessment-dpia-for-the-federated-data-platform-fdp/#18-in-which-country-territory-will-personal-data-be-stored-or-processed

Whether patients will be consulted on changes to purpose‑based access policies during the contract with Palantir.

The National Health Service is committed to maintaining public trust and transparency in the use of patient data and to ensuring that patients and the public are informed and engaged in decisions that affect how their data is used. This aligns with NHS England’s broader commitment to working in partnership with people and communities.The Federated Data Platform uses a Purpose-Based Access Control model. This ensures that access to data is strictly governed by the specific purposes approved by NHS England.Any change to the approved use cases, or new use cases, will require further engagement with patients and stakeholder advisory groups, including the Specialist Information Governance Advisory Group, and approval from the Data Governance Group. This engagement would be prior to, and inform any changes to, purpose-based access policies.