Forget Palantir, Microsoft is the government’s real tech problem
MPs are right to warn about the dangers of the public sector’s use of Palantir, but the bigger story is the vice-like grip Microsoft exerts of government IT systems, says Bill McCluggage
Palantir, the Peter Thiel-founded data analytics firm with its murky intelligence community roots, makes for an irresistible villain. So it’s no surprise that the Science, Innovation and Technology (SIT) Committee’s report, “Rewiring the State,” landed with a bang. MPs warning that its “increasing presence in the UK public sector is an unacceptable point of weakness” is the kind of quote that writes its own headline.
But while we’re all watching Palantir and the risks to all that citizen-centric data, the bigger story is actually hiding in plain sight on every civil servant’s desktop.
Let me be direct. I’ve spent over two decades working on digital transformation in the public sector, including as Director of IT Strategy and Policy in the Cabinet Office between 2009 and 2012. With public sector spend on IT estimated at £21bn and a moratorium on IT projects over £1m under the then coalition government, I watched the Government Digital Service (GDS) take shape under Mike Bracken with genuine optimism. The spend, 15 years on, is estimated to be in the region of £26bn and we’re still publishing reports asking the same questions about the huge sums of money being spent annually on big tech firms. That should give every taxpayer cause for concern.
The committee is right to flag Palantir. The recommendation to exercise the break clause in the NHS Federated Data Platform contract and publish a fully costed exit plan by the end of 2026 is overdue and correct. Quite frankly, the £240m ministry of defence contract awarded without competitive tender is indefensible – not to mention the data access question and the associated privacy implications, which are much more serious than the political debate has so far reflected.
Cross-departmental overreliance on a single US-headquartered company – that includes NHS records, defence data, welfare information and police and justice data to boot – is a huge problem for this government. It creates a consolidated data footprint that sits uncomfortably alongside the legal gateways UK GDPR was specifically designed to enforce. Palantir will point to contractual safeguards but under the US CLOUD Act, American firms can be compelled to hand over data held on foreign soil. The committee is right to demand that government publish its contingency plans, because this is a glaring structural vulnerability.
The issues highlighted by the SIT committee are entirely legitimate – however Palantir is an easy target. Its inclusion in the report has made headlines precisely because it is a relative newcomer: visible and controversial.
Another big tech firm cited in the report – albeit to a much lesser extent – is Microsoft. I would argue that this dependency runs much deeper, such that it has quietly hollowed out government’s ability to make independent technology choices.
Microsoft’s grip on government
The level of entrenchment is stark. The SIT committee report highlights a £10bn annual government cloud spend and names the March 2026 HMRC contract with Amazon Web Services, a sole bidder for a 10-year, £472m deal as a primary example of market failure. Whilst that number should alarm every reader, at least AWS had to win that contract. Microsoft’s dominance in government largely doesn’t require a tender at all.
Microsoft’s position across UK government is wide-reaching, and ultimately something that Palantir can only aspire to. Through a combination of legacy infrastructure dependencies, deeply embedded productivity tools, and licensing structures that make switching prohibitively expensive, Microsoft has effectively made itself invisible as a risk. Nobody raises an eyebrow at another Microsoft renewal, and that is precisely the problem The Competition and Markets Authority (CMA) – and Ofcom before it – has been investigating the issue for years now. After concluding last year that the cloud market wasn’t functioning well because of Microsoft’s cloud and software licensing practices, the CMA recently launched a so-called SMS investigation, referenced in the SIT committee’s report. The findings are unlikely to be flattering, and make no mistake – restrictive licensing terms, egress fees that make it expensive to move data off Microsoft infrastructure and bundling practices that crowd out competitors are the reason the UK government’s stated ambitions around supplier diversification, SME participation, and open-source adoption keep failing to materialise.
The real cost of lock-in
Lock-in to Microsoft’s ecosystem goes far beyond just abstract competition concerns. It is reflected in transformation programmes that failed to deliver on their business case because incumbent vendors ultimately have no incentive to make it work quickly. Lock-in represents a tax on SMEs with genuinely innovative solutions because the cost of integrating with Microsoft’s legacy estate made procurement uneconomic. Crucially, it has impacted the experience of a generation of civil servants who have spent years entirely within a Microsoft-centric environment, limiting their ability to consider that there might be another way forward.
The GDS was supposed to break this cycle, and for a while, it looked like it might. When it sat at the heart of Government, with backing from the Cabinet Office and close access to Number 10 and the Treasury, it had the authority to challenge departments and drive change across Whitehall. But since moving to DSIT, that influence has diminished. DSIT is an important department, but it doesn’t sit at the centre of government in the same way. Departments guard their independence fiercely, and without genuine authority and drive from the centre, coordination quickly becomes optional.
No more warm words
The committee’s recommendations around open-source procurement, mandatory SME spend targets and the proposed cloud consumption dashboard are sensible. However, recommendations alone won’t change the market. The “All of Government” cloud contract must embed pro-competition terms with teeth rather than warm words about engagement with the CMA.
More fundamentally, government needs to stop letting suppliers shape the transformation agenda – as the most successful digital programmes are driven by senior public sector leaders who understand the outcomes they are trying to achieve and harness technology to support them. When that relationship is inverted, technology becomes the objective rather than the tool.
The issues identified by the SIT committee aren’t new, rather they are the sum of many years of procurement decisions, governance, and market structure. Addressing these problems head on will require government to reassert leadership – politically, commercially and institutionally.
If it is unable to do this, there is every reason to believe we’ll be in exactly the same position 15 years from now, rehashing the same debate over another report.
Bill McCluggage is former director of IT strategy & policy at the Cabinet Office