Palantir: A Lesson in Vendor Risk Management

Why we at Kopexa insist on 'Made in Europe' is not a marketing slogan but a risk assessment. Germany's current handling of Palantir is a textbook example of what happens when vendor risk management is replaced by political wishful thinking. An analysis of the 'devastating risks' and why Switzerland reaches a different conclusion than Germany.

The Pact of Immaturity: The Erosion of Digital Sovereignty in the German-Swiss Dissonance of Palantir Procurement

1. The Geography of Risk and the Collapse of Critical Thinking

Europe, in the middle of the third decade of the 21st century, faces a security-political turning point that goes far beyond conventional military threats. It is a crisis of digital infrastructure, a crisis of state capacity to act and, more fundamentally still, a crisis of the rule-of-law understanding of how to handle the resource of information. In no other case does this crisis manifest itself as tangibly, as dramatically and as contradictorily as in the diverging attitudes of two neighbouring states towards the technology of the US company Palantir Technologies: Switzerland and the Federal Republic of Germany.

While the Swiss Confederation, guided by a sober, almost surgically precise risk analysis from the Federal Office of Police (fedpol) and the Armed Forces Staff, pulled the emergency brake and showed the US corporation the door due to "devastating risks", Germany is moving in the opposite direction. Here, there is no braking but acceleration. Germany, driven by an amalgam of technological inferiority complex, the failure of its own IT modernisation projects and political activism, is manoeuvring itself into a dependency with open eyes, a dependency that critics call a "chain of ignorance" and a capitulation to the complexity of modern data processing.

The drama unfolding here is not merely one of public procurement. It is a cautionary tale about the loss of political agency. While Bern defines digital sovereignty as an inviolable asset that cannot be traded for the supposed efficiency of a piece of software, Berlin, and even more aggressively the state capitals Wiesbaden, Dusseldorf and Munich, appears willing to accept constitutional concerns, financial warning signals and technical dependencies as collateral damage of a "security at any cost" policy. The software "Gotham", named after the dark, crime-ridden hometown of Batman, is not seen as a warning in Germany but as a promise, a promise that, as the Swiss analysis suggests, involves a Faustian bargain.

This report dissects the mechanisms of this German special path. It analyses the political back rooms where procurement law was circumvented, the parliamentary debates in which warnings went unheeded, and the legal loopholes that were dug to undermine the jurisprudence of the Federal Constitutional Court. It asks why the risk that is "devastating" for Switzerland is considered "acceptable" for Germany, and what long-term costs, financial, political and societal, arise from this dissonance.

2. The Swiss Signal: An Anatomy of Rejection

2.1. Identifying the "Devastating Risks"

Switzerland's decision against Palantir was not a coincidence but the result of a systematic due diligence review that stands in sharp contrast to German practice in its thoroughness. At the centre was an evaluation by the Armed Forces Staff in December 2024 and analyses by fedpol. The verdict was unambiguous: despite the undisputed analytical capabilities of the software platform "Gotham", the strategic disadvantages massively outweighed them. The term "devastating risks" used in this context does not primarily refer to functional deficiencies but to the geopolitical and data-protection exposure.

The Swiss authorities recognised that integrating proprietary software from a company not only closely intertwined with the US security apparatus but whose founding capital came directly from the CIA investment arm In-Q-Tel constituted a fundamental violation of national data sovereignty. Unlike German decision-makers, who often contented themselves with contractual assurances that data would "remain in their own data centres", the Swiss analysed the legal reality of the US Cloud Act and FISA Section 702. These US laws enable American security agencies to access data from US companies, regardless of where the servers are physically located. For a neutral nation like Switzerland, which regards its independence as its highest strategic asset, the risk that sensitive police data or military information could reach foreign agencies through a "backdoor" or through legal compulsion was unacceptable.

2.2. The "Oil Lamp Business Model" as an Economic Warning

Beyond sovereignty concerns, Switzerland conducted an economic analysis that identified Palantir's business model as a classic "lock-in" trap. Internal reports spoke of the "oil lamp business model": the vendor sells the lamp (the software) at a seemingly attractive price, knowing full well that the customer will henceforth be able to use only the oil (services, updates, adaptations) from that one vendor to keep the light burning.

The Swiss analysts did not need to construct hypothetical scenarios for this; they merely looked across the border to North Rhine-Westphalia (NRW). The cost explosion there in the Palantir project "DAR" (Cross-Database Analysis and Research), where costs rose from an originally estimated 14 million euros to nearly 40 million euros, served as empirical evidence of the unpredictability of follow-on costs. Switzerland recognised that dependence on specialised "Forward Deployed Engineers" from Palantir causes knowledge about the functioning of one's own security architecture to drain out of the agencies and become privatised. If you cannot maintain the system yourself, you do not dictate the price of maintenance either. This economic foresight, which valued long-term risk higher than short-term operational gain, was largely absent from the German assessment.

2.3. Ethical Red Lines: Dragnet Investigations and Reception of the Federal Constitutional Court

Remarkably, Switzerland explicitly cited German case law in justifying its rejection, specifically the ruling of the Federal Constitutional Court (BVerfG) of 16 February 2023. While German interior ministries frantically searched for ways to continue using the software despite the constitutional hurdles after this ruling, the Swiss took the judgment at its word.

They identified the danger of automated dragnet investigations, in which innocent citizens ("non-suspects") could come under investigators' scrutiny through algorithmic correlations, as ethically and legally problematic. The Swiss authorities saw in the functionality of Gotham, the aggregation of enormous data volumes from the most diverse sources to create profiles, an instrument that potentially deeply intrudes on privacy without any concrete initial suspicion. That a neighbouring state takes Germany's constitutional court warnings more seriously than the German executive itself does not lack a certain bitter irony and illustrates the different priorities: here, the protection of civil liberty and state integrity; there, the unconditional will for technological armament.

3. Hesse: The Original Sin and the Genesis of Dependency

3.1. Silicon Valley Safari: The Seduction of Peter Beuth

To understand the "drama" on the German side, one must return to the origin: Hesse, 2016. The then Interior Minister Peter Beuth (CDU) undertook a delegation trip to Silicon Valley. What was declared an information visit turned out, in retrospect, to be the moment of technopolitical infection. Beuth and his entourage were dazzled by the glossy presentations in Palo Alto. Palantir's narratives, the successful hunt for Osama bin Laden, the prevention of terrorist attacks through Big Data, fell on fertile ground with Hessian security politicians, who were still reeling from the Paris and Brussels attacks.

The investigation committee of the Hessian state parliament later unearthed details painting a picture of almost naive fascination. A breakfast meeting between Minister Beuth and Palantir CEO Alex Karp at Hotel Oranien in Wiesbaden, which took place between official procurement processes, became a symbol of the unhealthy proximity between contracting authority and contractor. Critics like Ulrich Wilken (Die Linke) accused the minister of having "elegantly sidestepped the relevant questions" and of having initiated the business relationship beyond regular bureaucratic processes.

3.2. The "Direct Award": Eliminating Competition

The actual scandal in Hesse, however, lay not in the breakfast egg but in the circumvention of procurement law. Instead of putting the acquisition of an analytics platform out to Europe-wide tender, as would have been mandatory given the contract volume, the Hessian Interior Ministry opted for a "direct award" to Palantir. The justification: urgency and unique selling point. It was argued that, given the acute terror threat, there was no time for a tender and that no other company in the world could offer a comparable solution.

Expert witnesses in the investigation committee vehemently contradicted this account. They named companies such as IBM, SAP or SAS as potential alternatives that were never seriously evaluated. The commitment to Palantir was, as the chronology suggests, politically desired and not the result of an objective market comparison. Through this step, Hesse became the "beachhead" for Palantir in Germany. Once installed in the system, the corporation used the reference "Hessian Police" to acquire other federal states and the federal government. The strategy worked: once you have implemented the Palantir architecture, the switching costs become prohibitively high.

3.3. Hessendata: Operational Reality and the Loss of Control

The system introduced, "Hessendata" (based on Palantir Gotham), fundamentally changed police work. It enabled the linking of data from three different source areas: police databases, social media data and other available information. But with its introduction came a creeping loss of control. Reports suggest that the Palantir subsidiary not only delivered the software but was effectively tasked with the operation of the platform.

This is a crucial distinction. When a private company, one with US intelligence background no less, takes over the operational running of the most important police analytics platform, the boundary between state sovereign function and private service blurs. The Hessian state IT provider (Hessische Zentrale fur Datenverarbeitung) was at times barely able to trace what was actually happening on the servers, as the system remained a "black box". The dependency was thus cemented not just financially but operationally.

4. North Rhine-Westphalia: Replicating the Mistake and the Cost Trap

4.1. Learning from Hesse Means Learning to Pay: The Cost Explosion

Following the Hessian model, North Rhine-Westphalia under Interior Minister Herbert Reul (CDU) also decided to deploy Palantir under the project name "DAR" (Cross-Database Analysis and Research). Here too, the pattern of initial euphoria followed by sobering reality repeated itself, particularly in the accounts.

The following table illustrates the discrepancy between political promise and fiscal reality in the context of the Palantir projects:

The cost explosion in NRW by nearly three times is exemplary of the "oil lamp" model. The complexity of integration into the fragmented IT landscape of the NRW police required massive adaptation work that only Palantir itself could perform. Every change request, every new data source rang the till. Critics complain that this cost trap was foreseeable but was ignored to push the project through politically.

4.2. The Case of Amad Ahmad and the Principle of "Garbage In, Garbage Out"

The darkest side of the technologisation of police work in NRW is illustrated by the case of Amad Ahmad. While Palantir was not the direct cause of his death, the case illustrates the deadly dangers of data linkage on which systems like DAR are based. Amad Ahmad, a Syrian refugee, was detained due to a data mix-up (a so-called "name cross-hit"). The police confused him with a wanted criminal from Mali who used a similar name. Ahmad later burned to death in his cell at JVA Kleve prison.

Experts urgently warn in the context of Palantir about the principle of "Garbage In, Garbage Out". Systems like Gotham are designed to find connections. When they are fed with data full of duplicates, spelling errors and outdated entries, which applies to the German police databases (INPOL, ViVA), the system produces errors on an industrial scale. It generates suspicions and connections that do not exist in reality. In the case of Amad Ahmad, such a data error led to deprivation of liberty. With the introduction of Palantir, which automates and accelerates such links, the risk increases that such errors are no longer recognised as isolated incidents but accepted as systemic truth. The software suggests an objectivity that the underlying dirty data does not support.

4.3. Legalising the Illegal: Section 24b PolG NRW

Another act in the NRW drama was the handling of live data. To test and train the DAR system, the NRW police used real personal data from their systems. The State Data Protection Commissioner classified this approach as unlawful, as there was no legal basis for the use of live data for testing purposes. Instead of shutting down the system, the political response was a legislative amendment. With the introduction of Section 24b into the NRW Police Act, a legal basis was retroactively created that explicitly permits the training of AI and IT products with live data. Critics see this as a concerning shift: it is not the technology that must bend to the law, but the law that is tailored to enable the use of the technology. This "legalisation through the back door" undermines trust in the rule of law and signals to citizens that data protection only applies until it gets in the way of the executive.

5. The Bavarian Manoeuvre and the Federal Trap

5.1. VeRA: The Framework Contract as a Trojan Horse

Bavaria chose an even more aggressive approach. With the project "VeRA" (Cross-Procedural Research and Analysis), the Free State concluded a framework contract with Palantir that extends far beyond Bavarian borders. The contract is structured so that the federal government and other states can join without conducting their own procurement processes. This is a brilliant move to circumvent procurement law. The Federal Police and the Federal Criminal Police Office (BKA), which are actually bound by strict federal procurement guidelines, now use the construct of "administrative assistance" and administrative agreements to access the Bavarian licence. Critics, including the Gesellschaft fur Freiheitsrechte (GFF) and the Chaos Computer Club (CCC), call this a deliberate trick to prevent a public debate and transparent competition at the federal level. The argument: "Bavaria has already reviewed and purchased it, we are just joining in."

5.2. Political Pressure on the Federal Government: Faeser in a Bind

At the federal level, a battle rages over "Federal VeRA". The CDU/CSU is putting massive pressure on Interior Minister Nancy Faeser (SPD) to approve the nationwide rollout of the software and make the necessary legislative amendments. In parliamentary motions, the absence of the software is presented as a security risk endangering the police's capacity to act in the fight against clan crime and terrorism. Faeser is under pressure. On one hand, coalition partners such as the Greens (Konstantin von Notz) and parts of the FDP warn of the risks and dependency. On the other, the BKA and Federal Police argue that without the tool they are "blind", as their own IT modernisation projects ("Polizei 2020") are stalling. The absurdity of the situation lies in the fact that the federal government wants to introduce software (via Bavaria) whose use in its current form has been massively restricted by the Federal Constitutional Court.

6. The Constitutional Collision: Karlsruhe vs. Reality

6.1. The Ruling of 16 February 2023: A Turning Point

On 16 February 2023, the Federal Constitutional Court delivered a ruling that should have meant the end of the Palantir dreams. The court declared the legal bases for automated data analysis in Hesse (Section 25a HSOG) and Hamburg unconstitutional. The Karlsruhe judges formulated strict requirements:

1. Purpose limitation: Data may not be indiscriminately used for new purposes (data mining). A hypothetical re-collection of the data must be legally possible.
2. Data separation: It must be technically ensured that data subject to a use prohibition or not relevant to the specific purpose does not flow into the analysis.
3. Intervention threshold: The use of such powerful tools may only occur to protect overridingly important legal interests.

6.2. The Political Response: Disregarding the Spirit

The political response to this ruling was telling. Instead of pausing, the ministries immediately began working on "repair legislation". The aim was not to scale back surveillance but to adapt the legal texts to formally meet the requirements while practice continues unchanged. In Hesse, the HSOG was amended; in NRW and Bavaria, similar adjustments were made. Critics argue that these adjustments are pure cosmetics. Technically, the Palantir Gotham software is barely capable of implementing the fine-grained data separation and purpose limitation the court demands, since it is designed to link everything with everything.

6.3. The Capitulation: Section 91 BKAG

Perhaps the most dramatic act of disregard is the handling of Section 91 BKAG at the federal level. The law stipulated that data in the BKA's systems must be technically labelled to mark their origin and purpose of use, a fundamental prerequisite for the constitutional use of analysis software. Since the federal government's outdated IT systems (INPOL) cannot technically deliver this, the federal government decided not to renew the systems or forgo the analysis software. Instead, the entry into force of the labelling requirement in the law was simply suspended and postponed. This is a declaration of bankruptcy by the rule of law: because the state is technically incompetent ("IT Stone Age"), it suspends constitutionally required protective mechanisms to enable the use of a controversial piece of software. This episode earned the BKA the "Big Brother Award" and illustrates the shift in priorities: technology before constitution.

7. Palantir Technologies: Ideology and Influence

Behind the software stands not just any IT service provider but a company with a clear political agenda. Peter Thiel, co-founder and driving force, is known for his libertarian, democracy-sceptical views and his close ties to Donald Trump. CEO Alex Karp openly positions Palantir as a tool of Western (i.e. American) supremacy. The company sees itself in systemic competition with China and other powers and often regards data protection as a cumbersome obstacle in this struggle. By using this software, German police authorities import not just code but also an ideology. The software was developed in Afghanistan and Iraq to hunt insurgents ("Find, Fix, Finish"). Applying this military logic to civilian police work in Germany, where the presumption of innocence governs threat prevention and criminal prosecution, leads to a dangerous militarisation of internal security. Furthermore, there is the risk that Palantir, through access to German data, trains and refines its algorithms. German police data could thus indirectly contribute to optimising the surveillance technology that Palantir sells worldwide to intelligence agencies and militaries. Germany becomes a test laboratory and data supplier for the US security complex.

8. Conclusion: The Price of Convenience

The comparison between Switzerland and Germany is more than a technical case study; it is a mirror of political sovereignty. Switzerland has recognised that sovereignty in the digital age means being able to say "No". It accepts that forgoing Palantir may be less comfortable in the short term but represents the only way in the long run to retain control over its own security interests and citizens' data. The verdict of "devastating risks" is a testament to realism.

Germany, by contrast, has chosen the path of least resistance. Confronted with its own failure at IT modernisation (the "Polizei 2020" debacle), it reached for the lifeline from Silicon Valley. But the price is high:

1. Loss of digital sovereignty: Germany makes its internal security dependent on a US corporation that acts politically and is legally subject to access by US agencies.
2. Erosion of the rule of law: Laws are tailored to fit, court rulings ignored or creatively interpreted to secure the use of the software.
3. Financial recklessness: Costs explode, and the lock-in effect ensures there is no going back.

The "drama" is real. It is the drama of a state that handed in its technological maturity at the cloakroom of a hotel in Wiesbaden, hoping that a tech billionaire from California would solve its security problems. While Switzerland remains sovereign, Germany becomes a digital colony, and even celebrates this as progress.

Transparency Note: Directory of Data Points and Evidence Used

To substantiate the statements made in this article, we disclose here the central topics and their source base:

• Swiss Rejection: Based on the fedpol analysis on "devastating risks", reported via netzpolitik.org among others.
• Germany vs. Switzerland: Comparison of approaches, the "oil lamp model", references to Amad A. and the BVerfG as well as Section 91 BKAG (source: Police-IT and others).
• NRW Cost Explosion: Data on the DAR project documenting a rise from an originally estimated 14 million euros to approximately 40 million euros.
• Bavaria/Federal Government (VeRA): Information on the "administrative assistance trick" to circumvent procurement law, the political pressure from the CDU/CSU and the situation at the BKA.
• BVerfG Ruling (Feb 2023): The landmark ruling on the unconstitutionality of previous practice and the resulting requirements.
• Legalising the Illegal (NRW): Reference to Section 24b PolG NRW, which legalises the training of AI systems with live data under certain conditions.
• Palantir Background: Background on financing via In-Q-Tel (CIA), Peter Thiel's connection to Donald Trump and the ideological orientation.
• Political Opposition: Summary of criticism from Konstantin von Notz (Greens), the FDP and civil society.