Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what assessment he has made of the potential impact of critical health data infrastructure being operated by companies subject to foreign law on national resilience; and whether the Government plans to develop a policy on digital sovereignty as it applies to NHS data.

The Government takes seriously its responsibility to ensure critical health data is handled lawfully, proportionately, ethically, and in confidence, whether by United Kingdom based companies or those that are subject to foreign law.

Digital sovereignty is ensured through prohibiting overseas processing of critical health data under existing contracts. Access to critical data systems from outside of the UK is not permitted. Critical health data is held in UK data centres and does not leave the UK, with data access subject to UK law, regulations, and best practice.

These measures collectively ensure that National Health Service data remains under UK jurisdiction and that national resilience is not compromised.