This is Paper 13 in the Canadian AI Sovereignty Series. Previous instalments built the five-layer sovereignty-gap framework (Paper 1), mapped Canada’s actual Palantir disclosures and the attrition trap (Paper 4), dissected foreign jurisdictional reach in real time (Paper 10), and exposed the procurement-strategy-policy disconnect (Paper 9). The companion piece on the Cohere-CoreWeave-Palantir Triumvirate showed why swapping domestic logos does not close the gap. This paper applies that architecture to the events of the past 48 hours at CANSEC.
Defence Minister David McGuinty stood before reporters at the CANSEC military industrial conference near the Ottawa airport on Wednesday and described the government’s latest Palantir contract as “a legitimate procurement,” adding that “it’s moving forward.” In the same breath, he said the government “will look at this question of data sovereignty,” and stressed that the Carney government will direct military spending as much as possible toward companies that “build in Canada.”
The two halves of that statement do not cohere (no pun intended). A contract that is moving forward is not a question still to be examined. It is a question already answered. The call-up against an existing supply arrangement is itself the data sovereignty decision, made and executed, in the language of routine purchasing. To say it is moving forward while promising to study its implications is to describe the study as something that will happen after the thing it would study is irreversible.
The contract that prompted the minister’s remarks surfaced in a trove of documents tabled in April, in response to a Conservative MP who asked for a list of federal contracts with AI companies since January 2023. The Canadian military used a “call up” on an existing supply arrangement with Palantir for a “data integration and analytics platform subscription.” As reported by the Star, with comments from me, the contract is worth more than $3.7 million, running from June 2025 to June 2026. When asked about the department’s use of Palantir software, DND representatives were unable to respond and gave no timeline for when they would answer basic questions.
The dollar figure is small by the standard of government purchasing. That is exactly why it deserves attention rather than less. The sovereignty exposure created by a contract has nothing to do with its size and everything to do with what it connects, what jurisdiction the counterparty answers to, and how easily its scope expands once the channel is open. On all three measures, this contract is larger than its price tag.
The contradiction sharpens against what the Prime Minister did on the same stage. Mark Carney became the first sitting Canadian prime minister to address CANSEC, and he used it to announce that Canada has entered negotiations to buy Saab’s GlobalEye airborne early-warning aircraft, a European platform chosen over two American options, at a projected cost above $5 billion. He framed the decision in the language of sovereignty and domestic capacity: at least a third of the fleet built in Canada over fifteen years, thousands of jobs in aerospace and engineering, a new Defence Industrial Strategy and a research bureau, all oriented toward reducing reliance on the United States and directing defence dollars to firms that build here.
So the government is capable of applying a sovereignty test. It applied one to an aircraft, deliberately and publicly, and let it override the American incumbents. The question the Palantir call-up raises is why that same test stops at the airframe. The plane gets weighed for foreign dependency and Canadian content. The data platform that runs analysis on Canadian military information moves through a supply-arrangement call-up with no comparable scrutiny, defended afterward as routine. Sovereignty is treated as a property of hardware you can photograph on a tarmac and not of the analytical layer sitting on top of the country’s most sensitive data.
The Reach Is Already Operating
Before any argument about what could happen through a Palantir contract, there is the matter of what is already happening without one.
In February, the United States Department of Homeland Security issued an administrative summons to Google seeking detailed personal information about an anonymous account holder: his name, address, location data, and credit card and bank account numbers. The target is a Canadian. According to the complaint his lawyers filed in the Northern District of California, he resides in Canada and has not entered the United States since 2015. His posts, critical of the administration’s immigration enforcement, were the apparent trigger. The summons demanded his account records for the period from September 2025 through early February 2026.
The instrument matters as much as the target. An administrative summons does not pass through a court. The agency signs it and sends it directly to the company, which then decides whether to comply, to push back, or to litigate. There is no judge between the request and the data unless the company or the user puts one there. In this case the user learned of the summons from Google, hired counsel, and is now represented by the American Civil Liberties Union in a suit that names the Homeland Security Secretary as defendant. The complaint asks the court not only to invalidate this particular summons but to rule that the government may not use customs enforcement authority to identify and intimidate its critics.
This is not an isolated demand. Bloomberg and The New York Times have reported that Google, Reddit, Discord, and Meta have received hundreds of similar administrative subpoenas since the start of the current US term, a practice that was previously used sparingly and has become routine. The Justice Department has escalated in at least two cases from administrative summonses, which do not signal a criminal investigation, to grand jury subpoenas, which do. In one, prosecutors in Washington pursued a Reddit user’s identity through a grand jury after a federal court in Northern California had already declined to compel the disclosure. The venue shifted from a court that said no to a district and an instrument that are harder to refuse. The posts at issue in these cases were thin. One user’s lawyer said most of their client’s posts simply read as expletive-laden criticism of immigration enforcement. Another described a sarcastic post that contained no trace of a threat.
The relevance to Canada is not analogous. It is direct. The Canadian in the Google case never had to set foot in the United States to come within reach of a US agency. The reach traveled through the platform. His data sat with a US-domiciled company, and a US-domiciled company is where the summons landed. The jurisdictional question was settled by where the data lived, not by where the person did. That is the entire mechanism, and it operates today, against Canadians, with no Palantir contract anywhere in the picture.
What the Palantir contracts add is not a new mechanism. It is the same mechanism, installed deeper, inside the institutions that hold the most sensitive data Canada generates.
What the Software Actually Does
What follows describes the software’s general design and its German deployment, not any claim about how DND or the OPP operate it, deployments that are very likely different from each other and, in both cases, undisclosed.
Palantir’s two principal platforms, Gotham and Foundry, are not databases and not analytics dashboards in the ordinary sense. They are systems for fusing separate data sources into a single linked model of the people, places, and events those sources describe. Understanding the sovereignty stakes requires understanding this design, and it can be described entirely from Palantir’s own documentation.
At the center is what Palantir calls the Ontology. In the company’s own service definition, Gotham transforms structured and unstructured data into objects and properties that represent real concepts, people, organizations, places, documents, and events, along with the relationships that connect them. The Ontology is the model of those objects and their links, and Palantir describes it as fully adaptable to an organization’s needs. Sitting on top of integrated data sources, it connects digital records to their real-world counterparts and, in many deployments, functions as what the company openly calls a digital twin of the organization.
The cross-referencing that worries privacy regulators is not a misuse of this design. It is the design. Palantir’s technical documentation describes a semantic layer that reconciles fragmented concepts, the “user” in one database, the “client” in another, the “individual” in a third, into a single unified Person entity. A kinetic layer then maps raw data onto that model: a customer table with name and identifier columns becomes a set of Person objects, a file of license plates becomes a set of Vehicle objects. The result is a unified object-graph in which records that lived in separate systems, collected for separate purposes, become one connected representation. Gotham, the company states, offers a single point of search across internal and external data sources, and its federation capability lets users promote external records and fuse them with the data already inside the platform. Palantir markets this explicitly to public-sector teams contending with fragmented, siloed data, as a way to connect the dots between datasets.
It helps to be concrete about what “a single linked model of the people, places, and events” actually contains. A comprehensive deployment does not stop at criminal records. It reaches into identity and biographical data, names, dates of birth, addresses, and the identifiers that tie one record to another; financial and credit history; employment and education; vehicle registration and movement, from registration files to license-plate reads; housing and tenancy; immigration and travel; health and social-services contact; communications and social-media activity; and the relational data that links a person to family members, associates, employers, and co-residents. The last category is the one that distinguishes this from an ordinary file. Because the system models relationships as first-class objects, a person who has never been a suspect can be drawn into the graph through someone they live with, work for, or were once recorded beside. Each of these streams may have been collected lawfully, for a narrow and specific purpose, by a different agency. The work the platform does is to dissolve those boundaries, so that the question stops being “what is in this database” and becomes “what can be assembled about this person across all of them at once.”
That is the capability, in the vendor’s own words. The sovereignty issue is therefore not whether Palantir stores a database labelled “Canadian military data” on a server somewhere. It is whether a foreign-domiciled vendor, along with its update path, its support model, and its own legal exposure, acquires a role inside the model through which a Canadian institution understands its own operations. What it does once deployed against a population is documented elsewhere, under conditions far more adversarial than a procurement brochure.
What the Record in Germany Shows
Germany has run the experiment Canada is now entering, and it ran it in open court.
Several German states adopted Gotham for policing, branded in Hesse as “Hessendata.” Civil-liberties organizations, including the Society for Civil Liberties and the Chaos Computer Club, challenged it. Their description of how the system behaves in practice is the most detailed public account available, because it was tested through litigation rather than asserted through marketing.
The platform integrates previously disconnected police databases into one pooled, searchable whole. The Chaos Computer Club’s Constanze Kurz characterized this as a form of dragnet investigation, one that risks sweeping innocent people in alongside suspects and violates the German legal principle of purpose limitation, the rule that data collected for one purpose may not be freely repurposed for another. The reach extends well past suspects. Analysts have documented that Gotham ingests information from victims, complainants, and witnesses, so that a person who reports a burglary or gives testimony in an accident case can find their data cross-referenced and retained, drawn into a surveillance web without consent and with little prospect of removal. Under Bavarian law as challenged, police could use the system without any suspicion of wrongdoing, meaning that filing a complaint or simply being present at a scene was enough to become subject to analysis.
The stated justification did not survive examination. Authorities in Hesse claimed Gotham had helped stop a terror attack in 2018, but investigative reporting found that much of the system’s actual use involved tracking property crime rather than counterterrorism. A tool sold for the gravest threats was being used for ordinary cases. This is the precise shape of scope creep: the justifying purpose sits at the top of the severity scale, the operational use settles toward the bottom, and the gap between them is invisible until someone forces it into daylight.
In Germany, someone could. The Federal Constitutional Court struck down the legal basis that allowed Hessendata-style automated data analysis on the terms then in force, in a case brought on behalf of eleven plaintiffs who argued the software enabled predictive policing by building profiles of potential suspects before any crime occurred. The court did not ban automated analysis outright; it allowed it in principle while requiring clear legal thresholds and safeguards the existing provisions lacked, forcing the state to rewrite the law. Legal scholars testified that this category of data analysis is justifiable only against the most serious threats, the protection of life, and not as a routine investigative tool. Baden-Württemberg postponed its own deployment in the wake of the litigation.
The German story is not a warning about a foreign product behaving badly. The product behaved exactly as documented. The German story is about what made the difference: a constitutional principle, purpose limitation, enforced by a court with the standing and the visibility to strike the system down. Germany could see enough to litigate. That is the variable Canada lacks.
Why the Convergence Matters
Set the three elements beside one another. A US agency can already reach a Canadian’s data because it sits with a US-domiciled platform. Palantir’s software is built to fuse separate data sources into a single linked model of a population, and has been shown in a peer democracy to draw in non-suspects and drift from its stated purpose. And Canadian institutions, federal and provincial, are installing that software through procurement channels designed for speed rather than scrutiny.
The legal instrument that ties the first and third together is the United States CLOUD Act. Passed in 2018, it requires companies based in the United States to hand over data in their possession, custody, or control, regardless of where that data is physically stored. Palantir is a US company. The phrasing of the newly disclosed DND contract may link to a 2023 distribution deal Palantir struck with Carahsoft, another US company within the federal Software Licensing Supply Arrangement, the program built to make it simpler for departments to sign with approved private suppliers. Ottawa began negotiating a CLOUD Act agreement with Washington in 2022. The Carney government has pledged a strategy to establish data sovereignty and keep Canadian control over sensitive online information. That strategy does not yet exist as an enforceable instrument.
So when Palantir software is used to run analysis on Canadian military data, the exposure is not hypothetical and it is not about the size of any single contract. As I said to the Toronto Star, “it is a significant piece of Canadian sovereignty data-exposure, to put it mildly.” The Google case shows the practical reach of US administrative demands against US-domiciled platforms: a customs summons, never reviewed by a court, reaching a person who has not set foot in the United States in a decade. The CLOUD Act supplies a separate statutory route, reaching data in the possession, custody, or control of a covered US provider regardless of where it is stored. The two are different instruments. What they share is the thing that matters here: when the counterparty is a US-domiciled company, the location of the data and the citizenship of the person it describes stop being the controlling facts.
The procurement mechanism is what makes this hard to govern. A supply arrangement pre-qualifies a vendor. A call-up draws against it without fresh competition and without the disclosure a new procurement would invite. The arrangement runs for years; the DND channel is open, and the provincial picture is no clearer. The Ontario Provincial Police have used Gotham since 2015 and later secured a $36.6 million contract, but the province refuses to say how the force deploys the system, citing the protection of investigative techniques, and the responsible ministry has withheld the contract documents under a Financial Administration Act provision that lets law-enforcement spending be authorized without further examination. The capability is documented. The deployment is not. We know what the software is built to do and what it has done elsewhere. What we are not permitted to know is what it does here.
It would be convenient to answer the GlobalEye comparison by pointing to a Canadian software vendor and treating the problem as a procurement preference: choose the domestic name and the exposure resolves. It does not, and the reason matters more than the rhetoric. I have written a fair amount about Cohere, the most prominent Canadian model company, and its strengths sit in corporate and enterprise applications rather than at the frontier. It is not, on the evidence, a competitor to an Opus or a Mythos, or for that matter to what Palantir assembles around its platform. In some ways it embodies a broader pattern in Canadian technology and Canadian business: functional, genuinely useful, and not built to light the world on fire. That is a description, not a dismissal, and the point is not that Canada should buy Cohere instead. It is that swapping a domestic logo onto the contract changes neither the jurisdiction the data answers to nor the absence of an instrument to govern it. The sovereignty gap is not a temporary capability lag that a buy-Canadian instinct closes. Canada has neither a frontier model of its own nor a legal framework for the foreign platforms it relies on, and the strongest domestic name competes on partnerships and integration, not on leading the technology.
That asymmetry is the finding. Germany faced the same software and could see enough to take it to a constitutional court. Canada faces the same software behind a statutory exemption that forecloses even the disclosure that would make scrutiny possible. The expansion of DHS efforts to identify people through their platform data, now reaching Canadians and routine critics on X and Reddit, shows that the reach is real, active, and indifferent to citizenship. The Palantir call-ups show the same jurisdiction moving inside Canadian institutions through the front door of procurement.
“Moving forward” is not a neutral description of process. It is the decision. A government that will choose a European aircraft over an American one to keep control of its own sky has shown it understands sovereignty when the dependency is visible, expensive, and politically legible. The unresolved question is why the same test disappears when the dependency is software, the object is data, and the exposure is routed through a supply-arrangement call-up. Sovereignty is being treated as a property of hardware you can photograph on a tarmac and not of the analytical layer sitting on top of the country’s most sensitive information. Until there is an enforceable instrument between Canadian public institutions and foreign-domiciled analytics platforms, the call-up is the policy.
Jennifer Evans is Principal at Pattern Pulse AI and co-founder of Tech Reset Canada. The Canadian AI Sovereignty series is published via B2BNN, ResearchGate, and Zenodo at PatternPulse.ai. Full series index:https://www.b2bnn.com/2026/05/the-ai-sovereignty-series/