The UK Home Office is bringing the Police National Database (PND) cloud migration in-house after a transformation program faced an additional £26 million in costs and an 18 months delay.
The PND shares information across all police forces, law
enforcement agencies, and regulatory bodies. The crucial system was meant to
shift to the cloud, but the procurement project was delayed by more than a year, as The Register reported.
In a letter to MPs, Home Office Permanent Secretary Gareth Davies said the cloud transition had been based on “delivery assumptions” that had proven incorrect.
Davies said the Home Office had expected 80 percent of the code from the system, which went live
in 2011, could be reused. In fact, only 20 percent was reusable. As a result, it would miss its June 2025 migration target without significant extra time and
funding.
“With the support contract expiring in
March 2026 and no further direct award available, the programme explored
contingency options, but analysis concluded continuation was not value for
money ,” Davies said in the written response to Parliament’s Home Affairs Committee. “The programme decided it would exit the contract, bringing the service
into Home Office control and in-house support.”
The PND was proposed following the 2002 murders of two 10-year-old girls in Soham. The subsequent Bichard Inquiry identified serious weaknesses in police intelligence, including the inability of forces to access potentially important information held outside their own geographic jurisdictions. Those gaps contributed to poor information-sharing about Ian Huntley, who murdered the girls. CGI won the contract in 2009
and the system was launched in April 2011.
Elements of the
current PND transformation program include a transition to cloud-native architecture, improved usability, and the replacement or updating of obsolete Oracle databases and middleware.
A transparency notice
published in 2024 said that since 2016, investment in the system was limited to
“keeping the lights on” because of the introduction of the National Law
Enforcement Data Programme (NLEDP). NLEDP imagined the Police National Computer
(PNC) would be combined with the PND, creating a single system.
“However,
between 2016 and 2020 NLEDP faced some significant challenges that impacted
progression and delivery ,” the notice said. “Upon various reviews of NLEDP the decision was made for a complete reset of the programme, with PND being removed from the scope of work.”
“The PND
transformation is being delivered to address the technological debt in PND
which is causing a failing service.”
According to Davies’ letter, the PND
program was set up in 2021 but did not commence until January 2024. “By May
2025, around £35.1m had been spent before the transformation was paused,” it
said.
Running, sustaining, and maintaining the live service cost about £24 million a year, amounting to £111.5 million since FY2021/22. Total PND spend over FY2021/22 to FY2025/26 was £146.6 million.
Despite the money invested in the program,
the Home Office and CGI were unable to agree a revised plan to move
it forward.
“Both the Home Office and the supplier
worked closely together for many months to understand the depth of the
challenges ,” the letter said.
“We [the Home Office] ultimately put our trust in the supplier’s
expertise and track record in providing and maintaining PND since 23 June 2011.
From July to December 2024, the Home Office held workshops with the supplier to
agree a realistic revised Initial Implementation Plan… The two sides could not come to an agreement,
however, in particular about the contracted scope, time required for testing
and allocation of residual risk.”
The Home Office said it reached a settlement with the supplier but did not disclose the terms.
Davies admitted that the cloud migration
work did not result in any improvements to the PND because the project was
incomplete, although “upgrades have been made to the live system to ensure its
security and stability.”
The Home Office now plans to move the PND from
a CGI site to its datacenter, promising “robust governance drawing on prior
transfer experience.” It promised to mitigate disruption risks resulting from the “age and
complexity of the legacy infrastructure.”
It is promising to make the on-prem system
more secure, stable, and available at a cost of £20.3 million. “These upgrades
are expected to extend service continuity by 5-10 years by tackling technical
debt, improving resilience and capacity, and supporting enhanced analytics and
safeguarding,” the letter said.
“The service remains stable, with
customer-facing availability above 99 percent over the past six months, and the team
proactively monitors servers and responds quickly to issues, including known
legacy software risks. With the control in place with the addition of the
stabilisation plans, the risk of major failure is anticipated to be low.” ®
