GDS weighs in on the NHS's decision to retreat from Open Source
The Government Digital Service (GDS) has publicly challenged NHS England's decision to close its open source repositories over unverified AI-related security concerns. GDS argues that moving code to private repositories creates a false sense of security and undermines transparency, collaboration, and long-term system integrity. The guidance emphasizes that proper investment in secure-by-design practices is more effective than restricting access to code.
- ▪NHS England closed its open source repositories due to unfounded fears of AI-enabled hacking, sparking internal and external backlash.
- ▪GDS published guidance refuting the NHS's decision, stating that private repositories do not address underlying security weaknesses and can hinder government-wide improvements.
- ▪The guidance warns that closing public code repositories is a 'one-way door' and that mirrored or forked copies may still be accessible to adversaries.
- ▪GDS emphasizes that secure systems require proper resourcing and ownership, not the concealment of code.
- ▪The move highlights tensions between central digital expertise and departmental autonomy in the UK Civil Service.
Opening excerpt (first ~120 words) tap to expand
GDS weighs in on the NHS's decision to retreat from Open Source AI gds government nhs nhsx Open Source · 900 words Within the UK's Civil Service you occasionally hear the expression "being invited to a meeting without biscuits". It implies a rather frosty discussion without any of the polite niceties of a normal meeting0. In general though, even when people have severe disagreements, it is rare for tempers to fray. It is even rarer for those internal disagreements to spill over into public. Which is what makes GDS's latest guidance so surprising. At the start of the month, NHS England made the bizarre and irresponsible decision to close all their Open Source repositories due to unfounded fears of AI hacking1. Lots of people within the NHS were outraged.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Terence Eden’s Blog.
Discussion
0 commentsMore from Terence Eden’s Blog
