An Open Letter Asking NHS England to Keep Its Code Open

The NHS has long championed open‑source software as a cornerstone of its digital transformation, citing transparency, cost‑effectiveness, and rapid community‑driven improvement. By moving to conceal its code, the organization not only contradicts Principle 12 of its Service Standard but also risks alienating a vibrant ecosystem of developers who contribute security patches, feature enhancements, and compliance audits. In sectors where patient safety hinges on software reliability, the collaborative scrutiny that open source provides can be a decisive advantage over proprietary, opaque solutions.

Security experts argue that obscurity is a weak defense against modern cyber threats. Open‑source projects are continuously examined by a global pool of talent, allowing vulnerabilities to be identified and remediated faster than in closed environments where only a limited internal team can respond. The NHS’s cited concern—AI‑driven hacking—paradoxically underscores the need for broader peer review, as adversaries often exploit unpatched flaws that would have been caught earlier in an open development model. Maintaining an open codebase thus acts like an immune system, strengthening the overall attack surface.

Beyond security, the policy shift could stifle innovation across the UK’s health tech landscape. Start‑ups and academic researchers rely on accessible NHS code to build interoperable tools, improve patient outcomes, and reduce duplication of effort. Re‑instating the open‑source mandate would reaffirm the NHS’s role as a catalyst for public‑good technology, encouraging investment, talent retention, and cross‑sector collaboration. The open letter’s growing support signals a broader demand for transparency and collective responsibility in safeguarding national health infrastructure.