Spain's prime minister's office has told state-controlled companies to stop contracting with the US data and AI firm Palantir, but the most consequential Palantir deal in the country sits outside the new instruction. That gap is where Spain's stated digital sovereignty posture meets its operational reality.
El Confidencial reported on July 1 that Moncloa, the office of Spain's prime minister, has directed SEPI, the state holding company that oversees Spain's strategic industrial participations, to halt future Palantir awards. SEPI-portfolio firms named in the reporting include the telecoms carrier Telefonica, the defense and IT services group Indra, and the military shipbuilder Navantia, all of which handle sensitive state communications, defense, or intelligence workloads.
The cited justification, carried by El Confidencial and restated in English by LBC, is the risk of classified national security information being exposed through a foreign-controlled analytics platform. That language echoes the "digital sovereignty" framing that has been gaining ground across European procurement debates for the past two years.
Some English-language coverage has called the move a "blacklist." Clash Report's original piece uses the term and LBC follows. The underlying reporting describes an administrative instruction to halt future contracting, and the precise scope is not yet nailed down: it is unclear whether the directive reaches only SEPI-portfolio companies or the broader public sector, and it is unclear whether existing Palantir contracts must be unwound or only new awards blocked. As of the July 1 wire, there is no on-record Moncloa or SEPI statement confirming the details.
That uncertainty is the story. Spain's military operates a separate, defense-intelligence Palantir deployment administered through CIFAS, the Armed Forces Intelligence Center (Centro de Inteligencia de las Fuerzas Armadas). Clash Report's reporting describes the defense-intelligence contract as the most consequential Palantir relationship in Spain, and reports that senior military leadership is pressing Defense Minister Margarita Robles to renew it before expiry. Whether the SEPI-portfolio directive extends to, or is enforced against, that contract is the first operational test of whether the Moncloa move is a posture or a procurement policy. The contract's value, scope, and exact renewal date are not in the public source set.
No Palantir corporate response, no SEPI press release, and no EU-level reaction were available as of July 1. For a posture story that is acceptable; for an impact story it is not. The obvious next reporting move is on-record responses from Palantir, SEPI, the Council of Ministers, and at least one of the named SEPI-portfolio firms, plus confirmation of the defense-intelligence contract's value, scope, and timeline.
The European backdrop is no longer hypothetical. On June 16, French Defense Minister Sébastien Lecornu said France's domestic intelligence service DGSI had dropped Palantir in favor of a French provider, giving Madrid a clear sovereign-data precedent and raising the political cost of any backsliding. Hacker News commenters, in a discussion thread that reached 38 points within a day of the Spanish story, have framed the two moves as part of a single pattern. The cases are not identical. Lecornu's announcement was a public, on-record ministerial declaration; the Spanish instruction is administrative guidance reported through anonymous corporate-board sourcing. The direction of travel, however, is the same.
What to watch next: whether Moncloa follows the SEPI-portfolio instruction with a public directive that also covers the defense-intelligence contract, whether Robles signs the renewal, and whether Palantir, Indra, Telefonica, or Navantia break their silence. Spain's "blacklist" is, today, an administrative instruction with three named firms and one big exception. Whether that exception survives the next renewal cycle is what turns a one-day wire event into a European digital-sovereignty data point.