Policing and Public Safety Workshop 

18 March 2026

About the Event

This was the second event in an ongoing series. Where the earlier breakfast convened voices at a strategic and policy level, this workshop was designed to engage closer to the operational layer: the IT leaders, programme managers, and procurement professionals responsible for finding and implementing the right technology for frontline end users. Lord Sharpe attended, contributing valuable perspectives on policy and national direction.

The session was conducted under Chatham House Rule. Participants engaged candidly and openly throughout; what follows is a thematic summary of the discussion.

Cloud Gateway and VinDo convene these events with a clear purpose. Cloud Gateway provides the sovereign, secure connectivity infrastructure that UK policing and public sector organisations depend upon, built entirely on UK soil and compliant by design. Vindo brings deep expertise in connecting innovative technology to UK defence and security buyers, navigating the procurement and market realities that determine whether good technology reaches the people who need it. Together, the partnership is positioned to ensure that solutions designed for public safety are grounded in what operators and decision-makers are actually experiencing.

Themes Across the Discussion

Several themes emerged consistently across all five focus areas.

People, process, and culture were identified as more significant barriers to progress than technology in the majority of cases. The tools to address many of these challenges already exist. What is often lacking is the organisational will, leadership direction, and change management capability to adopt and embed them effectively.

The absence of national coordination and strategy was a recurring concern. Without recognised direction at a national level, individual forces make consequential technology decisions in isolation, duplicating effort and creating the fragmentation that makes cross-force collaboration so difficult. This was framed not only as an operational problem but as a failure of strategic leadership.

Governance must enable as well as control. Participants were consistent in arguing that effective governance frameworks should not simply enforce compliance, but should incorporate streamlined workflows, proportionate controls, and prioritisation mechanisms that allow practitioners to operate efficiently within the system.

Procurement complexity was raised as a persistent obstacle. Multiple requirement sets, multiple sign-off chains, and the constraints of existing procurement frameworks all slow the process of bringing good technology into service. There was strong appetite for suppliers to act as trusted advisors across the procurement process, helping forces navigate the full ecosystem of solutions rather than simply presenting a single component. Forces benefit when technology providers work collaboratively and understand the complete procurement and governance landscape their customers must operate within.

Investment in people must accompany investment in technology. Upskilling personnel in cloud technologies, digital evidence handling, and modern forensic tools is critical, but it must be done in a way that does not negatively impact frontline service delivery. Strategic workforce planning, phased implementation, and dedicated training environments are all part of the answer.

Workshop Focus Areas

Discussion was structured around five problem areas, each of which reflects a live challenge in the operational technology landscape for UK policing and public safety.

1. Cloud Migration for Mission-Critical Systems

Digital evidence now plays a role in the overwhelming majority of serious investigations. Forces are managing data at petabyte scale, drawn from CCTV, mobile devices, body-worn video, and cloud storage. Yet cloud adoption remains slow, and the discussion surfaced why.

Cloud migration in a law enforcement context is not a straightforward technical exercise. Legacy systems frequently contain large volumes of unstructured or poorly catalogued data, making migration both time-consuming and risk-laden. Forensic data continues to grow exponentially, placing sustained pressure on capacity planning, cost control, and retrieval performance. Sovereignty concerns add further complexity: sensitive evidential data must remain within national boundaries and be handled in compliance with applicable legislation, which places significant demands on the selection and configuration of cloud providers.

Participants also identified organisational culture as a meaningful barrier. Resistance to change, limited familiarity with cloud-native workflows, and insufficient trust in cloud security models can slow adoption independently of any technical constraint. Poorly governed cloud environments can also introduce unpredictable costs, particularly where high-volume storage and compute-intensive forensic processing are involved.

The case for a coherent national cloud strategy was made strongly. Such a strategy would need to define standards for procurement, architecture, data governance, and security, while aligning stakeholders across multiple agencies. Without it, forces are left to make consequential technology decisions in isolation, with no shared framework to ensure consistency, interoperability, or value for money.

The discussion also addressed the specific security challenges associated with cloud-based case management platforms. Where single sign-on environments require external internet connectivity, enclaved networks can be exposed to unwanted traffic and elevated cyber risk. Participants explored architectural approaches to mitigate this, including tiered models that retain the most sensitive data within a protected enclave while allowing the majority of traffic to operate in a more accessible environment, and private cloud environments designed to operate at Official Sensitive. Existing examples of nationally available capabilities hosted within enclaved private networks were cited as evidence that the architecture is achievable when the governance exists to support it.

The absence of a national cloud strategy was characterised not merely as a technical gap but as a weakness in leadership and direction. The barriers, in many cases, are not technical at all.

2. Cross-Force Data Sharing

The operational consequences of 43 forces operating incompatible systems were made concrete through the experiences shared in the room. Participants described frontline officers needing to use multiple devices simultaneously to access systems belonging to different forces, a manual workaround that is both inefficient and symptomatic of the structural fragmentation that limits effective collaboration.

The technical dimension of this challenge is well understood: inconsistencies in how data is captured, labelled, stored, and validated create friction at every point of collaboration. Without agreed master records or canonical data models defining how key entities such as individuals, devices, and cases should be structured and shared, forces must routinely transform or reconcile data before it can be used. This consumes time and introduces risk. Establishing common schemas, validation rules, and exchange protocols was identified as a prerequisite for systemic interoperability rather than the ad hoc workarounds that currently prevail.

Federated identity was raised as a compelling architectural direction. An Identity-as-a-Service model could enable secure, role-based access to data across organisational boundaries, ensuring that only authorised personnel can access specific datasets while maintaining full auditability. Implementing this requires alignment on identity standards, authentication mechanisms, and trust frameworks between participating forces.

The cultural dimension was equally prominent in the discussion. Tribalism across forces was identified as a significant barrier: some forces are willing early adopters, others follow cautiously, and some make a conscious choice not to align with common approaches. This inconsistency undermines shared capability and makes national coordination difficult. The question of whether technology blueprints should be mandated at a national level was debated, with participants weighing the value of consistency against the operational and political realities of enforcing alignment across autonomous organisations.

Accountability was raised as a fundamental issue. In the current landscape, ownership of the data sharing process is often diffuse, spanning multiple agencies, oversight bodies, and technical providers. Without clear accountability structures and designated decision-making authority, progress stalls. Participants were clear that this is as much a governance problem as a technology one.

The role of industry was discussed in positive terms. Technology providers, cloud platforms, and security firms bring expertise in scalable architectures, identity management, and data standardisation that could accelerate progress significantly. However, this requires a shift toward genuine collaboration, with industry involved in co-designing solutions and contributing to shared standards rather than simply supplying products.

3. Review, Retention and Disposal

Forces are legally required to retain vast volumes of data, including evidence, records, and communications, for extended periods, even where that data is unlikely ever to be accessed again. The compliance burden this creates is substantial, and it is growing. Forensic data in particular continues to expand exponentially, driven by mobile devices, CCTV, IoT sources, and increasingly complex file types including multimedia evidence, AI-generated content, and unstructured data. Existing retention frameworks were not designed with this scale or variety in mind.

Storage itself presents a compounding challenge. On-premise infrastructure struggles to keep pace with volume, creating pressure on capacity planning, cost control, and retrieval performance. Cloud alternatives offer scalability, but introduce their own questions around sovereignty, compliance, and governance. Poorly managed cloud environments can also generate unpredictable expenditure, particularly where high-volume storage is involved. The financial and operational case for a more structured approach to review and disposal is therefore significant, but realising it requires governance frameworks that are currently underdeveloped.

A question that surfaced across several areas of discussion is whether all data must be treated with identical rigour regardless of context. Applying the same standards of retention, validation, and review to every dataset, irrespective of the nature or severity of the case it relates to, can be inefficient and unsustainable at scale. Participants explored whether a more risk-based or tiered approach might be appropriate, applying proportionate controls and retention periods based on the value and risk profile of the data rather than a uniform standard. Such an approach would need to remain legally defensible, but could unlock meaningful efficiencies if designed carefully.

As with other areas discussed, the constraints here are not primarily technological. The tools to support automated review, flagging, and disposal exist in various forms. The more significant barriers are governance, accountability, and the absence of agreed standards. Questions of who owns the retention process, who has the authority to approve disposal, and how decisions are documented and audited remain unanswered in many organisations. Without clear accountability structures, even well-designed systems are difficult to implement and maintain. Investment in technology without corresponding investment in the policies, processes, and people needed to operate it will not deliver the efficiencies the sector needs.

4. Digital Forensics

Digital forensic units are operating under sustained and growing pressure. The volume, variety, and complexity of evidence continues to grow, encompassing phones, computers, cloud accounts, encrypted data, and multimedia files. Manual triage, limited automation, and siloed tooling contribute to backlogs that affect investigation timelines and outcomes for victims.

A theme that ran through the discussion was the tension between information sharing and security. Investigators routinely collaborate with multiple stakeholders, including law enforcement agencies, private organisations, and cloud service providers, which requires the transfer and analysis of sensitive data across different systems and jurisdictions. This introduces significant risks: data may be exposed to unauthorised access, tampered with in transit, or mishandled due to inconsistent security protocols. Cloud environments compound this challenge. Data distributed across virtualised resources that may span multiple geographic locations reduces direct control and makes forensic integrity and chain of custody harder to assure. Addressing this requires not only technical solutions such as encryption, secure access controls, and audit logging, but also clear policies, standardised procedures, and trust between collaborating entities.

Governance was discussed in depth. Strong governance frameworks provide accountability, auditability, and consistency, which are essential when dealing with evidence that may be scrutinised in legal proceedings. However, approval processes and documentation requirements inevitably introduce friction, which can slow investigations and delay outcomes for victims. Participants explored whether a more risk-based or tiered approach to governance might offer a way through this tension, applying proportionate controls based on case severity and risk rather than treating all data with identical rigour regardless of context.

Critically, participants were consistent in their view that technology is rarely the primary constraint. Modern forensic tools, cloud platforms, and data processing capabilities are generally sufficient and in many cases highly advanced. The more significant limiting factors are human and organisational: insufficient time, inadequate training, and limited capacity. Investment in technology without corresponding investment in people and process maturity yields diminishing returns. Addressing backlogs and improving case turnaround times depends far more on workforce capability and operational design than on the introduction of new tools alone. There was a clear call for structured training programmes and protected learning time, delivered in ways that build capability without disrupting frontline service delivery.

5. Legacy System Integration

Legacy systems remain a persistent constraint across policing, underpinning critical workflows while simultaneously limiting agility, interoperability, and scalability. The question of whether and how to migrate them to the cloud is not simply technical; it is strategic.

Participants were clear that moving legacy platforms into the cloud on a like-for-like basis does not inherently resolve underlying problems such as poor data structures, weak integration capability, or outdated security models. Cloud adoption should be understood as an opportunity for transformation rather than replication. This may involve re-architecting applications, standardising data models, and decoupling tightly integrated legacy components into more flexible, service-based designs. The "why" behind any migration must be clearly defined: if the objective is simply to relocate existing problems into a different hosting environment, the value is limited. If it is driven by clear outcomes, such as enabling cross-force data sharing, improving scalability, or supporting advanced analytics, the case becomes considerably stronger.

The tension between tactical decisions and strategic planning was a recurring theme. Immediate operational pressures, including the need to reduce backlogs or maintain system availability, often drive quick migrations or temporary integrations. These decisions may be necessary but can inadvertently entrench legacy problems if they are not aligned with a longer-term vision. A strategic approach would define target architectures, data standards, and operating models that guide incremental change, establishing which legacy systems should be retired, re-platformed, or replaced based on their value and risk profile. Tactical actions should be consciously designed as steps toward a defined end state, rather than isolated fixes. Without this alignment, the risk is a hybrid landscape in which legacy inefficiencies persist within modern infrastructure, undermining the very benefits that cloud adoption was intended to deliver.

What Comes Next

This workshop was the second in a series. A further event is in planning. If you would like to be involved in the next gathering, or to discuss any of the themes raised in this summary, please get in touch with the Cloud Gateway or VinDo teams directly.