Dutch Parliament Fights to Block US Control Over National Digital Identity System

2026-01-22 data

The Hague, Thursday, 22 January 2026.
The Netherlands faces a digital sovereignty crisis as American tech giant Kyndryl’s acquisition of Solvinity threatens to place DigiD—the nation’s critical digital identity platform used by 18.4 million citizens—under US jurisdiction. Parliamentary members warn that this could give Washington unprecedented access to sensitive Dutch citizen data, with one MP cautioning that ‘Trump could shut down our digital government with one push of a button.’ The acquisition highlights Europe’s dangerous dependence on American tech infrastructure for essential government services, prompting urgent calls for accelerated digital independence measures.

The Deal That Sparked National Security Fears

The controversy began in November 2025 when Kyndryl, a US-based IT services firm spun off from IBM, announced its intention to acquire Solvinity, an Amsterdam-based cloud and managed-services company that provides critical infrastructure for the Dutch government’s digital systems [1][2]. Solvinity operates the platform underlying DigiD, which serves as the authentication gateway for Dutch citizens accessing government services ranging from tax filing to pension checks [3]. The acquisition became public knowledge in late 2025, immediately triggering alarm bells among Dutch privacy advocates, legal scholars, and technology experts who recognized the potential national security implications [2]. Under the Netherlands’ Wet Vifo legislation passed in 2023, the deal requires review by the Bureau Toetsing Investeringen (BTI), the government body responsible for screening investments that could threaten national security [4].

Parliamentary Intervention and Political Pressure

On January 16, 2026, Members of Parliament held a technical briefing to discuss the acquisition’s risks, with the People’s Party for Freedom (VVD) expressing particular concern that the US government could access DigiD data and potentially use it for blackmail purposes [5]. GroenLinks-PvdA MP Kathmann delivered perhaps the most stark warning, stating that a future political conflict could arise where ‘Trump can shut down our digital government with one push of a button’ [5]. The parliamentary response has been swift and decisive, with MPs demanding accelerated action on digital security by March 2026 and pushing to phase out US cloud services across government agencies in the coming years [5]. The incoming Prime Minister Rob Jetten has already announced plans to appoint a dedicated cabinet member responsible for digital security, reflecting the growing political priority placed on protecting Dutch digital sovereignty [5].

Expert Warnings and Digital Sovereignty Concerns

Leading the charge against the acquisition, Professor Reijer Passchier of the Open Universiteit, who specializes in digitalization and the democratic rule of law, has characterized the situation as ‘nothing less than a state of emergency’ [6]. Passchier warns that ‘technology has become a crowbar in a cynical international power game’ that puts Dutch sovereignty and democratic institutions at great risk [6]. Eric Smit, co-founder of Follow the Money and chair of Firewall, has been equally critical, arguing that the Netherlands must not rely on companies that ‘openly support the authoritarian ambitions of their government’ [4]. A coalition of experts and advocacy groups, including Privacy First and The Firewall, sent an urgent letter to the BTI on January 12, 2026, demanding complete transparency about the review process and the right to participate in the assessment [7]. The group warns that transferring the Netherlands’ digital infrastructure to US ownership would increase vulnerability to outages, manipulation, or blackmail [4].

The Broader Context of US Tech Dependence

The Solvinity case exemplifies a broader challenge facing the Netherlands and Europe: dangerous dependence on a small number of large external tech providers for critical services [8]. The Dutch government’s reliance on Microsoft Azure and other US cloud services means the American government potentially has access to that data and could theoretically switch off essential government services [3]. American tech companies including Microsoft, Google, Apple, Cloudflare, and Salesforce have become central to Dutch digital infrastructure, creating multiple pressure points where US legal jurisdiction could override Dutch interests [5]. This dependency stems partly from what critics describe as the Dutch government’s historically neoliberal approach and obsession with privatization, which led to outsourcing critical digital functions rather than maintaining sovereign control [3]. The timing is particularly sensitive given Donald Trump’s anti-European security strategy presented in December 2025, which has heightened concerns about US intentions toward European allies [4]. While the government organization Logius maintains that ‘DigiD is and will remain Dutch,’ critics argue that foreign ownership of essential suppliers creates unavoidable pressure points regarding maintenance, staffing, incident response, and long-term technical roadmaps [8].

Bronnen

digital sovereignty data protection