On 26 May 2026, the Dutch government did something no European country has done before. State Secretary Zsolt Szabó Aerdts formally blocked Kyndryl, the IBM spinoff, from acquiring Solvinity, the Dutch hosting company that runs DigiD.
DigiD is the digital identity system used by millions of Dutch residents to access tax, healthcare, pension, and government services. It is, for all practical purposes, the front door to the Dutch state.
The deal was worth roughly 100 million euros. It had already cleared competition review by the ACM in February. And the government killed it anyway.
What Actually Happened
Kyndryl announced the acquisition in November 2025. The Dutch Investment Screening Bureau (BTI), which monitors mergers and acquisitions under the Insufficient Controls of Telecommunications Act, reviewed the deal and concluded it posed a risk to the public interest.
This is the first time the BTI has ever blocked an acquisition. That alone should tell you how seriously the Dutch are taking this.
The stated concern is straightforward: the US CLOUD Act. Passed in 2018, it gives American law enforcement and intelligence agencies the authority to compel US-headquartered companies to hand over data stored anywhere in the world. If Kyndryl owned Solvinity, the Dutch government’s identity data would theoretically fall within reach of US authorities, regardless of where it was physically stored.
Why This Matters Beyond the Netherlands
This is not an isolated regulatory quirk. It is a precedent.
Every European government runs critical digital services. Tax systems, healthcare records, identity platforms, benefits administration. Most of those systems sit on infrastructure provided by companies headquartered in the US, or increasingly, acquired by US firms.
The CLOUD Act creates a legal conflict that no amount of contractual language can resolve. EU data protection law says one thing. US law says another. When the company hosting your national identity database is headquartered in a jurisdiction that can compel disclosure, you have a structural problem that no SLA covers.
The Dutch government just drew a line. The question is whether other governments will follow.
The Broader Pattern
This decision sits alongside a string of European moves toward digital sovereignty:
- France announced in January 2026 that 2.5 million civil servants will stop using Microsoft Teams and Zoom by 2027, switching to sovereign alternatives.
- Germany’s Schleswig-Holstein has migrated 30,000 workstations away from Microsoft, with the email migration alone covering 40,000 accounts and over 100 million emails.
- The European Commission awarded a 180 million euro sovereign cloud contract to four European providers in April 2026.
What connects all of these? The same underlying concern. Jurisdictional control. When your infrastructure provider answers to a different government’s legal system, you do not fully control your own data. Full stop.
What This Means for IT Professionals
If you work in IT, particularly in infrastructure, cloud, or security, this trend should be on your radar. Not because it is political, but because it is practical.
Procurement decisions are changing. Governments across Europe are evaluating vendors not just on capability and price, but on jurisdiction. “Where is this company headquartered?” and “Which legal framework governs data access?” are becoming standard questions in tender documents.
That means demand for professionals who understand sovereign infrastructure, self-hosted identity systems, on-premise alternatives to cloud-dependent platforms, and the architecture decisions that keep data within jurisdictional boundaries.
These are not niche skills. They are becoming core competencies.
Try It Yourself
The tools governments are evaluating for sovereign infrastructure are the same tools you can learn on a Raspberry Pi or a spare machine at home. Identity management, credential storage, secure authentication, all of it runs on open-source software you can deploy this weekend.
- Digital Sovereignty: Self-Hosting for Cloud Professionals covers the full picture of why this matters and where to start.
- Vaultwarden with Docker walks through deploying a self-hosted password and credential manager, the same kind of sovereign credential infrastructure governments are moving toward.
- Why Self-Host in 2026? lays out the risk assessment framework that makes sense of decisions like the Dutch blocking this deal.
The skills you build in a homelab today are the skills governments will be hiring for tomorrow. The Netherlands just made that very clear.
Sources: NL Times, TechCrunch, Techzine
ReadTheManual is run, written and curated by Eric Lonsdale.
Eric has over 20 years of professional experience in IT infrastructure, cloud architecture, and cybersecurity, but started with PCs long before that.
He built his first machine from parts bought off tables at the local college campus, hoping they worked. He learned on BBC Micros and Atari units in the early 90s, and has built almost every PC he’s used between 1995 and now.
From helpdesk to infrastructure architect, Eric has worked across enterprise datacentres, Azure environments, and security operations. He’s managed teams, trained engineers, and spent two decades solving the problems this site teaches you to solve.
ReadTheManual exists because Eric believes the best way to learn IT is to build things, break things, and actually read the manual. Every guide on this site runs on infrastructure he owns and maintains.
Enjoyed this guide?
New articles on Linux, homelab, cloud, and automation every 2 days. No spam, unsubscribe anytime.