US bid for Dutch digital ID infrastructure company raises national security fears

Tensions between Europe and the U.S. under President Donald Trump are spilling over to the digital identity business. The Dutch Parliament has requested that the government halt the sale of Solvinity, one of the companies behind the national digital ID system DigiD, to U.S.-based multinational Kyndryl.

Parliament members argue that the acquisition could open the door to the U.S. to access data from Dutch citizens. Last week, the lower house of the Dutch Parliament held a technical briefing, inviting experts to discuss the risks associated with the deal.

“Trump can shut down our digital government with the single push of a button,” says MP Barbara Kathmann, a member of the labor-green alliance GroenLinks-PvdA.

Cloud infrastructure company Solvinity operates the platform underlying DigiD, a digital identification service used by Dutch citizens to access government services, such as health insurance, pension funds, municipal services and tax. The Amsterdam-headquartered company also provides cloud and data services to government agencies, including the Ministry of Justice and the MijnOverheid portal.

While the lower house of the Parliament, Tweede Kamer, cannot force companies to abandon the acquisition, MPs have suggested several solutions to the issue, NL Times reports.

The government could take measures either by blocking the deal or ensuring that Solvinity is no longer connected to DigiD. The latter could be achieved by making government IT service Logius switch to another supplier for its DigiD services or by allowing the government to hold a “golden share,” giving it veto power over the firm. Solvinity could also be persuaded to reconsider the acquisition.

The deal with IT infrastructure provider Kyndryl was announced in November and is currently going through a national security assessment conducted by the Investment Screening Bureau (Bureau Toetsing Investeringen). The examination will assess the impact of the U.S. Cloud Act, which allows federal law enforcement agencies to compel U.S. technology companies to provide data, regardless of whether the data is stored in the U.S. or abroad.

According to reports, the ministries involved are working with both companies to introduce “mitigating measures.” The agency plans to publish recommendations within several months, which should inform the next steps for the Ministry of Economic Affairs.

“This sounds like a false sense of security,” Henk Vermeer of the Farmer–Citizen Movement (BBB) said, according to Dutch News. “There is an enormous risk for our taxes as well, because we are fully dependent on this system.”

The issue is causing concern not only among lawmakers but also Dutch privacy advocates, legal scholars and technology experts.

Earlier in January, a coalition led by Amsterdam-based Privacy First foundation and investigative journalism platform The Firewall sent a letter to the Investment Screening Bureau requesting more transparency on the case. The letter argues that giving the U.S. access to vital digital infrastructure could increase its vulnerability to “failure, manipulation, or even blackmail.”

The initiative was spearheaded by journalist Eric Smit, co-founder of Follow the Money and The Firewall, who argues that the Dutch government is keeping its citizens in the dark about the deal.

“Our government does not want to offend the Americans because it is afraid of reprisals,” says Smit.

Meanwhile, Dutch media have published an account which claims that an unnamed Dutch investor did put a bid to acquire Solvinity but was narrowly outbid by the U.S.-based firm.

The report was met with criticism from Dutch lawmakers who say that the government should have done more to ensure Solvinity stays in the Netherlands. However, Christian Democratic Appeal (CDA) MP Jantine Zwinkels notes that the government is not the only one at fault.

“With increasing geopolitical tensions, we must reduce dependencies. Then you can also expect the Dutch companies involved to make different choices,” says Zwinkels.

Article Topics

acquisitions  |  DigiD  |  digital government  |  digital ID infrastructure  |  Kyndryl  |  national security  |  Netherlands  |  Solvinity  |  United States