lets be frank, these are changes caused by the downgrading of the American administration to a subscription services behind a paywall that requires DLC, root based encryption bypasses and a Clippy popup that instead of trying to be helpful is indistinguishable from a mafia racket.

I wish more news outlets actually stated so - Kyndryl was formerly IBM, has 73.000 employees worldwide. When this news first broke, nobody had ever heard of it so it sounded like some small random hosting company, but it's huge.

It is a bit more complex tham that.

Logius is the company that actually owns and manages the DigiD stack, it's just that they hired Solvinity for their expertise. AFAIK Solvinity can't access the data.

I can't find it right now, but on Tweakers there was a long comment by someone on the inside that explained Logius basically had almost no know-how of how the current stack works, and there's lots of bespoke stuff. Basically classic vendor lock-in. The government (rather, Logius) now really wants to transition away from Solvinity, but that will likely be a 5+ year process.

I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized. Would lead to a much better product. A man can dream :)

> A couple of weeks ago, the entire parliament (with only a single party dissenting) voted for a motion to end the contract with Solvinity, but the government extended it anyway, leaving blocking the takeover as the only option,

Given what we know now, this seems perfectly logical. It's just that we don't know what else is going on behind the scenes.

I'm sure there was some negotiations on how to keep the data separate or something, with the threat of blocking it altogether as a final solution.

But agreed, this is a good outcome

>> Finally!

You are behind the curve. You read here first. Lets revisit this comment in 2 years...

This will be overturned by both Dutch and European courts after the company appeals, and specially after Mark Rutte Daddy calls. The only purpose of this action is for the Dutch government to save face, and its for internal consumption. They already have the internal legal advice stating this, hidden away in some closet. But then they will say: You see, we wanted to do it but a court blocked us.

>>Of course there's still plenty of sensitive data in the hands of Microsoft, Amazon and other US companies.

The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....

"Microsoft Accused Of Sharing Dutch Officials’ Data with U.S. Government" - https://www.yahoo.com/news/politics/articles/microsoft-accus...

This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft :-)

So is nothing more than another Polder hypocritical take, by the Dutch government.

How can you be sure that Solvinity can't access the data if Logius doesn't know how the current stack works? 5+ years to migrate sounds really bad.

Apologies in advance for wasting anyone's time with a light hearted tangent. But as I scrolled past your comment I read:

> If it's such a vital piece of infrastructure, why is it in Dutch hands at all?

It was the funniest thing I have misread in a while.

because privatisation

> AFAIK Solvinity can't access the data.

Solvinity is the hoster. It can fully access the stack.

Estonia's tech was cool maybe 20 years ago. From what I understand it's a bit too hard on fetishization of PKI and Ukraine goes too hard on apps. Netherlands actually gets it really well with DigId that is doing bare minimum needed to actually perform eidas stuff without getting into the woods with legally blessed asn1 schemas and oid [0].

I'm not sure what bespoke stuff they invented to get their sweet vendor lock in eurobucks, but the whole thing is nothing more than an OAuth provider for 19 million people. I guess NFC integration in the app that reads physical ids is on a fancier side, but I suspect on that side it's vendor locked by card vendor and their SDK.

[0] https://zakon.rada.gov.ua/laws/show/z1398-12#Text

The German eID stack does also work well, just as the Austrian one does.

Tbh I like the German one even better because you need your physical Identity Card and can use your phone as the reader

Logius is actually not a company but a part of the dutch (national) goverment.

> I'm sure there was some negotiations

which i'm sure the current administration would honour

There should be grave consequences alone for the fact that the goverment acted against the parliament

Nobody gets fired from hiring Kyndryl.

30k requests and hour? A 5 euro VPS can handle this easily.

DigiD itself is government-owned, but its infrastructure is managed by Solvinity (a private company). Not really different from the US gov running half its stack on AWS.

Because too few IT capable people are willing to work under the government's pay scales; in most cases going private / corporate earns more. So most Dutch IT projects end up with private companies, which also means that, in the case of DigID and the secure / official messaging platform, the hosting party can charge exorbitant rates. Did you know it costs 25 cents to send a message via the Berichtenbox? So when the government does its annual "it's time to fill in your taxes" message, they have to pay millions. Assuming they don't get a bulk deal, anyway.

The issue was less privacy concerns, and more "hey lets not hand over one of the most critical pieces of infrastructure to a potentially hostile state". DigID is the user authentication platform for basically every government site in The Netherlands. A foreign government could use sanctions to pressure Dutch individuals to comply by limiting access to it.

> (hopefully, presumably, with your government acting as the gatekeeper)

Exactly, that gatekeeper role is what's the difference here. Do you give all data to another country and ask them for pieces back as needed (whenever someone wants to use DigiD, the country can block it), or do you host it yourself and only share the parts that are relevant for this other country's investigations?

> if Netherland has some information-sharing agreements with … Fourteen Eyes

Probably a safe assumption, since the Netherlands is a member of the Fourteen Eyes

It's not about privacy, it's about control.

Solvinity = Solvent Divinity

Oh, and if you out-source it, then I do not thing you should have a say in whom the contract. Either keep it in house, or out-source.

They contracted the market and now they want to control it as if it's in house.

As per the Dutch language saying: "Trust comes on foot, but leaves on horseback."

Trust breakdowns are costly, except to the vultures "winning" the negative-sum game. Might want to read about the fall of the Warsaw pact.

> They will argue that the decision was politicized,

It’s not ‘politicized’, it’s the gateway to all Dutch government services and as such it is inherently political.

> insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks...

There are no legal safeguards against the CLOUD act. There can be no technical or legal safeguards as long as the physical hardware is owned by a US company.

>The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....

There is a broad digital strategy to migrate off from American infra. Will take 10 years, but this stuff has inertia once it starts moving.

In 2 years the contract is up for renegotiation to a different entity (and there's now plenty of political pressure to go with a different one), so I don't think it's a problem by then.

Tying the process up in the courts for that period is also a political victory, since by the time it'd be resolved, Solvinity wouldn't have the contract anymore anyways.

It's not only about the data, it's about the risk that the US would basically turn off things like tax collection and doctors' visits in the Netherlands as part of (say) a first strike on Greenland.

Sure, the chance is low. But in the current climate people are nervous and it's best not to risk it. The current government has already embarked on a long-term strategy to bring more of critical software infrastructure back in-country, selling the core identity provider software abroad would go directly against current policy.

We're terrible at company and brand naming here in Europe. Just look at the "Wero" payment solution (formerly/currently iDeal). Like, who the hell came up with that stupid name?

The list of stupid European company names and product names are endless.

> Solvinity is a pretty terrible company name.

I find it okay'ish. At least it's unique. Say, as much as I like Mario Zechner (who doesn't like HNers anymore for whatever reason), naming your product "Pi" is just terribly bad.

Facebook was a good name (hate the company but the name was good). But "Meta" is just dumbfucktarded.

Wait... I've got an idea: I'm going to make a product and name it "Alt". Or "Control".

Really: there are a lot of totally unhelpful name that just confuses everybody, including search engines, humans, and LLMs but I don't think "Solvinity" is that bad.

maybe how much money you are willing to spend isn't a perfect measure of how important something is?

By that we mean, send a whitehouse crony over to throw a temper tantrum on Dutch soil.

Are you serious? You did notice that there was even a EU digital sovereignty summit recently?

> This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft

How would that argument support a sale to the US? It sounds like the perfect argument against it. Those technical/legal safeguards clearly didn't work for Microsoft either.

> Mark Rutte Daddy calls

Mark Rutte, the chief of NATO and ex-PM, that has nothing to do with civilian tech? Can we please leave unfounded conspiracy theories to Reddit?

I agree, the Dutch iDeal was probably the better name. However I'm not sure if this is an uniquely European problem. Wero's counterpart 'Zelle' doesn't seem to be that much better of a name.

Only English-sounding names are cool. The terminal state of cultural domination.

Why do you feel that Wero is a stupid name?

It's called Wero, because it means we and euro in all of the official EU languages.

Something something, a free ticket to Den Haag

I didn’t notice. But regardless, a summit doesn't dictate or reflect the desires and opinions of 27 member states and its 450 million citizens and more importantly its companies and business to want to switch to European alternatives.

To give you an example, if India or China or Africa holds a summit on climate change, it doesn’t mean that its citizens want that or even care about it.

Anyway, the idea that such a big geography should move away from the best software factory of the world because it has some political agenda with its current leader is both impossible and overall quite childish and will never come to fruition.

It's even more complicated: the datacenter and the servers are owned and operated by the government, and the DigiD app itself is owned and operated by government-owned Logius.

From what I have been able to deduce, Solvinity is contracted for some kind of sysadmin services - so basically Kubernetes babysitting?

Maybe better, but less useful. I don't carry my Identity Card at all, unless I cross the border within EU where it is used. All other functions I have in our country app. To which I can log in using physical card, but I have other options that are online.

In that case we can indeed safely assume they have no technical knowledge.

There was that chip company that was almost nationalized by the Dutch government few months ago when their Chinese owners started making funny noises.

All governments are "doing something". It just isn't at all effective and mostly because they're unwilling to invest even marginal amounts.

Like in this case. The technology here utterly depends on Google Play Services on Android or App Attest on Apple (or "secure enclave"), and that is in fact essentially the only functionality.

This could have been solved instead switching to a standard (switching to OATH, RFC 4226 and RFC 6238), thus killing the dependency on Google/Apple while still allowing those devices to work smoothly, but also allowing a Linux implementation, allowing anyone . Plenty of European companies provide implementations for this, some with and some without the dependency on Google/Apple attestation.

Why would the risk be low?

Trump also already sanctioned Justices from the ICC based in Netherlands because he didn't like them.

He's clearly not the guy with impulse control

I've always found Whatsapp a terrible name, but its so established now that 'apping' is understood. If you're big enough it seems that a bad name hardly hold you back.

It is just about the only measure. People who claim something is extremely important and then will not take any action or spend any money - they're dishonest people.

Let's see if the Dutch are men of their words. I expect the government to offer to buy this company, or an offering being made for the Dutch investing public to get shares.

Can you elaborate on what you find problematic about the Estonian ID stack?

It's a state owned enterprise as far as I remember. So technically they don't wear civil service uniforms in the office, but still get the usual government office hours.

> which i'm sure the current administration would honour

It would've been the same administration as the one doing the negotiations, so I would assume yes.

> There should be grave consequences alone for the fact that the goverment acted against the parliament

In general I think there's a pretty good understanding between the legislative branch and the executive branch. The Netherlands has always had coalitions. Also, every single government will talk to the other parties.

I'm not sure what country you're referring to but the Netherlands has a properly functioning democracy. The only problem it has is splintering into too many small factions making coalitions super hard

I'm not talking about some abstract sense of "did the government do anything at all today", I am saying "good on the government for doing something in this specific case instead of doing nothing and letting it be sold", which was a possible outcome, and in fact the default outcome of the vast, vast majority of acquisitions is that the government does nothing to intervene.

Could they do something better, sure. I am still glad to see they did something at all.

Uhm, no, DigiD works without Play Services:

https://www.logius.nl/actueel/qr-code-scanner-digid-app-werk...

(Also works fine on my GrapheneOS phone with only basic integrity, also worked on microG when I tested.)

Sanctioning people is basically risk-free and more importantly dollar-free. Fighting wars is extremely not-free, as Trump is currently discovering in Iran. I personally rate the risk of the US actually invading Greenland as not higher than about 10%, with the matter most likely being resolved by the US administration re-discovering that the US is allowed to establish a base on the country, doing so and then announcing with big fanfare that they solved the terrible terrible problem of Greenland being "the most unsafe".

Still though, that is about 10 percentage points higher than before Trump took office. Better not to hand him too many tools to exert leverage with.

Reminds me of the old joke:

After Bill and Melinda Gates have their honeymoon, Melinda says, "Now I know why you call it Microsoft."

I can sign in to DigID without using my phone, except sometimes with an SMS verification code. (Of course they want to, and should, phase that out. Hopefully that won't be replaced by app store dependence.)

"To whatsapp" is a common verb, but I have never heard anyone say "apping".

Where do you live where "apping" is understood?

Is water less important to the poor person dying of thirst than to the rich guy watering his lawn?

[1]- NATO Secretary General responsibilities:

"...Above and beyond the role of chair, the Secretary General has the authority to propose items for discussion and use their good offices in case of disputes between member states....

...In order to facilitate this process, the Secretary General maintains direct contact with Heads of State and Government, and Foreign and Defence Ministers in NATO and partner countries...."

[1] - https://www.nato.int/en/about-us/organization/nato-structure...

And Mark Rutte has been shaping the domestic fiscal debate inside the Netherlands [2]: "...Mark Rutte said the Netherlands must significantly boost defence spending and pointed to Dutch spending on pensions, healthcare and social security, saying only a small fraction of those allocations would strengthen defence..."

[2] - https://nltimes.nl/2024/12/03/nato-leader-rutte-netherlands-...

And on conspiracy theories - Do you trust the Financieele Dagblad?

https://nltimes.nl/2025/11/20/asml-offered-spy-us-breaking-e...

Does that sound outlandish to you? It doesn't to me...

It's probably something he would use as 'change' to resolve something unrelated with NATO. Then he can sell how well he's keeping NATO together

Fine. Not really different from most governments relying on private suppliers to manage their infrastructure.

Apeldoorn is actually a very nice place, surrounded by nature.

That doesn't sound bad at all. At least for me as a German that would be a salary that you wouldn't get at every random company.

Maybe the Netherlands are different (country can vary a lot with what is included in a salary) ?

> This

I don't think it's changing after this administration.

True. But the reaction also depends on how much money the leverage is worth and how much Solvinity has to offer here.

There are certainly countries that have it worse, but Netherland has some weird political games being played sometimes.

The default will likely be the app, but if you have an NFC reader you should be able to use your passport or ID to authenticate as well.

The app has the benefit of being free, getting a working reader costs 60-90 euros last time I checked and Linux driver support isn't great.

What alternative is there, today, that would allow securely doing this without an app store dependency?

Only a few EU countries have rolled out NFC-based eID functionality (as only physical ICAO-based ID verification via NFC is a mandatory part of the EU ID card standard); those are the only ones with a viable path forward in the short term.

Can confirm that it's an extremely common verb in The Netherlands.

https://onzetaal.nl/taalloket/appen-whatsappen-vervoeging

Heard it many times in the Netherlands.

> unfounded conspiracy theories

Their sentiment is that Trump intervenes by whining to Mark Rutte, who seems to be the only European Trump is actually willing to listen to, at the expense of course of giving up all his dignity in calling Trump, literally, Daddy [1].

And I would not put it past Trump to do that... I mean, that's what he already did regarding Tiktok.

With Trump nothing is impossible any more, especially if he or someone in his circle stands to make or lose money. And that's the greatest danger in the US turning into a full blown banana republic.

[1] https://www.politico.com/news/2025/06/25/nato-chief-calls-tr...

Most people managing stuff running in a datacenter don't live near that datacenter, it really doesn't matter where it's located. Also, the Netherlands is so tiny that crossing half of the country would still fall under "reasonable commute" in many places

All the more reason to block vital stuff going to the US. They cannot be trusted anymore.

The Dutch civil service wears a uniform?

The question is rather: Why would a person complain about dying of thirst, but refuse to go to the river to drink, and also refuse to pay for a glass of water. That makes me believe he is dishonest when he's saying he is thirsty.

Or are we pretending that the Dutch people don't have any money between them to make an offer on this company?

So what do you expect the outcome to be if Trump complains to Rutte, who will then do... what exactly? Ask the current PM to do him a favor because of "reasons"? An overwhelming majority of people in the Netherlands oppose selling this company to the US, an overwhelming majority of political parties voted to block the sale and now the secretary of state in charge of this particular department indeed blocked it.

It seems to me that there is no way that Trump could overturn this decision via Rutte that Trump couldn't accomplish on his own by just threatening the Netherlands directly.

Maybe that’s a reasonable commute to the US mind who isn’t used to work/life balance and likes spending unpaid hours in their car losing precious time with their family.

For me, a reasonable commute is a 10 minute bike ride to the office.

True, but the question is if it isn't smarter to wait for the midterms in November where it currently looks like it's going to be a disaster for Trump and the Republicans.

blue jeans with an embroidered logo and 3 liters of hair gel.

No

We're just establishing that what one can pay is in fact not the only measure, disproving your universal assertion by counterexample.

Regarding the specific case, they probably have the money. But they don't need it. Such is the beauty of regulatory power, vested in a democracy.

Except for the military.

I once interviewed for a job at what I think was a civil service branch that developed software for the military. But they were out of budget for this, while the military did have budget, so if I was hired, I'd have to wear a military uniform to the office. A very stylish one, they claimed.