US Takeover of Dutch Cloud ID Provider Blocked by Government

Data Privacy , Data Security , Geo-Specific US Takeover of Dutch Cloud ID Provider Blocked by Government New York-Based Kyndryl Can't Buy Amsterdam-Based Solvinity Group David Meyer • May 26, 2026     Credit Eligible Get Permission Image: Shutterstock The growing push for European technological sovereignty from the United States claimed a significant scalp in the Netherlands, where authorities blocked the American takeover of a crucial secure cloud company. See Also: Live Webinar | Windows 10 End of Support in OT: Practical Strategies for Secure and Resilient Operations Solvinity Group provides the infrastructure platform that underpins the DigiD identity verification system and the associated MijnOverheid portal, which Dutch residents use to access government services. Its proposed sale to Kyndryl - the New York-based IT infrastructure giant spin out of IBM five years ago - was announced in November. But the sale cannot go ahead, Wilhelmina Aerdts, the Dutch state secretary for the digital economy and digital sovereignty, announced on Tuesday following an investigation by the Dutch investment screening authority, the BTI. "The BTI advised me to proceed with a complete prohibition of this acquisition. I have endorsed this advice and have adopted it," Aerdts said in a letter to the Dutch parliament. "Given that I recently received serious indications that the completion of the transaction was imminent, I saw - in order to protect the public interest - no other option but to take this decision at this time." Aerdts said the decision was "country-neutral" and the underlying framework was "aimed exclusively at protecting the public interest and applies equally to all investors, regardless of their country of origin." But the very fact that she emphasized this point speaks to the nature of the decision's context. Particularly since the advent of the second Trump administration and its economic and territorial threats to Europe, the continent has invigorated efforts to reduce dependence on U.S. tech. The European Commission is about to present a Tech Sovereignty Package - albeit after repeated delays that some attribute to trade sensitivities - and some countries are already powering ahead with efforts to promote local alternatives to American IT stalwarts like Microsoft (see: Europe Again Delays Digital Sovereignty Push). One key underlying fear is that of Trump flipping a "kill switch" on essential services in Europe, if he wished to do so. But there is also a far less theoretical threat underlying the block transaction: the Obama-era Cloud Act, which obliges U.S. cloud providers to hand over customer data to law enforcement - which must obtain a warrant - even if that data is held on overseas servers. The Cloud Act has proved controversial despite proponents stressing that law enforcement must obtain a warrant before accessing foreign data. Critics say warrants for electronic data under U.S. law diverge from traditional court orders by allowing police to obtain vast swathes of electronic data and by not including any notice requirement for the person whose data is searched. Once police obtain the data, they can hold onto it indefinitely. The proposed sale sparked legal action by a group of technologists and privacy activists, who in January asked a court to provide a preliminary injunction against the BTI's refusal at the time to provide more public information on the proposed takeover. "Putting part of our vital digital infrastructure in U.S. hands increases the Netherlands' vulnerability to failure, manipulation or even blackmail," the NGO Privacy First, which participated in the coalition, said at the time. The Dutch government in March extended its Solvinity contract for another two years, arguing that a hurried switch to another supplier before the contract's August termination date "would not be safe or responsible," and could put the security and operation of the DigiD system at risk. A trio of Dutch citizens sued shortly afterward, saying it was not in the public interest that the contract be renewed, due to the Kyndryl deal. The Hague district court sided with the government last week, agreeing that it was too late to switch suppliers safely and too early to say "that work with Solvinity cannot be continued in a responsible manner." That ruling is now moot. Reacting to Tuesday's announcement of the takeover's cancellation, Solvinity said it "continues to engage in dialogue with the relevant authorities regarding the considerations made in the context of national security, digital autonomy and the protection of Dutch critical infrastructure." The company scrubbed the November press release about the proposed acquisition from its website. Kyndryl said in an emailed statement that it was "extremely disappointed" by the government's decision. "Since announcing the proposed transaction, Kyndryl has consistently engaged in good faith with relevant stakeholders across the Netherlands' government," the company said. "Despite this engagement and our long history of managing mission-critical operations in the Netherlands, the politicization of this process has overshadowed the clear and important benefits this transaction would have brought to Solvinity's customers and Dutch citizens."