Summary: The proposed US takeover of Solvinity, which manages DigiD and MijnOverheid, raises serious concerns about Dutch digital sovereignty, data access, and continuity of critical public services.

A senior Logius privacy official alleges that internal warnings were ignored, Parliament was not fully informed, and mitigation measures cannot fully prevent foreign access or disruption risks.

The core issue is whether the Netherlands has treated DigiD as ordinary outsourced IT when it should be governed as critical national infrastructure.

The DigiD Sovereignty Alarm: When a Digital Identity System Becomes a Geopolitical Risk

by ChatGPT-5.5

The controversy around the proposed American takeover of Solvinity, the Dutch IT provider managing DigiD and MijnOverheid, is not merely a procurement dispute. It is a stress test of how seriously the Netherlands treats digital sovereignty, critical public infrastructure, whistleblower protection, parliamentary oversight, and the limits of outsourcing essential state functions to private companies that may fall under foreign jurisdiction.

At the centre of the controversy is a simple but far-reaching allegation: if Solvinity is acquired by the American company Kyndryl, critical Dutch digital identity infrastructure could become vulnerable to American legal, intelligence, sanctions, and political pressure. DigiD is not an ordinary IT service. It is the authentication layer through which millions of Dutch residents access government services, healthcare portals, pensions, tax information, benefits, and official communications. MijnOverheid, meanwhile, handles vast quantities of sensitive personal correspondence. In practical terms, this means the issue is not only whether data might be accessed, but whether the Netherlands could lose full sovereign control over the availability and integrity of a core public gateway.

The strongest warning comes from Pieter van Oordt, described in the news media as the central privacy officer or senior privacy adviser at Logius, the agency responsible for DigiD and MijnOverheid. According to a Volkskrant report, Van Oordt argues that the proposed takeover threatens Dutch national security because “detailed personal data” of Dutch citizens could come within reach of the United States and because the US could, in extreme circumstances, block access to DigiD. The reported internal Logius security analysis is especially damaging: it allegedly concluded that, given the current architecture, the platform cannot be technically sealed in such a way that the supplier would no longer be able to access personal data or influence availability. That is the core technical allegation. If accurate, it means contractual promises or additional safeguards may not be enough, because the risk is embedded in the architecture and operational dependency itself.

This is what makes the matter structurally important. The concern is not only “privacy” in the narrow GDPR sense. It is a combined privacy, continuity, national security, and democratic accountability problem. The data at issue includes highly sensitive information about family composition, addresses, tax debts, benefits, student finance, vehicle registrations, and other government-held records. But even if no data were ever accessed unlawfully, the mere ability of a foreign-controlled supplier to influence availability would be enough to raise a national security question. A digital identity system is a form of state infrastructure. If citizens cannot log in, they may not be able to access healthcare services, government benefits, tax systems, legal correspondence, pension information, or official decisions affecting their rights.

The alleged US-law exposure has two dimensions. First, there is the data access concern: US authorities could potentially seek data through laws such as the CLOUD Act or FISA, depending on the corporate structure, control, and technical realities. Second, there is the continuity concern: US sanctions or other legal measures could theoretically disrupt services or prevent the company from supporting certain persons, entities, or systems. Several reports draw an analogy to the digital consequences of US sanctions affecting International Criminal Court officials in The Hague. The point is not that the same scenario is certain to happen to DigiD, but that critical public services should not depend on assumptions about permanent geopolitical alignment.

The government response, as described in newspaper Trouw, appears cautious and procedural. A broad parliamentary motion reportedly called for the DigiD contract with Solvinity to be terminated if the American takeover proceeds. Yet the cabinet appears to have chosen to wait for the Bureau Toetsing Investeringen process under the Dutch investment-screening framework, rather than immediately acting on the motion. That decision creates a timing problem. The contract reportedly requires a decision before 6 May to avoid automatic extension for two more years. Trouw reports that the government response would come after the May recess, by which time the deadline would have passed. Politically, this creates the impression that process is being used as a shield against decision-making.

That impression is sharpened by Barbara Kathmann’s reported position. She argues that the risks are already sufficiently grounded and that Parliament does not need to wait for further advice before acting. Her position reflects a deeper democratic question: when elected representatives have expressed overwhelming concern about a core public infrastructure dependency, should the executive be able to delay action by relying on technical review processes, especially if contractual deadlines make delay effectively irreversible?

The allegations then become more explosive because Van Oordt claims he repeatedly raised these concerns internally without securing action. According to the Volkskrant report, he says escalations to the highest civil-service level produced no solution and that he was not granted access to the relevant state secretary. He says he went public because internal channels failed. That changes the story from a procurement-risk controversy into a whistleblower-governance controversy. If a senior privacy official responsible for the system believes that internal warnings were ignored, the question becomes whether the state’s internal risk machinery is capable of surfacing uncomfortable truths before they become public scandals.

Related LinkedIn posts intensify this further. Van Oordt alleges that he was disadvantaged or effectively dismissed because of his stance on digital sovereignty, continuity, and privacy. He claims that a senior Logius official pushed the takeover through, had knowledge of the transaction since March 2025, contributed to texts sent to Parliament, and that Parliament, the state secretary, and the cabinet were misinformed or incompletely informed. These are serious allegations and should be treated as allegations, not established facts. But their seriousness lies in what they imply: not just a bad decision, but a possible failure of candour toward Parliament, suppression of internal dissent, and manipulation of timing around a critical contract deadline.

Techzine reports Van Oordt’s claim that he learned of his dismissal through changes to a Trouw article and that he intended to file a criminal complaint against a senior Logius figure for allegedly misinforming the cabinet and squandering Dutch sovereignty, accessibility, and availability. Again, these claims require independent verification. But even if only part of the account is accurate, the governance failure is already visible: a critical infrastructure decision has become so opaque and contested that a senior internal privacy adviser is crowdfunding legal action and using LinkedIn as an emergency escalation channel. That is not how a mature digital state should resolve risk disputes about national identity infrastructure.

The cabinet’s likely defence is also understandable, though incomplete. It may argue that the Netherlands is bound by procurement law, open-market principles, investment-screening procedures, existing contracts, and the need to avoid irreversible decisions before the BTI process concludes. The Volkskrant article also notes that legal tools to block such takeovers may be limited when viewed through an open-market lens. That is precisely the problem. If the legal framework treats a provider of core digital identity infrastructure as an ordinary market actor until very late in the process, the law may be miscalibrated for the age of geopolitical cloud dependency.

The deeper issue is that digital sovereignty is often treated as a slogan until it collides with a live dependency. Governments say they want strategic autonomy, reduced foreign dependence, and resilient digital infrastructure. But those ambitions become meaningful only when they are translated into hard procurement rules, ownership restrictions, exit rights, technical architecture, auditability, operational redundancy, and enforceable continuity controls. A system as central as DigiD should not depend on last-minute political improvisation after a supplier transaction is already underway.

The case also exposes the limits of “mitigation thinking.” If the architecture gives the supplier meaningful access or operational influence, mitigation may reduce risk but not eliminate it. Encryption, contractual undertakings, access controls, audit logs, Dutch hosting, or governance promises may help. But if operational control, support, escalation, software maintenance, personnel, or parent-company obligations remain subject to foreign influence, the sovereignty issue remains. For critical identity infrastructure, the relevant question is not simply “can we reduce the risk?” but “should this dependency exist at all?”

There is also a public-trust dimension. DigiD works because citizens have little practical choice but to trust it. If the public begins to believe that their national identity gateway is exposed to foreign access, foreign shutdown risk, or politically managed concealment, confidence can deteriorate quickly. NL Times cites a survey suggesting that a large majority of respondents would stop using DigiD if it came under US ownership. Even if such survey results should be treated cautiously, they illustrate a real legitimacy problem: critical public systems require not only technical security, but perceived sovereign legitimacy.

The most coherent reading of the news reports is therefore this: the Netherlands may be confronting a mismatch between the importance of DigiD and the governance model surrounding its management. The system functions as national infrastructure, but the decision-making process appears to treat its supplier relationship as a contract-management and investment-screening issue. Parliament sees a sovereignty risk. A senior privacy official claims the technical architecture cannot be made watertight. The government appears to prefer procedural delay. The public learns about the conflict through newspapers and LinkedIn. That combination is corrosive.

The immediate practical concern is whether the Solvinity contract should be extended, terminated, transferred, or temporarily brought under tighter national control pending a full sovereign-risk review. But the broader lesson is larger. Countries cannot outsource their digital identity infrastructure and then be surprised when ownership, jurisdiction, sanctions, intelligence powers, and geopolitical instability become part of the risk model. Digital sovereignty is not achieved by press statements. It is achieved by designing systems so that no foreign government, foreign parent company, or private supplier can silently gain decisive leverage over a population’s access to the state.

The allegations remain contested and require formal investigation. Van Oordt’s claims about misinformation, retaliation, internal obstruction, and individual responsibility should not be accepted without evidence. But the underlying concerns are plainly serious enough to justify immediate parliamentary scrutiny, publication of a non-sensitive version of the Logius risk analysis, an independent technical assessment of supplier access and availability control, whistleblower-protection review, and a temporary freeze on irreversible contractual steps until Parliament can make an informed decision.

The ultimate question is not whether Kyndryl, Solvinity, Logius, BZK, or any individual actor is acting in bad faith. The question is whether the Dutch state has designed its digital identity infrastructure so that good faith is not the only thing standing between citizens and systemic vulnerability. If the answer is no, the DigiD controversy is not a one-off scandal. It is an early warning that the architecture of the digital state has become more fragile than the political system wants to admit.

Sources and URLs

1. de Volkskrant, “Privacy-adviseur Binnenlandse Zaken: overname van DigiD bedreigt veiligheid van Nederland,” https://www.volkskrant.nl/tech/privacy-adviseur-binnenlandse-zaken-overname-van-digid-bedreigt-veiligheid-van-nederland~b6be96c0/

2. Trouw, “Aangenomen motie over stopzetten contract DigiD-beheerder leidt vooralsnog niet tot haast bij kabinet,” https://www.trouw.nl/politiek/aangenomen-motie-over-stopzetten-contract-digid-beheerder-leidt-vooralsnog-niet-tot-haast-bij-kabinet

3. Trouw, “Kabinet negeert Kamermotie en laat Amerikaanse overname van beheerder DigiD voor nu ongemoeid,” https://www.trouw.nl/politiek/kabinet-negeert-kamermotie-en-laat-amerikaanse-overname-van-beheerder-digid-voor-nu-ongemoeid~b695d8aa/

4. NL Times, “DigiD takeover could give US power to access citizens’ personal data, shut down system,” https://nltimes.nl/2026/04/16/digid-takeover-give-us-power-access-citizens-personal-data-shut-system

5. De Telegraaf, “Ambtenaar die waarschuwde voor overname DigiD: ‘Ik werd neergesabeld’,” https://www.telegraaf.nl/binnenland/ambtenaar-die-waarschuwde-voor-overname-digid-ik-werd-neergesabeld/147538618.html

6. Techzine, “CPO Logius ontslagen via Trouw na rel rond DigiD-beheerder Solvinity,” https://www.techzine.nl/nieuws/privacy-compliance/577495/cpo-logius-ontslagen-via-trouw-na-rel-rond-digid-beheerder-solvinity/

7. Pieter van Oordt LinkedIn post/activity, including posts alleging internal obstruction, dismissal/retaliation, and calls for action regarding DigiD, MijnOverheid, Solvinity, Kyndryl, and Dutch digital sovereignty.