Comment by mcv
4 hours ago
Finally!
The entire country has been clamouring for this for weeks, and the government has been completely silent about it. A couple of weeks ago, the entire parliament (with only a single party dissenting) voted for a motion to end the contract with Solvinity, but the government extended it anyway, leaving blocking the takeover as the only option, and there wasn't a lot of confidence that the government would do that.
The whole reason for this is that Solvinity host DigiD, the Dutch e-ID system that handles authentication to all government and many other sensitive systems (healthcare). With the US law that the US government should be able to get access to any data held by a US company, regardless of where it's hosted, this system clearly should be kept out of American hands.
Of course there's still plenty of sensitive data in the hands of Microsoft, Amazon and other US companies. No idea when they're going to do something about that.
It is a bit more complex tham that.
Logius is the company that actually owns and manages the DigiD stack, it's just that they hired Solvinity for their expertise. AFAIK Solvinity can't access the data.
I can't find it right now, but on Tweakers there was a long comment by someone on the inside that explained Logius basically had almost no know-how of how the current stack works, and there's lots of bespoke stuff. Basically classic vendor lock-in. The government (rather, Logius) now really wants to transition away from Solvinity, but that will likely be a 5+ year process.
I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized. Would lead to a much better product. A man can dream :)
> AFAIK Solvinity can't access the data.
Solvinity is the hoster. It can fully access the stack.
It's even more complicated: the datacenter and the servers are owned and operated by the government, and the DigiD app itself is owned and operated by government-owned Logius.
From what I have been able to deduce, Solvinity is contracted for some kind of sysadmin services - so basically Kubernetes babysitting?
How can you be sure that Solvinity can't access the data if Logius doesn't know how the current stack works? 5+ years to migrate sounds really bad.
Estonia's tech was cool maybe 20 years ago. From what I understand it's a bit too hard on fetishization of PKI and Ukraine goes too hard on apps. Netherlands actually gets it really well with DigId that is doing bare minimum needed to actually perform eidas stuff without getting into the woods with legally blessed asn1 schemas and oid [0].
I'm not sure what bespoke stuff they invented to get their sweet vendor lock in eurobucks, but the whole thing is nothing more than an OAuth provider for 19 million people. I guess NFC integration in the app that reads physical ids is on a fancier side, but I suspect on that side it's vendor locked by card vendor and their SDK.
[0] https://zakon.rada.gov.ua/laws/show/z1398-12#Text
Can you elaborate on what you find problematic about the Estonian ID stack?
1 reply →
The German eID stack does also work well, just as the Austrian one does.
Tbh I like the German one even better because you need your physical Identity Card and can use your phone as the reader
Maybe better, but less useful. I don't carry my Identity Card at all, unless I cross the border within EU where it is used. All other functions I have in our country app. To which I can log in using physical card, but I have other options that are online.
Logius is actually not a company but a part of the dutch (national) goverment.
It's a state owned enterprise as far as I remember. So technically they don't wear civil service uniforms in the office, but still get the usual government office hours.
5 replies →
In that case we can indeed safely assume they have no technical knowledge.
> A couple of weeks ago, the entire parliament (with only a single party dissenting) voted for a motion to end the contract with Solvinity, but the government extended it anyway, leaving blocking the takeover as the only option,
Given what we know now, this seems perfectly logical. It's just that we don't know what else is going on behind the scenes.
I'm sure there was some negotiations on how to keep the data separate or something, with the threat of blocking it altogether as a final solution.
But agreed, this is a good outcome
> I'm sure there was some negotiations
which i'm sure the current administration would honour
There should be grave consequences alone for the fact that the goverment acted against the parliament
> which i'm sure the current administration would honour
It would've been the same administration as the one doing the negotiations, so I would assume yes.
> There should be grave consequences alone for the fact that the goverment acted against the parliament
In general I think there's a pretty good understanding between the legislative branch and the executive branch. The Netherlands has always had coalitions. Also, every single government will talk to the other parties.
I'm not sure what country you're referring to but the Netherlands has a properly functioning democracy. The only problem it has is splintering into too many small factions making coalitions super hard
1 reply →
There was that chip company that was almost nationalized by the Dutch government few months ago when their Chinese owners started making funny noises.
lets be frank, these are changes caused by the downgrading of the American administration to a subscription services behind a paywall that requires DLC, root based encryption bypasses and a Clippy popup that instead of trying to be helpful is indistinguishable from a mafia racket.
>> Finally!
You are behind the curve. You read here first. Lets revisit this comment in 2 years...
This will be overturned by both Dutch and European courts after the company appeals, and specially after Mark Rutte Daddy calls. The only purpose of this action is for the Dutch government to save face, and its for internal consumption. They already have the internal legal advice stating this, hidden away in some closet. But then they will say: You see, we wanted to do it but a court blocked us.
>>Of course there's still plenty of sensitive data in the hands of Microsoft, Amazon and other US companies.
The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....
"Microsoft Accused Of Sharing Dutch Officials’ Data with U.S. Government" - https://www.yahoo.com/news/politics/articles/microsoft-accus...
This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft :-)
So is nothing more than another Polder hypocritical take, by the Dutch government.
> They will argue that the decision was politicized,
It’s not ‘politicized’, it’s the gateway to all Dutch government services and as such it is inherently political.
> insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks...
There are no legal safeguards against the CLOUD act. There can be no technical or legal safeguards as long as the physical hardware is owned by a US company.
>The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....
There is a broad digital strategy to migrate off from American infra. Will take 10 years, but this stuff has inertia once it starts moving.
In 2 years the contract is up for renegotiation to a different entity (and there's now plenty of political pressure to go with a different one), so I don't think it's a problem by then.
Tying the process up in the courts for that period is also a political victory, since by the time it'd be resolved, Solvinity wouldn't have the contract anymore anyways.
> This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft
How would that argument support a sale to the US? It sounds like the perfect argument against it. Those technical/legal safeguards clearly didn't work for Microsoft either.
You are using logic to argue for the best and most correct outcome, I am using logic, to state how and why, this will play the way it will...
> Mark Rutte Daddy calls
Mark Rutte, the chief of NATO and ex-PM, that has nothing to do with civilian tech? Can we please leave unfounded conspiracy theories to Reddit?
[1]- NATO Secretary General responsibilities:
"...Above and beyond the role of chair, the Secretary General has the authority to propose items for discussion and use their good offices in case of disputes between member states....
...In order to facilitate this process, the Secretary General maintains direct contact with Heads of State and Government, and Foreign and Defence Ministers in NATO and partner countries...."
[1] - https://www.nato.int/en/about-us/organization/nato-structure...
And Mark Rutte has been shaping the domestic fiscal debate inside the Netherlands [2]: "...Mark Rutte said the Netherlands must significantly boost defence spending and pointed to Dutch spending on pensions, healthcare and social security, saying only a small fraction of those allocations would strengthen defence..."
[2] - https://nltimes.nl/2024/12/03/nato-leader-rutte-netherlands-...
And on conspiracy theories - Do you trust the Financieele Dagblad?
https://nltimes.nl/2025/11/20/asml-offered-spy-us-breaking-e...
> unfounded conspiracy theories
Their sentiment is that Trump intervenes by whining to Mark Rutte, who seems to be the only European Trump is actually willing to listen to, at the expense of course of giving up all his dignity in calling Trump, literally, Daddy [1].
And I would not put it past Trump to do that... I mean, that's what he already did regarding Tiktok.
With Trump nothing is impossible any more, especially if he or someone in his circle stands to make or lose money. And that's the greatest danger in the US turning into a full blown banana republic.
[1] https://www.politico.com/news/2025/06/25/nato-chief-calls-tr...
1 reply →
Does that sound outlandish to you? It doesn't to me...
It's probably something he would use as 'change' to resolve something unrelated with NATO. Then he can sell how well he's keeping NATO together