Dutch gov't will only allow European company to operate DigiD platform
Dutch government will restrict DigiD platform contracts to European companies after 2028, blocking US acquisition.
The Dutch government announced it will use the Defense and Security Procurement Act (ADV) to conduct the next tender for DigiD operations after August 2028, limiting eligibility to European companies. State Secretary Eric van der Burg cited national security concerns. This follows the Cabinet's recent decision to block American company Kyndryl's acquisition of Solvinity, the British-owned firm that currently manages part of DigiD. Parliament and security advisers expressed concerns that US legislation could allow the federal government to access DigiD data or shut down the system. The government also plans to implement stronger encryption for DigiD and MijnOverheid data based on findings from the Kyndryl acquisition review.
What HN community is saying
Commenters questioned why the government outsources DigiD instead of running it in-house, noting that most Dutch governments historically prefer contracting to private firms over building internal capacity. Several pointed out that Logius, the government-owned entity, actually owns DigiD; the outsourced portion is only hosting and infrastructure. One commenter clarified that the company handling operations has no access to actual user data. Discussion also covered whether contract terms can prevent subcontracting to non-EU entities, with some skepticism about enforcement. French and Dutch participants compared approaches: France runs FranceConnect internally, while Dutch governance has favored market solutions for decades.