alt.hn

5/26/2026 at 11:46:08 AM

Netherlands blocks US takeover of vital digital supplier

 https://www.politico.eu/article/netherlands-blocks-us-takeover-vital-digital-supplier/

by vrganj

5/26/2026 at 12:37:47 PM

Finally!

The entire country has been clamouring for this for weeks, and the government has been completely silent about it. A couple of weeks ago, the entire parliament (with only a single party dissenting) voted for a motion to end the contract with Solvinity, but the government extended it anyway, leaving blocking the takeover as the only option, and there wasn't a lot of confidence that the government would do that.

The whole reason for this is that Solvinity host DigiD, the Dutch e-ID system that handles authentication to all government and many other sensitive systems (healthcare). With the US law that the US government should be able to get access to any data held by a US company, regardless of where it's hosted, this system clearly should be kept out of American hands.

Of course there's still plenty of sensitive data in the hands of Microsoft, Amazon and other US companies. No idea when they're going to do something about that.

by mcv

5/26/2026 at 1:31:32 PM

It is a bit more complex tham that.

Logius is the company that actually owns and manages the DigiD stack, it's just that they hired Solvinity for their expertise. AFAIK Solvinity can't access the data.

I can't find it right now, but on Tweakers there was a long comment by someone on the inside that explained Logius basically had almost no know-how of how the current stack works, and there's lots of bespoke stuff. Basically classic vendor lock-in. The government (rather, Logius) now really wants to transition away from Solvinity, but that will likely be a 5+ year process.

I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized. Would lead to a much better product. A man can dream :)

by jorvi

5/26/2026 at 7:32:35 PM

> I also feel like this is another thing that the "fast ring" of the EU should do together. Take Estonia's stack as a base, and then countries like Sweden, Denmark, Finland, The Netherlands adopt it and co- develop it. Make it extensible for the bespoke things the countries need, and every few years check which bespoke extensions can actually be generalized and modularized.

Argentina's ministry of education did something like this with university software. The one used by students to sign up and by teachers to track grades, etc. There's a single open source modularised, customisable system made country-wide, and public universities customise it to their needs.

Before this initiative, every university was implementing their own software from scratch. In many cases, different faculties (e.g.: Engineering, Natural Sciences, Humanities, etc) each had their own software development teams developing their own independent software stack.

by WhyNotHugo

5/26/2026 at 7:41:33 PM

> Argentina's ministry of education did something like this with university software. The one used by students to sign up and by teachers to track grades, etc.

For what it's worth, this seems roughly equivalent to Moodle, which is open-source (GPL) and used globally, apparently especially popular in some of western Europe, the US, etc. [1] School systems can and do of course customise it as needed.

[1] https://stats.moodle.org/

by vinay427

5/26/2026 at 9:16:40 PM

The problem with Moodle is that it's terrible. Yes you can customise it, but the core must be 20+ years old now, and it really shows. Universities don't have the talent in house to do anything more than bodge solutions for local bureaucratic knots. That doesn't generalise into an improving system over time.

by bigfudge

5/26/2026 at 2:34:41 PM

> AFAIK Solvinity can't access the data.

Solvinity is the hoster. It can fully access the stack.

by frevib

5/26/2026 at 3:02:07 PM

It's even more complicated: the datacenter and the servers are owned and operated by the government, and the DigiD app itself is owned and operated by government-owned Logius.

From what I have been able to deduce, Solvinity is contracted for some kind of sysadmin services - so basically Kubernetes babysitting?

by crote

5/26/2026 at 6:55:34 PM

Are you suggesting sysadmin access isn't sufficient to access data?

by overfeed

5/26/2026 at 2:04:01 PM

How can you be sure that Solvinity can't access the data if Logius doesn't know how the current stack works? 5+ years to migrate sounds really bad.

by mcv

5/27/2026 at 7:25:30 AM

> 5+ years to migrate sounds really bad.

That's nothing. The Dutch tax authority has spent the last 5 years deliberating a migration from on-prem IBM Notes to M365.

by metalface

5/26/2026 at 8:34:33 PM

Honestly they have good separation of concerns in the Dutch government. And running the stack doesn't automatically mean hosting the services, there's enough local expertise in the Netherlands to run that.

A few years ago I had the mispleasure of working for the island government of Bonaire, and they kinda run the same systems as they do in the mainland, being a sort of municipality.

Since all gemeentes in the Netherlands are basically independently run but have to communicate with each other for DigiD but also the GBA (ID system) and loads of other stuff, they invented a standard. It's a SOAP based monstrosity called StUF, and you better spell it like that.

I can't find much about StUF in English, but there is this about the succesor where they lament on how engrained StUF still is.

https://www.conduction.nl/commonground/

It wouldn't surprise me that migration to common ground is what they are refering too. StUF knowledge is not widespread due to the level of vendor lock in. There's not many vendors and outside GovIT nobody cares about StUF.

by Kaliboy

5/26/2026 at 2:27:06 PM

Estonia's tech was cool maybe 20 years ago. From what I understand it's a bit too hard on fetishization of PKI and Ukraine goes too hard on apps. Netherlands actually gets it really well with DigId that is doing bare minimum needed to actually perform eidas stuff without getting into the woods with legally blessed asn1 schemas and oid [0].

I'm not sure what bespoke stuff they invented to get their sweet vendor lock in eurobucks, but the whole thing is nothing more than an OAuth provider for 19 million people. I guess NFC integration in the app that reads physical ids is on a fancier side, but I suspect on that side it's vendor locked by card vendor and their SDK.

[0] https://zakon.rada.gov.ua/laws/show/z1398-12#Text

by Muromec

5/26/2026 at 3:42:14 PM

Can you elaborate on what you find problematic about the Estonian ID stack?

by Teever

5/26/2026 at 4:00:20 PM

For one, they had a a major f-up with eIDs in 2017: https://ria.ee/en/news/estonia-resolves-its-id-card-crisis

And they are just good at marketing. Belgium had eIDs earlier never messed up so much as Estonians.

by sam_lowry_

5/26/2026 at 6:14:33 PM

Yeah, but it was the vendor who fucked up, not them. One can argue that using long-term certificates is bad practice in itself, but that's arguable.

by Muromec

5/26/2026 at 6:06:47 PM

Disclaimer: I have more exposure to Ukrainian variation of this setup (see jkurwa) than to actual Estonian and extrapolate a bit from what I heard from people. Half of this may be outdated or wrong, but I believe that the general vibe is correct.

From what I know about Estonian eID stack, they use traditional PKI to the full extent -- LDAP, PKI, OCSP, all the standard designs from the 90ies and then internally (for use by the government itself) they have a sort of a document exchange system on top of that where everything is done through CMS (PKCS). I believe this is why eIDAS and trust services directive talk about trust lists, qualified certificate authorities and all that.

So you get a physical id card that is a smart card for X509 certificate and then sign, encrypt and do all the stuff you do with keys once you figured out key management. Since the key can't leave the card you need to deal either with a special Estonian keyboard that doubles as a keyreader (in Ukrainian flavor we get a mobile app that can generate a key and get x509 issued remotely, maybe Estonia has that too nowdays or we get a file-based key from a trusted provider, like a bank) or get an actual keyreader or a phone. On the provider side you also have to deal with trust lists, because Estonia and Lithuania don't use the same root of course.

The first gotcha is -- if you have LDAP, CSP and OCSP and can query those, that's a bit of a privacy risk (AFAIK, primary key is based on the date of birth, because reasons). Second gotcha -- key rotation is not practical, so certificates are long lived. Certificates that I saw had demographic identifier of the person as a serial, which is not great for privacy, but convenient for deployment I guess (for comparison, Ukrainian flavor only allows CSP through subject key and has the number deep in the directory lookup extension)

I don't think the stack is bad, but I think it's an overkill for the basic feature of logging into the government website and blessing some bytes with your legal persona. It does help when the user signs a legal document and then tries to walk it back (for example because the document is now an exhibit A in a VAT fraud case, yes real story). I think this particular problem can be solved by non-technical means. More specifically, PKI solves the problem of verifying the identity of the user and then allowing to prove to a third party that it happened.

What is actually needed from the ID stack is allowing a first party in a closed system to match the token presented by a second party to their legal identity. I don't believe cryptographic signing or key derivation is really necessary, as the system that produces the key and the system that verifies the signed artifact are the same entity in most threat models.

I think DigID does the right thing by being a glorified OTP generator with more or less nice UX that solves just that. The actual problem is key provisioning anyways, but once you have done that, it isn't necessary to go full PKI.

To make my point even more ahm pointy, we don't use client X509 to log into github or google. We use passwords, HOTP and fidokeys, because x509 has bad UX and bad security too (in practice)

Add: downvotes for explaining why PKI is an overkill? okay, I will not survive that

by Muromec

5/27/2026 at 1:22:04 PM

I appreciate your comment, but don't bother complaining about moderation. It isn't an interesting read.

Why not use the cert on the ID to sign your own private key in the chain? That way, you can revoke the keypair should the need arise. The private key on the ID card would be valid for as long as the ID card is valid (here in NL: 18+, 10 years; 18- 5 years). And you can use each keypair for whatever. The benefit (and possible disadvantage) is the government knows you are you.

by Fnoord

5/26/2026 at 9:40:18 PM

It's a wall of text prefaced by your disclaiming that you don't really know what you're talking about. So then why would I want to read that? Just say "yeah I'm not really sure about the details what I wrote above was word of mouth" and move on.

by fc417fc802

5/26/2026 at 3:28:45 PM

The German eID stack does also work well, just as the Austrian one does.

Tbh I like the German one even better because you need your physical Identity Card and can use your phone as the reader

by hermanzegerman

5/26/2026 at 4:50:21 PM

Maybe better, but less useful. I don't carry my Identity Card at all, unless I cross the border within EU where it is used. All other functions I have in our country app. To which I can log in using physical card, but I have other options that are online.

by krzyk

5/26/2026 at 7:44:39 PM

In the Netherlands it is mandatory to carry your ID card or passport at all times.

by Yaa101

5/27/2026 at 5:57:13 AM

Not true. You have to be able identify yourself on the street in case the police wants to talk to you. A driver’s license is also valid identification.

by spockz

5/26/2026 at 8:13:30 PM

Germany as well

by lava_pidgeon

5/26/2026 at 10:24:29 PM

What are the penalties for not doing so? I'm always amazed at the willingness of Europeans to follow rules like these, regardless of their impact on personal sovereignty. People in Finland were the most extreme example of this behavior that I've ever encountered. People would look like you murdered a child for jaywalking in Helsinki.

by tinfoilhatter

5/26/2026 at 11:00:28 PM

In the Netherlands the fine is 110 euro. But they can't usually ask for your ID without cause, so the risk is quite low.

by t0mas88

5/27/2026 at 6:10:35 AM

It's a nothing burger really. I have a card wallet for bank passes, transport cards and the id thingy. Not a single cop ever stopped me (I'm not in the usual suspect demographics, so that helps), so I didn't have to show it ever in 7 years. I imagine I would have a different attitude if cops did actually ask for it for no reason.

I however heard about things like riding a bicycle without lights and being fined 50 bucks for that, which triggers asking for an id, which in it's turn triggers a 100 euro fine on top. In the story I heard the second fine wasn't actually given.

by Muromec

5/27/2026 at 12:46:31 PM

maybe you can help by writing a threat scenario. And I can help if it really occurs.

(but buying alcohol you need also a personal document)

by snowpid

5/26/2026 at 10:35:03 PM

Nope. You have to possess a valid ID or passport, but you are not required to carry it. Keeping it at home is perfectly fine.

Carrying it is practical and most Germans do carry their ID, but it's not a requirement.

by alphager

5/27/2026 at 12:34:38 PM

Why carrying it is practical? What is it used for?

The only time I need my ID is during elections, but I can also show the one I have in our government produced app.

Older people in Poland do carry those, mostly out of some kind of habit and some kind of fear that police might need it. I can drive a car and get a speeding ticket, and all I need police to know is my ID number (it is not the identifier of my identity card), which I know by hard, it consists of my birth date plus 5 semi-random numbers). I don't need my ID, my driving license nor my insurance data - everything is located in police database based on my ID number (or my license plate).

Bad sides of carrying it is that you might loose it, and that is a PITA, because you need to block it right away (someone might take a loan with it, happens I kid you not) by calling your bank or similar service.

So I take it out from my wallet (which I don't carry also) only when I go to the airport.

by krzyk

5/26/2026 at 11:06:53 PM

Not exactly. The Netherlands has an identificatieplicht (an obligation to identify yourself), not a formal draagplicht (an obligation to physically carry ID at all times).

Police may require identification only in specific situations connected to their duties, not arbitrarily. If you cannot show valid ID when requested, you can still be fined or taken to a police station to establish your identity, so in practice most people do carry ID anyway.

The distinction is historically sensitive in the Netherlands because compulsory identification documents were heavily associated with Nazi occupation policies during World War II.

by retired

5/26/2026 at 1:53:33 PM

Logius is actually not a company but a part of the dutch (national) goverment.

by NoahZuniga

5/26/2026 at 2:29:09 PM

It's a state owned enterprise as far as I remember. So technically they don't wear civil service uniforms in the office, but still get the usual government office hours.

by Muromec

5/26/2026 at 2:51:18 PM

The Dutch civil service wears a uniform?

by RobotToaster

5/26/2026 at 4:14:01 PM

blue jeans with an embroidered logo and 3 liters of hair gel.

by GuinansEyebrows

5/26/2026 at 3:37:36 PM

No

by erikvanoosten

5/26/2026 at 3:41:53 PM

Except for the military.

I once interviewed for a job at what I think was a civil service branch that developed software for the military. But they were out of budget for this, while the military did have budget, so if I was hired, I'd have to wear a military uniform to the office. A very stylish one, they claimed.

by mcv

5/26/2026 at 10:55:04 PM

Just like Dutch military air traffic controllers, they sit in the same building as the civilians but wear a uniform and get paid less.

by t0mas88

5/26/2026 at 4:31:13 PM

No I checked this. They aren't.

by NoahZuniga

5/26/2026 at 2:03:09 PM

In that case we can indeed safely assume they have no technical knowledge.

by shiandow

5/26/2026 at 7:29:26 PM

For some of functionality, DigiD itself requires an iOS or Android app (for which you need to enter a contractual agreement with either Apple or Google and they decide whether you are allowed to install and use the app).

I understand that this particular path doesn't allow them to access further sensitive data, but it does give these corporations the power to block any individual for accessing the DigiD app.

You don't need the app for most functionality, but for a few healthcare related tasks, it's the only option, with no fallback.

by WhyNotHugo

5/26/2026 at 7:44:55 PM

Which tasks? I use DigiD with SMS and I've never needed to install an app, I have healthcare etc etc.

by davedx

5/27/2026 at 6:16:25 AM

I believe there are three levels -- password only, otp and otp after you tap the id card in the app (I think it's just once).

My healthcare provider changed their online thing this year and that new thing required highest assurance level. I think they changed it back because you can only tap with the Dutch id card (not the residence permit or other country's ids).

by Muromec

5/27/2026 at 6:49:40 PM

Once specific task was linking an Apotheke to my healthcare provider. SMS was not allowed for this flow. I've seen other scenarios, but I don't recall them.

by WhyNotHugo

5/26/2026 at 12:49:37 PM

> A couple of weeks ago, the entire parliament (with only a single party dissenting) voted for a motion to end the contract with Solvinity, but the government extended it anyway, leaving blocking the takeover as the only option,

Given what we know now, this seems perfectly logical. It's just that we don't know what else is going on behind the scenes.

I'm sure there was some negotiations on how to keep the data separate or something, with the threat of blocking it altogether as a final solution.

But agreed, this is a good outcome

by hvb2

5/26/2026 at 1:00:06 PM

> I'm sure there was some negotiations

which i'm sure the current administration would honour

There should be grave consequences alone for the fact that the goverment acted against the parliament

by monegator

5/26/2026 at 1:26:06 PM

> which i'm sure the current administration would honour

It would've been the same administration as the one doing the negotiations, so I would assume yes.

> There should be grave consequences alone for the fact that the goverment acted against the parliament

In general I think there's a pretty good understanding between the legislative branch and the executive branch. The Netherlands has always had coalitions. Also, every single government will talk to the other parties.

I'm not sure what country you're referring to but the Netherlands has a properly functioning democracy. The only problem it has is splintering into too many small factions making coalitions super hard

by hvb2

5/26/2026 at 2:11:50 PM

There are certainly countries that have it worse, but Netherland has some weird political games being played sometimes.

by mcv

5/26/2026 at 7:28:26 PM

The voters don't always deal the cards favorably for the coalition system. Compared to a 2 or 3 party system, I think I still prefer the coalitions though as it forces them to negotiate

by hvb2

5/26/2026 at 9:19:46 PM

Yeah, but this time the coalition negotiations were rather dirty. The largest party and therefore most likely prime minister was the most progressive of the centrist parties (D66) and would normally want to work with the moderate left-wing labour party (GLPvdA, now PRO), but the most conservative of the centrist parties (VVD) banned them from negotiations, and preferred one of the right-wing/racist parties (Ja21) instead. If the other two centrist parties really wanted, there could have been a left-center majority of 6 parties, but instead, they let the VVD call the shots, and now it's effectively a VVD minority government.

(VVD had previously also voted to label antifascism "terrorism", which I'm sure must have caused Benjamin Telders, the antifascist they named their scientific bureau after, to spin in his grave.)

by mcv

5/27/2026 at 5:06:03 AM

It does look like Jetten was too much of an optimist. Thinking he will just get some things done if only he gets a coalition together...

by hvb2

5/26/2026 at 7:00:36 PM

> executive branch

I didn't think the Netherlands had one of those.

by BigTTYGothGF

5/26/2026 at 7:26:11 PM

'het kabinet' or 'de regering' is the executive branch in NL. You don't need a president to have an executive branch.

Eerste/tweede kamer. Legislative, make the laws Ministers/staatssecretarissen, executive, implement policy Hoge Raad etc, legislative.

Look up trias politica

by hvb2

5/26/2026 at 2:32:14 PM

There was that chip company that was almost nationalized by the Dutch government few months ago when their Chinese owners started making funny noises.

by Muromec

5/26/2026 at 7:36:01 PM

> With the US law that the US government should be able to get access to any data held by a US company

Er, what law is this, exactly?

by DoneWithAllThat

5/26/2026 at 7:52:59 PM

CLOUD Act and FISA §702

by frevib

5/26/2026 at 7:45:26 PM

CLOUD Act.

by davedx

5/26/2026 at 8:56:42 PM

it is not easy with a quick search to ascertain the subtleties of the CLOUD Act.

the example case on wikipedia entails a US citizen storing data with Microsoft, a US company, data that Microsoft offshored from the US. So in that case, the US Courts and politicians seem on pretty firm ground to consider that data to be "obtainable" by court order; it wouldn't make sense for American vendors to to create a privacy "double Dutch sandwich" as is done with corporate income tax loopholes. Letting the law go that far would not be a threat to "Europe".

Now if Europeans were committing crimes in the US without being in the US themselves (let's say organized crime trafficking to the US or operating phone scams) that raises more interesting questions about jurisdictions, but that discussion is only productive with good knowledge of what US-European cooperation is already in place or considered "within the pale" due to shared mutual concerns

According to wikpedia, "the CLOUD Act asserts that U.S. data and communication companies must provide stored data for a customer or subscriber on any server they own and operate when requested by warrant, but provides mechanisms for the companies or the courts to reject or challenge these if they believe the request violates the privacy rights of the foreign country the data is stored in."

It could "scare" Europeans to read that, but an important keyword is "requested by a warrant": to be scared by it, you'd need to know that US Courts are issuing warrants for Europeans who are not committing crimes in the US, which I doubt. Europeans committing crimes I already touched on.

wikipedia continues, It also provides an alternative and expedited route to MLATs through "executive agreements"; the executive branch is given the ability to enter into bi-lateral agreements with foreign countries to provide requested data related to its citizens in a streamlined manner, as long as the Attorney General, with concurrence of the Secretary of State, agree that the foreign country has sufficient protections in place to restrict access to data related to United States citizens.[8][9] The first such agreement was with the United Kingdom.[10] There is a FAQ appended to the white paper published by the U.S. Department of Justice.

This aspect of the CLOUD act should not specifically scare Europeans, they should rather be scared of their own governments cooperating in such schemes. For Europeans to want the US not to have the CLOUD act to protect them from their own governments is rational, but not something that can be discussed, it would melt European brains to say anything positive about the US.

wikipedia goes into more interesting areas for US/Euro conflict (for example, who would be covered by the GDPR for the information that the CLOUD act covers) which is interesting but I'm less equipped to discuss that than the preceding. here is the link you can chase down if you want https://en.wikipedia.org/wiki/CLOUD_Act#International_reacti... https://en.wikipedia.org/wiki/CLOUD_Act#International_reacti...

by fsckboy

5/27/2026 at 11:04:18 PM

Yeah but outside US there has never been a lower trust in the US or their courts, so, we veto all new purchases to err on the side of sovereignty.

by k12sosse

5/26/2026 at 3:51:23 PM

lets be frank, these are changes caused by the downgrading of the American administration to a subscription services behind a paywall that requires DLC, root based encryption bypasses and a Clippy popup that instead of trying to be helpful is indistinguishable from a mafia racket.

by cyanydeez

5/26/2026 at 5:39:04 PM

*for months

by edwinjm

5/26/2026 at 1:36:35 PM

>> Finally!

You are behind the curve. You read here first. Lets revisit this comment in 2 years...

This will be overturned by both Dutch and European courts after the company appeals, and specially after Mark Rutte Daddy calls. The only purpose of this action is for the Dutch government to save face, and its for internal consumption. They already have the internal legal advice stating this, hidden away in some closet. But then they will say: You see, we wanted to do it but a court blocked us.

>>Of course there's still plenty of sensitive data in the hands of Microsoft, Amazon and other US companies.

The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....

"Microsoft Accused Of Sharing Dutch Officials’ Data with U.S. Government" - https://www.yahoo.com/news/politics/articles/microsoft-accus...

This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft :-)

So is nothing more than another Polder hypocritical take, by the Dutch government.

by tcp_handshaker

5/26/2026 at 2:45:56 PM

> They will argue that the decision was politicized,

It’s not ‘politicized’, it’s the gateway to all Dutch government services and as such it is inherently political.

> insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks...

There are no legal safeguards against the CLOUD act. There can be no technical or legal safeguards as long as the physical hardware is owned by a US company.

by Aaargh20318

5/26/2026 at 2:30:27 PM

>The WHOLE Dutch diplomatic and broader civil service, including the Ministry of Foreign Affairs, runs extensively on Microsoft infrastructure for its daily operations, cloud services, and email. And they leak....

There is a broad digital strategy to migrate off from American infra. Will take 10 years, but this stuff has inertia once it starts moving.

by Muromec

5/26/2026 at 3:12:32 PM

In 2 years the contract is up for renegotiation to a different entity (and there's now plenty of political pressure to go with a different one), so I don't think it's a problem by then.

Tying the process up in the courts for that period is also a political victory, since by the time it'd be resolved, Solvinity wouldn't have the contract anymore anyways.

by noirscape

5/26/2026 at 2:06:46 PM

> This will also be the core legal argument by the appealing company. They will argue that the decision was politicized, insufficiently reasoned, or disproportionate because binding technical/legal safeguards would have solved the risks... And they will use as example, the diplomatic service extensive use of Microsoft

How would that argument support a sale to the US? It sounds like the perfect argument against it. Those technical/legal safeguards clearly didn't work for Microsoft either.

by mcv

5/26/2026 at 2:11:06 PM

You are using logic to argue for the best and most correct outcome, I am using logic, to state how and why, this will play the way it will...

by tcp_handshaker

5/26/2026 at 1:48:12 PM

> Mark Rutte Daddy calls

Mark Rutte, the chief of NATO and ex-PM, that has nothing to do with civilian tech? Can we please leave unfounded conspiracy theories to Reddit?

by j_maffe

5/26/2026 at 6:46:32 PM

I have no idea if he's involved in this at all (does seem fairly unrelated) but Mark Rutte is indeed an extremely dodgy bloke.

Not sure exactly who he represents but his actions as NATO secretary have been genuinely a bit concerning for me, he seems determined to start a war with Russia

by ifwinterco

5/26/2026 at 1:53:15 PM

[1]- NATO Secretary General responsibilities:

"...Above and beyond the role of chair, the Secretary General has the authority to propose items for discussion and use their good offices in case of disputes between member states....

...In order to facilitate this process, the Secretary General maintains direct contact with Heads of State and Government, and Foreign and Defence Ministers in NATO and partner countries...."

[1] - https://www.nato.int/en/about-us/organization/nato-structure...

And Mark Rutte has been shaping the domestic fiscal debate inside the Netherlands [2]: "...Mark Rutte said the Netherlands must significantly boost defence spending and pointed to Dutch spending on pensions, healthcare and social security, saying only a small fraction of those allocations would strengthen defence..."

[2] - https://nltimes.nl/2024/12/03/nato-leader-rutte-netherlands-...

And on conspiracy theories - Do you trust the Financieele Dagblad?

https://nltimes.nl/2025/11/20/asml-offered-spy-us-breaking-e...

by tcp_handshaker

5/26/2026 at 5:09:11 PM

Dutch and belgian citizens are being misled over and over again. The more you'd dig into it, the less it all makes sense.

All we get are documents with nearly everything censored except for very benign things. Only time will tell what's going on, but I doubt I'll live the day

by tosti

5/26/2026 at 1:55:46 PM

Does that sound outlandish to you? It doesn't to me...

It's probably something he would use as 'change' to resolve something unrelated with NATO. Then he can sell how well he's keeping NATO together

by hvb2

5/26/2026 at 1:55:21 PM

> unfounded conspiracy theories

Their sentiment is that Trump intervenes by whining to Mark Rutte, who seems to be the only European Trump is actually willing to listen to, at the expense of course of giving up all his dignity in calling Trump, literally, Daddy [1].

And I would not put it past Trump to do that... I mean, that's what he already did regarding Tiktok.

With Trump nothing is impossible any more, especially if he or someone in his circle stands to make or lose money. And that's the greatest danger in the US turning into a full blown banana republic.

[1] https://www.politico.com/news/2025/06/25/nato-chief-calls-tr...

by mschuster91

5/26/2026 at 2:57:03 PM

So what do you expect the outcome to be if Trump complains to Rutte, who will then do... what exactly? Ask the current PM to do him a favor because of "reasons"? An overwhelming majority of people in the Netherlands oppose selling this company to the US, an overwhelming majority of political parties voted to block the sale and now the secretary of state in charge of this particular department indeed blocked it.

It seems to me that there is no way that Trump could overturn this decision via Rutte that Trump couldn't accomplish on his own by just threatening the Netherlands directly.

by WJW

5/26/2026 at 4:28:31 PM

> "The politicization of this process has overshadowed the clear and important benefits this transaction would have brought to Solvinity's customers and Dutch citizens."

That is unbelievably rich. It's politicians job to protect the privacy and interests of its citizens. Must be a strange idea for the US these days.

by bilekas

5/26/2026 at 6:15:05 PM

This comment gets my personal "The most logical position of the day" award

by ykurtov

5/27/2026 at 1:25:26 AM

> It's politicians job to protect the privacy and interests of its citizens.

So...they outsource to Logius, who then hires Solvinity to give two for-profit corps access to your information? Why are the blocking the acquisition entirely and not... ya know, hosting their own infrastructure?

by burnerRhodov3

5/27/2026 at 1:42:49 PM

> hosting their own infrastructure?

Because they're not a tech company and they're aware of that so they place bidding contractors to specialists in the field who offer a proposal and bid. This is nothing new.

by bilekas

5/27/2026 at 6:04:28 AM

I think they should point out the “clear and important benefits” they’d bring. Corporate PR is fucking hollow.

by port11

5/27/2026 at 2:35:10 AM

That's a very optimistic view. They care about getting elected, and enough tech-savvy people in the country made a big enough stink about it a critical mass of "normal people" got pissed. If they cared about privacy this whole thing wouldn't have been possible in the first place.

by FaridIO

5/26/2026 at 3:06:17 PM

As a Dutch citizen, I don't understand why we can't self-host an open source identity solution for 20M users with 30K requests an hour. How hard can it be?

by wildekek

5/26/2026 at 6:26:51 PM

How hard can it be to hire a competent engineer when you hire for a bank or a government.

by Muromec

5/26/2026 at 10:45:27 PM

Techs trying to solve the tech problem.

Governments need it to be solved by a team (either within the government or a vendor company) because it is the non-tech things that are missing from the open source solution: high availability / redundancy, hosting, backups, business continuity, audits, someone to grill when there is a leak.

The people who work in government and banks aren’t incompetent. They are just like you and I but they work within a highly rigid system because if their system isn’t rigid, societies fall. People don’t think rationally during bank runs or when nobody in a country can access public services for weeks at a time. This is the core hazard of Mr. Robot.

by thephyber

5/27/2026 at 6:19:14 AM

I do in fact work in a bank and know a person who works on DigID. I wouldn't say incompetency is the word, but there is something ... special about the people and their skills here.

>high availability

oh yeah, oh noes.

by Muromec

5/27/2026 at 8:40:24 AM

I get what you mean. I worked for a private bank in NL for a bit. Everyone has something special, but we all had a common factor of being in bureaucracy hell. Not that its unexpected when you work at a bank, of course.

by ramon156

5/27/2026 at 9:50:31 AM

I surprisingly don't see any bureaucratic hell and I'm always a bit confused what people even mean when they say that. If anything, I feel the least bureaucratic pressure compared to previous 15+ years. But maybe that's me being a bit special.

by Muromec

5/27/2026 at 12:28:12 PM

> high availability / redundancy, hosting, backups, business continuity, audits, someone to grill when there is a leak.

All but one of these is a tech problem though.

by another_twist

5/26/2026 at 3:09:15 PM

30k requests and hour? A 5 euro VPS can handle this easily.

by dncornholio

5/26/2026 at 4:01:26 PM

If the owner of the stack (Logio or whatever it was called, see upthread) doesn't understand it, the consultants will run wild and soon it will require a hectare-sized datacenter running a zillion containers, and another DC for HA of course.

by jabl

5/26/2026 at 6:27:17 PM

Containers with COBOL

by Muromec

5/26/2026 at 6:12:03 PM

This is exactly why privacy by architecture matters more than privacy by policy. The Netherlands trusted a policy ("Solvinity can't access the data") but the architecture allowed it anyway. The only real solution is cryptographic sovereignty systems where even the vendor mathematically cannot access user data, regardless of what US law says. Not we promise we won't look but we literally cannot look. Building something small in this direction a mesh network where identity is a BIP-39 seed phrase and messages are E2E encrypted at the protocol level,not the application level. The goal is that even I as the developer cannot read user messages. It's still early, but this problem you're describing is exactly why it needs to exist.

by madbo1

5/26/2026 at 10:40:24 PM

> identity is a BIP-39 seed phrase

So we are back to a single “something you know” factor as identity?

There’s a reason your idea doesn’t exist.

by thephyber

5/27/2026 at 8:06:27 PM

That would still leave the system prone to hostage taking. The US government could disrupt the tax office, hospitals, courts, etc. with a single order.

by tgv

5/26/2026 at 7:46:41 PM

> The only real solution is cryptographic sovereignty systems where even the vendor mathematically cannot access user data, regardless of what US law says.

...OR, we host our data in our own countries with companies incorporated in our countries. (Sovereign cloud)

by davedx

5/26/2026 at 8:13:00 PM

This misses the point that parent was making. The conversation shouldn’t be “move your data to countries you can trust”. It should be “use protocols that don’t require trust in the first place”.

by jkl5xx

5/26/2026 at 9:08:48 PM

I think both ideas should be the norm: privacy by architecture and sovereignty and/or decentralization where it makes sense.

by rolandog

5/26/2026 at 11:30:22 PM

johnny will suddenly be able to encrypt

by throawayonthe

5/26/2026 at 12:54:24 PM

Never heard of 'Kyndryl' before.

https://en.wikipedia.org/wiki/Kyndryl

> Officially formed in late 2021, Kyndryl was created from the spin-off of IBM's infrastructure services

> Kyndryl operated in 63 countries in November 2021

by fusslo

5/26/2026 at 2:28:52 PM

I wish more news outlets actually stated so - Kyndryl was formerly IBM, has 73.000 employees worldwide. When this news first broke, nobody had ever heard of it so it sounded like some small random hosting company, but it's huge.

by Cthulhu_

5/26/2026 at 1:41:51 PM

If it's such a vital piece of Dutch infrastructure, why is it in private hands at all?

by kleiba2

5/26/2026 at 2:27:35 PM

Because too few IT capable people are willing to work under the government's pay scales; in most cases going private / corporate earns more. So most Dutch IT projects end up with private companies, which also means that, in the case of DigID and the secure / official messaging platform, the hosting party can charge exorbitant rates. Did you know it costs 25 cents to send a message via the Berichtenbox? So when the government does its annual "it's time to fill in your taxes" message, they have to pay millions. Assuming they don't get a bulk deal, anyway.

by Cthulhu_

5/26/2026 at 2:53:40 PM

There are plenty of people who are willing to work for the government and the pay is pretty decent. But their stack is often Microsoft based and their IT is located in Apeldoorn.

Who in their right mind would want to travel all the way to Apeldoorn.

A good example of internal development in the government is the police. They have internal development teams.

by mechazawa

5/26/2026 at 4:00:10 PM

Most people managing stuff running in a datacenter don't live near that datacenter, it really doesn't matter where it's located. Also, the Netherlands is so tiny that crossing half of the country would still fall under "reasonable commute" in many places

by usrnm

5/26/2026 at 4:12:47 PM

Maybe that’s a reasonable commute to the US mind who isn’t used to work/life balance and likes spending unpaid hours in their car losing precious time with their family.

For me, a reasonable commute is a 10 minute bike ride to the office.

by Aaargh20318

5/26/2026 at 7:04:01 PM

It's about 3 hours to cross the country (Groningen to Rotterdam) on a train and that's assuming you live by the train station and your work is also near the station too, which is mostly not true. I know some people who commute for 1 hour and a half, but they aren't in the office really often.

by Muromec

5/26/2026 at 3:44:24 PM

Apeldoorn is actually a very nice place, surrounded by nature.

by edwinjm

5/26/2026 at 7:37:33 PM

Every person that I've met who worked in government IT in NL said they run on a Microsoft stack.

This puts a huge filters out who's willing to work for them.

by WhyNotHugo

5/26/2026 at 6:25:56 PM

I used to work in Burbank and lived approximately 34 miles away, across Los Angeles. It could take almost three hours for me to drive home on a Friday afternoon on the freeway. This was before Covid, and traffic has only gotten worse.

by Balooga

5/26/2026 at 7:02:26 PM

Apeldoorn? I don't know any government offices there. Most of it seems to concentrate in The Hague, with some agencies spread through the country.

by tmsbrg

5/26/2026 at 8:15:06 PM

The whole Belasting is in Apeldoorn....

by root-parent

5/26/2026 at 7:06:53 PM

Their (Logius) vacancy site says Den Haag, not Apeldoorn on the vacancy for Java developer (another reason to not work there -- java).

by Muromec

5/26/2026 at 2:36:43 PM

For the record, Logius (the government owned enterprise dealing with DigID) vacancy for Java developer: https://www.werkenvoornederland.nl/vacatures/lead-java-devel... . 92k EUR per year for whatever they measure as 40 hours a week (I bet they close the shop at 4 pm).

>Did you know it costs 25 cents to send a message via the Berichtenbox?

In a country with paid toilets what do you expect lol

by Muromec

5/26/2026 at 3:06:43 PM

That doesn't sound bad at all. At least for me as a German that would be a salary that you wouldn't get at every random company.

Maybe the Netherlands are different (country can vary a lot with what is included in a salary) ?

by Vespasian

5/26/2026 at 6:30:57 PM

It's a good salary if you don't work for booking, amazon or whatever americans of the day. I got lowballed a few days ago with 85 in a startup. On the other hand this wont buy you a house in Amsterdam on one income.

by Muromec

5/27/2026 at 12:27:37 AM

Thats the top level though, attainable with 10-15 years of ‘lead java dev’ experience. That is different from 10-15 years of java experience

by rahkiin

5/26/2026 at 3:05:31 PM

I know people that work as contractors for the Dutch government. The government doesn't save money by hiring them through contractors. They cost more through contractors. But contracting allows private companies to act as gatekeepers and pocket some cash for essentially supplying full time employees. It's a form of corruption by well connected private contracting companies.

by AndyMcConachie

5/26/2026 at 6:11:16 PM

I think a large part of the reason is that government hiring is rather permanent. It's often prohibitively expensive/hard to get rid of underperforming or superfluous employees. Contracting is a way around that. That allows hiring workers in a temporary (project) budget. For decades, sometimes.

by vanviegen

5/26/2026 at 3:21:55 PM

1. Neoliberal doctrine: government=waste, company=efficient, let's privatize.

2. The ruling party for over a decade is the VVD, a Republican Party with training wheels, with Tea Party like spinoffs in varying degrees over rabid idiocy. The VVD heavily depend on a small network of big donors and as such are strongly nudged to source the policy advice from those networks. The IT backbone of those government agencies are thus run by big corporate IT shops, which is also politically convenient as you can shrug of responsibility when it turns out there is some light between the theory and the practice of the neoliberal doctrine.

by exceptione

5/26/2026 at 1:51:32 PM

DigiD itself is government-owned, but its infrastructure is managed by Solvinity (a private company). Not really different from the US gov running half its stack on AWS.

by danslo

5/26/2026 at 1:55:43 PM

Okay, maybe let's not take the US as a point of comparison.

by kleiba2

5/26/2026 at 2:00:01 PM

Fine. Not really different from most governments relying on private suppliers to manage their infrastructure.

by danslo

5/26/2026 at 2:22:33 PM

Apologies in advance for wasting anyone's time with a light hearted tangent. But as I scrolled past your comment I read:

> If it's such a vital piece of infrastructure, why is it in Dutch hands at all?

It was the funniest thing I have misread in a while.

by Nevermark

5/26/2026 at 6:40:36 PM

Because very powerful private VCs and investment bankers want to ensure that governments stay impotent when compared to their capital. Welcome to the Western world.

by znnajdla

5/26/2026 at 2:19:02 PM

because privatisation

by conceptme

5/26/2026 at 1:22:32 PM

Great news. Would have been devastating to have such an integral part of our society at the whims of not just another nation, but an unstable and downright hostile one.

by midasz

5/27/2026 at 8:36:02 AM

Unfortunately, they're still heavily dependent on Microsoft products and OS

by ndsipa_pomu

5/26/2026 at 12:58:38 PM

Good for them, but I doubt this will be the last we hear about this especially with the current US government. ASML was only permitted to acquire US company Cymer (the actually valuable EUV light source technology) back in 2013 under a strict technology sharing and export control agreement.

The Netherlands blocking a US acquisition due to technology control concerns is sure to ruffle some feathers in Washington.

by petcat

5/26/2026 at 1:00:57 PM

This is not some sort of company making unique tech, it's a company handling some of the most the vital infrastructure for our government, you can imagine the privacy concerns. Completely different case

by NietTim

5/26/2026 at 1:01:54 PM

Sure, but the point is that it's tit-for-tat. This US administration is petty.

by petcat

5/26/2026 at 2:03:22 PM

All the more reason to block vital stuff going to the US. They cannot be trusted anymore.

by Epskampie

5/26/2026 at 3:08:44 PM

True, but the question is if it isn't smarter to wait for the midterms in November where it currently looks like it's going to be a disaster for Trump and the Republicans.

by Paradigma11

5/26/2026 at 6:30:27 PM

Sale was happening soon, couldn't wait longer, IIUC.

by ragebol

5/26/2026 at 4:42:39 PM

> This

I don't think it's changing after this administration.

by midtake

5/26/2026 at 3:07:32 PM

True. But the reaction also depends on how much money the leverage is worth and how much Solvinity has to offer here.

by exceptione

5/26/2026 at 7:09:55 PM

>the actually valuable EUV light source technology

ASML brought Cymer in house because it couldn't make the tech they needed and they needed to dump resources and engineers on the project of a supplier to make what they needed actually happen. Cymber could only accomplish 10W EUV lights, while ASML needed 250W sources, so they bought the company to actually execute on what they needed. And there were other sources that ASML could have flipped to.

They literally bought it because it failed to do what they needed. Somehow loads of Americans, in that fun American exceptionalism way, want to rewrite the world where really ASML is just some magical US tech in a trench coat, because everything somehow owes its existence to Americans.

>especially with the current US government

The US government has forced every American company to cease work with any judge or employee of the ICC, all in defence of America's boss Israel. This alone should see every American company ousted from every foreign nation. The idea of giving an American domiciled firm control over domestic infrastructure tech is insane (like, treasonous level), and anyone pushing this needs to be fully investigated. Similarly, the fact that the UK keeps implementing garbage from Palantir is clear evidence that the country is utterly busted and needs a massive civil service overhaul.

This is all quite aside from the various tantrums, grotesque levels of corruption, and openly threatening allies.

I'm sure it will "ruffle some features", but it turns out the US blew its load already. Absolutely no one cares what that idiocracy's cabal of pedos, halfwits and self-dealing criminals throw a tantrum about anymore. At this point the US should be punted from NATO, every base closed, and everyone should just nuke up.

by llm_nerd

5/26/2026 at 1:04:20 PM

In 2013, the same deal would likely have gone through. US-Dutch relations looked very different in 2013 under Obama than they look now under second-term Trump. Any reciprocity today based on things Obama did back then falls flat because we all know Trump opposes nearly everything Obama ever did

by wongarsu

5/26/2026 at 1:21:49 PM

Absolutely, no one would have batted an eyelid.

by gpvos

5/26/2026 at 8:33:50 PM

This is a huge detail that further complicates the picture, ASML's lithography technology heavily benefitted from United States DOE research:

> In 1997, ASML began studying a shift to using extreme ultraviolet. Two years later, it joined a consortium, which included Intel and two other U.S. chipmakers, in order to exploit fundamental research conducted by the US Department of Energy. Because the Cooperative Research and Development Agreement (CRADA) it operates under is funded by the US government, licensing must be approved by Congress.

by KoftaBob

5/26/2026 at 9:12:10 PM

> heavily benefitted from United States DOE research

Not just heavily benefitted. The entire wafer-making technology is the result of US government funding and research. There's a reason why Cymer continues to operate independently in San Diego instead of by ASML in Europe. That was mandated by the acquisition agreement. The R&D and manufacture of the EUV light sources had to remain in California. ASML in the Netherlands is just the final assembler of the machines.

by petcat

5/26/2026 at 12:39:08 PM

Good on the Dutch government for actually doing something.

by applfanboysbgon

5/26/2026 at 3:59:11 PM

At the same time they're allowing the tax office to migrate completely from a self hosted solution to office 365 do there's that.

They had to be dragged kicking and screaming into doing this. Several attempts were made to force them to block the takeover. Not sure what caused their latest turnaround.

by wolvoleo

5/26/2026 at 1:01:26 PM

All governments are "doing something". It just isn't at all effective and mostly because they're unwilling to invest even marginal amounts.

Like in this case. The technology here utterly depends on Google Play Services on Android or App Attest on Apple (or "secure enclave"), and that is in fact essentially the only functionality.

This could have been solved instead switching to a standard (switching to OATH, RFC 4226 and RFC 6238), thus killing the dependency on Google/Apple while still allowing those devices to work smoothly, but also allowing a Linux implementation, allowing anyone . Plenty of European companies provide implementations for this, some with and some without the dependency on Google/Apple attestation.

by spwa4

5/26/2026 at 1:30:10 PM

I'm not talking about some abstract sense of "did the government do anything at all today", I am saying "good on the government for doing something in this specific case instead of doing nothing and letting it be sold", which was a possible outcome, and in fact the default outcome of the vast, vast majority of acquisitions is that the government does nothing to intervene.

Could they do something better, sure. I am still glad to see they did something at all.

by applfanboysbgon

5/26/2026 at 1:16:22 PM

I can sign in to DigID without using my phone, except sometimes with an SMS verification code. (Of course they want to, and should, phase that out. Hopefully that won't be replaced by app store dependence.)

by Vinnl

5/26/2026 at 3:31:18 PM

What alternative is there, today, that would allow securely doing this without an app store dependency?

Only a few EU countries have rolled out NFC-based eID functionality (as only physical ICAO-based ID verification via NFC is a mandatory part of the EU ID card standard); those are the only ones with a viable path forward in the short term.

by lxgr

5/26/2026 at 3:44:03 PM

The default will likely be the app, but if you have an NFC reader you should be able to use your passport or ID to authenticate as well.

The app has the benefit of being free, getting a working reader costs 60-90 euros last time I checked and Linux driver support isn't great.

by jeroenhd

5/26/2026 at 1:33:26 PM

The Dutch should be aware that if Netherland has some information-sharing agreements with Five Eyes or Fourteen Eyes, all this data will still be available to the US (and other allies) (hopefully, presumably, with your government acting as the gatekeeper).

by thisislife2

5/26/2026 at 3:04:25 PM

It's not only about the data, it's about the risk that the US would basically turn off things like tax collection and doctors' visits in the Netherlands as part of (say) a first strike on Greenland.

Sure, the chance is low. But in the current climate people are nervous and it's best not to risk it. The current government has already embarked on a long-term strategy to bring more of critical software infrastructure back in-country, selling the core identity provider software abroad would go directly against current policy.

by WJW

5/26/2026 at 3:27:15 PM

Why would the risk be low?

Trump also already sanctioned Justices from the ICC based in Netherlands because he didn't like them.

He's clearly not the guy with impulse control

by hermanzegerman

5/26/2026 at 3:45:37 PM

Sanctioning people is basically risk-free and more importantly dollar-free. Fighting wars is extremely not-free, as Trump is currently discovering in Iran. I personally rate the risk of the US actually invading Greenland as not higher than about 10%, with the matter most likely being resolved by the US administration re-discovering that the US is allowed to establish a base on the country, doing so and then announcing with big fanfare that they solved the terrible terrible problem of Greenland being "the most unsafe".

Still though, that is about 10 percentage points higher than before Trump took office. Better not to hand him too many tools to exert leverage with.

by WJW

5/26/2026 at 6:23:45 PM

> Sanctioning people is basically risk-free and more importantly dollar-free.

In the long term, I think this was actually really expensive. People talk and worry about this, and as a result of this (and similar developments) general consensus seems to have shifted towards preferring EU companies over US companies for tech. That used to be the exact opposite for as long as I can remember.

by vanviegen

5/26/2026 at 2:07:42 PM

The issue was less privacy concerns, and more "hey lets not hand over one of the most critical pieces of infrastructure to a potentially hostile state". DigID is the user authentication platform for basically every government site in The Netherlands. A foreign government could use sanctions to pressure Dutch individuals to comply by limiting access to it.

by Deukhoofd

5/26/2026 at 11:59:56 PM

More broadly, I think it's "let's not hand over essential infrastructure to any foreign state". Friendly or not, it doesn't matter.

Private companies ought to have the freedom to do business with whomever they like, but for essential public services, better to assume essential public infrastructure simply must not be offshored at all.

by troad

5/27/2026 at 1:37:25 PM

I don't know about that. I don't think it'd have been a major issue in the country if it were a Belgian or German takeover. It may still not have been desirable, but I doubt the government would have stepped in like they did here.

by Deukhoofd

5/26/2026 at 3:15:37 PM

> if Netherland has some information-sharing agreements with … Fourteen Eyes

Probably a safe assumption, since the Netherlands is a member of the Fourteen Eyes

by arrowsmith

5/26/2026 at 3:23:32 PM

> (hopefully, presumably, with your government acting as the gatekeeper)

Exactly, that gatekeeper role is what's the difference here. Do you give all data to another country and ask them for pieces back as needed (whenever someone wants to use DigiD, the country can block it), or do you host it yourself and only share the parts that are relevant for this other country's investigations?

by Aachen

5/26/2026 at 3:05:36 PM

It's not about privacy, it's about control.

by dncornholio

5/27/2026 at 12:00:42 AM

Right. And in some ways, that is disappointing, and exasperating, at the same time. Strong privacy regulations would be a better way to go about it. (Note that this criticism is not specific to Netherlands - a lot of countries are, in my opinion, treating "digital sovereignty" as a matter of control between one or more countries and corporates without any real consideration for the individuals right.)

by thisislife2

5/26/2026 at 2:22:03 PM

I keep seeing variations of “okay but this will be temporary” or “this is a one off” or “they’ll relent eventually, they have no choice” in response to the EU’s (and to a lesser extent, global) divorce from US tech stacks.

You cannot unring this bell, however, nor can you put the genie back in the bottle, close Pandora’s Box, etc, pick your own metaphor. The US burned through the trust thermocline very suddenly these past few years, snapping the tension that had been brewing over several decades from US hegemony and the abusive diplomacy it created.

Now that the US regime is openly hostile to everyone else and US firms have dropped the pretense of being anything less than a global surveillance state, there’s nothing to go back to. These sorts of rejections and blocks will continue to escalate until a new norm is agreed upon by cooler heads, which I don’t see happening in the current climate.

Make no mistake, power everywhere wants more surveillance capabilities; the EU wants it as much as China or the USA. The difference is that with the leading empire in decline, everyone realizes that owning their own surveillance state is an advantage over outsourcing it to a potential enemy.

by stego-tech

5/26/2026 at 4:09:51 PM

The concerning thing for the EU should be that this valuable firm had no European capital trying to buy it. The Dutch have protected their sovereignty today while decreasing the incentive for the next entrepreneur to make something on European shores. Probably the best choice but doesn't change the structural problem.

by benced

5/26/2026 at 6:17:26 PM

Who knows what other offers they may have had? Perhaps the company is just worth more to a non-EU company because of the leverage controlling vital infrastructure would give them.

by vanviegen

5/26/2026 at 6:35:48 PM

Concerning for you, perhaps. I take the opposite lesson: this incentivizes and invites the exact kind of entrepreneurs you want to have in a country. You profit-driven Americans assume that all entrepreneurs build things to maximize profit at the expense of everything else. No, not everyone is driven by that, and many of the best company builders were not primarily profit driven (e.g. Steve Jobs believed in beauty and excellence). There are plenty of entrepreneurs who want to build things to support the sovereignty and livelihood of the places that they live in while making a profit that doesn’t jeopardize that.

I say, blocking foreign takeover of vital companies would actually incentivize me as an entrepreneur to choose the EU, and I say that as a startup founder in Europe. Because it levels the playing field for founders who believe in sovereignty: now I don’t have to worry about competitors selling out to foreign capital doing better than me due to that.

by znnajdla

5/26/2026 at 8:00:42 PM

It is very true that if your company is a political vehicle, having the powers that be enforce that all companies must be political vehicles is quite good for you. America certainly has its version of this in its defense companies. I would not say those are the American companies that make me most proud to be American though.

by benced

5/26/2026 at 8:54:27 PM

There was a Dutch bid apparently, but a few million less than Kyndryl. And even the Dutch govt was asked to bid or something IIRC but said no at the time, before there was a shitstorm in the Netherlands over this.

by ragebol

5/26/2026 at 8:43:35 PM

> Probably the best choice but doesn't change the structural problem.

The structural problem is that we are destroying trading relationships built with Europe over generations.

by x0x0

5/26/2026 at 11:33:58 PM

I meant the structural problem of the EU not having a tech industry (nor any similarly prominent 21st century industry).

Yes, it would be better for America and for the EU if America acted normal but I would not advise anyone to plan hoping on that.

by benced

5/26/2026 at 12:44:23 PM

Solvinity is a pretty terrible company name.

by mkj

5/26/2026 at 12:59:22 PM

Solvinity = Solvent Divinity

by cactusplant7374

5/26/2026 at 1:23:41 PM

We're terrible at company and brand naming here in Europe. Just look at the "Wero" payment solution (formerly/currently iDeal). Like, who the hell came up with that stupid name?

The list of stupid European company names and product names are endless.

by mortarion

5/26/2026 at 2:01:08 PM

I agree, the Dutch iDeal was probably the better name. However I'm not sure if this is an uniquely European problem. Wero's counterpart 'Zelle' doesn't seem to be that much better of a name.

by twjdeboer

5/26/2026 at 3:52:35 PM

Only English-sounding names are cool. The terminal state of cultural domination.

by lejalv

5/26/2026 at 2:39:56 PM

It's called Wero, because it means we and euro in all of the official EU languages.

by Muromec

5/26/2026 at 8:29:52 PM

It sounds a bit like "giro" which was a physical mail-based way of transferring money. Not a bad name at all.

by peterfirefly

5/26/2026 at 4:15:17 PM

Why do you feel that Wero is a stupid name?

by krior

5/28/2026 at 1:35:16 PM

Because iDeal hints at what it’s for.

What is a “wero”? Ask your parents or children what they think an “I deal” does and what a “wero” does.

by moi2388

5/26/2026 at 1:11:34 PM

> Solvinity is a pretty terrible company name.

I find it okay'ish. At least it's unique. Say, as much as I like Mario Zechner (who doesn't like HNers anymore for whatever reason), naming your product "Pi" is just terribly bad.

Facebook was a good name (hate the company but the name was good). But "Meta" is just dumbfucktarded.

Wait... I've got an idea: I'm going to make a product and name it "Alt". Or "Control".

Really: there are a lot of totally unhelpful name that just confuses everybody, including search engines, humans, and LLMs but I don't think "Solvinity" is that bad.

by TacticalCoder

5/26/2026 at 1:23:12 PM

I've always found Whatsapp a terrible name, but its so established now that 'apping' is understood. If you're big enough it seems that a bad name hardly hold you back.

by agmater

5/26/2026 at 1:31:50 PM

Reminds me of the old joke:

After Bill and Melinda Gates have their honeymoon, Melinda says, "Now I know why you call it Microsoft."

by amelius

5/26/2026 at 3:16:47 PM

"To whatsapp" is a common verb, but I have never heard anyone say "apping".

Where do you live where "apping" is understood?

by arrowsmith

5/26/2026 at 3:24:28 PM

Heard it many times in the Netherlands.

by JSR_FDED

5/27/2026 at 7:41:49 AM

From what I gather it is hard to hire the highest level developers because they hate the endless meetings, bureaucracy and micromanagment. Salaries are comparable to industry which seems quite high for dutch standards but if you make education hard and expensive with unreasonable time constraints and little adjustment to demand you are just going to end up enforcing scarcity which calls for even higher salaries. We also continue to suffer from managerialism. It makes it strange to pay someone building stuff more than someone managing them.

by 6510

5/26/2026 at 10:22:59 PM

We will see this trend of blocking US ownership more often. Any government cannot and should not give access to their own government, citizen data to foreign buyers no matter how good the relationship is.

Beside the point, this is drawing clearer picture of US control: losing. Us is seen as a threat and coercion making practices start with owning data using that as control.

by mahirsaid

5/26/2026 at 10:38:17 PM

You seem to be assuming citizen data was being transferred. Do you have evidence of that?

by thephyber

5/26/2026 at 11:13:05 PM

By law the US govt is able to compel access to any data controlled by an American company, regardless of where those companies operate. There doesn’t need to be specific evidence of this case, it’s true of all cases.

Some American companies have tried to establish convoluted workarounds in Europe to get around this, but as far as I’m aware it hasn’t been tested in court yet.

by ninth_ant

5/27/2026 at 12:48:27 AM

That was the info of individuals = citizen's data. Am I wrong? What would be considered "citizen data" just to be clear?

by mahirsaid

5/26/2026 at 5:21:05 PM

Can someone tell me what actual technical issue do identification providers solve that couldn't be solved with a public key cryptography or even a password and 2FA? The whole sector seems like it was created out of corruption and shortsightedness.

by iamalizard

5/26/2026 at 6:42:59 PM

They don't solve the technical issue, that's the thing. Once you can match the public key to a legal person with their tax number, it's more or less a weekend of coding to get 80% there.

But to get there you first need to have access to the government API giving you information about a person with certain tax number (name, DOB, address) so you can send them a letter with the code, for which you likely need to be inside their security perimeter. Then you have to actually send the code and have the app generate the key. Then sure, you can expose oauth2 provider and authenticate user with an HOTP you enrolled after they entered the binding key from mail. That's about the whole thing if you don't count bells and whistles.

Bells and whistles include:

- talking to the physical id card so you can mark the key as high trust;

- keeping the session open so second login during 15 minutes would be confirmed with one tap in the app;

- backup authentication method with sms-otp;

- all the nasty stuff that happens with fraud and blocking access but you can't just block the customer and tell them to go somewhere else;

- antidebugging and obfuscation nonsence in mobile apps because CyBErsEcUritTy (second level scam);

- fancy paper to print one time codes that come by mail (not sure DigID does this, but banks do)

by Muromec

5/26/2026 at 6:02:00 PM

You want an idp who verified that the account belongs to a specific citizen. There needs to be some loop closing between your bsn (akin to a social security number) and user accounts. That in itself is not something you can just handoff to auth0 or that you want different departments to self select and self-host.

Digid is used to submit taxes and for getting benefits from the government.

by jauco

5/26/2026 at 6:46:13 PM

DigId is used to log into systems that one uses to submit taxes and claim benefits.

by Muromec

5/26/2026 at 3:51:45 PM

From the article:

> Kyndryl said in a statement it was "extremely disappointed" about the decision. "The politicization of this process has overshadowed the clear and important benefits this transaction would have brought to Solvinity's customers and Dutch citizens."

Are these guys so tone-death to the point they even try to gaslight the world? They are trying to take over a nation's ID system. Who in their right mind sees this as anything other than a national security issue?

by locknitpicker

5/26/2026 at 4:48:32 PM

As per the Dutch language saying: "Trust comes on foot, but leaves on horseback."

Trust breakdowns are costly, except to the vultures "winning" the negative-sum game. Might want to read about the fall of the Warsaw pact.

by markvdb

5/26/2026 at 8:19:32 PM

> As per the Dutch language saying: "Trust comes on foot, but leaves on horseback."

So it took your horse? Better stop trust from ever coming then.

by Jensson

5/26/2026 at 9:09:04 PM

It means trust builds slowly but can be lost rapidly. It's not about horse theft.

by Thiez

5/26/2026 at 3:03:39 PM

This is a direct result of Trump being in power. Before his regime, we (The Netherlands) trusted USA 1000%, this takeover would not even have been news.

This stance has shifted completely. And you can thank one guy for it.

by dncornholio

5/26/2026 at 2:31:09 PM

Should be simple matter to escalate this up to the President, who will put the squeeze on the Dutch government, and then secure his 10% fee for rescuing the take over deal

by hunglee2

5/26/2026 at 2:14:46 PM

How come the Dutch people aren't offering more than the US investors to purchase this company, since this seems to be so close at heart?

by carlosjobim

5/26/2026 at 6:48:15 PM

This kind of attitude is exactly why American-style capitalism is not wanted. As if money is the only thing that matters? Maybe there aren’t enough Dutch investors with deep enough pockets to match the American offer because the US prints the worlds reserve currency with no fiscal balance whatsoever. American investors are playing with monopoly money propped up by an army to bully anyone who doesn’t take it.

by znnajdla

5/26/2026 at 2:59:30 PM

maybe how much money you are willing to spend isn't a perfect measure of how important something is?

by raziel2p

5/26/2026 at 3:05:43 PM

It is just about the only measure. People who claim something is extremely important and then will not take any action or spend any money - they're dishonest people.

Let's see if the Dutch are men of their words. I expect the government to offer to buy this company, or an offering being made for the Dutch investing public to get shares.

by carlosjobim

5/26/2026 at 3:14:33 PM

Is water less important to the poor person dying of thirst than to the rich guy watering his lawn?

by vrganj

5/26/2026 at 3:46:19 PM

The question is rather: Why would a person complain about dying of thirst, but refuse to go to the river to drink, and also refuse to pay for a glass of water. That makes me believe he is dishonest when he's saying he is thirsty.

Or are we pretending that the Dutch people don't have any money between them to make an offer on this company?

by carlosjobim

5/26/2026 at 3:50:15 PM

We're just establishing that what one can pay is in fact not the only measure, disproving your universal assertion by counterexample.

Regarding the specific case, they probably have the money. But they don't need it. Such is the beauty of regulatory power, vested in a democracy.

by vrganj

5/26/2026 at 5:20:17 PM

The common expression goes: "Put your money where your mouth is"

I want to see if the Dutch will do that or not.

To see the full beauty of regulatory power, you also have to be blind to the long term consequences of decisions.

For example, are the best Dutch entrepreneurs government-aligned to the extent that they will create their startup or business in the Netherlands, knowing that they won't be able to sell shares for their company at full price? If the Dutch were willing to match the American offer, then there would be no long-term issues for them with this blocking action.

The result is that European hi-tech entrepreneurs create their businesses in a friendlier environment, which is usually the USA. And that European entrepreneurs who stay in their homeland have a hard time competing for European talent with pay.

It's easy for a nation state to mandate almost whatever they want when it comes to fixed stuff such as natural resources and agriculture. But when it comes to human talent, they (still) have the option to leave for better pastures. Or just leave business plans on the shelf.

by carlosjobim

5/26/2026 at 8:18:03 PM

> The result is that European hi-tech entrepreneurs create their businesses in a friendlier environment

An environment that lets you take European contracts since American companies can't compete for them is very attractive for entrepreneurs, so there is no problem here as long as they are consistent with banning American companies owning European government infrastructure.

by Jensson

5/26/2026 at 6:51:21 PM

>The result is that European hi-tech entrepreneurs create their businesses in a friendlier environment, which is usually the USA.

The inverse of that is that this creates a huge market in the EU, where you don't have to be the best in class and the most capitalistic - you can be good enough and still make a good buck serving local clients.

by stoltzmann

5/26/2026 at 9:34:55 PM

So it becomes more of a jobs program for the less talented entrepreneurs and their staff?

I would say the above as a joke if it wasn't true on how exactly the situation is in parts of Europe, where local IT experts and consultants struggle to deliver 1980s level software solutions to local governments - at prices which would make any US capitalist swoon.

But you are right in what you say, I won't argue against it.

by carlosjobim

5/26/2026 at 8:04:14 PM

This assumes that everyone is solely motivated by maximizing payout above all else, which is not only incredibly cynical, but also just plain empirically wrong.

(Again, by way of counterexample, I took a huge paycut to move from the US to Europe, but y'know, my quality of life is better, I live in a much safer, more pleasant place and I don't need to see people living in cardboard boxes from the window of my nice home anymore)

by vrganj

5/26/2026 at 8:14:12 PM

If a billionaire bought all the water and is now taking $10 a glass, would you happily pay, or should the government regulate that away?

by Jensson

5/26/2026 at 3:17:47 PM

> Vital digital supplier.

They make the login-screen. And now for businesses there are like 5 providers of the login screen (that you HAVE to use in order to use govt websites): you have to choose one and pay like 40EUR/y in order to log in.

Calling a login screen vital is, yes, the truth.

Out-sourcing --and creating a market for-- the login screen is, to me, one of the most bizarre thing I've seen the Dutch govt do in recent years.

by flossly

5/26/2026 at 3:19:31 PM

Oh, and if you out-source it, then I do not thing you should have a say in whom the contract. Either keep it in house, or out-source.

They contracted the market and now they want to control it as if it's in house.

by flossly

5/26/2026 at 9:58:10 PM

Does anyone have a version that doesn't start with an unskippable full-page advertisement?

by Halian

5/26/2026 at 8:48:36 PM

Oh, Solvinity / DigiD. From the title, it sounded like someone had bought ASML.

by Animats

5/26/2026 at 1:52:28 PM

One word: good.

by _HMCB_

5/26/2026 at 12:49:14 PM

Best news of the year!

by sjamaan

5/26/2026 at 1:23:06 PM

"US Takeover"

by SirFatty

5/27/2026 at 1:34:09 AM

[dead]

by grunkolsky

5/27/2026 at 3:02:01 AM

[flagged]

by h4kunamata

5/26/2026 at 1:36:45 PM

[flagged]

by selectively

5/26/2026 at 1:53:46 PM

By that we mean, send a whitehouse crony over to throw a temper tantrum on Dutch soil.

by creaturemachine

5/26/2026 at 2:40:56 PM

Something something, a free ticket to Den Haag

by Muromec

5/26/2026 at 2:57:35 PM

The subtitle “Across Europe, there have been increased concerns about the bloc’s reliance on American tech.” is false and really an economic chamber.

The author has no basis for this claim, factually or otherwise .. maybe a small tiny group would love to see this happen, but EU is happy like rest of the world minus China to enjoy the products made by great American software companies.

by gyanchawdhary

5/26/2026 at 5:40:07 PM

Two thirds of Europeans want this - https://www.techpolicy.press/almost-two-thirds-of-europeans-...

> The figures were almost universal across all categories: 62 percent of those surveyed across the five European countries said they favored or had considered replacing US data storage and payment services, while 59 percent of respondents said they would back a change from American video-conferencing companies like Zoom.

(Technically only five countries in the EU in this survey, but the five most populous countries, and presumably other countries generally agree)

by gbear605

5/27/2026 at 12:36:40 AM

thanks for sharing .. given tech policy press's editorial perspective, i'd take the result with a grain of salt. … also tbh .. the existence of the poll is almost as interesting as the outcome .. reminds me of taleb's "wittgenstein's ruler" from black swan .. before using a ruler to measure a table, you should probably know whether the ruler itself is trustworthy.

the poll may be telling us as much about the priorities and assumptions of the people asking the question as it does about public opinion… in fact, the need to run a poll on this specific question arguably says more about the agenda behind it than the resuglt itself ..

by gyanchawdhary

5/26/2026 at 3:04:30 PM

Are you serious? You did notice that there was even a EU digital sovereignty summit recently?

by Tepix

5/26/2026 at 3:13:21 PM

I didn’t notice. But regardless, a summit doesn't dictate or reflect the desires and opinions of 27 member states and its 450 million citizens and more importantly its companies and business to want to switch to European alternatives.

To give you an example, if India or China or Africa holds a summit on climate change, it doesn’t mean that its citizens want that or even care about it.

Anyway, the idea that such a big geography should move away from the best software factory of the world because it has some political agenda with its current leader is both impossible and overall quite childish and will never come to fruition.

by gyanchawdhary

5/27/2026 at 6:04:45 PM

It would be foolish to continue to rely on them given a leader who has openly expressed his very negative views about Europe and who likes extorting countries.

by Tepix