US Takeover of Dutch Digital ID System Sparks Severe Data Security Fears
The Hague, Friday 17 April 2026
A planned US takeover of a Dutch IT firm could grant American authorities access to 17 million citizens’ personal data, prompting a senior privacy official to prepare legal action.
The Architecture of Vulnerability and Digital Sovereignty
The proposed acquisition of Dutch IT firm Solvinity by the American technology giant Kyndryl has ignited a fierce debate over data sovereignty and the security of critical digital infrastructure [1][2]. Solvinity is responsible for managing DigiD and MijnOverheid, the foundational authentication systems that facilitate the digitalisation of legacy public services across the Netherlands [1][2]. With approximately 17 million registered users, the DigiD platform processes around 2 million login sessions daily, granting access to essential government portals, healthcare providers, and fintech-integrated pension funds [1][3]. Furthermore, the MijnOverheid system dispatches around 100 million letters annually, containing highly sensitive personal and financial data [1][3]. As European nations increasingly rely on scalable Software-as-a-Service (SaaS) solutions to modernise civic infrastructure, the outsourcing of such monumental data repositories to foreign entities raises profound cybersecurity questions [GPT].
Market Dynamics Versus National Security
In response to these systemic vulnerabilities, Pieter van Oordt, the Chief Privacy Officer at Logius, has taken the extraordinary step of preparing legal action against the Dutch state [1][3]. Having escalated his concerns to the highest civil-service levels without resolution, and having been denied access to the State Secretary of the Interior, van Oordt informed his employer in early April 2026 of his intent to litigate [2][3]. He has publicly warned that the United States could switch off DigiD for extended periods and issue secret information requests [1][3]. Furthermore, he asserts that any additional security measures currently being negotiated between the government, Solvinity, and Kyndryl will be fundamentally insufficient to prevent unauthorised access or system outages [3][4].