The company that basically runs it for the government is being sold to an American investment company, which brings with it obvious national security risks.
There's a lesson to be learnt here, extending beyond digital infrastructures.
The Dutch government should have outsourced DigiD hosting to SURF [1] which already had extensive experience with cloud services and is virtually immune to foreign influence.
Then again, they never found out about the Crypto AG communications backdoor (https://en.wikipedia.org/wiki/Crypto_AG) until 2018 as far as I know. Or they did know but since it's CIA they allowed it.
Cutting off updates would leave devices insecure.
Do some devices not have remote disabling as a security feature?
A lot of devices and software store or backup to cloud servers.
If the government owns the infrastructure, but outsources the day-to-day running to a company that's one thing. But if the infrastructure is owned by the third party then that's a lot harder to deal with.
This is still very problematic. To be honest, even using foreign hardware or propietary software is problematic. But you should reduce dependence as much as possible because it is a huge vector that should the foreign government decide to turn on you openly or secretly, it could bring you down before you have a chance to detect what is happening. I believe wars between developed countries will operate at this level (i.e. by targeting foreign dependency chains whether it be national systems for id or simply cutting undersea cables)
Recovering from "Your critical national infrastructure is physically owned by someone else" is much trickier.
Or even, post-Greenland, to force the Dutch to give Trump the Dutch Caribbean islands off the Venezuelan coast as well (Aruba, Bonaire, Curaçao).
If I were a Dutch member of parliament, I would be insisting this particular vulnerability to extortion be addressed as soon as possible. Of course, the US can still threaten to, at worst, nuke us all to smithereens but let's hope they're not willing to go that far.
This prompted me to try OnlyOffice, and man is that nice. I do like LibreOffice, but 2 things bug me: It just looks old. And second, I have, since the dawn of time (and the Sun's Star Office) had issues just telling the software: "This is a Dutch doc, apply Dutch spelling and Grammar Checks". It has never worked well, even Firefox text fields work better. But with OnlyOffice it seems to work well so far, and also, it will be much much more recognizable by ex-MS Office users. It hear the interop with MS formats is also better.
[0] https://www.techspot.com/news/110095-international-criminal-...
They can also order MS and Amazon and Google and Apple to switch off services on which most of the economy relies, and which most devices require to function.
Not sure they can transfer while the US practice the death penalty or penal slavery.
It is hard to vote, being buttered up with promises and pretty speeches, just to be disappointed halfway to next election.
For every vote the most informed and well read and intelligent person has, whose family built everything there is in any democracy…every single year of your life there is one additional foreign, alien, hostile person that was just given the right to vote along with the 5 children they will have to your 1.5 to all vote against you.
That’s why the rich don’t vote, they got politicians, institutions, academics, organizations, etc. that’s our vote, we vote millions and billions of times with dollars, while importing millions of people who totally neutralize your vote and say every single time you go through that charade called voting.
Until the German people can investigate and prosecute their own intelligence services, this situation will not change. That the German intelligence services answer to the CIA is a travesty for the German people.
Anyone wondering about Merz' servitude should keep this in mind.
This would be a very mild response, given that the Dutch government recently attempted to take control of chipmaker Nexperia [1], where much less were at stake.
Even if guarantees are given, who is going to enforce them against an order coming from the US government?
That allows Logius to pretend it's not much of a problem, and Solvinity maintains (in an unusually sharp and on-point interview) that all data is "encrypted" [1], without mentioning who possesses the keys or whether encryption is relevant at all. They go on to say that they consider the scenario of the US shutting down DigiD "very hypothetical", that they will follow Dutch law and that they have a strong supervisory board (as if that would matter).
Logius also operates MijnOverheid, which collates very sensitive information about all citizens from most government agencies and also relies on Solvinity infrastructure.
The infrastructure that Solvinity maintains goes far beyond servers, as they've concocted themselves an unholy procurement mess with their PICARD / LPC solution (Logius Private Cloud). They were advised multiple times over multiple years by the main advisory body on IT of The Netherlands (AcICT) not to do it in this way and KISS, but then did it anyway.
The intent of structuring it in this way was that it would be easier to switch infrastructure providers, but the outcome is the exact opposite: there is now a non-standard "integration layer" that would need to be rebuilt. Which is exactly what AcICT warned about from the beginning.
You can find a diagram of the responsibilities on both the Solvinity and Logius side on the last page of [2] (in Dutch).
The wild thing is that Logius also owns and maintains "Standaard Platform" [3], which is a very neat and standard Kubernetes environment, but they declined to use this for DigiD and MijnOverheid because they didn't deem it secure enough, and instead of securing their Kubernetes deployment, they went on with PICARD / LPC.
Logius is an autonomous body of the Ministry of the Interior (BZK), but they appear to have completely lost control over setting any policy and now mainly walk from crisis to crisis because any opening on their "SAFe train" is years away.
[1] https://www.nrc.nl/nieuws/2025/12/03/baas-van-solvinity-prob...
[2] https://www.adviescollegeicttoetsing.nl/site/binaries/site-c...
[3] https://www.logius.nl/onze-dienstverlening/infrastructuur/st...
While federal government in Belgium is less dependent on US clouds, Digital Vlaanderen is pretty much in bed with Microsoft on all levels.
Whoever gives US Big Tech access to their digital infrastructure is a foreign spy and should be jailed
https://www.welivesecurity.com/en/social-media/linkedin-hunt...
The problem is that they privatized it. But that in turn is caused by the wage structure; if you work for the government, you fall under its collective wage system, and the way it's set up... can't compete with private companies, especially not in IT services. So the government ends up outsourcing most IT projects, with mixed success and costing them a lot. But with this, it also opens them up to risk.
I get the wage thing, but they need to be able to control these things. 51% of nontransferable shares of all companies involved.
FWIW, SURF [1] (the Dutch university network operator) successefully operates much more complex digital infrastructure. So, going with a fully private infrastructure provider was a choice, not a necessity.
Using SURF would not be without precedent. The Greek government has been successfully using GRNET [2] (the Greek counterpart of SURF) for hosting and developing digital infrastructure.
Going back to old school services is doable and safe as long as governments are interested for the security of citizens.