Are critical digital assets being sold off?
A sovereignty clash in the Netherlands
For more than six months now, there has been widespread discontent across large parts of Dutch society and politics regarding the company Solvinity. This Dutch IT organization, majority-owned by a British investor, intends to be acquired by the American company Kyndryl.
TEXT: RASHID NIAMAT IMAGES: ENVATO
If anything illustrates the dynamics of digital sovereignty, it is this case. Outside the Netherlands, it remains relatively unknown, which is why DSR Magazine provides this explanation.
Largely unknown until last year
Until mid-last year, Solvinity was relatively unknown among Dutch citizens, politicians, and the press. This suited the organization well, as it primarily provides services to government bodies that prefer to avoid extensive or frequent media attention.
One of Solvinity’s key clients delivers the service through which all Dutch citizens must identify themselves online: DigiD. This service has existed since 2005 and is now mandatory for all central government websites, municipalities, pension funds, social services, the police, and the tax authorities.
In healthcare, DigiD is also required for making appointments and managing insurance matters. In addition, Solvinity provides services to the Ministry of Justice and various municipalities, including Amsterdam. Reportedly, some of these services are hosted in data centers owned by American companies.
It quickly became clear that the DigiD service is so essential to the government, citizens, and businesses that it should not fall into American hands
Data classification
In the spring of 2025, Solvinity and other companies were invited to a roundtable discussion on digital sovereignty. A review of the reports shows that Solvinity was one of two companies that repeatedly emphasized the importance of data classification.
As the term suggests, data classification aims to distinguish between different types of data. Organizations that can categorize their data, for example, based on levels of confidentiality, can apply appropriate measures for each level. This approach has long made it possible to determine whether public cloud solutions are suitable for certain scenarios, or whether only a private cloud environment should be considered.
The emphasis Solvinity placed on data classification took on a different meaning later in 2025, when it became clear that Kyndryl had made an offer that Solvinity’s shareholders were willing to accept. From that moment on, many began to view the call for greater insight into the nature of data as an attempt to downplay objections to the sale.
Parliament
The controversy surrounding the proposed acquisition by an American company has not been limited to the press. The Dutch parliament has addressed the issue multiple times, both in plenary sessions and in committee meetings. It quickly became clear that the DigiD service is so essential to the government, citizens, and businesses that it should not fall into American hands.
Gaining a thorough understanding of data and processes is a meaningful exercise that can help shape well-founded positions on digital sovereignty in specific cases
During committee meetings,widely attended by concerned citizens, there were indications that the acquisition of Solvinity should be redirected toward a solution acceptable to the Netherlands. A full sale, including all existing services and contracts, appears to be off the table.
The emotional responses this issue has triggered, along with the unconvincing role played by an IT industry association, have already been widely covered in the Dutch press. What has received little to no attention, however, is the concept of data classification.
A missed opportunity
This is understandable, but at the same time a missed opportunity. Gaining a thorough understanding of data and processes is a meaningful exercise that can help shape well-founded positions on digital sovereignty in specific cases.
The earlier comparison between public and private cloud environments was deliberate: in that context, executives, auditors, and even regulators have previously been able to make well-substantiated decisions based on clear frameworks.
However, the strong emphasis placed by Solvinity and certain other parties on data classification was not primarily aimed at conducting a thorough classification in the interest of the Netherlands. Many observers who have followed the communications see it mainly as an attempt to divert attention. So far, that strategy has not been successful. In fact, not only have the company and the prospective buyer suffered reputational damage, but any meaningful discussion on data classification has, for the time being, been undermined.
A distinct dynamic has emerged in the Netherlands around digital sovereignty, one that is highly significant
Broader implications
Elsewhere in the European Union and beyond, acquisitions are also likely to face increasing scrutiny as the focus on digital sovereignty intensifies. What makes the Dutch situation unique is the visible attempt to divert attention, without success.
The extent to which citizens have engaged in the debate is unprecedented. Political parties have recognized that this issue resonates with voters, and as a result, parliamentary votes on matters even remotely related to digital sovereignty have produced, by Dutch standards, exceptionally large majorities.
A distinct dynamic has emerged in the Netherlands around digital sovereignty, one that is highly significant. The space for nuance, already limited in this domain, has narrowed further, while the reputational damage has already become substantial. 