
Solvinity
Dutch cloud and managed-services provider hosting critical national digital infrastructure including the DigiD identity system and MijnOverheid portal.
Last refreshed: 3 June 2026 · Appears in 1 active topic
Why does who owns Solvinity matter to every Dutch citizen using DigiD or MijnOverheid?
Timeline for Solvinity
Dutch block first US cloud takeover
European Tech SovereigntyBackground
Solvinity is a Dutch managed-cloud and data-centre company headquartered in the Netherlands, specialising in hosting and managing mission-critical IT infrastructure for public-sector clients. Its most consequential contracts are with the Dutch government: it hosts DigiD, the national digital-identity system used by citizens to authenticate for tax, healthcare, pensions and benefits; MijnOverheid, the personal government portal through which citizens manage correspondence with ministries and municipalities; and Digiport, the government's digital communications gateway for businesses. These three systems collectively handle a significant share of state-to-citizen digital interaction in the Netherlands.
Solvinity was the subject of a EUR 100m acquisition bid by Kyndryl, the US IT-infrastructure company spun out of IBM in 2021. The Dutch competition authority ACM cleared the deal on antitrust grounds in February 2026. On 26 May 2026, Dutch Minister Willemijn Aerdts prohibited the acquisition, ruling that Kyndryl's US incorporation created an unacceptable risk under the US CLOUD Act: American authorities could compel Kyndryl to disclose data held by a Dutch subsidiary without a Dutch court order, placing DigiD and MijnOverheid data within US legal reach. Kyndryl described the ruling as "extremely disappointing" .
Solvinity's central role in Dutch public-sector digital infrastructure made it the test case that crystallised the CLOUD Act argument underpinning the European Commission's Cloud and AI Development Act (CAIDA). The Dutch prohibition demonstrated in concrete terms what CAIDA's drafters have argued in abstract: that US corporate parentage over critical national data infrastructure is a sovereign risk, because the CLOUD Act grants US authorities extra-territorial compelled-disclosure powers. Solvinity itself is not a tech-sovereignty actor; it is the infrastructure that made the principle legible. The outcome strengthens the case for European-owned cloud providers as the correct vehicle for hosting state digital-identity systems, independent of whether CAIDA passes.