Coalition takes legal action over DigiD provider takeover

The group of advocates - consisting of Esther van Egerschot, Maxim Februari, Felienne Hermans, Bert Hubert, Joris Luyendijk, Caroline Nevejan, Reijer Passchier, Jelle Postma, Sander Schimmelpenninck, Eric Smit, Karin Spaink, Marleen Stikker, Kees Verhoeven, the Firewall Foundation and Privacy First - sent on Monday, 12 January last, sent a fire letter to BTI. In it, we urgently pressed for that information regarding the acquisition of the company Solvinity Group B.V. (Solvinity) by US tech multinational Kyndryl Inc (Kyndryl) so that we, as interested citizens and organisations, could be involved in that review process.

The decision concerns BTI's refusal to comply in time with our urgent request for full disclosure on this matter, in particular on whether and how this acquisition of Solvinity will be tested against national security.

Solvinity manages the infrastructure behind DigiD, the system that allows citizens to identify themselves digitally to all kinds of Dutch government agencies - including the Tax Authority as well as insurers, healthcare and service providers. DigiD is legally designated as a service of vital importance to our society.

Kyndryl claims to be the world's largest provider of IT infrastructure services and is subject to US legislation. Under that legislation, the US government can demand access to data and systems, which conflicts with the interests of the Netherlands and the privacy of Dutch citizens. Indeed, putting part of our vital digital infrastructure in US hands increases the Netherlands’ vulnerability to failure, manipulation or even blackmail.

It is now a fact of common knowledge that the US government (partly for the benefit of Big Tech companies' interests) sometimes intimidates and sanctions individual citizens and organisations participating in the public debate by improper means. Again, this potential weakening of our democratic rule of law is not only a matter of national security, but also touches on the individual freedoms and security of citizens. This is particularly true for our advocacy group, which is often publicly critical of the behaviour of the US government and Big Tech companies.

The group therefore demands openness from the Minister of Economic Affairs on the acquisition of Solvinity and wants to know what communications have been made by the minister in the context of the review of Solvinity and Kyndryl and whether it has already been determined by the minister that a review decision is required. If the review decision has already been made, the group demands a copy of it from the minister.

The advocacy group is being represented by lawyers Matthijs Kaaks (Boekx Advocaten) and Roland Mans (De Geer Advocaten).

Read HERE the objection and HERE the parallel request for injunctive relief (pdf).

Update 30 January 2026 

Our legal action has yielded a first result: a recent response from BTI to our coalition shows that (contrary to what everyone has thought so far) Solvinity and Kyndryl made the notification to BTI not under the Vifo Act, but under Telecommunications Act chapter 14A: Telecommunications Unwanted Control Act (Wozt). This Act too provides for public interest and national security review.

BTI has informed us that it is now investigating whether ‘the transaction can be tested under this law’. BTI says it is still investigating whether the notification falls under the Wozt or not. In other words, there is no review decision for now. Thus, there is less need to hurry than we initially thought.

This has implications for the proceedings we have initiated: we will withdraw our recent application for injunctive relief. After all, we did so under Section 11 of the Vifo Act.

What remains unchanged is that we want to be able to exercise our rights as interested citizens and organisations in a possible review decision, and this is not possible now. Therefore, we still want access to information on the decision-making process and request to be heard in this procedure. So we are keeping up the pressure.

Our lawyers Kaaks and Mans have since filed a new application (see at the bottom of this update).

After all, putting part of our vital digital infrastructure in US hands increases the Netherlands' vulnerability to failure, manipulation or even blackmail. Current geopolitical developments and developments in the United States itself make it clear how urgent this is. In addition, under US legislation, including the Cloud Act, the US government could demand access to DigiD data and systems, including access to the data of Dutch citizens.

A recent conversation in the House of Representatives with representatives of Kyndryl made it clear that the company cannot rule out the possibility of the US government demanding such access or inspection under the aforementioned laws, coercive measures or decrees. No contractual condition will help against that. Nor can it rule out the possibility of the US government influencing, hindering or even shutting down DigiD's system in the future. The planned takeover therefore constitutes an encroachment on Dutch digital sovereignty.

It is of fundamental public interest as well as in the interest of everyone's privacy and the national security of the Dutch state and society that this encroachment is prevented.

We have therefore now asked BTI to respond to our requests within four weeks at the latest. If not, we will still take appropriate legal action.

Was signed: Esther van Egerschot, Maxim Februari, Felienne Hermans, Bert Hubert, Joris Luyendijk, Caroline Nevejan, Reijer Passchier, Jelle Postma, Sander Schimmelpenninck, Eric Smit, Karin Spaink, Marleen Stikker, Kees Verhoeven, Firewall Foundation and Privacy First.

Read HERE The coalition's new requests in response to this recent letter From BTI (pdf).