Summary

• The Dutch government has blocked Kyndryl’s proposed acquisition of Solvinity, citing public-interest concerns.
• Solvinity is sensitive because it provides infrastructure linked to DigiD, the digital identity system used by Dutch citizens to access public services.
• The decision shows investment screening moving deeper into cloud, hosting, identity, and critical digital infrastructure.

The Dutch government has blocked Kyndryl’s proposed acquisition of cloud services provider Solvinity, turning a commercial IT services deal into a test of digital sovereignty and public control over critical infrastructure.

The decision prevents US-headquartered Kyndryl from buying Solvinity, a Dutch cloud and managed services provider whose infrastructure is linked to DigiD, the digital identity system used by residents in the Netherlands to access government, healthcare, tax, pension, and other public services.

Reuters reported that the transaction was worth about €100m and that the Dutch government cited public-interest concerns after advice from the agency responsible for screening foreign investments. It is the first US acquisition blocked by the Dutch Investment Screening Bureau since the body was established in 2020.

The case shows digital sovereignty moving from policy language into deal control. Cloud providers, managed services companies, hosting platforms, and identity infrastructure are increasingly being treated as strategic assets, particularly when they support public services or hold sensitive citizen data.

Kyndryl has criticised the decision, arguing that politics overshadowed the benefits of the transaction. Solvinity has said it remains in discussions with authorities over issues including national security, digital autonomy, and the protection of critical Dutch infrastructure.

The Dutch government has not published a detailed security rationale in the way a competition authority might publish a full merger analysis. National security and investment-screening decisions rarely offer that level of transparency, but the direction of travel is clear: ownership, control, and jurisdiction now matter in cloud and identity infrastructure.

The Solvinity case arrives as European governments reassess reliance on large US technology providers. The concern is not limited to outages or procurement concentration. It extends to legal jurisdiction, data access, operational continuity, supplier lock-in, and whether critical digital services can be insulated from geopolitical pressure.

Europe will not remove US technology from public infrastructure, and most governments remain heavily dependent on US cloud, software, cybersecurity, and IT services providers. The shift is more targeted. Where a supplier underpins identity systems, public administration, health services, telecoms, justice, or other essential functions, governments are more willing to intervene before control changes hands.

Cloud and managed services companies now have to treat sovereignty risk as part of M&A planning. Deals involving identity, public-sector platforms, health systems, justice systems, telecoms, or critical infrastructure will face closer political scrutiny, even when the buyer has a long commercial track record. Contract value and technical capability will not settle the question on their own.

The decision also complicates Europe’s own market. If national governments block foreign acquisitions of sensitive infrastructure, they must also help create credible domestic or European alternatives with enough scale, capital, and technical depth. Sovereignty is easier to defend in a ministerial letter than in a production environment that must keep identity systems running for millions of citizens.