Logius outsourced the hosting and infrastructure to Solvinity.
Why did they not mandate national (or at least EU-based) hosting and infra ?
It feels a bit insane in retrospect for such a critical digital service ?
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
IT is hardly something we need to do occasionally, so build up a department that can do it (not just write up huge reports about what it should do and outsource, like Logius) and invest in the people that will work there (retaining them as much as possible). Give a big middle finger to consultants, and listen to the tech experts. Build boring stuff that works instead of a new app every month.
It's not impossible in theory, and cheaper in the long run. It's impossible because asshats who would actually benefit from left and centre politics keep voting right-wing parties in to power.
They did, and they moved to block the acquisition of the local company handling it. What's unclear in the article?
What I find strange is that the Dutch government does have its own datacenters, e.g. ODC-Noord (1), but they're still looking to outsource the hosting even after the current contract ends in 2027.
> Currently, DigiD is partially managed by Solvinity, a company owned by a British investor
Britain is neither local nor in the EU
American Federal Systems also have European and Indian operators but it gets more restricted depending on what part of the system you're dealing with. Even then, the operators get it wrong.
Many "American" firms are being served by Irish, Bulgarian, and Dutch operators for example. When you get to Fedpod, the restrictions are usually tiered, not all or nothing. It's why US firms got caught with Chinese handling data.
The question isn't should Europe and even America clean it up - it's how much is legitimate national soverignty and how much is going to be straight mercantilism in the Cloud/SaaS sector.
I hate it, but what can you do, this is sadly what people here keep voting for.
Sadly, I don’t know of a way to influence how our government practices IT. Except maybe to work for Logius. And even then there will be the topic of funding.
Some European countries right now have their currency printing and their passport printing outsourced to foreign nations.
These things aren't too unusual.
I do kinda get the China customs system example though, only because if corruption is bad enough that it's a greater concern than opsec, then you're kinda hosed anyways.
None of the sharks ultimately ever managed to agree who gets to eat it- because whoever did would upset the balance between the sharks.
But China and America are mega sharks who don't care about balance and want to eat everything or die trying.
But now they want NL Wallet to use Google and Apple accounts for login, so this is happening again.
“Huh. Israel hardly got any votes this year.”
Netherlands blocks US takeover of vital digital supplier
For the non-government/private business however, it is indeed a matter of privacy. France rolled out a while ago the requirement to establish the user's age when accessing porn sites. I refuse to do that.
To say the least, he made some pretty serious compromises in life. He was a tattoo artist with no shop and effectively homeless when I knew him, if you were curious.
Anyway, sometimes the world moves on without you.
The public servant benefits in vacations, work hours, health support, plus an above average salary as highly educated technician.
Post and trains already had to be privatised since them being government owned was deemed anti competitive by EU standards
The company in question only provides cloud services, and has no access to any data.
> I just don't understand why the government won't consider funding it. It's a public infrastructure service at this point.
It has been 9 years since the last centrist ("purple") government in the Netherlands. 24 years since the last left-wing led government. Nothing more to it.
It's just decades of Neoliberal "outsource government tasks to the free market" policy. There really isn't any other reason; The Dutch government has multiple divisions which are quite good at IT. It could choose to do so at any moment, it just doesn't.
Voters just didn't care. The system worked fairly reliably. So they just kept voting for a very charismatic politician, regardless of the long term consequences.
Because they're a government and they are therefore going to fuck it up.
Not big on evidence-based thinking, are you?
Add to this hard digital sovereignty requirements: continuity of service must be guaranteed for decades. All this requires quite a special setup in which commercial entities are rather tolerated than welcomed, but they may still make more sense than a government agency so constrained by budget process that they cannot hire any decent engineer.