Dutch Government Blocks U.S. Acquisition of Cloud Provider, Signaling Heightened Focus on EU Digital Sovereignty
On May 25, 2026, the Dutch government blocked the proposed acquisition of Dutch cloud services provider Solvinity by U.S.-based Kyndryl, citing alleged public interest concerns under the Netherlands' sector-specific telecommunications investment screening regime. The decision, published on May 26, 2026, reflects European sensitivity around digital sovereignty and foreign access to strategically important data infrastructure.
Solvinity provides hosting infrastructure supporting DigiD, the Dutch national digital identity platform used by citizens to access medical, pension, insurance, and tax information, as well as the "MijnOverheid" government services portal. Dutch lawmakers had raised concerns that U.S. ownership could expose sensitive data to access requests from U.S. authorities under the U.S. CLOUD Act.
The decision is based on a review by the Investment Screening Bureau (Bureau Toetsing Investeringen, "the BTI") under the Telecommunications Sector (Undesirable Control) Act (Wet ongewenste zeggenschap telecommunicatie, "WOZT") (implemented in the Telecommunications Act), which empowers the Dutch government to screen acquisitions of, in short, telecommunications and IT infrastructure companies for public interest risks. The Dutch government adopted the BTI's recommendation to prohibit the acquisition in its entirety, stating that "the proposed acquisition of Solvinity may pose a risk to the public interest." The decision emphasizes that the review was "country-neutral, risk-based and proportionate", and that "the Netherlands places great value on the presence of foreign technology companies, including, in particular, American ones, and their contribution to the Dutch economy and digital infrastructure […]". This is currently the only prohibition imposed since the BTI became operational in 2020.
The matter may be viewed as a potentially significant precedent for future transactions involving cloud infrastructure, AI systems, and businesses with access to sensitive governmental or institutional data across the EU. Although limited publicly available detail accompanies the Dutch government's decision, it follows several important trends for multinational investors and technology companies operating in Europe.
The decision comes amid a broader EU policy shift treating data sovereignty as a core component of economic security and strategic autonomy. Recent EU initiatives include the EU Data Act (fully applicable since late 2025), the European Data Union Strategy, Gaia-X, and emerging cloud and AI governance proposals contemplating sovereignty requirements for certain sensitive governmental data. The Solvinity decision may reflect that these policy objectives are now also influencing transaction review outcomes.
The decision also arises against the backdrop of the EU's recently revised foreign investment screening framework on which the European Parliament and Council reached political agreement on December 11, 2025. The revised regulation strengthens coordination among Member States and broadens the scope of mandatory investment screening across the EU. The new rules are expected to apply following an 18-month transition period after formal adoption, with implementation anticipated around the end of 2027.
The Solvinity decision therefore may represent an early indication of how European governments will apply increasingly expansive digital sovereignty in future technology transactions. This adjusted element of risk advisedly may figure in future in pre-deal assessments.
