Dutch state blocks Solvinity takeover

Dutch state blocks Solvinity takeover

The Dutch government has blocked Kyndryl’s proposed Solvinity acquisition, escalating scrutiny of control over sensitive cloud infrastructure.

Dutch state blocks Solvinity takeover
Summary
  • The Dutch investment screening authority has issued a definitive prohibition on Kyndryl acquiring controlling interest in Solvinity.
  • Solvinity supports sensitive public sector digital infrastructure, including services linked to the Dutch DigiD identity system.
  • The decision places ownership, jurisdiction, and control inside Europe’s wider digital resilience and sovereignty debate.

The Dutch government has blocked Kyndryl from acquiring a controlling interest in Solvinity, using investment screening powers to stop a cloud and managed services transaction on public interest grounds.

The Bureau Toetsing Investeringen, the Dutch investment screening office, published a definitive prohibition under chapter 14a of the Telecommunications Act.

The decision covers Kyndryl Holdings Inc., Solvinity Group B.V., and relevant subsidiaries, controlled entities, or affiliated companies.

According to the authority, the planned acquisition could create a public interest threat after assessment against the statutory criteria in the Telecommunications Restriction of Controlling Interests Act.

The Dutch government’s formal notice gives the legal basis for the prohibition, rather than a detailed public account of the risks assessed.

Solvinity is a Dutch cloud and managed services provider with links to sensitive public sector digital infrastructure.

DigiD, the Dutch digital identity service, has also published a notice stating that the proposed acquisition will not proceed and that users can continue using DigiD as usual.

Kyndryl said it was disappointed with the decision and argued that the process had become politicised, while the public notice from the Dutch authority remained focused on the statutory public interest assessment.

Control is now part of resilience

Digital resilience is increasingly assessed through ownership, jurisdiction, access rights, continuity arrangements, and operational control.

Firewalls, backup systems, physical security, and incident plans remain essential, but they are no longer the full picture when a provider supports public identity, government platforms, or secure managed services.

The Dutch decision lands in a European environment shaped by NIS2 implementation, critical entity resilience rules, sovereign cloud policy, and concern over the legal reach of non European jurisdictions.

Buyers of cloud and infrastructure assets are therefore facing a wider diligence perimeter than financial capacity and technical competence.

Cloud and data centre providers involved in sensitive public sector, defence, healthcare, identity, or critical services may face more detailed examination of ownership, control rights, subcontracting, data access, and operational continuity.

M&A risk also changes when a target is close to public digital infrastructure, because buyers may need to offer stronger remedies, governance structures, local control arrangements, or operational safeguards.

Governments still need to calibrate intervention carefully, since excessive controls can deter investment while weak controls can leave public services dependent on ownership structures that become difficult to unwind later.

The Solvinity prohibition gives a clear marker for the Netherlands, where cloud and managed infrastructure suppliers can be treated as strategic assets when they sit close enough to public systems.

The decision also narrows the old distinction between IT services and infrastructure, because a provider supporting identity or government workloads can become part of the operational backbone of the state.


Stay updated with the latest insights and trends in the data centre industry by subscribing to our newsletter.

← Back

Thank you for your response. ✨