Kind of interesting how the perspective is so different from the inside! Maybe it's the typical "the grass is always greener..."?
Most notably the Labor and Welfare Administration with 3000+ open repos.
France even has an official map of this kind, with publicly visible recommendations: https://suiteterritoriale.anct.gouv.fr/conformite/cartograph...
Disclaimer: I made mxmap.be after seeing Swiss ant Dutch counterparts. I did not look at MX records only but also at EHLO replies, SPF and DMARC records and at fronting services.
https://jurgen.gaeremyn.be/2025/03/08/european-critical-depe...
"Purely based on the MX-records, we learn that 72% of Belgian municipalities run Microsoft mail servers and 60% of the Dutch municipalities. For Scandinavia, it’s 64% in Norway and 57% in Sweden. In Finland, it’s a whopping 77% if the cities that are being served by Microsoft."
I don't have the numbers at hand and cannot dig them up right now. If anyone knows the extent of participation of each country that'd be definitely interesting for others too.
This is all (tried to) rememberings from meetings in 2024 sometime, so could be different today.
https://nlnetlabs.is.not.nlnet.nl/
Funding for NLnet Labs is largely from paying customers for development of DNS software.
NLnet funds development of the full stack of communication technologies from chip design to office suites. Funding for NLnet comes from public institutions, private companies and citizens.
And interestingly, code.overheid.nl runs from a residential ip address.
That’s not what I’m seeing.
IP address is currently 147.181.37.238, which is assigned to ODC-Noord via RIPE.
ODC-Noord is a data centre for national government organisations according to https://www.odc-noord.nl/
Checked with `host`, `dig` and hosting-checker.net
That's not a fair characterization. The company that runs it might be bought. That's not planning to put it in USA hands
The result is that the information needed to log in to all the important government systems becomes subject to American jurisdiction. Foreign agents will be able to authenticate themselves as any Dutch citizen and act on their behalf.
And you have concrete proof that this is indeed the plan, stated by the government as the official position, or this is based on your own extrapolation of rumors?
The amount of misinformation that any story related to any European country seems to pull in is crazy, seems to be something about the continent that makes some parts of HN feel blood in their mouth or something.
Parliament has asked government with near unanimity to prevent this from happening. Government has not even acknowledged that this should be prevented.
But the lack of action is not proof that "their plan is to do nothing" nor "the government plans to hand authentication data over to US", those stronger claims require stronger proof, something you seem to be unable to provide.
The dutch government has an authentication system called DigiD. It's effectively an OAuth protocol for government sites, and one of the few ways in which the Dutch government has centralized IT. Every dutch citizen can get access to it, and probably will need it at some point to deal with the government (paper options are meant to exist, but you can already guess on how easy the availability of that is.)
DigiD is currently hosted by a dutch company named Solvinity and developed by Logius (the governments in-house IT development organization). Solvinity is currently in the process of being bought out by another company, Kyndryl, which is based in the US. The government approved the takeover under the previous coalition (who are no longer in power.) The takeover currently is under extreme public scrutiny because of everything to do with the US - most people are at least vaguely aware of the deadly combination of the US CLOUD/PATRIOT laws, which would compel Kyndryl to hand over data on any dutch citizen to the US government for any reason[0]. The US government right now is not exactly behaving like a good steward with the powers it has, instead favoring maximum exploitation within (and outside, if the lawsuits are any indication) it's legal limitations, and is also verbally attacking it's own allies near constantly. Given DigiD is effectively a list of personal information on almost every dutch citizen, it's probably a bad idea to hand access to it over to a hostile foreign country.
On an employee level, the takeover is deeply unpopular - some government workers have actively reached out to the press to warn about the deal, something which very rarely happens as government workers aren't expected to publicly break with government policy. This has led to a motion in the second chamber (parliament) to change DigiDs hosting from Solvinity to another provider being passed... in 2028, for a deal set to go through in a much shorter timespan. At the same time, the government (this time: the elected politicians) is unwilling to reconsider it's stance on the Solvinity takeover, claiming that because it already said it was OK before, it can't change its mind now.
[0]: It's also, almost certainly illegal in a GDPR/AVG (local version of GDPR) sense. US/EU privacy laws are fundamentally incompatible with one another because of these two laws, and the courts keep shooting the international data transfer agreements to bits every time. Even on a basic level, having your government authentication systems legality tied to whether or not Max Schrems wins his court cases is a bad idea.
But I still don't see the "inaction of blocking the sale" as proof that the government is planning or trying to push that sale through, regardless if I personally happen to disagree or I see the drawbacks from it.
* In early 2025, the previous dutch government lost majority coalition support. The previous government remains in power until a new one is elected, but isn't expected to make major decisions any more; they're effectively just stewards to ensure the country isn't totally leaderless[0] (this is also called a demissionary government here).
* In late 2025, a new second chamber is elected and work on a coalition begins. Until a new coalition is formed, the previous government remains in power.
* In November 2025, right around this, Kyndryl announces it's takeover of Solvinity. The demissionary government gives initial approval for the takeover and decides that the takeover won't mess with the DigiD contract.
* In January 2026, the deal begins to fall under scrutiny in IT/privacy circles and some political parties express their concerns, but not much media attention is drawn to it at first. The ACM (dutch antitrust authority) also gives it's approval for the sale. All this still happens under the demissionary government.
* In February 2026, the new coalition government is sworn in. Scrutiny on the deal is starting to intensify and media coverage becomes more public.
* In late April 2026 (as in, last week), parliament passes a motion to request to change away from Solvinity in 2028. At the same time, the minister responsible for the sale is answering press questions about the sale, indicating he doesn't intend to block the sale. Just four days ago, the minister publishes a formal letter to parliament, effectively saying that they aren't stopping anything and that the government already gave preliminary approval to extend the DigiD contract with Solvinity (a separate matter, but just as related) back in March (so under the current government). They expect to ink it before the end of next week (May 6th.)
Somewhere between March and April, some internal government employees also step to the press to warn them about the sale in terms of a national security threat, but I don't exactly recall when on the timeline that happened.
The reason why the government is getting the blame for it isn't just inaction; they aren't standing by and letting something they had no involvement with (since the previous government was demissionary) happen - they're actively choosing to continue the motions of the previous demissionary government - including signing contract extensions that the previous government wasn't involved with - in spite of the very clear pushback they're getting from doing so.
[0]: This is the abbreviated version - somehow the previous government managed to lose coalition support twice, even when it was already demissionary. It's not normal for two parties to pull out like that on separate occasions.