On May 25, 2026, the Dutch government prohibited Kyndryl’s proposed acquisition of Solvinity, a Dutch company that operates the digital identification platform (DigiD) used by citizens to access Dutch government services. The decision marks the first prohibition under the Dutch telecom foreign direct investment (FDI) regime.
Background
In November 2025, U.S.-based Kyndryl notified its proposed acquisition of Solvinity to the Bureau Toetsing Investeringen (BTI) for FDI review.[1] The telecom FDI regime is separate from the general Dutch FDI framework[2] and applies where an investor acquires relevant influence over specified telecom-related activities – which are defined widely and include telecom services (telephone, internet access, electronic communications network), internet hubs/nodes, data center (including hosting) services, qualified trust services, or the provision of these services to national and military security agencies – of a Netherlands-based target.
The transaction attracted significant public interest and data ownership concerns – including parliamentary questions, public interest group scrutiny, and media coverage – focused on data security, control, and continuity (“kill-switch”) risks.
The Government followed the BTI’s advice to prohibit the transaction based on its potential risk to public interest. The statutory grounds for “risk to public interest” are broadly worded and include suspected intent to abuse or reduce continuity of the relevant telecom service — in this case trust services. The concern centered around Solvinity’s role in supporting DigiD and the risk that Solvinity’s compliance with certain American laws could compromise the security and continuity of that critical digital infrastructure.[3]
In a letter to Parliament, the relevant minister stated that he saw no alternative but to prohibit the transaction[4]. The timing appears to have been driven in part by the transaction’s impending closing. The letter emphasizes that the Dutch FDI framework is country-neutral, proportionate, risk-based, and directed solely at protecting public interests, and that the Netherlands continues to welcome foreign technology companies.
Implications
The decision confirms that the Netherlands is prepared to use its FDI review powers to block deals that carry public-interest risks, including in digital infrastructure and data-sensitive services. Notably, the investor was a major American company, underscoring that the regime is not reserved for investors from traditionally “high-risk” jurisdictions.
Perhaps more significantly, the decision suggests that mitigation commitments may not always suffice. Public sources indicate that remedies were discussed,[5] but ultimately set aside as insufficient to address the identified public-interest concerns.
Takeaway
This prohibition confirms that Digital sovereignty, data control, and operational resilience are increasingly central in Dutch FDI screening. Parties contemplating transactions involving cloud infrastructure, identity systems, trust services, government-facing technology, or other critical digital dependencies should assess Dutch FDI risk early and develop a substantive mitigation strategy, regardless of the investor’s jurisdiction.
[1] The transaction was also reviewed and cleared by the Dutch competition authority under merger control.
[2] For a review of the general Dutch FDI regime, see Cleary Gottlieb, “Dutch Foreign Direct Investment Screening regime enters into force”, July 4, 2023, available here.
[3] State Secretary of Interior and Kingdom Relations, “Government letter – Current status and approach to the Solvinity case”, February 10, 2026, available here.
[4] State Secretary for Economic Affairs and Climate, “Government letter – letter to the Second Chamber of the Staten-General, Decision Investment Screening Solvinity”, May 26, 2026, available here.
[5] State Secretary of Interior and Kingdom Relations, “Government letter – Current status and approach to the Solvinity case”, February 10, 2026, available here.