It is not only about DigiD, but about the infrastructure behind it
The news that the Dutch government intervened to prevent DigiD’s underlying infrastructure from ending up in American hands shows how important digital control has become.
The discussion was not about DigiD itself, but about the systems and infrastructure behind it. That distinction matters.
Control is the real topic
This is good news. Not because American companies would be unsafe, but because it is about control.
Who operates the infrastructure? Which laws apply? And who ultimately has access or influence?
For millions of Dutch citizens, DigiD is an essential part of daily life. We use it for taxes, healthcare, municipalities, and many other government services. That is why it makes sense to be critical about where these systems run and who controls them.
The same question applies to businesses
Many companies now run almost entirely on digital systems. Email lives in the cloud, websites run on external platforms, and business data is spread across servers around the world.
Decisions are often driven by price or features, but much less by the question: where is my data actually stored?
Hosting in the Netherlands or Europe: often simpler for privacy and compliance
For many organizations, hosting in the Netherlands has clear benefits. Data stays close, which often improves responsiveness for websites and systems.
In addition, your data falls under Dutch and European legislation, including GDPR. That can make compliance and privacy management more straightforward, especially when dealing with sensitive customer, healthcare, or business data.
Hosting within Europe offers many of the same advantages. European countries are bound by strict privacy rules that define how personal data must be processed and protected.
Outside Europe: not inherently unsafe, but different rules apply
Outside Europe things often become more complex. That does not automatically mean non-European hosting is unsafe, because large international cloud platforms invest heavily in security.
However, legal frameworks and access to data can differ. With US providers, the debate around the US CLOUD Act comes up regularly.
Under certain circumstances, that law can allow US authorities to request access to data held by US technology companies, even when the data is physically stored outside the United States.
That does not mean companies must avoid US cloud providers. Large platforms like Microsoft, Google, and Amazon offer strong security, European data centers, and additional privacy measures.
At the same time, more organizations are taking digital sovereignty seriously: who ultimately controls the data, and which laws apply.
Ask yourself these questions
So the most important question may not be: what is cheaper? But rather: where do I want my business data to live?
- Where do my website, email, and cloud environment run (NL, EU, or elsewhere)?
- Which laws apply to my data, and what does that mean for privacy and compliance?
- Who can gain access (legally or technically) to my data?
- Can I migrate easily if I want to switch, or am I locked into one platform?
- Which data is business critical and therefore deserves stronger control or regional choices?
For some businesses, data location hardly changes anything. For others, it has direct consequences for privacy, compliance, risk, and control over critical information.
That is why it is smart not only to know which cloud solution you use, but also where it actually runs and why.
Not sure where your hosting, email, or cloud environment is located, or want to know whether your current infrastructure still fits the growth and risks of your business? Feel free to contact us. We are happy to think along about a secure, reliable, and future-proof cloud environment that fits your organization.