Solvinity (now acquired by Kyndryl) owns and runs a lot of the underlying infrastructure of DigiD, but the application itself and the day-to-day operations are handled by an autonomous body of the government (Logius). DigiD is mainly about translating authentication factors into a social security number (BSN) for authentication to other public institutions.

That allows Logius to pretend it's not much of a problem, and Solvinity maintains (in an unusually sharp and on-point interview) that all data is "encrypted" [1], without mentioning who possesses the keys or whether encryption is relevant at all. They go on to say that they consider the scenario of the US shutting down DigiD "very hypothetical", that they will follow Dutch law and that they have a strong supervisory board (as if that would matter).

Logius also operates MijnOverheid, which collates very sensitive information about all citizens from most government agencies and also relies on Solvinity infrastructure.

The infrastructure that Solvinity maintains goes far beyond servers, as they've concocted themselves an unholy procurement mess with their PICARD / LPC solution (Logius Private Cloud). They were advised multiple times over multiple years by the main advisory body on IT of The Netherlands (AcICT) not to do it in this way and KISS, but then did it anyway.

The intent of structuring it in this way was that it would be easier to switch infrastructure providers, but the outcome is the exact opposite: there is now a non-standard "integration layer" that would need to be rebuilt. Which is exactly what AcICT warned about from the beginning.

You can find a diagram of the responsibilities on both the Solvinity and Logius side on the last page of [2] (in Dutch).

The wild thing is that Logius also owns and maintains "Standaard Platform" [3], which is a very neat and standard Kubernetes environment, but they declined to use this for DigiD and MijnOverheid because they didn't deem it secure enough, and instead of securing their Kubernetes deployment, they went on with PICARD / LPC.

Logius is an autonomous body of the Ministry of the Interior (BZK), but they appear to have completely lost control over setting any policy and now mainly walk from crisis to crisis because any opening on their "SAFe train" is years away.

[1] https://www.nrc.nl/nieuws/2025/12/03/baas-van-solvinity-prob...

[2] https://www.adviescollegeicttoetsing.nl/site/binaries/site-c...

[3] https://www.logius.nl/onze-dienstverlening/infrastructuur/st...