Sovereignty is a broad concept that still prompts many questions. If a Dutch data centre operates on foreign hardware, is that truly sovereign? Does relying solely on European procurement risk create a new European dependency? These and many other questions were examined at the iBestuur conference on Sovereignty and Government in Amsterdam.
Taking responsibility for data, digital infrastructure, and technology
Willemijn Aerdts, State Secretary for Digital Economy and Sovereignty (EZK) and responsible for the Netherlands’ Digitalisation Strategy (NDS), opened the conference with a concise message: “The Netherlands must take control of its own data, digital infrastructure, and technology.” This means the government must decide whether to handle digitalisation in-house, outsource it, retain control, and/or collaborate, and, if so, with whom. In short, sovereignty is about the freedom to make choices. Alexander Scholtes, Amsterdam’s alderman, emphasised the importance of digital independence, stating, “It sounds logical, but we’ve come a long way.” He pointed out that it is now nearly unimaginable that the Netherlands once relied on public clouds for years and did not keep critical infrastructure under its own or European control.
Investing at the European level
Scholtes also emphasised that sovereignty involves guiding the development of ICT. “The government has influence over who we collaborate with and what we buy.” He called for investment in European innovation and support for European businesses. Closer to home, Amsterdam’s municipality refuses to compromise on data. “We call it value-driven pragmatism,” he said. By 2035, the city aims to have full control over its data. “We welcome the national government’s support, NDS, bring on that government cloud.”
A security mindset
Art de Blaauw, CIO for the Dutch government, adopted a more risk-oriented approach to sovereignty, focusing on the threat posed by AI, especially AI-driven attacks on Dutch infrastructure and widespread AI-generated disinformation. He also mentioned the emergence of powerful quantum computers that current data encryption cannot withstand. Quantum-safe encryption is a priority under the NDS for Digital Resilience and Digital Autonomy. “We’re pursuing 21st-century digitalisation with a 20th-century security mindset, which is asking for trouble,” he warned. Continuity of public services is another crucial aspect of sovereignty: can the government still operate in a crisis? “Infrastructure has become a strategic question,” De Blaauw stated. “Our shared digital future matters. Banks and universities face the same challenges.” This highlights the importance of collaboration across organisations.
Golden tips
The rest of the day featured 3 sessions, including workshops, lectures, and knowledge-sharing discussions. Erik Vermeulen and Anna van den Breemer from EY discussed proposals on ‘Sovereign tech ecosystems,’ covering topics like tapped undersea cables, local HR policies, quantum encryption, and European tech experts. The Eurostack website provided helpful overviews of European alternatives to common technologies. Open-source solutions received praise, with Vermeulen noting that “the genie is out of the bottle.” He suggested that government agencies allocate their training budgets to the open-source community, which often depends on (highly skilled) volunteers. Many European solutions also rely on unpaid expertise. “Fund these communities. That way, they can continue their work, and we’ll benefit from their knowledge and skills.”
Golden procurement moments
Attendees also appreciated the tip to identify ‘golden moments’, the points when ICT contracts expire. Renewal periods generate opportunities for different approaches, such as aligning procurement requirements with public values or bundling contracts with other government bodies. Another suggestion was to think sectorally, not only nationally or at the EU level. Additionally, they were encouraged to critically evaluate whether all purchased functionality is genuinely necessary. “Who actually uses 100% of a software package’s capabilities? Haven’t we often bought more than we need?”
Just do it
Bram Withaar from Nijmegen Municipality explained that their data platform experienced performance issues. The ICT team was also interested in whether a European cloud could host it. Nijmegen first outlined its architectural, governance, and security requirements before evaluating vendors. When asked how they gained stakeholder support, Withaar replied, “We’re known for getting things done.” Nijmegen managed the project with its own team, supported by ICT Rijk. The city council also considers sovereignty a key issue, with reducing dependence on major American firms as a primary example.
Collaborating water authorities
The 21 Dutch water authorities, which are vital for the Netherlands, extend their sovereignty into the physical domain by overseeing locks, pumping stations, and flood barriers that regulate water levels. In a crisis, these must be operated manually. Security is a crucial aspect of sovereignty for the water authorities. Key questions at Waterschapshuis, the organisation that coordinates IT services for the 21 Dutch water authorities, include: What data is stored in the cloud? How much control do we have over it? What do we need to carry out our core tasks, and how many hours or weeks of disruption can we tolerate?
Working with the defence
Water authority De Stichtse Rijnlanden recently carried out a ‘power outage’ exercise with the Ministry of Defence, which is also interested in some of the water authority’s data. For instance, they supplement satellite soil moisture data with local measurements to determine whether a tractor or a tank can enter a field.
Beyond shrinking budgets, water authorities face challenges like rising sea levels and land subsidence caused by gas extraction. In both physical and digital pursuits, water authorities work closely together, as water has never respected land borders.
