The Dutch central government wants to significantly reduce its reliance on non-Dutch public cloud providers, which are generally big US tech companies such as Microsoft. It also wishes to move towards a single policy and have more control over various government departments’ cloud technology policy. This was the outcome of this afternoon’s Technical Briefing to the Committee Digital Affairs, entitled (translated from Dutch): ‘sovereignty of Dutch government data and decision-making underlying migrations to foreign-owned IT services’.
Various experts present
Art de Blaauw (the Dutch central government’s CIO), Aart Jochem (the Dutch central government’s CISO), Fleur ter Borg (the Dutch central government’s CTO), Ron Roozeboom (COO of SSC-ICT) and Henrique Barnard (in charge of the central government’s Strategic Supplier Management for Microsoft, Google Cloud and Amazon Web Services) held a one-hour talk to update the Committee Digital Affairs on the review of the central government’s cloud technology policy. The review is expected to be submitted to the House of Representatives in mid 2025.
Stricter usage conditions
The experts who took part in the Technical Briefing said there was a need for ‘much stricter usage conditions’ in light of current geopolitical developments and rapid changes in technology. It was also mentioned that more categories of data should be viewed as ‘Protectable Interests’, meaning that this data and associated e-mail communication must be stored on Dutch servers. This currently applies only to state secrets and data from the Personal Records Database (BRP). The experts highlighted the near absence of alternatives on the current EU market, although serious developments are taking shape at various locations. The Dutch central government could anticipate these developments by reflecting on its requirements, conducting regular risk analyses and formulating a clear exit strategy.
SSC-ICT amends digital workplace design
At the start of this week, Zsolt Szabó, the State Secretary for Digitalisation and Kingdom Relations, submitted a letter to the House of Representatives informing MPs that the Shared Service Center ICT (SSC-ICT), representing 58,000 digital central government workplaces over nine different ministries, has amended the design of those workplaces in response to geopolitical developments and concerns raised by MPs. SSC-ICT said it intends to keep e-mails on its own Exchange servers and store files locally to reduce its dependence on public cloud providers, which are generally big US tech companies such as Microsoft.
Avoid taking irreversible steps
MP Barbara Kathmann (GroenLinks-PvdA) had previously requested that Szabó refrain from taking ‘irreversible steps’ for the time being and inform MPs in due time of the considerations and proposed measures to mitigate undesirable risks. The current digital workplace, set up approximately seven years ago, is nearing the end of its life cycle and Microsoft (the supplier) is ending support for some crucial software components. As this threatens the continuity of central government services, replacement must be sought as a matter of urgency.
The Technical Briefing was attended by Marieke Wijen-Nass (BBB), Martijn Buijsse (VVD), Jesse Six-Dijkstra (NSC), Jan Valize (PVV), Marieke Koekkoek (Volt) and Barbara Kathmann (GroenLinks-PvdA) on behalf of the House of Representatives. They had the opportunity to put questions to the experts present.
The Knowledge and Innovation Agenda (KIA) Digitalisation, overseen by Topsector ICT, is currently developing two Action Agendas – AI/Data and Cybersecurity Technologies – as part of the National Technology Strategy (NTS). Alongside this, the sitting Dutch government will announce the new National Digitalisation Strategy (NDS) later in the year. The NDS aims to connect existing digital transformation plans and set priorities, and it will soon offer a concise guide of what is needed to make the digital transformation a collective success.