This week, January 25, 2026, NOS published an in-depth article stating that the Netherlands has become heavily dependent on American tech services, particularly cloud and infrastructure services from major American players such as Microsoft and Amazon. According to the data research conducted by NOS, approximately 67% of domain names of government agencies, healthcare institutions, schools, and vital companies are linked to at least one American cloud service. Nearly half of these even run on Microsoft infrastructure.
This dependence has concrete consequences: in the event of a political conflict, a stricter interpretation of American legislation (such as the American Cloud Act) or sanctions, the continuity of vital digital services in the Netherlands could be at stake. Even systems such as email, patient portals, and DigiD-related services run via American infrastructure.
The criticism is widespread:
- Political unrest – Members of Parliament warn that we are “in a stranglehold” and advocate for more control over our own data infrastructure.
- Geopolitical risks – American intelligence and law enforcement agencies can, under certain circumstances, also gain access to data stored in Europe.
- Market dynamics – Dutch and European alternatives are often not viable or lack scale, which means the dependence retains technical implications.
This discussion closely aligns with broader concerns about digital autonomy in Europe. Motions have already been passed in the House of Representatives to reduce dependence on American cloud providers and to investigate how a European or Dutch cloud infrastructure can be built.
What does this mean for organizations and risk management?
The outcome of this news is not merely a political controversy, but a signal to companies and governments to examine their digital dependencies:
Risk analysis of digital infrastructure
Organizations would do well to make transparent which digital services are business-critical and which suppliers they depend on. Particularly relevant is under which jurisdiction these suppliers fall and what risks this poses in the event of political or legal tensions.
Scenario thinking for geopolitical tensions
Geopolitical developments can suddenly impact access to cloud, data, or platform services. By developing scenarios, organizations can determine in advance what measures are needed in case of disruptions or restrictions.
Strategies for digital autonomy
Complete independence is often not realistic, but conscious diversification of suppliers increases resilience. Exploring European alternatives or hybrid setups helps to limit strategic dependencies.
Compliance and data sovereignty
Legislation such as the American Cloud Act can influence who can gain access to data, even if it is stored in Europe. Organizations must explicitly include these legal risks in their compliance and privacy considerations.
In light of this current situation, one thing is certain: digital dependence is no longer a neutral given, it is a strategic risk factor that companies and public organizations must now actively address in their risk management and digital transition plans.
