The City of Amsterdam seems to have taken a first step toward digital autonomy and sovereignty, in part to reduce dependence on big-tech companies. How feasible and practical is this movement for the (national) government? I would like to shed some light on that.
Digital autonomy, at its core, is about self-determination and a high degree of independence. In other words, a government that is in control of its own digital infrastructure. In a practical sense, this self-determination will eventually have to translate into its own form of (open source) software, secure communication and resilience. For the government, digital sovereignty means that it can continue to use that same digital infrastructure and make decisions around it regardless of economic, geopolitical or technological pressures.
The dependence of large American tech companies in the Netherlands and in Europe has grown considerably over the past two decades. That dependence has been chafing for a few years, but only in recent weeks has it chafed hard enough. For example, Stichting Internet Domeinregistratie Nederland has announced its intention to move the .nl domain registration system to Amazon Web Services' public cloud. In addition, international political dynamics have undoubtedly played a role in thinking about digital autonomy, in Europe and in the Netherlands.
The City of Amsterdam now has a concrete plan to reduce that dependence. Last year, the City Council unanimously adopted a proposal calling for Amsterdam to become more digitally independent. This was translated into an "Exploration Amsterdam Digitally Independent. The first steps the municipality is taking to this end include storing more data in-house, setting requirements for digital independence when purchasing new digital services, and experimenting with new, European software.
In order to store data in-house, the (central) government will have to invest in local or European data centers. In January of this year, the Court of Audit concluded that the central government has limited insight into the cloud services it uses and does not make sufficient strategic risk assessments with respect to dependence on suppliers. Currently, the government has about 1,588 cloud services, of which 44% are public clouds and 30% are private; of 26%, the type of cloud solution is unknown. With public clouds, the government does not own the data itself. The fact that central government does not always have a clear picture of which cloud it uses and why is cause for concern.
In our view, the Dutch Digitalization Strategy (NDS) is suitable for municipalities, provinces and the state to come together and make policy on cloud use more uniform and concrete. The plan of action for the NDS will be presented this spring, with the ambition: digital autonomy and more efficient cooperation as one government. In addition, participation from both central government and municipalities and provinces could be intensified in Gaia-X, for example. This European cloud initiative aims to keep data within the EU.
In our view, the Dutch Digitalization Strategy (NDS) is suitable for municipalities, provinces and the state to come together and make policy on cloud use more uniform and concrete.
Achieving a degree of digital autonomy and sovereignty also requires attention to open source initiatives. The use of open source can prevent so-called "vendor lock-in. Also, there is then no side effects due to foreign legislation (think of the Cloud Act) on the supplier of (closed) software. However, the risk of open source software is that it can be programmed and instantiated locally, possibly at the expense of interoperability. After all, it's going to be quite a task to make local software systems of different government organizations work together seamlessly. Another risk is that European solutions are less advanced than current (mostly U.S.) solutions. It will therefore be necessary to stimulate innovation on a large scale in order to achieve the same quality and interoperability as American solutions and then distribute them on a similar scale. A European consortium seems almost a prerequisite for this. The CIO Rijk has already signed a letter of intent with the German and French governments for joint open source solutions to create digitally sovereign workplaces in the public sector.
Another approach to becoming more digitally independent as a national government in the long term is to steer more tightly on the connection with national and European laws and regulations when purchasing certain applications. New, stringent regulations are being created at both European and Dutch level. Think of the Intergovernmental Data Strategy as policy and the AI Act as concrete law. By making them central to the exploration and purchase of new digital services and doing so on a large scale by cooperating with other cities and countries, a common standard is created to which the market will have to conform. Thus, in time, public values will be better secured in developed technology.
With the spring budget coming up - which will logically focus on the geopolitical situation and the canyon year for municipalities in 2026 - it will not be easy to free up the necessary budget for the transition to greater digital autonomy. All the more important, then, for all levels of government to seek each other out and join forces. In addition, governments simply do not have all the (technical) knowledge to get this done. Looking at the aforementioned factors, it is more likely that governments will adopt a hybrid approach: pursuing autonomy where necessary and using existing solutions when there is no other way. Anyway, it will be a multi-year process, with governments becoming more digitally independent step by step. And at the very least, of course, not even more dependent.
