In recent years, a large proportion of Dutch companies have outsourced their data and business software to U.S. Tech giants. While this collaboration has often brought innovation and scalability, there are growing calls for digital independence. Political tensions and increasing cyber threats highlight how vulnerable this dependency can be. What does this mean for Dutch organizations, and how can they prepare for a future in which digital sovereignty is increasingly important? Read the answers below from Kristian Mepschen, Senior Manager at BDO.
In the Netherlands, digital independence is no longer an abstract concept. In early 2025, the Court of Audit found that the government's dependence on U.S. suppliers jeopardizes services to citizens and businesses. The government has since announced concrete steps to accelerate the reduction of this dependence. This aligns with broader trends that center on data, infrastructure and technological sovereignty. These concepts emphasize the need to maintain control over critical digital processes, and to promote local innovation and security.
Reducing dependency is not an easy process. The regulator ACM (Authority Consumer & Market) warned as early as 2022 about the risks of vendor lock-in, in which organizations can hardly switch to other providers due to technical and contractual complications.
The following three steps are critical to achieving digital independence:
1. Locating and securing data
Political tensions such as trade restrictions or geopolitical conflicts lead to increased uncertainty in the area of IT and data. Prioritizing data localization ensures control over it at all times and IT continuity.
2. Breaking vendor lock-in
Although dependence on the well-known Tech giants does not disappear overnight, the question of partial reorientation is increasingly being asked. As a result, the need for IT services from European MSPs is increasing. This requires technical flexibility from MSPs so that switching is possible when the situation demands it.
3. Continuing risk management
The well-known Tech giants have developed mature approaches to security, data integrity, confidentiality and availability. Dutch companies and MSPs must not only achieve these standards, but also be able to demonstrate this to build trust. Issuing assurance reports, such as SOC 2 certification, are essential to provide assurance to customers and strengthen internal processes.
Resilience was a popular theme in 2024, with the belief that every organization will experience a cyberattack sooner or later. In 2025, however, the focus shifted to agility: the ability to respond quickly and effectively to changes in the threat landscape and the need for digital independence. For Dutch organizations and IT partners, this means investing not only in technology, but also in personnel and processes.
Technology companies that invest in strengthening internal control processes, avoiding dependence on specific vendors (vendor lock-in) and achieving relevant certifications such as SOC 2 are creating a strong foundation for success. These steps enable organizations not only to meet the demands of digital sovereignty, but also to differentiate themselves in an increasingly competitive digital marketplace. It is time to make choices and be prepared for a future that demands agility and innovation.