Why the Netherlands signed a cloud deal with Lidl's IT arm

Two-thirds of Dutch government websites depend on at least one American cloud service, research by the public broadcaster NOS previously found. That's the dependency the Netherlands is now trying to break, as last week the Dutch government announced an agreement with STACKIT, a German cloud provider best known for keeping the lights on at Lidl.

Several countries and public bodies in Europe are working to lessen dependencies on non-European tech providers. France announced government workstations will migrate from Windows to the open-source operating system Linux. The Danish cities of Aarhus and Copenhagen also moved away from Microsoft to embrace the German productivity suite Nextcloud. The Netherlands has chosen STACKIT.

What is STACKIT?

STACKIT serves as the cloud and digital brand of Schwarz Digits, the IT division of the Schwarz Group, which also owns Lidl and Kaufland retail chains. The provider positions itself as a sovereign European hyperscaler (the definition of a large-scale cloud services provider) offering a comprehensive suite of services, including compute, storage, networking, and AI.

Currently, STACKIT operates four data centers located in Germany and Austria, with a fifth facility under construction in Lübbenau, Germany. This physical footprint ensures that all data processing remains strictly within the European Economic Area (EEA) and adheres to the highest standards of European data protection laws. By maintaining its own infrastructure, STACKIT offers a level of transparency and control that is often difficult to achieve with non-European providers.

The details of the Dutch agreement

The agreement between the Dutch government and STACKIT is a voluntary framework negotiated by Strategic Supplier Management for Government (SLM Rijk). Unlike a mandatory migration mandate, this framework acts as a procurement tool. It allows individual government agencies to opt into STACKIT’s services with pre-negotiated legal and technical terms.

These terms include essential safeguards, such as the right to audit the provider and the ability to terminate the contract if STACKIT falls under the control of a non-EEA entity. The agreement covers the STACKIT Public Cloud and allows for direct access or procurement through local IT service providers. This flexibility is crucial for a decentralized government structure, where different departments have varying technical needs and migration timelines.

State Secretary for Digital Economy and Sovereignty Willemijn Aerdts stated: "Digital autonomy means having the freedom to choose from a wide range of providers, ensuring competition and innovation. Strengthening the European market is key to achieving this. This agreement enables government organizations to access cloud services from European providers on favorable terms."

Addressing the reliance on US tech

The Dutch government views the STACKIT deal as a way to lessen its dependence on American cloud providers and provide a viable path toward digital independence. Under the new agreement, all data must remain within the EEA, protecting it from foreign surveillance or jurisdictional overreach.

Security was a primary factor in selecting STACKIT. The platform recently completed a successful Data Protection Impact Assessment (DPIA), confirming its compliance with strict European privacy regulations. This assessment is a critical requirement for any provider handling sensitive government data. STACKIT’s 'Partner First' approach also allows it to work closely with local experts to ensure that migrations meet specific security profiles.

STACKIT is gaining momentum

The urgency to break free from American tech has only grown in 2025, as the current US administration's unpredictable posture toward European allies has prompted governments across the continent to reassess how much of their critical infrastructure sits on American servers — and is subject to US law.

The European Commission recently selected STACKIT as one of four providers for a €180 million cloud infrastructure contract spanning six years. Additionally, De Nederlandsche Bank has also signed an agreement with the platform, further validating its suitability for the highly regulated financial sector.

As STACKIT continues to expand its infrastructure, including the completion of its fifth data center, its capacity to handle complex government tasks will only grow. For now, it's an opt-in framework, not a mandate. But for a continent that has spent years debating digital sovereignty without acting on it, even a voluntary step in this direction is notable.