Why Yivi is a proven alternative for DigiD: lessons from the Solvinity crisis

The Solvinity crisis: a wake-up call for digital sovereignty

The Dutch digital identity landscape is facing a critical moment. The proposed acquisition of Solvinity by American IT giant Kyndryl has sparked a national debate about digital sovereignty. Solvinity has been providing the infrastructure platform that keeps DigiD running since 2020, along with MijnOverheid and Digipoort.

A broad majority in the Dutch Second Chamber opposes the takeover, fearing that critical Dutch authentication infrastructure could fall under American control. The concerns are not unfounded: US laws like the CLOUD Act could potentially give American authorities access to data processed by US-owned companies, regardless of where that data is physically stored.

Making matters worse, just days before a parliamentary debate on the acquisition, the SEC discovered accounting irregularities at Kyndryl, forcing the company’s CFO and other finance executives to resign. This raises serious questions about whether such a company should be trusted with critical national infrastructure.

What’s particularly striking is that the Dutch government was informed nearly a year ago that Solvinity might be acquired. When asked if the state wanted to purchase the company, the government declined, stating such acquisitions aren’t a core responsibility. This missed opportunity highlights the need for alternative approaches to digital identity.

Yivi: a privacy-first alternative already in production

While the debate about Solvinity continues, there’s good news: a proven alternative already exists and is being used in production. Yivi is a privacy-friendly digital identity platform developed by the Privacy by Design Foundation, offering a fundamentally different approach to digital authentication.

Unlike centralized systems like DigiD, Yivi stores personal data only on the user’s own device. There is no central database that could become a target for hackers or fall into the wrong hands through corporate acquisitions. Users maintain full control over their data and can selectively share only the information that’s strictly necessary for each transaction.

Key advantages of Yivi over centralized systems:

• Data sovereignty: Your data stays on your device, not on servers that could be sold to foreign companies
• Data minimization: Share only what’s necessary (e.g., prove you’re over 18 without revealing your birth date)
• Open source: Fully transparent and auditable code, unlike proprietary systems
• No single point of failure: Decentralized architecture means no single takeover can compromise the entire system
• Privacy by design: Built from the ground up to protect user privacy

Municipality of Nijmegen: Yivi in production

The best proof that Yivi works is that it’s already being used in production. The Municipality of Nijmegen has been offering Yivi as a login option alongside DigiD and eHerkenning for their municipal services portal at mijn.nijmegen.nl.

Nijmegen selected Yivi to achieve two key objectives from their 2022-2026 coalition agreement: enhancing citizen control over personal data and implementing data minimization in municipal processes.

The municipality explicitly states their goal: “We only ask for personal data that is necessary for the established purpose.” This prevents unnecessary data sharing and protects the privacy of residents as much as possible.

Nijmegen’s experience with Yivi goes back years. The municipality previously facilitated access to the Basic Registration of Personal Data (BRP) through the app, allowing Dutch citizens to retrieve their own information securely. The current implementation represents “a next step in the longer cooperation between the Municipality of Nijmegen and Yivi.”

Why this matters now

The Solvinity situation should serve as a wake-up call. Critical digital infrastructure like identity authentication should not be dependent on single commercial providers that can be acquired by foreign entities. The solution isn’t necessarily to have the government own all infrastructure, but to adopt decentralized, privacy-preserving technologies that don’t create these vulnerabilities in the first place.

Yivi demonstrates that this is not just theoretical. It’s a working system, used in production by a major Dutch municipality, that offers:

1. Resilience: No single acquisition can compromise the entire system
2. Sovereignty: Data stays under Dutch and EU jurisdiction, on citizens’ own devices
3. Privacy: Minimal data sharing by design
4. Transparency: Open source code that anyone can audit

Looking forward

As the Netherlands prepares for the European Digital Identity Wallet (EUDI Wallet) under eIDAS 2.0, Yivi is positioning itself to be part of that ecosystem. Yivi supports the OpenID4VCI and OpenID4VP standards and plans to integrate with the Dutch EDI-stelsel framework.

The current crisis around Solvinity and DigiD shows why having alternatives matters. Organizations looking to reduce their dependency on centralized identity systems should consider Yivi. It’s not about replacing DigiD entirely, but about having options, ensuring resilience, and putting citizens in control of their own data.

If Nijmegen can do it, so can other municipalities and organizations. The technology is ready. The question is whether we have the will to use it.

Interested in implementing Yivi for your organization? Visit our documentation or contact us to learn more.

Sources

• Computable: Overheid wist bijtijds van verkoop Solvinity
• DutchNews: Dutch cloud firm Solvinity taken over by US IT giant Kyndryl
• Dutch IT Channel: Brede Kamermeerderheid tegen overname Solvinity
• Emerce: Bedrijf dat DigiD-leverancier Solvinity wil overnemen in de problemen
• Security.nl: Gemeente Nijmegen laat inwoners naast DigiD ook via Yivi inloggen
• iBestuur: Nijmegen zet Yivi in om in te loggen bij de gemeente