{ "schema": { "name": "European Digital Sovereignty Incidents 2018-2026", "version": "1.0", "license": "CC BY 4.0", "license_url": "https://creativecommons.org/licenses/by/4.0/", "publisher": "BuiltInEu Research Team", "publisher_url": "https://builtineu.eu", "last_updated": "2026-05-28", "update_frequency": "Quarterly", "methodology": "Two-source rule. Every incident verified against at least two independent public sources. Confidence tagged per row (high or medium only; low-confidence excluded).", "columns": [ "id", "date_iso", "incident_type", "country", "vendor_or_actor", "mechanism", "summary", "source_1_url", "source_2_url", "source_type_1", "source_type_2", "confidence", "last_verified_at" ] }, "data": [ { "id": "1", "date_iso": "2018-03-23", "incident_type": "legal_framework", "country": "United States", "vendor_or_actor": "US Congress", "mechanism": "statute", "summary": "Clarifying Lawful Overseas Use of Data Act (CLOUD Act) enacted as Division V of the Consolidated Appropriations Act 2018 (Public Law 115-141), amending 18 USC 2713 to confirm US warrants reach data regardless of storage location.", "source_1_url": "https://www.govinfo.gov/content/pkg/PLAW-115publ141/html/PLAW-115publ141.htm", "source_2_url": "https://en.wikipedia.org/wiki/CLOUD_Act", "source_type_1": "primary_government", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "2", "date_iso": "2018-04-17", "incident_type": "legal_framework", "country": "United States", "vendor_or_actor": "US Supreme Court", "mechanism": "case", "summary": "Microsoft Corp v United States (Microsoft Ireland warrant case) vacated as moot following CLOUD Act enactment. SCOTUS Docket No. 17-2.", "source_1_url": "https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp._(2018)", "source_2_url": "https://www.supremecourt.gov/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "medium", "last_verified_at": "2026-05-22" }, { "id": "3", "date_iso": "2015-10-06", "incident_type": "legal_framework", "country": "European Union", "vendor_or_actor": "Court of Justice of the EU", "mechanism": "case", "summary": "Schrems I (Case C-362/14) invalidated Commission Decision 2000/520/EC (Safe Harbor) on grounds that US surveillance law did not provide essentially equivalent protection for EU personal data.", "source_1_url": "https://curia.europa.eu/juris/liste.jsf?language=en&num=C-362/14", "source_2_url": "https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32000D0520", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "medium", "last_verified_at": "2026-05-22" }, { "id": "4", "date_iso": "2020-07-16", "incident_type": "legal_framework", "country": "European Union", "vendor_or_actor": "Court of Justice of the EU", "mechanism": "case", "summary": "Schrems II (Case C-311/18) invalidated Commission Implementing Decision (EU) 2016/1250 (EU-US Privacy Shield). Standard Contractual Clauses preserved subject to case-by-case adequacy assessment.", "source_1_url": "https://curia.europa.eu/juris/liste.jsf?language=en&num=C-311/18", "source_2_url": "https://www.edpb.europa.eu/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "5", "date_iso": "2023-07-10", "incident_type": "legal_framework", "country": "European Union", "vendor_or_actor": "European Commission", "mechanism": "adequacy_decision", "summary": "Implementing Decision (EU) 2023/1795 adopted, finding the United States ensures adequate protection for personal data transferred under the EU-US Data Privacy Framework.", "source_1_url": "https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en", "source_2_url": "https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "6", "date_iso": "2024-09-03", "incident_type": "legal_framework", "country": "European Union", "vendor_or_actor": "Court of Justice of the EU", "mechanism": "case", "summary": "Latombe v Commission (Case T-553/23) dismissed by General Court. First annulment action against the EU-US Data Privacy Framework adequacy decision. Framework remains in force.", "source_1_url": "https://curia.europa.eu/juris/liste.jsf?language=en&num=T-553/23", "source_2_url": "https://en.wikipedia.org/wiki/EU%E2%80%93US_Data_Privacy_Framework", "source_type_1": "primary_government", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "7", "date_iso": "2020-06-11", "incident_type": "sanction", "country": "United States", "vendor_or_actor": "President Trump", "mechanism": "executive_order", "summary": "Executive Order 13928 'Blocking Property of Certain Persons Associated with the International Criminal Court' signed, authorizing sanctions against ICC personnel investigating US actions in Afghanistan.", "source_1_url": "https://www.federalregister.gov/documents/2020/10/01/2020-21688/international-criminal-court-related-sanctions-regulations", "source_2_url": "https://www.hrw.org/", "source_type_1": "primary_government", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "8", "date_iso": "2020-09-02", "incident_type": "sanction", "country": "International", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "Fatou Bensouda (then-ICC Chief Prosecutor, Gambian national) and Phakiso Mochochoko (Head of Jurisdiction, Complementarity and Cooperation Division, Lesotho national) designated to OFAC SDN list under EO 13928. Neither was an EU national.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.hrw.org/", "source_type_1": "primary_government", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "9", "date_iso": "2021-04-01", "incident_type": "sanction", "country": "International", "vendor_or_actor": "Biden Administration", "mechanism": "sanction_revocation", "summary": "Trump-I era ICC sanctions program terminated by the Biden Administration; Bensouda and Mochochoko removed from OFAC SDN list.", "source_1_url": "https://ofac.treasury.gov/recent-actions/20210405_33", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "10", "date_iso": "2025-02-06", "incident_type": "sanction", "country": "United States", "vendor_or_actor": "President Trump", "mechanism": "executive_order", "summary": "Executive Order 14203 'Imposing Sanctions on the International Criminal Court' signed by President Trump, authorizing renewed sanctions against ICC officials.", "source_1_url": "https://www.whitehouse.gov/presidential-actions/2025/02/imposing-sanctions-on-the-international-criminal-court/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "11", "date_iso": "2025-02-13", "incident_type": "sanction", "country": "United Kingdom", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Prosecutor Karim Khan (United Kingdom national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/recent-actions/20250213", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "12", "date_iso": "2025-06-05", "incident_type": "sanction", "country": "Slovenia", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Beti Hohler (Slovenian national, EU citizen) designated to OFAC SDN list under EO 14203. First EU citizen directly OFAC-sanctioned under the renewed program.", "source_1_url": "https://www.state.gov/releases/office-of-the-spokesperson/2025/06/imposing-sanctions-in-response-to-the-iccs-illegitimate-actions-targeting-the-united-states-and-israel", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "13", "date_iso": "2025-06-05", "incident_type": "sanction", "country": "Benin", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Reine Alapini-Gansou (Benin national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://www.state.gov/releases/office-of-the-spokesperson/2025/06/imposing-sanctions-in-response-to-the-iccs-illegitimate-actions-targeting-the-united-states-and-israel", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "14", "date_iso": "2025-06-05", "incident_type": "sanction", "country": "Peru", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Luz del Carmen Ibanez Carranza (Peru national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://www.state.gov/releases/office-of-the-spokesperson/2025/06/imposing-sanctions-in-response-to-the-iccs-illegitimate-actions-targeting-the-united-states-and-israel", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "15", "date_iso": "2025-06-05", "incident_type": "sanction", "country": "Uganda", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Solome Bossa (Uganda national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://www.state.gov/releases/office-of-the-spokesperson/2025/06/imposing-sanctions-in-response-to-the-iccs-illegitimate-actions-targeting-the-united-states-and-israel", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "16", "date_iso": "2025-07-09", "incident_type": "sanction", "country": "Italy", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "UN Special Rapporteur Francesca Albanese (Italian national, EU citizen) designated to OFAC SDN list. Second EU citizen on the SDN list under EO 14203 framework.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.ohchr.org/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "17", "date_iso": "2025-08-20", "incident_type": "sanction", "country": "Senegal", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Mame Mandiaye Niang (Senegal national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "18", "date_iso": "2025-08-20", "incident_type": "sanction", "country": "France", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Nicolas Guillou (French national, EU citizen) designated to OFAC SDN list under EO 14203. Third EU citizen on the SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "19", "date_iso": "2025-08-20", "incident_type": "sanction", "country": "Canada", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Kimberly Prost (Canada national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "20", "date_iso": "2025-08-20", "incident_type": "sanction", "country": "Fiji", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "ICC Judge Nazhat Shameem Khan (Fiji national) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "21", "date_iso": "2025-12-18", "incident_type": "sanction", "country": "International", "vendor_or_actor": "US Treasury OFAC", "mechanism": "sdn_designation", "summary": "Two further ICC judges (Gocha Lordkipanidze and Erdenebalsuren Damdin) designated to OFAC SDN list under EO 14203.", "source_1_url": "https://ofac.treasury.gov/", "source_2_url": "https://www.icc-cpi.int/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "22", "date_iso": "2025-12-23", "incident_type": "visa_ban", "country": "France", "vendor_or_actor": "US State Department", "mechanism": "visa_restriction", "summary": "Former EU Internal Market Commissioner Thierry Breton (French national, lead architect of the Digital Services Act) hit with US visa ban under INA Section 212(a)(3)(C) for alleged 'extraterritorial censorship' of American platforms.", "source_1_url": "https://www.aljazeera.com/news/2025/12/24/us-bars-five-europeans-over-efforts-to-censor-american-viewpoints", "source_2_url": "https://www.cnbc.com/2025/12/24/us-bans-visas-for-ex-eu-commissioner-over-alleged-censorship.html", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "23", "date_iso": "2025-12-23", "incident_type": "visa_ban", "country": "United Kingdom", "vendor_or_actor": "US State Department", "mechanism": "visa_restriction", "summary": "Imran Ahmed (CCDH founder, UK-based) hit with US visa ban under INA Section 212(a)(3)(C).", "source_1_url": "https://www.aljazeera.com/news/2025/12/24/us-bars-five-europeans-over-efforts-to-censor-american-viewpoints", "source_2_url": "https://www.euronews.com/my-europe/2025/12/24/europe-defends-its-digital-rules-after-trump-administration-targets-breton-with-visa-ban", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "24", "date_iso": "2025-12-23", "incident_type": "visa_ban", "country": "Germany", "vendor_or_actor": "US State Department", "mechanism": "visa_restriction", "summary": "Josephine Ballon and Anna-Lena von Hodenberg (HateAid executives, Germany) hit with US visa bans under INA Section 212(a)(3)(C).", "source_1_url": "https://www.aljazeera.com/news/2025/12/24/us-bars-five-europeans-over-efforts-to-censor-american-viewpoints", "source_2_url": "https://www.euronews.com/my-europe/2025/12/24/europe-defends-its-digital-rules-after-trump-administration-targets-breton-with-visa-ban", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "25", "date_iso": "2025-12-23", "incident_type": "visa_ban", "country": "International", "vendor_or_actor": "US State Department", "mechanism": "visa_restriction", "summary": "Clare Melford (co-founder of Global Disinformation Index) hit with US visa ban under INA Section 212(a)(3)(C).", "source_1_url": "https://www.aljazeera.com/news/2025/12/24/us-bars-five-europeans-over-efforts-to-censor-american-viewpoints", "source_2_url": "https://www.euronews.com/my-europe/2025/12/24/europe-defends-its-digital-rules-after-trump-administration-targets-breton-with-visa-ban", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "26", "date_iso": "2026-05-21", "incident_type": "subpoena_disclosure", "country": "Netherlands", "vendor_or_actor": "Microsoft", "mechanism": "congressional_subpoena", "summary": "Microsoft transmitted internal documents containing the unredacted names of Dutch civil servants enforcing the Digital Services Act, including staff of the Autoriteit Consument en Markt and the Autoriteit Persoonsgegevens, plus academic Claes de Vreese, to the US House Judiciary Committee investigating European platform regulation.", "source_1_url": "https://www.vn.nl/microsoft-ambtenaren-amerikaanse-overheid", "source_2_url": "https://nos.nl/", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "27", "date_iso": "2026-02-15", "incident_type": "transparency_report_aggregate", "country": "European Union", "vendor_or_actor": "Microsoft", "mechanism": "cloud_act_disclosure", "summary": "Microsoft H2 2025 Law Enforcement Requests Report disclosed providing content data to US law enforcement on 3 non-US enterprise customers whose data was stored outside the US, one of which was located in the EU/EFTA region.", "source_1_url": "https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report", "source_2_url": "https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report", "source_type_1": "primary_corporate", "source_type_2": "primary_corporate", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "28", "date_iso": "2023-05-22", "incident_type": "dpa_enforcement_transfer", "country": "Ireland", "vendor_or_actor": "Data Protection Commission", "mechanism": "gdpr_fine", "summary": "DPC imposed a 1.2 billion EUR fine on Meta Platforms Ireland for transfers of personal data to the United States on the basis of Standard Contractual Clauses subsequent to Schrems II. EDPB binding decision dated 13 April 2023.", "source_1_url": "https://www.edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en", "source_2_url": "https://www.dataprotection.ie/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "29", "date_iso": "2022-02-15", "incident_type": "dpia", "country": "Netherlands", "vendor_or_actor": "SLM Rijk / Privacy Company", "mechanism": "microsoft_365_dpia", "summary": "SLM Rijk / Privacy Company DPIA on Microsoft Teams, OneDrive, and SharePoint Online concluded organisations should not use these cloud services to exchange or store sensitive personal data unless encrypted with self-controlled keys, citing possible US government access.", "source_1_url": "https://www.privacycompany.eu/blog", "source_2_url": "https://www.rijksoverheid.nl/", "source_type_1": "tier_1_research", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "30", "date_iso": "2024-12-17", "incident_type": "dpia", "country": "Netherlands", "vendor_or_actor": "SLM Rijk / SURF / Privacy Company", "mechanism": "microsoft_365_copilot_dpia", "summary": "SLM Rijk and SURF Copilot DPIA / FRAIA identified four high risks in Microsoft 365 Copilot. SURF recommended a cautious approach in Dutch education and research institutions.", "source_1_url": "https://www.rijksoverheid.nl/documenten/2024/12/17/dpia-en-fraia-microsoft-365-copilot", "source_2_url": "https://www.privacycompany.eu/blog", "source_type_1": "primary_government", "source_type_2": "tier_1_research", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "31", "date_iso": "2024-03-08", "incident_type": "edps_finding", "country": "European Union", "vendor_or_actor": "European Commission", "mechanism": "m365_finding", "summary": "EDPS found the European Commission's use of Microsoft 365 'failed to provide appropriate safeguards' for transfers of personal data outside the EU/EEA and did not sufficiently specify processing purposes. Decision applies Regulation (EU) 2018/1725.", "source_1_url": "https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/european-commissions-use-microsoft-365-infringes-data-protection-law-eu-institutions-and-bodies_en", "source_2_url": "https://www.edps.europa.eu/", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "32", "date_iso": "2023-03-30", "incident_type": "dpa_enforcement", "country": "Italy", "vendor_or_actor": "Garante per la protezione dei dati personali", "mechanism": "provisional_restriction", "summary": "Italian Garante issued provisional limitation on processing of personal data by OpenAI ChatGPT, citing absence of adequate legal basis for training data collection and absence of age verification. Restriction lifted 28 April 2023.", "source_1_url": "https://www.garanteprivacy.it/", "source_2_url": "https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9870832", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "33", "date_iso": "2024-12-20", "incident_type": "dpa_enforcement", "country": "Italy", "vendor_or_actor": "Garante per la protezione dei dati personali", "mechanism": "gdpr_fine", "summary": "Italian Garante imposed a 15 million EUR fine on OpenAI following the 2023 ChatGPT investigation.", "source_1_url": "https://www.garanteprivacy.it/", "source_2_url": "https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/10084346", "source_type_1": "primary_government", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "34", "date_iso": "2022-03-15", "incident_type": "policy_framework", "country": "France", "vendor_or_actor": "ANSSI", "mechanism": "secnumcloud", "summary": "SecNumCloud v3.2 published by ANSSI (Agence nationale de la securite des systemes d'information). Framework requires localising customer data in EU, EU-based personnel for all support, and restricts non-EU shareholders to below 25 percent individually and 39 percent collectively.", "source_1_url": "https://cyber.gouv.fr/", "source_2_url": "https://itif.org/publications/2025/05/25/france-cloud-service-restrictions/", "source_type_1": "primary_government", "source_type_2": "tier_1_press", "confidence": "medium", "last_verified_at": "2026-05-22" }, { "id": "35", "date_iso": "2025-11-15", "incident_type": "forced_acquisition", "country": "Netherlands", "vendor_or_actor": "Kyndryl", "mechanism": "acquisition_announcement", "summary": "Kyndryl (NYSE: KD, former IBM spin-off headquartered in New York) announced intent to acquire Solvinity, the Dutch IT provider hosting DigiD (Dutch national digital identity). Acquisition would place Solvinity under US legal compulsion frameworks including the CLOUD Act.", "source_1_url": "https://www.dutchnews.nl/2026/04/mps-demand-end-to-digid-deal-over-solvinity-us-sale/", "source_2_url": "https://nltimes.nl/2026/05/06/government-wins-case-extend-digid-provider-solvinity-contract-despite-us-takeover", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "36", "date_iso": "2026-04-22", "incident_type": "parliamentary_action", "country": "Netherlands", "vendor_or_actor": "Tweede Kamer", "mechanism": "motion", "summary": "Dutch House of Representatives passed a motion by majority calling on the government not to renew the DigiD hosting contract with Solvinity in 2028 if the Kyndryl acquisition proceeds. A public petition gathered approximately 140,000 signatures.", "source_1_url": "https://www.dutchnews.nl/2026/04/mps-demand-end-to-digid-deal-over-solvinity-us-sale/", "source_2_url": "https://nltimes.nl/2026/05/06/government-wins-case-extend-digid-provider-solvinity-contract-despite-us-takeover", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "37", "date_iso": "2026-05-06", "incident_type": "court_ruling", "country": "Netherlands", "vendor_or_actor": "Dutch court", "mechanism": "contract_ruling", "summary": "Dutch court allowed the government to extend the existing DigiD hosting contract with Solvinity pending the Kyndryl acquisition's national-security review. Three separate lawsuits against the deal have been filed.", "source_1_url": "https://nltimes.nl/2026/05/06/government-wins-case-extend-digid-provider-solvinity-contract-despite-us-takeover", "source_2_url": "https://www.dutchnews.nl/2026/04/mps-demand-end-to-digid-deal-over-solvinity-us-sale/", "source_type_1": "tier_1_press", "source_type_2": "tier_1_press", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "38", "date_iso": "2025-12-02", "incident_type": "dependency_marker", "country": "Netherlands", "vendor_or_actor": "Belastingdienst", "mechanism": "microsoft_365_transition", "summary": "Dutch Tax Administration State Secretary Eugene Heijnen confirmed continuation of Microsoft 365 migration replacing HCL Notes, with Azure as underlying cloud, stating no suitable European alternative is available. Parliamentary objections raised by D66, GroenLinks-PvdA, and NSC.", "source_1_url": "https://www.computable.nl/2025/12/02/belastingdienst-zet-door-met-microsoft365-geen-europees-alternatief-beschikbaar/", "source_2_url": "https://www.tweedekamer.nl/", "source_type_1": "tier_1_press", "source_type_2": "primary_government", "confidence": "high", "last_verified_at": "2026-05-22" }, { "id": "39", "date_iso": "2024-04-20", "incident_type": "legal_framework", "country": "United States", "vendor_or_actor": "US Congress", "mechanism": "statute", "summary": "FISA Section 702 reauthorized for two years by the Reforming Intelligence and Securing America Act (H.R.7888, 118th Congress), sunset April 2026. Section 702 is the US surveillance authority central to the CJEU's Schrems I and Schrems II findings that US protection for EU data is inadequate.", "source_1_url": "https://www.congress.gov/bill/118th-congress/house-bill/7888", "source_2_url": "https://www.brennancenter.org/our-work/research-reports/section-702-foreign-intelligence-surveillance-act-fisa-2026-resource-page", "source_type_1": "primary_government", "source_type_2": "tier_1_research", "confidence": "high", "last_verified_at": "2026-05-28" } ] }