The Dutch central government has signed a framework agreement with STACKIT - a European cloud platform operated by Schwarz Group - effective immediately. All Dutch government organisations can now procure cloud services under this agreement, entirely outside the orbit of American Big Tech.

On the surface, the Rijksoverheid’s new cloud agreement looks like an IT story. It isn’t. It’s about strategic sourcing, geopolitical risk — and why your analytics tool is a political choice.

On the surface, this looks like an IT story. It isn’t. It’s a procurement story. And a sovereignty story.

SLM Rijk, the central procurement organisation for the Dutch government, made a deliberate strategic choice here. Not just which vendor to select, but what kind of dependency they’re willing to accept going forward. That’s procurement thinking at its best: not reacting to the market, but actively shaping it.

STACKIT has been quietly climbing every shortlist of European governments and semi-public organisations looking for cloud services that fall outside US jurisdiction. The timing is no coincidence. Between the shifting political landscape in Washington, the ongoing tensions around GDPR enforcement, and growing awareness of what the CLOUD Act actually means for data stored with American providers, European alternatives are no longer a niche preference. They’re becoming policy.

Why this matters beyond government

I work at Nevi, the Dutch professional association for procurement and supply chain management. And what strikes me about this move is how cleanly it illustrates something we talk about a lot in the procurement world: strategic sourcing isn’t just about price. It’s about risk, resilience, and values alignment.

The Rijksoverheid didn’t just buy cheaper cloud storage. They bought optionality. They reduced a specific category of geopolitical risk. They sent a signal to the market.

That’s exactly what good procurement does.

The digital marketing angle

From my own work as a digital marketeer, this hits closer to home than you might expect. Every tool I use raises the same questions: Where does this data live? Under whose jurisdiction? Who can access it, and under what legal framework?

The shift from Google Analytics to Piwik PRO that we’ve been executing at Nevi isn’t just a technical migration. It’s the same underlying logic (applied at a much smaller scale) as what the Dutch government is doing with STACKIT. European infrastructure. GDPR-native. No silent data transfers to third countries.

Small decisions and large decisions. Same principle.

The broader pattern

This agreement doesn’t exist in isolation. Earlier this month, the European Commission signed contracts with a group of purely European cloud providers for €180 million in services over six years. The ECB chose OVHcloud for hosting the digital euro. Schwarz Group published a framework for measuring the digital sovereignty of cloud services.

Something is shifting. European institutions are starting to treat digital infrastructure the way they’ve long treated physical infrastructure, as something strategic, something that requires domestic or allied capacity, something you don’t outsource without thinking carefully about what you’re giving up.

Procurement professionals have always understood this instinctively. It’s good to see policy catching up.