The year 2025 will probably go down in history as an important turning point in European thinking about digital resilience, autonomy and dependence. During the fourth edition of NBIP NEXT, the key question was therefore addressed on several occasions: how can the Netherlands and Europe strengthen their digital resilience and autonomy? Led by chair Michiel Steltman, the speakers explored and examined various aspects of this question in depth.
*The report on the DDoS mitigation track organised during NBIP NEXT in collaboration with the Anti-DDoS Coalition will be published separately from this report.
Actively responding to changing legislation and regulations
The first day of NBIP NEXT focused on legislation and resilience, with an emphasis on practical implementations for digital infrastructure providers. Jacqueline van de Werken, secretary of Dutch Cloud Community & Global General Group Counsel Leaseweb, held an interactive session on changing legislation for providers entitled “From voluntary to mandatory”.
During the session, Van de Werken explained that cloud regulation is hot and happening and that this means providers are faced with multiple obligations. The question is how to ensure compliance and organise your organisational structure accordingly. According to Van de Werken, the various regulations she presented can be divided into three categories: Abuse & Claims, Organisation & Security, and Transparency & Documentation. Examples of these regulations include the Digital Services Act (DSA), the Cyber Security Act (Cbw) and eEvidence.
Van de Werken also announced that the Cybersecurity Act (CSA) incorporates the TS 18026 standard, which also serves as the basis for the European Cybersecurity Certification Scheme for Cloud Services (EUCS). Within TS 18026, organisations must create a risk profile for their data storage based on three levels: basic, substantial and high. Van de Werken also advised visitors to actively consider the organisational policy considerations of the service provision. Because not every organisation has the resources to figure this out for themselves, Van de Werken said that more and more companies are offering Compliance as a Service.
eEvidence Regulation: what can providers expect?
In 2026, eEvidence will come into force in Europe. This regulation and accompanying directive, which will be implemented in national legislation, will enable Member States to request electronic evidence (e-evidence) directly from providers offering digital services in Europe. That is why René Brozius, eEvidence programme manager at the Ministry of Justice and Security, came to talk about the implementation of eEvidence.
Defending against threats from all sides
Another major highlight on the first day of NBIP NEXT was Marleen Stikker, founder of Waag Futurelab. She gave an impassioned speech about how the war against Big Tech must be won. Stikker explained how the “techbros” from Silicon Valley see people as biological computers that can be programmed for their own gain. As examples, Stikker cited the influence exerted during elections and how this jeopardises the position of our democracy and constitutional state. With the credo “Regulation is innovation”, Stikker therefore also advocates the public stack. According to this approach, public digital infrastructure must be assessed on the following six criteria:
1. Who designs the public infrastructure?
2. What are we optimising it for?
3. Ownership
4. Governance
5. Social justice
6. Planetary boundaries
Bas Dunnebier, Chief Science & Technology Officer at the AIVD, took a closer look at the cyber threats posed by state-sponsored hacktivist groups that undermine our constitutional state and seek to disrupt society with their actions. In his presentation, he called for more intensive public-private cooperation so that the Netherlands can continue to defend itself against these actors.
Cristina Caffarra: Europe, put your money where your mouth is
The second day of NBIP NEXT was entirely devoted to digital autonomy, particularly its practical implementation. How can we reduce digital dependencies and strengthen our digital autonomy in the Netherlands and Europe? To this end, the role that providers of hosting, cloud and other services can play in this was discussed, as well as how the sector and government can reinforce each other.
There was great interest in Cristina Caffarra, who gave a rousing keynote speech to the audience on how Europe can increase its digital autonomy. Anyone who has seen Caffarra in action before knows that she has a strong opinion on how Europe could take up this challenge. But in her keynote speech, she first focused on the establishment and growth of EuroStack, a movement that has been very successful since 2024 as an advocate for an independent and sovereign European IT infrastructure.
In her impassioned speech, Caffarra emphasised in no uncertain terms that Big Tech pays little attention to European laws and regulations. According to her, Europe must focus on its economic future and start making things itself, instead of buying them elsewhere. This requires concrete objectives and decisive action, and Caffarra concluded with the following thought-provoking words: ‘Stop believing that Europe is good at legislation and regulation and start building.’
One example of how more can be built is the Haven project of the Association of Netherlands Municipalities (VNG). During NBIP NEXT, Jacco Brouwer, project manager of Haven, spoke about how Dutch municipalities – together with the industry – are working with Haven to establish the Dutch standard for platform-independent cloud hosting based on Kubernetes to run workloads and applications.
Dr Alberto Martí, VP at OpenNebula and chair of the Industry Facilitation Group (IPCEI Cloud), was also present to give a presentation on the European IPCEI-CIS programme. This public-private project, with financial support from the European Union, aims to develop a European cloud that will strengthen the global position of the European digital industry. The project involves more than 120 organisations from 12 countries, each working in their area of expertise to achieve this mission.
Operating on demand
NBIP NEXT concluded with a panel discussion, in which chair Michiel Steltman spoke with the panellists about what concrete actions are needed from the government and the business community to give substance to digital autonomy in the Netherlands and Europe. What is needed in concrete terms, what actions need to be taken, what is, in good Hague jargon, the perspective for action?
The panel consisted of Marijn van Vliet, director of DINL, Marga Reuver, chair of the Dutch Cloud Community, Octavia de Weerdt, general manager of NBIP, and Benno de Jongh, programme manager for cloud NDS. Agreement was quickly reached on the issue: we are too dependent on non-European providers of cloud services. The panel did not dwell on this for too long.
The most important question is how to move towards an ecosystem and generally accepted standards that guarantee digital autonomy. This can only be achieved on the basis of open source solutions and commonly used standards such as Haven, which was explained earlier in the day. However, large-scale adoption of open source brings its own challenges, as an engineer in the audience pointed out. The large-scale roll-out of open source requires specific knowledge and is often time-consuming compared to the currently dominant closed source solutions. These are real practical problems that need to be addressed if we want to strengthen our digital autonomy.
Another important point that was raised is that the government and companies within the digital sector must start working together in a demand-driven manner. It was mentioned, for example, that the government must also actively involve companies in the Netherlands in its digital issues. In addition, consideration was given to the need to invest in our own ecosystems and increase our own development capacity, for example on the basis of European project funds. Both the wider business community and the government have a role to play here by choosing local or European suppliers more often and by working together to better explore the possibilities for functional issues.
2026: 25 years of NBIP
We look back on two very successful days, which would not have been possible without the interest and enthusiasm of our participants and visitors. Next year, NBIP will celebrate its 25th anniversary, and we will not let that pass unnoticed. We look forward to seeing you at the anniversary edition of NBIP NEXT!
