From Deal Announcement to Regulatory Dead End: How Dutch FDI Screening Blindsided a $115M US Tech Acquisition

Section 01 · The Deal

What Happened? Unpacking the Kyndryl-Solvinity Decision

On the surface, the deal looked logical. Kyndryl, an IT infrastructure services provider spun off from IBM, sought to expand its European footprint by acquiring Solvinity, a Dutch firm specializing in managed cloud services for complex, high-security environments. Solvinity’s client roster, however, included a significant number of Dutch government agencies and critical infrastructure operators. This fact proved to be the deal’s fatal flaw.

The intervention came from the Netherlands’ Bureau for Investment Screening (BFT), the agency tasked with enforcing the Act on Security Screening of Investments, Mergers and Acquisitions—commonly known as the Vifo Act. Citing national security concerns related to the sensitive data handled by Solvinity, the BFT recommended against the acquisition, a decision ultimately confirmed by the Minister of Economic Affairs and Climate Policy. The core issue was the potential for a foreign entity to gain control over IT infrastructure vital to the functioning of the Dutch state. For Kyndryl, the outcome was the abrupt termination of a strategic investment. For the market, it was a stark reminder that access to the EU is increasingly conditional.

Section 02 · The Law

The Vifo Act: The Netherlands’ New Gatekeeper for Critical Tech

The legal instrument behind the block, the Vifo Act, came into full effect in 2023 and represents a powerful tool in the Dutch government’s arsenal to protect national interests. It establishes a mandatory screening mechanism for investments in two main categories: “vital providers” and companies active in “sensitive technology.”

The Vifo Act empowers the BFT to review, impose conditions on, or ultimately block any transaction that could create a risk to national security. Unlike traditional competition reviews that focus on market share, the Vifo Act’s mandate is broad and political, weighing factors like the continuity of vital services, the integrity of sensitive information, and the strategic dependencies created by foreign ownership. This shift from a purely economic to a geopolitical assessment of M&A is a defining feature of the new European investment climate.

Section 03 · The Trend

A Broader European Trend: The Rise of Digital Sovereignty

The Netherlands is not acting in isolation. The Kyndryl-Solvinity decision is a local manifestation of a pan-European movement towards greater scrutiny of foreign investments, driven by the doctrine of “digital sovereignty.” This principle holds that a state must maintain control over its critical digital infrastructure, data, and technology. The EU’s FDI Screening Regulation (2019/452) created a framework for member states to coordinate on reviewing foreign investments, and nations like Germany (with its Foreign Trade and Payments Act) and France have similarly tightened their own national security reviews.

This trend creates a complex and fragmented regulatory landscape for international investors. While the US and EU are strategic allies, this alignment does not guarantee a smooth path for US tech companies. Concerns over data access under foreign laws, such as the US CLOUD Act, often fuel European regulators’ anxieties, even when the acquiring company is from a friendly nation. The result is that every significant cross-border tech deal is now subject to a political risk assessment that was once reserved for transactions in heavily regulated defense or energy sectors.

Section 04 · The Gap

The Intelligence Gap: Why Traditional M&A Due Diligence Is Failing

A regulatory block like the one Kyndryl faced is not a sudden, unpredictable event. It is the final outcome of a long process of policy formation, stakeholder debate, and shifting political priorities. Traditional M&A due diligence, focused on financial statements and legal compliance, is ill-equipped to detect these non-market risks. It can confirm that a company is compliant with existing laws but cannot predict how a regulator will interpret a new law like the Vifo Act in the context of rising geopolitical tensions.

Closing this intelligence gap requires a new capability: the ability to systematically map and monitor the external signals that shape regulatory behavior. This includes tracking parliamentary questions about foreign takeovers, analyzing policy papers from economic ministries, and understanding the narratives being pushed by influential media and stakeholder groups. Having access to comprehensive geopolitical risk intelligence allows dealmakers to see the full picture, identifying potential roadblocks long before a formal review process begins. It transforms risk management from a reactive, defensive posture into a proactive, strategic advantage.

Section 05 · The Playbook

A New Playbook for Navigating European Tech M&A

The Kyndryl-Solvinity case proves that a new approach is essential for any company planning strategic investments in Europe. A successful playbook must now include: