Addendum: Supporting the Netherlands’ Digital Sovereignty and Defence
As the Netherlands accelerates its “Cloud Policy” and “Digital Government” initiatives, Red Hat delivers a locally tailored extension of its global resilience framework. This addendum explains how Red Hat specifically supports the Dutch government, the Ministry of Defence (MoD), Dutch customers and critical infrastructure through product-native features and specific configurations that respect and support the Dutch regulatory landscape.
1. Alignment with the Baseline Informatiebeveiliging Overheid (BIO)
Red Hat supports alignment with the Dutch Baseline Informatiebeveiliging Overheid (BIO) by enabling automated compliance and security hardening across government environments through configurable tooling in Red Hat Enterprise Linux (RHEL), Red Hat OpenShift, Red Hat Satellite, Red Hat Lightspeed (formerly Red Hat Insights), and Red Hat Ansible Automation Platform (AAP).
2. Strategic support for Disconnected, Denied, Intermittent, or Limited (DDIL) environments.
Organizations such as the Dutch military and government need to operate in environments that must withstand disruption while balancing security and mission functionality.
- Red Hat Device Edge & Edge Manager: These provide an immutable operating environment for distributed edge assets and platforms, managed through a “desired state” automation framework. Launched in 2025, the Edge Manager enables non-IT specialists to orchestrate large-scale deployments while utilizing mutual TLS (mTLS) and hardware-rooted security, such as Trusted Platform Modules (TPM), to maintain operational integrity in remote or contested environments.
- Trusted Software Supply Chain: The platform implements golden path pipelines that sign, audit, and generate Software Bill of Materials (SBOMs) for every artifact before deployment.
- Air-Gapped Sovereignty: Red Hat Satellite and OpenShift allow the organisations to maintain sovereign mirrors with no persistent internet connection.
3. Confirmed Sovereign Support: Data sovereignty and local personnel
To satisfy Dutch data-residency and operational-control requirements we offer Confirmed Sovereign Support:
- Verified local talent: Support is delivered exclusively by senior engineers who are legally authorized to work in the EU and physically operating on that soil.
- Vetted personnel: Engineers undergo rigorous background checks and security training to meet strict jurisdictional standards.
- Least privilege policy: Direct access to customer infrastructure is prohibited without explicit customer authorization, managed through auditable identity and access management control planes localized to the region.
- This includes a "mirror case" workflow that keeps sensitive data within the regional boundary even during global escalations.
In-country infrastructure: Red Hat OpenShift can be installed on Google Cloud in the Netherlands (europe-west4 GCP region) to keep data local. Fully-managed Red Hat OpenShift Dedicated on Google Cloud will be available in the second half of 2026
4. Innovation in Sovereign AI for the Netherlands
Aligned with the Dutch AI Strategy and the EU AI Act:
- Local LLM training: Red Hat OpenShift AI and Red Hat OpenShift Data Foundation enable on-prem and private cloud training to prevent data leakage to public LLM providers.
- Auditable logic: Red Hat promotes the use of open-source frameworks, for example, Hugging Face, that allow the Dutch government to audit the logic of AI-driven decisions.
5. Partner ecosystem integration and support
Red Hat collaborates with European partners covering all technical and solution requirements of our product portfolio, including:
- Thales, a French-headquartered leader in defence
- Eviden (Atos Group), headquartered in France, a key partner in the GrIT (Grensverleggende IT) program of the Dutch Ministry of Defence
- Telenor, based in Norway who brings its Telenor AI Factory to bring scale, sovereignty and control to production AI
- Phoenix Systems in Switzerland who take sovereign cloud platform to the next level.
Red Hat complements its products and services with country and Europe-level partners to help its customers achieve and maintain digital sovereignty.
6. Knowledge transfer
Red Hat offers specialized training for Dutch civil servants and military personnel, ensuring that the expertise to manage and secure these sovereign platforms remains within the Dutch workforce. Our partnership with the Dutch government via Master Agreement with SLM Rijk highlights that Red Hat is working with Dutch ministries to deliver digital autonomy, including “Training and certification” resources as part of that collaboration.
7. Local access to software distributions
Red Hat products can automatically connect to a Content Delivery Network (CDN), which identifies your IP address and can route the download to a European node. The Red Hat CDN has major nodes in Frankfurt, Amsterdam, London, Dublin, Paris, and Madrid.
Red Hat Satellite’s local mirroring capability enables customers to store software updates within their own European data center to support compliance or bandwidth requirements. Installing Satellite in your European facility allows it to download (mirror) the software from Red Hat once, and then all your local servers download updates from that local Satellite server instead of the internet.
Annex: Dutch-Only regulatory layers - Beyond EU Baselines
Red Hat products and its partners are ready to support Dutch organizations across the legal layers that extend beyond the GDPR like the Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG), which sets digital consent at 16 and restricts BSN processing to organizations holding an explicit statutory mandate or the Wet op de inlichtingen- en veiligheidsdiensten (Wiv) 2017, as extended by the Temporary Cyber Operations Act, enacted inMarch 2024, governing interception, cyber operations, metadata analysis, hacking, and bulk data collection for national security purposes.
