NL Wallet, the government’s upcoming digital identity app, relies on software from Apple and Google, according to research by Follow the Money. In a response, the ministry told ‘to study whether there are any options to make the app less dependent on American tech giants.
‘Using the Dutch digital wallet app is completely safe, unless Google or Apple collude with that man in the White House.’
A government official made a joke about it in a packed room in a Utrecht conference center NL Wallet. This identification system will probably eventually take the place of DigiD.
Last month, during a ‘meet-up’ in Utrecht, the civil servant updated interested parties about the development of the new app, which the Dutch will not be able to install on their phones until next year at the earliest.
NL Wallet will soon be able to do more than DigiD. In all Member States of the European Union, citizens can identify with it in a safe way. They can also share documents with it, for example an income statement with a landlord, or a school diploma with a university. And NL Wallet can also be used to sign a digital document.
But there is another difference with DigiD, according to the joke about the man in the White House.
Because while the whole of Europe is trying to break away from American technology, NL Wallet can only be used by citizens with an account with Google or Apple. At least that’s what it looks like, a spokesperson for the responsible confirms state secretary.
At the same time, it has already been established that healthcare providers will soon be obliged to offer the app as a login method in addition to DigiD.
Jaap-Henk Hoepman, privacy expert and associate professor digital security at Radboud University in Nijmegen, he is concerned about this. ‘Issuing identity documents, paper or digital, is emphatically a task for the government. They should keep this in their own hands as much as possible and not outsource it to Apple and Google.’
Bart Jacobs, professor computer security, privacy & identity (also Radboud), thinks this design choice ‘fits poorly in with the Dutch and European pursuit of digital autonomy’.
‘A government app should never be dependent on an account with Apple or Google,’ also says Member of Parliament Barbara Kathmann (Progressive Netherlands). ‘DigiD proves that secure access without a big tech account is possible. The same standard should apply to NL Wallet. Anyone who does not have an account with an American tech giant should be able to use the same digital services.’
The State Secretariat for Digital Affairs denies that the intention is to replace DigiD with NL Wallet.
But that doesn’t go down with experts like Jacobs and Hoepman, the latter of whom points out, among other things, the money involved. DigiD’s maintenance cost last year 61,9 million euro and the maintenance of the new app will not be cheaper.
‘I think that denial is very crazy. If you keep both apps in the air, the Tax Authorities, all municipalities and healthcare institutions must also support two apps, which also costs them extra money,’ says Hoepman. ‘And why would people switch to the wallet if you also continue to offer DigiD?’
It will still be possible take several years before the replacement is a fact.
The built-in reliance on Google and Apple is also in stark contrast to the outcome of the recent discussion about DigiD.
That app, operated by Solvinity, was in danger of becoming the property of the American software company Kyndryl, which led to a fierce debate in the House of Representatives and several lawsuits. The takeover was held on May 26 forbidden. That was, according to Willemijn Aerdts, State Secretary for the Digital Economy and Sovereignty, ‘to protect the public interest’.
Sauce from Google
The NL Wallet app has its origins in the corona pandemic, privacy expert Hoepman knows.
‘Before that, Apple and Google already had wallet apps in which you could store train or concert tickets. But since corona you can also use those apps for the American driver’s license, an official government document.’
That is why Hoepman will be on the news platform in 2022 Nu.nl careful responded positively when the European Commission initiated its own infrastructure for an identity wallet: ‘If they [the Commission, red.] don’t come up with European verification, then Apple and Google will realize something like this. This means that you are completely dependent on tech giants for digital passports. That’s a situation you don’t want to end up in.’
At the same time warned he pays close attention when designing the app.
The vast majority of smartphone users have an iPhone (with the Apple operating system iOS) or an Android phone, the operating system of which has in many cases been doused with one strong Google sauce.
One of the sauces is the so-called Play Integrity-software, it checks whether the phone and the installed apps are ‘reliable’. iPhones have similar control software: iOS App Attest.
In practice, it means that Google and Apple have far-reaching control over which apps you can install – and under what conditions.
This is sensitive for an official identity app: as if the government does not check who you are when applying for an identity card (by means of a passport photo and your old passport), but checks whether Google and Apple have the wallet in which you want to keep that card. consider safe enough.
Ready-made
In 2023, the Commission published on the software platform GitHub a first version of the technische requirements to the European identity wallet.
Those requirements do not include an obligation to use the services of Apple and Google. Member States are completely free to build a wallet that does not rely on American tech. At GitHub, the Commission has recently also mentioned a European alternative: the Belgian company Dexguard.
But, says security expert Brenno de Winter, who does use Google’s and Apple’s ready-made control software, was by far the easiest way for app builders to meet technical requirements.
The 27 European member states diligently started building their own wallet apps. The first Dutch version was released in March 2024 on GitHub published.
Long crowed there geen rooster more about possible dependence on Google and Apple.
Until autumn 2024, when Italian software developers erachter came that their national app alone would work on phones with Google or Apple software.
The same obligation was introduced in February 2025 for the Dutch app, evident from the editing history on GitHub. Integration with Google’s and Apple’s systems became ‘unconditionally’: the user would always need a Google or Apple account.
It seemed like the Dutch IT community niet op te fall.
Not even when the discussion about dependence on American technology gained momentum, because in May last year the chief prosecutor of the International Criminal Court (ICC) in The Hague became locked out of his Microsoft account.
Other countries made a different assessment than Italy and the Netherlands.
Switzerland promised last year in response to criticism – started working on a Google-free version.
Germany mentions ‘digital sovereignty’ an important goal for your own app.
That’s why it eventually must work without the software from Google and Apple, says a spokesperson for the German Ministry of Digital Affairs. Support for Google’s software may be built in later, but only if that ‘offers additional security benefits’, he explains.
According to a spokesperson for State Secretary Aerdts, the Google and Apple software was chosen for security reasons. ‘That provide support and protection to a large user group and are for that reason first implemented.’
A wallet version that is usable without an account with Apple or Google is not currently being worked on, this spokesperson said. Although he does not rule out that this may change in the future.
DigiD works Google-free on Android
It is striking that NL Wallet would not be safe without control software from Google or Apple.
The current DigiD app works since 2023 on Google-less versions of Android. A spokesperson for Logius (DigiD’s administrator): ‘The fact that DigiD does not use Play Integrity does not mean that the DigiD app is not secure or less secure than the NL Wallet.’
The European Commission obliges all European Member States to launch a working identity app before the end of this year. But presumably will no Member State meet that deadline, neither will the Netherlands.
Security expert Brenno de Winter would have liked to see phones with other operating systems taken into account from the start. After all, there are also Android phones without the Google sauce. ‘So the ministry is just saying that those other users are unlucky? That is really completely unacceptable. Did they miss the whole discussion about sovereignty? And even then, it’s not too late to shift course immediately and not introduce this dependency into such an important app.’
Privacy expert Jaap-Henk Hoepman: ‘If dependence on Google is not necessary, why do you do that?’
NL Wallet, the government’s upcoming digital identity app, relies on software from Apple and Google, according to research by Follow the Money. In a response, the ministry told ‘to study whether there are any options to make the app less dependent on American tech giants.
‘Using the Dutch digital wallet app is completely safe, unless Google or Apple collude with that man in the White House.’
A government official made a joke about it in a packed room in a Utrecht conference center NL Wallet. This identification system will probably eventually take the place of DigiD.
Last month, during a ‘meet-up’ in Utrecht, the civil servant updated interested parties about the development of the new app, which the Dutch will not be able to install on their phones until next year at the earliest.
NL Wallet will soon be able to do more than DigiD. In all Member States of the European Union, citizens can identify with it in a safe way. They can also share documents with it, for example an income statement with a landlord, or a school diploma with a university. And NL Wallet can also be used to sign a digital document.
But there is another difference with DigiD, according to the joke about the man in the White House.
Because while the whole of Europe is trying to break away from American technology, NL Wallet can only be used by citizens with an account with Google or Apple. At least that’s what it looks like, a spokesperson for the responsible confirms state secretary.
At the same time, it has already been established that healthcare providers will soon be obliged to offer the app as a login method in addition to DigiD.
Jaap-Henk Hoepman, privacy expert and associate professor digital security at Radboud University in Nijmegen, he is concerned about this. ‘Issuing identity documents, paper or digital, is emphatically a task for the government. They should keep this in their own hands as much as possible and not outsource it to Apple and Google.’
Bart Jacobs, professor computer security, privacy & identity (also Radboud), thinks this design choice ‘fits poorly in with the Dutch and European pursuit of digital autonomy’.
‘A government app should never be dependent on an account with Apple or Google,’ also says Member of Parliament Barbara Kathmann (Progressive Netherlands). ‘DigiD proves that secure access without a big tech account is possible. The same standard should apply to NL Wallet. Anyone who does not have an account with an American tech giant should be able to use the same digital services.’
The State Secretariat for Digital Affairs denies that the intention is to replace DigiD with NL Wallet.
But that doesn’t go down with experts like Jacobs and Hoepman, the latter of whom points out, among other things, the money involved. DigiD’s maintenance cost last year 61,9 million euro and the maintenance of the new app will not be cheaper.
‘I think that denial is very crazy. If you keep both apps in the air, the Tax Authorities, all municipalities and healthcare institutions must also support two apps, which also costs them extra money,’ says Hoepman. ‘And why would people switch to the wallet if you also continue to offer DigiD?’
It will still be possible take several years before the replacement is a fact.
The built-in reliance on Google and Apple is also in stark contrast to the outcome of the recent discussion about DigiD.
That app, operated by Solvinity, was in danger of becoming the property of the American software company Kyndryl, which led to a fierce debate in the House of Representatives and several lawsuits. The takeover was held on May 26 forbidden. That was, according to Willemijn Aerdts, State Secretary for the Digital Economy and Sovereignty, ‘to protect the public interest’.
Sauce from Google The NL Wallet app has its origins in the corona pandemic, privacy expert Hoepman knows.
‘Before that, Apple and Google already had wallet apps in which you could store train or concert tickets. But since corona you can also use those apps for the American driver’s license, an official government document.’
That is why Hoepman will be on the news platform in 2022 Nu.nl careful responded positively when the European Commission initiated its own infrastructure for an identity wallet: ‘If they [the Commission, red.] don’t come up with European verification, then Apple and Google will realize something like this. This means that you are completely dependent on tech giants for digital passports. That’s a situation you don’t want to end up in.’
At the same time warned he pays close attention when designing the app.
The vast majority of smartphone users have an iPhone (with the Apple operating system iOS) or an Android phone, the operating system of which has in many cases been doused with one strong Google sauce.
One of the sauces is the so-called Play Integrity-software, it checks whether the phone and the installed apps are ‘reliable’. iPhones have similar control software: iOS App Attest.
In practice, it means that Google and Apple have far-reaching control over which apps you can install – and under what conditions.
This is sensitive for an official identity app: as if the government does not check who you are when applying for an identity card (by means of a passport photo and your old passport), but checks whether Google and Apple have the wallet in which you want to keep that card. consider safe enough.
Ready-made In 2023, the Commission published on the software platform GitHub a first version of the technische requirements to the European identity wallet.
Those requirements do not include an obligation to use the services of Apple and Google. Member States are completely free to build a wallet that does not rely on American tech. At GitHub, the Commission has recently also mentioned a European alternative: the Belgian company Dexguard.
But, says security expert Brenno de Winter, who does use Google’s and Apple’s ready-made control software, was by far the easiest way for app builders to meet technical requirements.
The 27 European member states diligently started building their own wallet apps. The first Dutch version was released in March 2024 on GitHub published.
Long crowed there geen rooster more about possible dependence on Google and Apple.
Until autumn 2024, when Italian software developers erachter came that their national app alone would work on phones with Google or Apple software.
The same obligation was introduced in February 2025 for the Dutch app, evident from the editing history on GitHub. Integration with Google’s and Apple’s systems became ‘unconditionally’: the user would always need a Google or Apple account.
It seemed like the Dutch IT community niet op te fall.
Not even when the discussion about dependence on American technology gained momentum, because in May last year the chief prosecutor of the International Criminal Court (ICC) in The Hague became locked out of his Microsoft account.
Other countries made a different assessment than Italy and the Netherlands.
Switzerland promised last year in response to criticism – started working on a Google-free version.
Germany mentions ‘digital sovereignty’ an important goal for your own app.
That’s why it eventually must work without the software from Google and Apple, says a spokesperson for the German Ministry of Digital Affairs. Support for Google’s software may be built in later, but only if that ‘offers additional security benefits’, he explains.
According to a spokesperson for State Secretary Aerdts, the Google and Apple software was chosen for security reasons. ‘That provide support and protection to a large user group and are for that reason first implemented.’
A wallet version that is usable without an account with Apple or Google is not currently being worked on, this spokesperson said. Although he does not rule out that this may change in the future.
DigiD works Google-free on Android It is striking that NL Wallet would not be safe without control software from Google or Apple.
The current DigiD app works since 2023 on Google-less versions of Android. A spokesperson for Logius (DigiD’s administrator): ‘The fact that DigiD does not use Play Integrity does not mean that the DigiD app is not secure or less secure than the NL Wallet.’
The European Commission obliges all European Member States to launch a working identity app before the end of this year. But presumably will no Member State meet that deadline, neither will the Netherlands.
Security expert Brenno de Winter would have liked to see phones with other operating systems taken into account from the start. After all, there are also Android phones without the Google sauce. ‘So the ministry is just saying that those other users are unlucky? That is really completely unacceptable. Did they miss the whole discussion about sovereignty? And even then, it’s not too late to shift course immediately and not introduce this dependency into such an important app.’
Privacy expert Jaap-Henk Hoepman: ‘If dependence on Google is not necessary, why do you do that?’