How to Register a .nl Domain: Digital Sovereignty in a US-Dominated World

Introduction

We used to not have to think about where our websites "live". The relevant decision criteria were simple: reliability, affordability, availability, and ease of use. So over the last decade, we all moved to the most feature-complete, cheapest, and reliable option. The American cloud. Now, ten years later, two-thirds of Dutch governments and critical companies rely on American cloud services, and in the current geopolitical climate, we have to start asking ourselves if this is tenable in the long run. Last year, the noise about data sovereignty really picked up when DigiD risked falling into American hands, and our parliament is making a push for a Dutch cloud.

Early 2025, the International Criminal Court, an international organisation located in the Netherlands, was sanctioned by the US after opening investigations involving US allies. This shows how, for political reasons and often without warning, access to services or infrastructure controlled by foreign powers can be restricted or withdrawn. Even organisations that seem independent or neutral can suddenly face major obstacles if they rely on partners outside EU jurisdiction.

What's next?

The question I want to answer in this series is straightforward: can European alternatives meet the reliability, cost, and ease-of-use bar we've come to expect from American cloud, without compromising on governance, compliance, and control? I'll be building a real platform from the ground up, covering the full stack: domain registration, hosting, version control, CI/CD, identity management, and AI tooling. Every step assessed on data residency, regulatory risk, vendor lock-in, and who ultimately holds the keys.

The first step? I need a place to put this blog. Publishing on LinkedIn or Medium is out, as they're American platforms and that's exactly what I'm trying to avoid. So, while investigating the European digital landscape, I'm going old-school: building my own personal homepage, just like in the early 2000s. Let's start with registering a Dutch .nl domain.

How Dutch is a .nl domain, really? Who holds the keys to our digital identity, and what does that mean for sovereignty and trust?

SIDN: Who Keeps Track of .nl Domains?

SIDN (Stichting Internet Domeinregistratie Nederland) is the organisation that keeps track of who owns which .nl domain names and makes sure everything runs smoothly. Think of them as the Kadaster (the land registry), but for Dutch internet addresses instead of real estate. It took centuries of disputes to establish the territory managed by the Kadaster, but the origins of the internet were far more peaceful. Built on a spirit of cooperation, the internet's early days were defined by international coordination rather than conflict. IANA, as part of ICANN, was tasked with coordinating this global address space, handing out blocks of IP addresses and domain namespaces to all nations.

The Domain Name System (DNS) is the address book of the internet: when you type a website address like overheid.nl, DNS translates that name into the numerical IP address your computer needs to connect. Humans use names; computers use numbers. I know exactly two phone numbers by heart: my own and my girlfriend's. For everyone else, I just scroll through my contacts. DNS is why I don't need to remember any more than that.

SIDN has been managing the Dutch part of this digital territory since 1986, making .nl the oldest country domain in the world.

Who's Really in Charge? (ICANN and the DNS Root)

Even though SIDN manages .nl, the very top of the global Domain Name System is overseen by ICANN, a US-based non-profit. All domains, even .nl, ultimately depend on infrastructure and governance that is, at the highest level, under US influence.

That said, ICANN's governance model is intentionally multistakeholder. Governments, industry, civil society, and technical experts all have a seat at the table, and changes to the DNS root require broad consensus. This makes it structurally different from a dependency on AWS or Azure. A US executive order can freeze a Dutch organisation's cloud account overnight; unilaterally rewriting the DNS root zone is a fundamentally different and far more constrained exercise of power. The risk is real, but it is not equivalent.

True separation from ICANN would mean building a parallel internet, a drastic step where the cure is clearly worse than the disease. The practical answer is to acknowledge this dependency, manage it appropriately, and focus sovereignty efforts where the leverage is higher.

Cloud Move Sparks Debate

In 2024, SIDN announced a move to a new registration platform hosted in the public cloud, meaning their core systems would run on servers managed by big tech companies, often outside the Netherlands. The debate that followed raised three questions that are worth keeping in mind throughout this entire series: if the heart of the .nl domain lives on foreign infrastructure, how much control do we really have? What are the risks if international tensions spill over into the digital world? And how resilient is our infrastructure if it depends on non-European providers?

Industry groups and policymakers raised these questions, and SIDN listened. Before making any irreversible changes, they committed to legal and privacy assessments, a clear exit strategy, and properly considering Dutch or European alternatives. This shows how challenging it is to keep your digital infrastructure truly in European hands, even when you're as Dutch as .nl.

My own journey starts at SIDN's whois tool. I type in "noudsavenije.nl" and, to my relief, a green checkmark appears: it's available. The next challenge is choosing a registrar. With over a hundred options, the decision isn't as simple as it seems.

Registrars

You can't just walk up to SIDN and claim a .nl domain for yourself, as only registrars are allowed to do that. Think of the registrar as a broker, the middleman between you and SIDN. When you want a domain, you go to a registrar, who handles the paperwork, payment, and technical setup with SIDN on your behalf.

Are There Risks with Foreign Registrars?

In practice, the registrar is just a broker: they handle the administrative process of registering your domain with SIDN, but your website's data and visitor traffic do not pass through them. Even if a registrar changes ownership, your website's content and user data remain unaffected.

That said, jurisdiction matters for organisations with compliance requirements. When your registrar is Dutch, contract law, GDPR enforcement, and dispute resolution happen within Dutch and EU legal frameworks. A foreign registrar may offer the same technical service but places you under a different legal regime, which is relevant if you're operating under NIS2, BIO, or sector-specific regulations. The main operational risk is administrative; the main strategic risk is jurisdictional.

Different organisations approach this choice differently. The Dutch government (overheid.nl) and large companies like Rabobank act as their own registrar, which gives them the highest level of control but also requires more resources and expertise. For individuals and most businesses, using a reputable Dutch registrar like TransIP is the more practical option, offering Dutch legal protection and a good balance between independence and ease of use.

It's also worth noting that DNS management doesn't have to be bundled with your registrar. Some organisations choose a Dutch registrar but use a global DNS provider like Akamai for resilience and performance. That introduces its own trade-offs, which I'll cover in a dedicated post on DNS trust, providers, and technologies like DNSSEC.

For now, I'll use TransIP and let them handle my DNS needs as well. Registering a domain this way is fast, affordable, and accessible for organisations of any size. This part of the value chain has genuinely been solved.

In the next post, I'll tackle the harder question: hosting. A domain is just a name, and where your workloads actually run is where the real sovereignty trade-offs live. Can European hosting providers match the reliability and developer experience of AWS and Azure? Let's find out.

Takeaways

• Data and compute sovereignty matter: Where your data and core services "live" is increasingly important for resilience, privacy, and control. The political events of early 2025 have made that concrete.
• True digital independence is elusive: Even with a .nl domain, ultimate control lies with global organisations like ICANN. Acknowledge the dependency and manage it; don't pretend it doesn't exist.
• Not all dependencies are equal: ICANN's multistakeholder model makes it structurally less risky than a dependency on a single hyperscaler. The goal is to understand your risk profile, not to achieve zero foreign exposure.
• Domain registration is a solved problem: A reputable Dutch registrar, a few minutes, and a few euros. This is genuinely the easy part. It gets harder from here.