Platform operational in months, not 18-24 month DIY timeline, Real-time message delivery, Complete governance: data sovereignty, RBAC, audit trails, Open-source foundation: (no vendor lock-in)
Quick facts
- Company: Logius (Ministry of the Interior and Kingdom Relations, Netherlands)
- Date: 2021-Present
- Our Involvement: Strimzi-based Kafka platform deployment for the Federated Message System (FBS), supporting the national Berichtenbox voor Burgers en Ondernemers (BBO) initiative
About Logius
Logius is the digital services agency for the Dutch government, operating under the Ministry of the Interior and Kingdom Relations. The organization develops and maintains critical digital infrastructure used by ministries, municipalities, and public institutions across the Netherlands, including digital identity systems, data exchange standards, and secure communication platforms. When Logius sets technical direction, it defines the standards for an entire nation’s digital Government.
Goals & context
Logius needed to modernize the Federated Message System (FBS) to support BBO (Berichtenbox voor Burgers en Ondernemers), the national platform where Dutch citizens and businesses receive official government communications. The legacy system could no longer handle the government's shift from paper to digital: batch processing, limited throughput, and rigid integration patterns couldn't support real-time communication at scale. The constraints were unforgiving: government data cannot leave Dutch borders, every message flow must be auditable, the platform must be reusable across ministries, open-source technology is mandated, and there is zero tolerance for failure when handling legally binding communications affecting millions of citizens.
The real question wasn't "Can we run Kafka?" but "Can we run Kafka with the governance, security, and operational maturity required for government-scale message handling?" Managed cloud services violated data sovereignty requirements. DIY open-source Kafka would require 18-24 months building governance, access control, and multi-tenancy tooling from scratch, pulling resources from actual service development. Logius needed enterprise Kafka with production-ready governance, deployed on-premises, built on open-source foundations, without multi-year implementation timelines.
Strategic approach
Hypothesis: A Strimzi-based Kafka platform with integrated governance can provide the technical foundation for government messaging while maintaining the control, auditability, and open-source principles required by public section IT, without the 18-24 month DIY timeline.
Principles: Governance designed into architecture from day one, not bolted on later. On-premise deployment without sacrificing enterprise capabilities like self-service provisioning and multi-tenancy. Platform architecture that supports multiple government services and agencies using shared infrastructure with proper isolation. Built on Apache Kafka and Strimzi (open-source) while providing the operational maturity and governance tooling that raw open-source lacks.
Operating Model: Development teams across government self-service provision topics and applications without IT bottlenecks. Platform administrators maintain governance and compliance through role-based access control and approval workflows. All message flows remain visible and auditable through centralized monitoring. The platform itself becomes reusable infrastructure, not a single-application deployment.
Building governed, reusable streaming infrastructure
Government messaging requires contradictory capabilities: development teams need agility to build services quickly, while security teams need strict control and complete auditability. Traditional approaches force a choice between slow centralized IT control or ungoverned developer freedom. Meanwhile, each ministry typically builds its own IT systems, leading to duplicated effort and inability to share data across organizational boundaries.
The insight: governance doesn't require centralization, and reusability requires more than good intentions. With the right platform architecture, you provide self-service capabilities while enforcing governance policies programmatically. Multi-tenancy with proper isolation enables shared infrastructure that multiple organizations trust.
Platform architecture: control place separation
Axual's Strimzi-based platform separates the control plane (governance, user management, access policies) from the data plane (Kafka clusters handling message traffic). Development teams create topics, register applications, and deploy connectors through a web UI or API. Platform policies automatically enforce approval workflows, access controls, and schema validation without manual IT intervention. Different government services operate in isolated logical environments on shared infrastructure.
The platform runs entirely on Logius-managed Kubernetes infrastructure within Dutch government datacenters. Multiple Kafka clusters managed through the Strimzi operator. Integrated schema registry (Apicurio) for message format management. Platform Manager handles governance operations. Keycloak integrates with government identity systems. Each ministry operates as a logical tenant with its own resource namespace, while sharing common capabilities like schema registry, monitoring, and connector catalog.
Deployment and multi-agency adoption
Logius deployed the platform in three phases. First, the foundation: Kafka clusters on Kubernetes, schema registry, Platform Manager, and Keycloak integration. Second, BBO integration: message routing between agencies and citizen mailboxes, integration with existing systems through Kafka Connect, real-time processing replacing batch workflows. Third, operational maturity: Prometheus-based metrics, audit logging, disaster recovery procedures.
The platform was structured for multi-agency use from the start. Distributed teams manage their own topics and applications within governance guardrails. Reusable microservices were built: message routing to citizen mailboxes, notification services across channels, archive services for compliance, integration adapters connecting legacy systems. These become building blocks that new government initiatives compose rather than building from scratch.
Governance enforcement in production
Role-based access control is enforced at both platform and Kafka broker levels. An application without proper credentials cannot connect, regardless of network access. All messages use registered schemas. Producers cannot publish incompatible data. The schema registry maintains version history, enabling controlled evolution. Every topic creation, permission change, and configuration update generates audit log entries.
Reusability is demonstrated through actual adoption. Beyond BBO, additional government services can now use the platform. With proper authorization, agencies consume event streams from other organizations. The platform's multi-tenant architecture enables controlled data sharing between agencies where authorized, replacing point-to-point integrations with governed event streaming.
Operational impact
The Platform is operational in production, handling BBO and additional government services. Self-service provisioning reduced topic creation from multi-day IT ticket process to minutes with approvals. Real-time event handling replaced batch processing. Messages routed to citizens within seconds, not overnight. Kafka Connect enables integration without custom development for each connection.
All data remains within Dutch government datacenters. Role-based permissions enforced at platform and Kafka level. Complete audit history meets government record-keeping requirements. Zero to production in months, not the 18-24 month DIY timeline. Operations teams manage through Axual UI rather than direct Kafka administration. The platform serves multiple government services beyond the initial BBO use case. Built on open-source foundations (Apache Kafka, Strimzi, Kubernetes) with no proprietary lock-in.
Results
- Platform operational in months, not 18-24 month DIY timeline
- Real-time message delivery: replacing overnight batch processing
- Complete governance: data sovereignty, RBAC, audit trails
- Open-source foundation: Kafka, Strimzi, Kubernetes (no lock-in)
Closing thoughts
Logius demonstrates that you don't need to choose between agility and governance, or between cloud services and multi-year DIY projects. The platform runs entirely on-premises on open-source foundations, but provides the governance tooling and operational maturity that would take 18-24 months to build yourself. By designing streaming infrastructure for reuse across government organizations from day one, Logius created strategic capability rather than project-specific deployment. This is how digital transformation actually happens in large organizations: not through wholesale replacement of legacy systems, but by building new capabilities that gradually become the foundation for future services.
Further information
Next steps
Discuss your data architecture challenges with our technical team. Schedule an architecture review session to explore how event streaming can address your specific interoperability requirements while maintaining compliance.
{{tenbtn}}
Related case studies
Read use cases and success stories from our customers
Read how PTSB launched real-time payments on a governance-first Kafka platform, cutting latency from 10 seconds to under 1 second and setting the foundation for enterprise-wide event streaming.
Learn how Axual powers real-time energy trading with 99.9% uptime, sub-second latency, unified data streaming, reduced operational complexity, and scalable support for increasing renewable energy data volumes.
See how Enexis uses Axual to combine Strimzi's open-source framework with enterprise features to transform smart metering with real-time data streaming.