The Netherlands is renowned for the strength and speed of its digital transformation, scoring amongst the top countries in the world for digital intensity, internet access and IT integration.1 Its rapid digitalization has molded a vibrant fintech ecosystem, digital economy and tech-savvy population. The Dutch were one of the first countries to launch mobile and online banking, and a growing digital payments sector promises to drive further innovation and competition. The Netherlands’ emphasis on digitalization has also made the small country a global hub for cybersecurity, housing NATO and Interpol cybersecurity operations and The Hague Security Delta (HSD).
The COVID-19 pandemic led to a 3.8% contraction in the 2020 Dutch economy,2 far less severe than the Eurozone’s 6.8% plunge.3 The Netherlands is forecasted to return to pre-pandemic levels by the start of 2022, with a forecasted growth rate of 2.7% in 2021 and 3.7% in 2022.4 Its financial stability and digital economy outlook remain fairly strong, especially as the pandemic has sped up and widened the scope of digitalization efforts.
Funds from the EU’s Recovery and Resilience Facility could further cement the Netherlands’ reputation as a digital haven. It was one of the first countries to make use of the Recovery Assistance for Cohesion and the Territories of Europe (REACT-EU), which will facilitate investments in digital transformation and increase the EU co-financing rate. Meanwhile, a pandemic-driven surge in digital payments—on top of an already well-developed cashless landscape—might attract even more fintech to Amsterdam.
An uptick in cyberattacks amidst a swiftly evolving digital landscape has put cybersecurity front and center of the Netherlands’ 2021 digital agenda. Major themes include cross-sectoral and international cooperation, data protection and the adaption of new technologies. Additionally, the Netherlands has been instrumental in supporting the European Central Bank’s research into the development of a digital euro.
Financial Regulatory Authorities
Central bank: De Nederlansche Bank is the central bank of the Netherlands.
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens or AP) is the independent, supervisory authority for the processing of personal data.
The Netherlands Authority for the Financial Markets (Autoriteit Financiële Markten or AFM) is the country’s financial services regulatory authority.
Other Regulatory Authorities
The Dutch Authority for Consumers and Markets (Autoriteit Consument & Markt or ACM) ensures fair competition between businesses and protects consumers.
Policy, Laws and Regulations
Cybersecurity Regulation Implementation Act, 18 May 2021
The Dutch State Secretary for Economic Affairs and Climate submitted a bill on the implementation process for the EU’s Cybersecurity Regulation, which grants the European Union Agency for Cybersecurity (ENISA) a permanent mandate and introduces an EU-wide cybersecurity certification framework for ICT processes, products and services. The certification system will further integrate the digital internal market. ENISA will provide more support to member states in managing cybersecurity incidents and will bolster operational cooperation at the EU level. The regulation comes amidst a surge in pandemic-driven cyberattacks across the EU, which have demonstrated increasing scope and sophistication. Heightened cooperation and a standardized approach to certification will help in identifying and deterring cyber risks.
Cyber Security Council Advisory Report on Strengthening Dutch Sovereignty in Cybersecurity, 14 May 2021
The Cyber Security Council (CSR) published a report warning that the state has become too reliant on American and Chinese companies for cybersecurity solutions. The report recommends five main guidelines to underpin future national strategy and policy:
- The use of sovereignty-respecting cloud services, secure digital communications networks and post-quantum cryptography
- The institution of an assessment framework with regard to digital autonomy in cybersecurity
- Raising awareness on the importance of autonomy in cybersecurity
- Strengthening the Dutch innovation landscape
- Ensuring alignment with EU policy and use of EU funding
The report is unsurprising given the Netherlands’ usual status as a global vanguard in all things digital and rights-related. This points towards an increasing tendency for the EU to turn inwards and avoid American and Chinese influences—especially where data protection is involved.
Cyber Security Council Advisory Report on Development of a Long-term Cybersecurity Strategy, 06 April 2021
The Cyber Security Council (CSR) published its report Integral approach to cyber resilience, which deems the Netherland’s current cybersecurity framework to be insufficient in some areas, especially as organized cybercrime soars. The CSR advises the government to invest EUR 833 million in developing a long-term cybersecurity strategy, alongside a EUR 14 million per year allocation to the Public Prosecution in investigating cybercriminals. The CSR further recommends an integrated approach, by which public and private sectors, including banking and financial services, work together in tackling cybercrime. Information sharing and cross-sectoral cooperation has indeed become a major theme across EU member states in their respective cybersecurity priorities. The report also addresses a major weakness in Dutch cybersecurity amidst an increasing reliance on large foreign market parties, which could leave data and vital networks accessible to outside actors. This echoes the 14 May 2021 warning in the CSR’s advisory report on strengthening Dutch sovereignty in cybersecurity.
Dutch Banking Association Publication on Open Finance, 29 March 2021
The Dutch Banking Association published a paper entitled “Towards data-driven digital finance - Choices for an Open Finance framework,” which describes how open finance can spur on innovation and deliver benefits to customers. In ensuring customer control over their data, a new legal framework would have to be created that allows for the access and sharing of data. This would have to be launched through a Data Services Regulation. The paper details several recommendations that would underpin a strong open finance system, that both encourages innovation and ensures data protection:
- “Create a broad horizontal framework for Open Data.
- Establish the scope of new Open Finance financial services proposals across the entire financial sector.
- For the establishment of Open Finance, opt for minimum legislation for the scope and access to data, and use maximum market forces for actual organization of data exchange.
- Create a level playing field between different actors.
- No deepening of mandatory data sharing for the financial sector, without extension to other sectors.
- Limit Open Finance to natural persons, in line with the GDPR.”
Updated Guidelines on Prevention of Money Laundering and Terrorist Financing and Sanctions Act, 23 March 2021
The central bank issued updated guidelines on the Prevention of Money Laundering and Terrorist Financing (Wwft) and Sanctions Act (Sw). The guidelines outline requirements for the main features of a transaction monitoring system, the main features of a control framework for integrity risks, customer due diligence, the reporting of unusual transactions, training, education and awareness.
The Dutch Banking Association estimated that 16 billion EUR in criminal money is laundered through the Netherlands each year, making it a global hotspot for money laundering.5 A 2020 Cyber Security Assessment by the National Coordinator for Security and Counterterrorism points to the Netherlands’ risk of economic espionage due to its advanced economy.
Dutch National Cyber Security Centre Publishes Annual Plan 2021, 11 February 2021
The National Cyber Security Centre (NCSC) published its annual plan for 2021, which outlines its core legal tasks and major priorities for 2021. The three main priorities include crisis preparation and response to digital incidents, support for vital infrastructure and ensuring the digital security of the central government. Key objectives include strengthening organizations’ resilience and future-proofing implementation frameworks and legal powers.
The Dutch public prosecutor’s office warned that the frequency of cybercrime cases in 2020 was 127% higher than in 2019.6
Dutch Authority for Consumers and Markets Publishes Paper on Supervision of Algorithmic Applications, 09 December 2020
The Dutch Authority for Consumers and Markets published a position paper establishing its outlook on the regulatory supervision of algorithmic applications. Although the paper is vague, it supplies a broad framework for how the ACM might address future opportunities and challenges stemming from algorithm-driven technologies like artificial intelligence. The paper and pilot investigation point to the Netherlands’ strength in rapidly investigating and adapting innovative technologies. Indeed, Amsterdam has the highest density of AI startups per capita in the EU,7 and in 2019, the Netherlands launched CLAIRE, the globe’s largest network for AI research.
Dutch Central Bank Announces New AML Measures for Crypto Services, 11 November 2020
In a move to crack down on money laundering, the Dutch Central Bank has instituted the first rule of its kind in Europe. Crypto service owners must now monitor incoming and outgoing transactions to ensure clients and ultimate beneficiary owners (UBOs) are not on a Dutch or European sanctions list. In return, crypto exchange users must provide the reason for the transaction, the type of wallet used and picture or cryptographic evidence proving ownership of the address linked to the exchange account. The announcement has caused widespread complaints, with some services and users claiming that the evidence can be easily falsified.
Dutch regulators are currently unsure as to how many cryptocurrency investors are in the Netherlands, despite strict KYC and AML measures.8 Regulators have issued multiple warnings regarding the inherent volatility and lack of valuation in cryptocurrencies.
1. “The Netherlands Thrives in a World of Digital Connections.” Invest in Holland. https://investinholland.com/news/the-netherlands-thrives-in-a-world-of-digital-connections/
2. “Economic contraction 0.1 percent in Q4 2020.” Statistics Netherlands, 16 February 2021. https://www.cbs.nl/en-gb/news/2021/07/economic-contraction-0-1-percent-in-q4-2020
3. “Eurozone economy shrank less than feared in 2020 — Eurostat estimate.” Euronews, 02 February 2021. https://www.euronews.com/2021/02/02/eurozone-economy-shrank-less-than-feared-in-2020-eurostat-estimate
4. “Netherlands Economic Snapshot.” Organisation for Economic Co-operation and Development, May 2021. https://www.oecd.org/economy/netherlands-economic-snapshot/
5. Meijer, Bart. “Dutch banks join forces in fight against money laundering.” Reuters, 08 July 2020. https://www.reuters.com/article/us-netherlands-banks-money-laundering-idUSKBN2492Q9
6. Pritchard, Stephen. “The criminal element: Cybercrime cases in the Netherlands more than doubled in 2020.” The Daily Swig, 24 February 2021. https://portswigger.net/daily-swig/the-criminal-element-cybercrime-cases-in-the-netherlands-more-than-doubled-in-2020
7. “Investments in AI startups, scaleups are increasing worldwide, except in the Netherlands: Techleap.” Silicon Canals, 06 May 2021. https://siliconcanals.com/news/startups/investments-ai-startups-netherlands/
8. Avan-Nomayo, Osato. “Dutch regulators unsure of number of crypto investors in Netherlands.” Cointelegraph, 20 May 2021. https://cointelegraph.com/news/dutch-regulators-unsure-of-number-of-crypto-investors-in-netherlands
*DISCLAIMER: This information is OneSpan's interpretation of the compliance requirements as of the date of publication. Please note that not all interpretations or requirements of the applicable laws are well-settled and its application is fact- and context-specific. The information contained in this document should not be relied upon as legal advice or to determine how the law applies to your business or organization. We encourage you to seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. This information is provided “as-is” and may be updated or changed without notice. OneSpan does not accept liability for the contents of these materials.
Last updated: November 2021