Internet & Online Safety · Netherlands
Online safety & content laws in Netherlands (2026)
Netherlands shaded by its internet & online safety status
The Netherlands applies the directly-effective EU Digital Services Act as its baseline online-content/online-safety regime, with a national implementation act (in force 4 February 2025) designating ACM as Digital Services Coordinator and the AP as co-supervisor for data/profiling issues. Separate national authorities and EU regulations cover terrorist content and child sexual abuse material online, while age-verification and a statutory social-media age limit remain at the proposal/development stage. Overall the country has a comprehensive, enforced framework rather than partial or restrictive controls.
Key points
The DSA applies directly; the Dutch DSA Implementation Act (Uitvoeringswet digitaledienstenverordening) entered into force on 4 February 2025, designating national supervisory authorities and giving them DSA enforcement powers. Platform liability follows the DSA's conditional-immunity / notice-and-action model.
ACM is the designated Digital Services Coordinator and one-stop shop for complaints, with powers to investigate, inspect premises, requisition information and impose fines up to 6% of global turnover; obligations for VLOPs/VLOSEs remain the European Commission's exclusive competence.
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) is the second designated DSA supervisor, responsible for provisions on profiling and the use of personal data (e.g. advertising and recommender-system rules).
The Authority for the prevention of online Terrorist Content and Child Sexual Abuse Material (ATKM), established 2023, enforces the EU Terrorist Content Online Regulation (1-hour removal orders) and a national CSAM law; fines for hosting providers can reach 10% of turnover for repeated violations.
For 2025 ACM prioritised getting platforms' basics in order (contact points, easy illegal-content reporting), scrutiny of the Netherlands' large web-hosting sector, and a study into the protection of minors online.
Government guidelines recommend a minimum social-media age of 15, and the 2026 minority government has revived proposals for a statutory age limit with 'privacy-friendly' age verification; the Netherlands is exploring the EU age-verification app and its own NL ID-wallet rather than having a binding law yet.
Timeline - major decisions & events
The Netherlands Authority for Consumers and Markets launched a year-long investigation into Roblox's compliance with the Digital Services Act, examining whether the platform adequately protects minors from explicit content, predation, and deceptive purchasing mechanics. It follows ACM's €1.1 million fine against Epic Games in 2024 and is ACM's first formal DSA probe of a gaming platform.
NL Times ↗The European Commission imposed the first-ever DSA non-compliance fine on X for misleading 'blue checkmark' verification, an opaque advertising repository, and inadequate researcher data access; X launched a legal challenge at the EU's top court in February 2026. The ACM, as Dutch Digital Services Coordinator, published the decision for domestic audiences.
ACM ↗The Uitvoeringswet digitaledienstenverordening (Act 36.531), passed by the Dutch Senate on 28 January 2025, vested ACM with full supervisory powers under the DSA including fines up to 6% of global turnover; ACM had already received approximately 700 complaints since February 2024 regarding account suspensions and failure to handle illegal-content reports.
ACM ↗The Childlight Global Child Safety Institute's 'Into the Light Index 2025' found the Netherlands responsible for roughly 30% of global CSAM hosting and over 60% in Western Europe, with INHOPE-reported cases rising from 238,578 in 2023 to 1,332,792 in 2024; researchers cited the country's role as a global data-centre and internet-exchange hub as a structural driver.
Childlight Global Child Safety Institute ↗From 17 February 2024 the DSA applied to all digital intermediary services operating in the Netherlands — not just very large platforms — requiring transparent content moderation, illegal-content reporting mechanisms, and designated contact points; ACM published DSA guidelines for providers and began supervisory preparations ahead of the national implementation law.
ACM ↗Wet computercriminaliteit III (Staatsblad 2018, nr. 322) gave designated Dutch law-enforcement officers authority to covertly penetrate suspects' computers remotely, install investigative software, and render data inaccessible under judicial warrant; operational powers are centralised in the Digital Intrusion Team (DIGIT) and apply to offences carrying minimum 4–8 year sentences including CSAM production.
NJB / Staatsblad 2018 nr. 322 ↗Despite a citizen-initiated advisory referendum on 21 March 2018 in which 49.4% voted against it, the Wiv 2017 entered into force on 1 May 2018, legalising bulk cable (internet backbone) interception by the AIVD and MIVD; the Act established two independent oversight bodies — the ex-ante TIB (whose rulings are binding) and the ex-post CTIVD — to check intelligence gathering.
AIVD ↗Article 7.4a of the amended Telecommunications Act (published 5 June 2012; net neutrality provisions effective 1 January 2013) prohibited ISPs from blocking, throttling, or degrading internet services, making the Netherlands the first country in Europe — and second globally after Chile — to enact statutory net neutrality; the amendment also introduced mandatory data-breach notification and cookie-consent obligations.
Library of Congress / Global Legal Monitor ↗The District Court of The Hague ordered the Netherlands' five largest ISPs to block The Pirate Bay within ten days or face fines of €10,000/day, at the request of anti-piracy body BREIN; the ruling was a landmark in court-ordered website blocking, though a 2014 appeals court later lifted the order citing disproportionality and net neutrality concerns.
Library of Congress / Global Legal Monitor ↗Wet computercriminaliteit II was enacted to enable the Netherlands to ratify the Council of Europe's Budapest Convention on Cybercrime (2001), adding offences for data interference, misuse of devices, and online child pornography distribution, and expanding procedural tools for cross-border law-enforcement cooperation.
Council of Europe / Octopus Cybercrime Community ↗Offlimits launched the Meldpunt Kinderporno hotline in 1995 in cooperation with the Ministry of Justice as the Netherlands' dedicated public-reporting channel for online child sexual abuse material; it became a founding member of the INHOPE global network and later a formal trusted-flagger under the DSA, processing notices-and-takedowns to hosting providers.
Offlimits / Meldpunt Kinderporno ↗Netherlands - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →