Netherlands: 2026 outlook

2026 marks a significant period for the Dutch digital and telecommunications sectors, as several key regulatory frameworks move from planning stages to active implementation. Below we have listed some of the most important regulatory updates for this year in the Netherlands!

1. Dutch NIS2 implementation upcoming

The Cyberbeveiligingswet (Cbw)—the Dutch implementation of the EU’s NIS2 Directive—is expected to officially enter into force in Q2 2026. Therefore, 2026 could very well see the first wave of administrative fines from the Rijksinspectie Digitale Infrastructuur (RDI) for entities that failed to register or conduct the mandatory risk assessments by the deadline.

2. Direct cross-border access to digital evidence

The European e-Evidence package becomes fully operational in 2026. By March 2026: providers of, amongst others, electronic communications services, must register for the EU database for processing the new European Production/Preservation Orders from EU judicial authorities. Therefore, Dutch providers must prepare for significantly shorter response windows for law enforcement requests — as little as 8 hours for emergency cases — and could face fines of up to 2% of annual turnover for non-compliance.

3. End of the "soft opt-in" for telemarketing

A major shift in the Dutch Telecommunications Act (Telecommunicatiewet) occurs on July 1, 2026. The "soft opt-in" — which allowed companies to call existing customers for sales purposes without explicit prior consent — will be abolished for telephone marketing in the Netherlands. This could (sharply) increase enforcement actions by the ACM (Authoriteit Consument & Markt) against companies that continue "business as usual" marketing.