EU AI Act Enforcement Begins: What Dutch Tech Companies Must Know
The European Union’s Artificial Intelligence Act, the world’s first comprehensive AI regulatory framework, entered its active enforcement phase this month. For the Netherlands — home to over 1,500 AI startups and scale-ups — the implications are significant and immediate.
The AI Act, which was formally adopted in 2024, has been rolling out in stages. As of July 2026, the provisions covering high-risk AI systems are now fully enforceable, with national regulators across EU member states empowered to levy fines of up to €35 million or 7% of global annual turnover — whichever is higher.
What the Enforcement Phase Means
Dutch companies developing or deploying AI systems in critical sectors — including healthcare, recruitment, law enforcement, and financial services — must now demonstrate full compliance with the Act’s transparency, risk management, and human oversight requirements. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has been designated as the primary national supervisory authority and has already begun conducting preliminary audits.
“This is not a grace period,” said Dr. Marijke van der Veen, a technology law professor at Leiden University. “Companies that have been waiting to see how enforcement would play out are now out of time. The regulators have both the mandate and the technical capability to investigate non-compliance.”
Impact on the Dutch AI Ecosystem
The Netherlands punches well above its weight in AI. Amsterdam alone hosts the European headquarters of several major AI labs, and the region between Amsterdam, Utrecht, and Eindhoven has earned the nickname “AI Alley” for its concentration of machine learning startups.
For these companies, the AI Act’s enforcement introduces both challenges and opportunities. Compliance costs are expected to be significant, particularly for smaller firms that lack dedicated legal and compliance teams. However, early adopters of robust AI governance frameworks may find themselves with a competitive advantage as enterprise customers increasingly demand AI Act-compliant vendors.
Key Requirements for Dutch Businesses
Under the now-enforceable provisions, companies using high-risk AI must:
- Maintain detailed technical documentation of their AI systems
- Implement human oversight mechanisms for automated decisions
- Conduct fundamental rights impact assessments
- Register high-risk AI systems in the EU’s central database
- Ensure data governance practices meet the Act’s quality standards
The Dutch government has launched a dedicated AI Act compliance portal to help businesses navigate the new requirements, offering guidelines, self-assessment tools, and a list of accredited conformity assessment bodies.
For the broader Dutch tech sector, the message is clear: AI regulation is no longer theoretical. It is here, it is being enforced, and companies that fail to adapt risk both financial penalties and reputational damage.







