The EU AI Act Is Now Enforceable — Here’s What Dutch Companies Must Do
The European Union’s Artificial Intelligence Act entered its full enforcement phase in mid-2026, and Dutch companies across every sector are now legally required to comply with its risk-based framework. The legislation, first proposed back in 2021, categorizes AI systems into four risk levels — unacceptable, high, limited, and minimal — with the highest-risk applications facing outright bans.
For businesses in the Netherlands, this means a significant operational shift. Any company deploying AI for hiring decisions, credit scoring, biometric identification, or critical infrastructure management must now conduct conformity assessments, maintain detailed technical documentation, and register their systems in the EU’s central database.
What’s Actually Changing for Dutch Businesses
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has been designated as the national supervisory body for AI Act enforcement, working alongside sector-specific regulators. Companies face fines of up to €35 million or 7% of global annual turnover — whichever is higher — for serious violations.
“We’re seeing a scramble among mid-sized Dutch firms who thought the Act wouldn’t apply to them,” says regulatory consultant Maarten de Vries. “If your HR department uses an AI screening tool, or your marketing team deploys an AI chatbot that processes customer data — you’re covered by this law.”
The Dutch Advantage
Interestingly, the Netherlands may be better positioned than most EU member states. The country’s strong digital infrastructure, established AI ethics research community, and proactive regulatory approach — including the pre-existing Algorithm Register for government AI systems — give Dutch companies a head start on compliance.
Amsterdam’s tech ecosystem, home to over 1,200 AI-focused startups and scaleups, has largely embraced the regulatory clarity. Several Dutch AI governance platforms have already launched compliance-as-a-service tools specifically targeting the EU AI Act requirements, turning regulatory burden into business opportunity.
Practical Steps for Compliance
Legal experts recommend Dutch companies take immediate action: inventory all AI systems currently in use, classify each by risk tier under the Act’s definitions, and establish internal governance structures with clear accountability. For high-risk systems, engagement with notified bodies for conformity assessment should begin now — waiting until enforcement actions start is not a viable strategy.
The message from Brussels and The Hague is clear: the era of self-regulation for artificial intelligence is over. Dutch companies that move quickly to embed compliance into their AI development lifecycle will find themselves with a competitive advantage in the European market.







