Website Rules in the Netherlands
Dutch websites must comply with the AVG (GDPR), Telecommunicatiewet, the European Accessibility Act, and display KVK registration details. The Autoriteit Persoonsgegevens actively enforces cookie and privacy rules.
Data protection authority:
Autoriteit Persoonsgegevens
(AP)
Requirements
6
country-specific rules
Guides
9
guides available
Specific requirements for Netherlands
KVK number display
Every Dutch business must display their KVK (Kamer van Koophandel) registration number on their website, emails and invoices. Required by the Handelsregisterwet 2007.
BTW-ID (not BTW-nummer) for ZZP'ers
Since 2020, sole proprietors (eenmanszaak/ZZP) must use their BTW-identificatienummer on their website, not the old BTW-nummer which contained their BSN.
Cookie consent (Telecommunicatiewet)
The Dutch Telecommunicatiewet requires informed consent for non-essential cookies. The AP has issued warnings and fines to websites that set tracking cookies before consent.
Privacy policy (AVG)
Every website processing personal data needs an accessible privacy policy covering data collection, legal basis, data processors, retention periods and visitor rights.
EAA / Digital Accessibility (ACM)
The European Accessibility Act is enforced in the Netherlands by the ACM (Autoriteit Consument & Markt). Websites must meet WCAG 2.1 AA standards.
E-commerce: Koop op Afstand
Online sellers must comply with "Koop op Afstand" (distance selling) rules: 14-day withdrawal right, clear pricing including BTW, delivery terms before checkout.
Enforcement in Netherlands
In 2024, the Autoriteit Persoonsgegevens fined Clearview AI €30.5 million for building an illegal facial recognition database. For smaller businesses, the AP issued a €525,000 fine to a company for fingerprinting website visitors without consent, and warned hundreds of websites about cookie banners that don't meet requirements.
Official resources
Guides for Netherlands
GDPR Fines for Small Businesses: Real Cases and Amounts
Real GDPR fines for small businesses: actual cases from 1,000 to 50,000 EUR. What triggers enforcement and how to avoid it.
GDPR Compliance Checklist for Belgian Businesses (2026)
35-point GDPR checklist for Belgian businesses. APD/GBA enforcement, Wet 30 juli 2018, KBO/BCE number, cookie consent rules, Brussels bilingual obligations.
EAA for Belgian SMBs: Website Rules from June 2025
Practical EAA guide for Belgian SMBs under the Wet van 5 november 2023. Microenterprise exemption, KBO/BCE number, WCAG 2.1 AA explained.
Do I Need a Cookie Banner? A Simple Decision Guide
Not sure if your website needs a cookie banner? This simple guide helps you decide based on what your website actually does.
AI-Built Website Liability Under EU Law
Cursor, Lovable and ChatGPT helped build your site. The GDPR controller is still you. What the AI Act, EDPB and 9 Dec 2026 actually change.
AI-Generated Code and Open-Source Licences
Copilot or Cursor wrote GPL code into your site. The site operator distributes it, not the AI. What Doe v. GitHub decided and what you can actually do.
AI-Generated Images on Your Business Website (EU 2026)
Article 50(4) of the AI Act applies 2 Aug 2026. The four risk layers an EU SMB should check before publishing AI-generated images on a website.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
Can you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
Check your website for Netherlands requirements
Our scanner checks for Netherlands-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.