The Netherlands' AI Act Plan: Eight Regulators | TLY

AI Regulation Tracker  /  Legislation pending

Netherlands Draft AI Act Law Would Split Enforcement Across Eight Sector Regulators

The Dutch draft AI Act Implementation Act, out for consultation until June 1, 2026, would route AI enforcement through about eight sectoral market-surveillance authorities coordinated by the data-protection authority and the digital-infrastructure inspectorate. Firms running AI in the Netherlands should map which regulator would oversee them.

Netherlands Draft AI Act Law Would Split Enforcement Across Eight Sector Regulators regulation briefing
The Leveraged Years AI Regulation Tracker

The Netherlands has set out how it intends to enforce the EU AI Act at home, and the answer is deliberately distributed. According to the Autoriteit Persoonsgegevens (AP), the country's data-protection authority, the Dutch government published a draft AI Act Implementation Act, the Uitvoeringswet AI-verordening, on April 20, 2026. The draft opened for public consultation, which closed on June 1, 2026. It is a draft law, not yet adopted and not in force, so the details below describe what is proposed rather than what firms must currently do.

A decentralized model, not a single AI regulator

The central choice in the draft is structural. Rather than create one national AI regulator, the Netherlands proposes to spread market-surveillance responsibilities across roughly eight existing sectoral authorities. Each would supervise AI within its own domain, building on the regulatory relationships and expertise those bodies already have. The AP describes a coordinating role for itself across this network, working alongside the Rijksinspectie Digitale Infrastructuur (RDI), the digital-infrastructure inspectorate, which the draft designates as the single national point of contact under Article 70(2) of the AI Act.

For firms, that means the first compliance question in the Netherlands is not "what does the AI regulator require" but "which of these authorities is competent for my use case." The answer will depend on sector, and in some cases on the specific application of AI within a business rather than on the business as a whole. A single organization could find that different AI systems fall to different supervisors, which raises the practical importance of mapping each system to its competent authority early. The AP's coordinating function and the RDI's role as the single contact point are the draft's attempt to keep that fragmentation manageable, giving Brussels and cross-border counterparts one door to knock on even though supervision itself is spread out.

Finance gets its own supervisors

The draft carves out financial-sector AI for the two authorities that already police Dutch finance: the Autoriteit Financiƫle Markten (AFM), the conduct-of-business regulator, and De Nederlandsche Bank (DNB), the prudential supervisor and central bank. A bank or insurer deploying AI in the Netherlands would therefore expect its AI systems to be supervised by the same institutions that already oversee its conduct and prudential obligations, rather than by a separate technology body.

A shared sandbox

The draft also provides for a shared, multi-sector regulatory sandbox, a supervised environment where firms can test AI systems with regulator input before full deployment. The AI Act requires member states to establish at least one national sandbox, and the Dutch answer is to run one that reaches across sectors rather than to stand up separate sandboxes behind each supervisor. Because the sandbox is described as shared, it is intended to give innovators a single testing route even though day-to-day supervision is split. The precise operating rules, including how a firm applies and which authority leads a given test, would be settled as the law is finalized.

What it does not do yet

It is worth being precise about limits. This is a consultation draft attributed here to the AP; the underlying text should be confirmed against the version posted on internetconsultatie.nl, and the doc references have not been independently verified. Consultation closing on June 1, 2026 does not make the law binding. The proposal does not replace the EU AI Act's own obligations or timelines; it sets the national enforcement architecture that will apply once enacted. Until then, no new Dutch-specific duty attaches to firms beyond what the Regulation itself already imposes on its staggered schedule, and the identity and exact number of the supervising authorities could still shift before adoption.

The cross-border angle

For a US firm, the practical significance is jurisdictional reach. A company that offers or deploys AI systems in the Netherlands would answer to whichever of these sectoral authorities is competent for its activity, with the RDI as the formal contact point and the AP coordinating. The decentralized choice also matters as a data point in the wider European picture: member states are landing on different governance designs, from single national regulators to distributed models like the one the Netherlands proposes, and multinationals will have to track each country's structure rather than assume one uniform enforcer across the bloc.

Frequently Asked Questions

What changed in the Netherlands on AI regulation?

The Dutch government published a draft AI Act Implementation Act (Uitvoeringswet AI-verordening) on April 20, 2026, proposing a decentralized enforcement model. Public consultation closed on June 1, 2026. The law is not yet adopted or in force.

Who would be affected by the draft law?

Providers and deployers of AI operating in the Netherlands. Financial-sector AI would fall under AFM and DNB, while other sectors would be supervised by roughly eight existing sectoral authorities coordinated by the AP, with the RDI as the national contact point.

Is there a single Dutch AI regulator to deal with?

No. The draft deliberately avoids one central AI regulator. It distributes market-surveillance duties across about eight sectoral authorities, with the AP coordinating and the RDI acting as the Article 70(2) single point of contact.

Is this law in force now?

No. It is a consultation draft. It was published on April 20, 2026, and the consultation closed on June 1, 2026. The provisions described are proposals, and the underlying text should be confirmed via internetconsultatie.nl.

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.