The Complete Guide to Compliance in the Netherlands

When evaluating European compliance infrastructure, the Netherlands presents an interesting case. The country has built solid digital identity systems and maintains transparent business data through its Trade Register. On paper, the infrastructure looks comprehensive. In practice, however, compliance professionals working with Dutch entities face significant challenges that require practical workarounds and adaptive approaches.

The Dutch compliance landscape demonstrates how regulatory changes can significantly impact operational workflows. While identity verification and basic company data access work reliably, recent restrictions on beneficial ownership information have created gaps that require alternative verification strategies.

Digital Identity in the Netherlands

The Netherlands has developed multiple digital identity solutions that serve different purposes and user segments. Understanding these options is essential for building effective onboarding and verification workflows.

DigiD: Government Services Authentication

DigiD (Digital Identity) is the Dutch government's official authentication system for accessing public services online. DigiD usage has grown significantly, with more than 550 million logins in 2024, representing a 15% increase compared to 2023. The system is used by tax authorities, healthcare providers, municipalities, and other government services.

DigiD is linked to a person's Burger Service Nummer (BSN), the Dutch citizen service number. To obtain DigiD, individuals must be registered in the Basisregistratie Personen (BRP), the Personal Records Database maintained by Dutch municipalities. The application process is straightforward – individuals apply online at DigiD.nl and receive an activation code by mail within three working days.

DigiD provides different security levels. Basic authentication uses username and password. Two-factor authentication adds SMS verification, which most government services require. The DigiD app offers additional convenience, allowing users to authenticate with a PIN code or by scanning QR codes instead of entering passwords each time.

For compliance purposes, DigiD is primarily relevant for individuals interacting with government services or organizations that integrate DigiD authentication. However, DigiD alone doesn't typically provide the level of identity verification needed for private sector KYC purposes, as it's designed for government service access rather than identity proofing for commercial relationships.

iDIN: Bank-Based Identity Verification

iDIN (Identity and Login) is a Dutch electronic identity scheme provided through collaboration between major Dutch banks via the Dutch Payments Association. Unlike DigiD, iDIN is designed specifically for identity verification and authentication in commercial contexts.

iDIN leverages the identity verification that banks have already performed when customers opened their bank accounts. Anyone with a personal bank account at a participating bank can use iDIN without additional registration. Participating banks include ABN AMRO, ASN Bank, bunq, ING, Rabobank, RegioBank, and SNS Bank.

iDIN offers several use cases relevant for compliance. It enables identity verification by providing personal data directly from bank records, including name, address, date of birth, and other attributes. It supports authentication for returning users who want to log into services using their bank credentials. It can perform age verification without disclosing other personal information. It enables digital signatures that comply with eIDAS regulations at the "substantial" assurance level (LOA3).

For compliance operations, iDIN is particularly useful because it provides identity data that has already been verified under anti-money laundering requirements. Banks issuing iDIN have performed customer due diligence according to the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), meaning the identity information obtained through iDIN comes from a trusted, regulated source.

The user experience with iDIN is straightforward. Users select their bank from a list, are redirected to their bank's authentication environment, log in using their regular banking credentials, confirm which data they consent to share, and are redirected back to the requesting service with the verified information.

itsme: Cross-Border Benelux Solution

itsme is a digital identity app that originated in Belgium but has expanded across the Benelux region, including the Netherlands. The service provides mobile-first authentication and identity verification using a smartphone app.

Users can activate itsme using their Belgian or Dutch identity card or through their bank. Once activated, itsme enables authentication across participating services in Belgium, the Netherlands, and Luxembourg. The app uses biometric authentication (fingerprint or face recognition) or a PIN code.

For organizations operating across Benelux markets, itsme offers the advantage of consistent authentication mechanisms across borders. Rather than maintaining separate integrations for each country, a single itsme integration can cover multiple markets. However, itsme adoption in the Netherlands is lower than in Belgium, so supporting multiple authentication methods remains important for comprehensive coverage.

eHerkenning: Business Authentication

eHerkenning is the Netherlands' digital identity system for businesses and organizations. While DigiD serves individuals, eHerkenning provides authentication for companies accessing government services online.

eHerkenning uses tokens purchased from recognized service providers, with different security levels available depending on the sensitivity of the services being accessed. The system enables authorized representatives to act on behalf of their organization when dealing with government agencies.

For compliance purposes, eHerkenning is less directly relevant than DigiD or iDIN, as it's focused on business-to-government interactions rather than identity verification for KYC purposes. However, organizations building comprehensive Dutch compliance operations should understand eHerkenning as part of the broader digital identity landscape.

Business Registry: KVK Handelsregister

The Dutch business registry is maintained by the Kamer van Koophandel (KVK), the Netherlands Chamber of Commerce. The Handelsregister (Trade Register) provides comprehensive information on Dutch companies and other legal entities.

Accessing the Trade Register

KVK provides online access to Trade Register information through its website and API. Basic company information is freely accessible to anyone. This includes company name, registration number (KVK number), registered address, legal form, registration date, current status, and basic business activities.

For more detailed information, KVK offers various extracts and documents that can be purchased. Registration certificates provide official documentation of company details including management structure, authorized signatories, share capital, and other key information. Financial statements are available for companies required to file them. Extracts can be obtained in Dutch or English for international use.

The KVK provides API access for automated verification workflows. Organizations conducting high-volume company verifications can integrate directly with KVK systems to pull company data in real-time. This enables automated onboarding processes where company information is verified against official registry data without manual searches.

Data quality in the Handelsregister is generally high. Companies are required to file changes within specific timeframes, and KVK maintains enforcement mechanisms for compliance. When directors change, addresses update, or other significant changes occur, these modifications flow through to the registry based on company filings and KVK processing.

Company Information Available

The Handelsregister contains detailed information useful for compliance verification. Company identification includes official name, KVK number, legal form (BV, NV, VOF, etc.), registration date, and whether the company is active or dissolved.

Management and governance information shows current directors and board members, their appointment dates, authorized signatories, and representation rules. Share capital information is available for companies where applicable, and business activities are classified according to standard codes.

For compliance teams, this comprehensive data enables thorough company verification. You can confirm that a company exists and is active, verify who has authority to represent the company, check the company's registered activities against what they claim to do, and access historical information to understand company evolution over time.

The Beneficial Ownership Challenge

On November 22, 2022, the Court of Justice of the European Union (CJEU) ruled that the prescribed public and general accessibility of the UBO register is invalid, concluding that the interference with rights to privacy and data protection by the publicly available UBO register is neither limited to what is strictly necessary nor proportionate to the objective pursued.

Prior to this ruling, the Netherlands had implemented a UBO register in line with EU Anti-Money Laundering Directives, with certain information publicly accessible to anyone for a fee. The CJEU determined that allowing any member of the general public to access UBO information (without demonstrating a legitimate interest) constituted excessive interference with fundamental rights.

Current Access Restrictions

In response to the ruling, the Dutch Chamber of Commerce closed the UBO register to the public. Since November 2022, UBO information has not been publicly accessible in the Netherlands. The government is working on legislation to restore access for specific categories of users who can demonstrate legitimate interest, but this process takes time.

It is expected that banks, notaries, and insurance companies will regain access to the UBO register, after which they will be obliged to report any incompleteness or incorrectness to the UBO register. However, the timeline for restoring access has extended beyond initial expectations, creating an ongoing challenge for compliance operations.

Currently, even entities with clear regulatory obligations for customer due diligence (banks, insurance companies, financial institutions) cannot retrieve UBO information directly from the register. This creates a significant gap in what should be a straightforward verification process.

Registration Obligations Continue

It's important to note that the obligation to register UBOs continues to apply despite the access restrictions. As of March 1, 2024, around 80% of companies and other legal entities in the Netherlands had registered with the UBO register. Companies must still file UBO information with KVK within seven days of any changes.

The UBO threshold in the Netherlands follows EU standards. A person qualifies as a UBO if they own more than 25% of shares or voting rights, or exercise control through other means. A proposed change would lower this threshold to 25% or more, meaning individuals with exactly 25% ownership would also qualify as UBOs.

Alternative Approaches: Shareholder Information

While direct UBO access is restricted, shareholder information remains available for many Dutch companies. This provides an alternative path for deriving ownership structures, though it requires more complex analysis than simply retrieving a UBO extract.

For Dutch BVs (private limited companies) and NVs (public limited companies), shareholder registers contain information about who owns shares and in what percentages. By analyzing shareholder data and following ownership chains through multiple corporate layers, it's possible to calculate who the ultimate beneficial owners are.

This approach has limitations. It's more time-consuming than direct UBO access, requiring analysis of multiple layers of ownership. Corporate shareholders add complexity, as you must trace through holding structures to identify natural persons. The calculation must be done for each verification, as there's no pre-computed UBO status to retrieve. Changes in ownership require recalculation to ensure UBO identification remains current.

However, for organizations unable to access the UBO register, shareholder-based UBO derivation provides a workable alternative. The data exists and is accessible, it just requires more processing to extract the relevant insights.

AI-Powered Solutions for UBO Verification

This is where modern compliance automation becomes valuable. AI systems can handle the complexity of deriving UBO information from shareholder data without requiring manual analysis for each case.

AI agents can retrieve shareholder information from available sources including KVK extracts and company documentation. They can analyze multi-layer ownership structures, following chains through intermediate holding companies. They can calculate effective ownership percentages accounting for direct and indirect holdings. They can identify natural persons at the end of ownership chains and determine who meets UBO thresholds.

More broadly, AI systems can handle the validation and cross-referencing needed to ensure accuracy. They can compare information across sources, flag inconsistencies or ambiguities that require human review, and maintain audit trails of how UBO determinations were made.

This automated approach transforms what would be tedious manual analysis into an efficient workflow. While the underlying challenge (restricted UBO register access) remains, AI-powered processing enables organizations to continue conducting thorough beneficial ownership verification without manual bottlenecks.

Cross-Border Compliance Considerations

Most compliance operations involving Dutch entities also touch other jurisdictions. The Netherlands serves as a major hub for international business, meaning Dutch companies frequently have cross-border operations, foreign shareholders, or connections to entities in other countries.

The Dutch UBO access restrictions create specific challenges in cross-border contexts. When verifying a multinational corporate structure, you might have straightforward UBO access in some countries but require alternative approaches in the Netherlands. This inconsistency complicates efforts to build unified verification workflows that work seamlessly across jurisdictions.

For organizations operating across Europe, the Dutch situation also highlights regulatory uncertainty. The 2022 CJEU ruling affected not just the Netherlands but other EU member states with similar public UBO registers. Different countries have responded differently to the ruling, creating a patchwork of access rules across Europe.

Belgium and Luxembourg also closed public access to their UBO registers following the ruling. However, each country is developing its own approach to restoring access with appropriate restrictions. This means compliance teams working across Benelux or broader European markets must track evolving access rules in multiple jurisdictions simultaneously.

Language Considerations

The Netherlands is often considered relatively English-friendly compared to many European markets, but Dutch remains the primary language for official documents and registry data. All Handelsregister information appears in Dutch unless specifically requested in English translation.

For automated compliance systems, this means handling Dutch language data. Company names include Dutch legal forms (BV, NV, VOF, CV), addresses follow Dutch formatting conventions, and business descriptions use Dutch terminology. Registry documents and certificates are in Dutch unless English versions are specifically ordered.

Effective automation requires genuine Dutch language processing capability. This includes correctly interpreting Dutch legal forms and their abbreviations, understanding Dutch address formats and geographic subdivisions, processing Dutch business terminology and industry classifications, and handling Dutch-language text in screening processes.

Modern natural language processing handles Dutch well, and the linguistic complexity is manageable compared to markets with more challenging languages. However, systems built only for English-language compliance don't transfer directly to Dutch operations without appropriate language capabilities.

Best Practices for Dutch Compliance Operations

Based on the current state of Dutch compliance infrastructure, several practices help organizations build effective operations:

Leverage iDIN for identity verification: For individuals, iDIN provides reliable identity verification backed by bank KYC processes. Supporting iDIN authentication enables digital onboarding that meets regulatory requirements while providing good user experience. Given iDIN's widespread acceptance and bank backing, it should be a primary identity verification option for Dutch compliance workflows.

Use KVK API for company verification: Direct API access to Handelsregister data enables automated company verification. Build systems that pull company information in real-time, verify management and signatory authority from official registry data, and implement monitoring for registry changes to maintain current information on business relationships.

Implement shareholder-based UBO derivation: Until UBO register access is restored, develop processes for deriving beneficial ownership from shareholder information. This requires analysis capabilities for multi-layer ownership structures, calculation logic for effective ownership percentages, and validation processes to ensure accuracy of UBO determinations.

Consider AI automation for UBO analysis: Manual shareholder analysis doesn't scale well. Invest in AI-powered systems that can automate retrieval of shareholder data, analyze complex ownership structures, calculate UBO status across multiple layers, and maintain documentation of verification methodologies.

Stay informed on regulatory developments: The Dutch UBO access situation continues to evolve. Monitor legislative developments on restoring UBO register access for legitimate users, track implementation timelines as they become available, and prepare systems to incorporate direct UBO access once it becomes available again.

Maintain consistent standards across jurisdictions: Even though Dutch UBO verification requires different approaches than other markets, compliance standards should remain uniform. Define risk thresholds that apply regardless of how UBO information is obtained, specify documentation requirements independent of specific data sources, and implement risk assessment that evaluates all entities consistently.

Document your verification approach: Given the unusual situation with UBO access, clear documentation is important. Record what sources you use for beneficial ownership determination, document the methodology for deriving UBOs from shareholder data, maintain audit trails showing how ownership calculations were performed, and prepare explanations for regulators about verification approaches.

Support multiple identity methods: Different Dutch users prefer different authentication options. Enable iDIN for bank-based verification, support DigiD where relevant for government service integration, consider itsme for Benelux cross-border operations, and provide fallback options for users without digital identity credentials.

The Broader Dutch Compliance Context

The Netherlands has historically been viewed as having transparent and accessible business infrastructure. The current UBO situation represents a temporary disruption to that transparency, but it's important to maintain perspective. The underlying infrastructure remains solid – the issue is specifically about one aspect of data access that's under regulatory revision.

For basic company verification, the Netherlands continues to provide straightforward access. KVK data is comprehensive and current. Identity verification through iDIN works reliably. The digital infrastructure that enables efficient compliance operations remains in place.

The UBO challenge, while significant, affects a specific component of due diligence. Organizations that adapt their processes to work with available shareholder information can continue conducting thorough beneficial ownership verification. The approach requires more analysis than simply retrieving a UBO extract, but the necessary data exists and can be accessed.

Looking forward, the expectation is that UBO register access will be restored for entities with legitimate purposes – financial institutions, professional service providers, government authorities. The specific access framework is still being developed, but the direction is clear. Compliance professionals working with Dutch entities should prepare for this transition while maintaining effective verification capabilities in the interim.

Future Developments

Several developments will shape Dutch compliance operations in coming years. The primary near-term change will be restoration of UBO register access under new rules that balance transparency with privacy protection. The European Parliament has approved laws confirming that beneficial ownership information will be accessible to anyone with a legitimate interest, including journalists, civil society organizations, competent authorities, and supervisory bodies.

The Netherlands is also participating in broader European efforts to interconnect national UBO registers. This would enable cross-border access to beneficial ownership information across EU member states, facilitating verification of complex international ownership structures.

Digital identity infrastructure continues to evolve as well. A preliminary working version of the Dutch ID wallet was released in March 2024, with development continuing on issuance processes and trials. Once recognized by the Dutch government, this wallet will enable both citizens and businesses to conduct digital transactions within the Netherlands and other European member states.

These developments suggest that the Dutch compliance infrastructure will continue strengthening over time. The current UBO access restrictions represent a transition period while regulations adjust to align with privacy requirements and practical verification needs.

How spektr Enables Efficient Dutch Compliance

At spektr, we've built our compliance automation platform to address the specific challenges of operating across European jurisdictions, including the Netherlands' combination of strong digital identity infrastructure and current UBO access restrictions.

For Dutch compliance specifically, we provide:

iDIN and DigiD integration: Our platform integrates with both iDIN for commercial identity verification and DigiD where relevant for government service contexts. Your Dutch customers can verify their identity using familiar authentication methods, and you maintain streamlined onboarding workflows that meet regulatory requirements.

KVK API integration: We connect directly to the KVK Handelsregister, pulling company data in real-time and accessing official registry documents. Company verification happens automatically with structured data extraction from Dutch registry information.

AI-powered UBO derivation: Our AI agents handle the complexity of deriving beneficial ownership information from shareholder data. They automatically retrieve shareholder information from available sources, analyze multi-layer ownership structures to identify natural person beneficial owners, calculate effective ownership percentages accounting for direct and indirect holdings, and flag cases requiring human review while automating straightforward determinations.

Shareholder structure analysis: Beyond simple UBO calculation, our systems can map and visualize complex Dutch ownership structures. This provides compliance teams with clear understanding of corporate relationships even when ownership chains involve multiple layers.

Dutch language processing: Our AI systems understand Dutch language and legal terminology. They can extract information from Dutch-language documents, handle Dutch company forms and naming conventions correctly, and process Dutch registry data without requiring translation as an intermediate step.

Adaptable workflows: We've built our systems to be resilient to regulatory changes. Currently using shareholder-based UBO derivation for Dutch entities, we're prepared to incorporate direct UBO register access once it becomes available again. Your compliance workflows remain consistent even as underlying data sources change.

Unified cross-border workflows: When you're verifying entities across the Netherlands, Belgium, Germany, or other European markets, spektr provides consistent interface and workflow. You maintain the same compliance standards and process efficiency regardless of which jurisdictions you're operating in.

Continuous monitoring: For Dutch entities, we provide automated monitoring of KVK registry changes and can implement periodic ownership re-verification on schedules you define. When companies change directors, update addresses, or modify their structure, your compliance team receives automatic alerts.

Normalized data formats: We transform Dutch registry and shareholder data into standardized formats consistent with data from other jurisdictions, making it easier to apply uniform risk assessment logic and generate consistent reporting.

Our goal is to let you focus on compliance decisions and risk assessment while we handle the technical complexity of navigating Dutch authentication systems, accessing KVK data, deriving beneficial ownership information, and managing the transitions in regulatory requirements. The Netherlands' solid infrastructure becomes an advantage for efficient operations, and the current UBO access restrictions become manageable rather than blocking automated workflows.

If you're looking to optimize your Dutch compliance operations or build efficient Benelux and European workflows, we'd be happy to discuss how spektr can help. Reach out to learn more about our approach to compliance automation and how we're helping teams navigate changing regulatory landscapes across European markets.