Netherlands
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
The Netherlands presents a moderate-risk crawling environment. Wetboek van Strafrecht art. 138ab (computervredebreuk) requires both intent and a technical security barrier -- public pages without such a barrier fall outside its scope, so standard crawling of openly published content does not trigger criminal liability. The DSM Directive was transposed via art. 15n/15o Auteurswet (in force June 2021/June 2022); a 2024 Amsterdam District Court ruling (DPG Media v. HowardsHome) confirmed that a TDM opt-out must be machine-readable, making robots.txt a legally effective reservation for commercial TDM under art. 15o. The full EU sui generis database right applies (Databankenwet). GDPR is robustly enforced by the Autoriteit Persoonsgegevens (AP); in May 2024 the AP issued guidance declaring scraping of personal data by private organisations to be 'almost always' a GDPR violation, and in September 2024 the AP fined Clearview AI EUR 30.5 million for biometric scraping. The EU AI Act Art. 53 GPAI opt-out obligation has been binding since August 2025.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | statutory |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.