The Netherlands sits at the centre of European trade flows, hosting the Port of Rotterdam and Schiphol Airport, two of the continent';s largest logistics hubs. For any business operating through Dutch territory, EU sanctions and Dutch export control law create a dense web of obligations that carry criminal, administrative and reputational consequences when breached. This article answers the most frequently asked legal questions about international trade and sanctions compliance in the Netherlands, covering the applicable legal framework, enforcement mechanisms, licensing procedures, and the practical steps businesses must take to avoid liability.
The Netherlands does not operate a standalone national sanctions regime in the traditional sense. Instead, it implements EU sanctions regulations directly, supplemented by Dutch domestic legislation that designates enforcement authorities and establishes penalties.
The primary EU instruments are Council Regulation (EC) No 2580/2001 on counter-terrorism asset freezing, Council Regulation (EU) No 833/2014 and its successors on sectoral measures, and the broader framework of Common Foreign and Security Policy (CFSP) decisions that are given binding effect through directly applicable EU regulations. Because EU regulations have direct effect in all member states, a Dutch company does not need a Dutch transposition act to be bound by an EU sanctions measure - the regulation applies the moment it enters into force.
At the domestic level, the Sanctiewet 1977 (Sanctions Act 1977) is the foundational Dutch statute. It authorises the Dutch government to implement UN Security Council resolutions and to adopt autonomous Dutch sanctions measures where EU law does not already cover the ground. The Sanctiewet 1977 also designates the Minister of Foreign Affairs as the competent authority for issuing licences and derogations under Dutch autonomous measures.
Export control for dual-use goods - items that have both civilian and military applications - is governed by EU Regulation 2021/821 (the recast Dual-Use Regulation), which replaced the earlier Regulation 428/2009. This regulation establishes the EU control list, defines the categories of goods requiring export authorisation, and sets out the conditions for general, global and individual licences. In the Netherlands, the Central Import and Export Office (Centrale Dienst voor In- en Uitvoer, CDIU), operating under the Netherlands Enterprise Agency (Rijksdienst voor Ondernemend Nederland, RVO), is the competent authority for issuing export licences and processing applications.
The Dutch Criminal Code (Wetboek van Strafrecht) and the Economic Offences Act (Wet op de Economische Delicten, WED) provide the criminal enforcement backbone. The WED classifies violations of sanctions and export control rules as economic offences, enabling prosecution by the Public Prosecution Service (Openbaar Ministerie) and investigation by the Fiscal Intelligence and Investigation Service (Fiscale Inlichtingen- en Opsporingsdienst, FIOD).
Financial institutions operating in the Netherlands are additionally subject to guidance from De Nederlandsche Bank (DNB) and the Authority for the Financial Markets (Autoriteit Financiƫle Markten, AFM), both of which issue supervisory expectations on sanctions screening and transaction monitoring.
To receive a checklist on sanctions compliance obligations for Dutch-based trading companies, send a request to info@vlolawfirm.com.
Enforcement in the Netherlands is distributed across several authorities, each with a distinct mandate and set of powers.
The CDIU handles administrative enforcement of export control licensing requirements. It can refuse licence applications, revoke existing licences, and impose administrative fines for procedural violations. For more serious breaches, the CDIU refers cases to the FIOD for criminal investigation.
The FIOD is the primary investigative body for economic and financial crimes, including sanctions violations. It has broad powers to search premises, seize documents and digital records, freeze assets, and interview suspects. FIOD investigations frequently run in parallel with investigations by the European Public Prosecutor';s Office (EPPO) where EU financial interests are involved.
The Public Prosecution Service decides whether to bring criminal charges. Under the WED, sanctions violations can be prosecuted as either misdemeanours (overtredingen) or serious offences (misdrijven), depending on whether the act was committed intentionally. Intentional violations carry custodial sentences of up to six years for natural persons and unlimited fines for legal entities. The Dutch Criminal Code also allows the confiscation of proceeds derived from sanctions violations under Article 36e, which can result in asset forfeiture orders that significantly exceed the value of the original transaction.
Administrative enforcement by DNB focuses on financial institutions. DNB can impose supervisory measures, require remediation plans, and impose administrative fines of up to EUR 5 million or 10% of annual turnover for serious compliance failures. These fines are published, creating significant reputational exposure.
A common mistake made by international businesses is assuming that a transaction cleared by a foreign bank or a foreign export authority is automatically compliant in the Netherlands. Dutch law applies independently. A Dutch entity that participates in a transaction - even as an intermediary, logistics provider or financial counterparty - can be held liable regardless of clearances obtained elsewhere.
The risk of inaction is concrete. A company that identifies a potential sanctions issue and fails to self-report within a reasonable period - typically assessed against the moment the compliance team became aware - faces a materially worse outcome in any subsequent enforcement proceeding than a company that proactively discloses and cooperates.
The export licensing process in the Netherlands follows the EU framework but has specific procedural features at the national level that businesses must understand before shipping controlled goods.
The first step is classification. A company must determine whether its goods, software or technology appear on the EU Dual-Use List in Annex I to Regulation 2021/821, or on any of the catch-all control lists that apply to items not listed but intended for weapons of mass destruction programmes or military end-uses. Classification errors are among the most common sources of enforcement exposure. Many companies rely on supplier-provided classifications without independent verification, which does not constitute a defence under Dutch law.
Once a good is classified as controlled, the exporter must determine which type of licence applies. EU General Export Authorisations (EUGEAs) cover routine exports to low-risk destinations and do not require a formal application, but the exporter must register with the CDIU before using them and must maintain records for at least five years. Global licences cover multiple transactions with a defined set of end-users or destinations and require a formal application to the CDIU. Individual licences are required for high-risk transactions and are assessed on a case-by-case basis.
The CDIU processes individual licence applications within a statutory period of 60 working days, though complex applications involving interagency consultation - for example, where the Ministry of Foreign Affairs must assess end-use risk - can take longer. Applicants must provide a detailed end-use statement, documentation on the end-user, and in some cases a government-issued import certificate from the destination country.
A non-obvious risk arises from the concept of "brokering" under Article 5 of Regulation 2021/821. A Dutch company that arranges the transfer of controlled goods between two non-EU countries - without the goods ever entering Dutch territory - can still require a Dutch brokering licence if the transaction involves items listed in Annex I. Many logistics and trading companies operating through Dutch holding structures are unaware of this exposure.
Technology transfers, including the provision of technical assistance by email, telephone or cloud-based platforms, are treated as exports under both EU and Dutch law. A Dutch engineer providing remote technical support for a controlled manufacturing process in a sanctioned or high-risk jurisdiction is engaged in a deemed export that requires prior authorisation.
Practical scenario one: a Dutch trading company exports industrial pumps to a Middle Eastern distributor. The pumps are not on the dual-use list, but the end-user is a state-owned entity in a jurisdiction subject to sectoral EU sanctions. The transaction requires a sanctions compliance check under the relevant EU regulation, an end-use verification, and potentially a licence under the catch-all controls. Failing to conduct this analysis before shipment creates criminal exposure for the company';s directors.
Practical scenario two: a Dutch holding company owns a subsidiary in a third country that manufactures components using technology licensed from the Dutch parent. The subsidiary proposes to sell finished goods to a buyer on the EU consolidated sanctions list. The Dutch parent';s technology licence agreement must contain appropriate end-use restrictions, and the parent must take active steps to prevent the transaction - passive ignorance is not a defence under the WED.
Financial institutions, payment service providers, and other regulated entities in the Netherlands carry specific obligations under EU sanctions law that go beyond the general prohibition on dealing with designated persons.
The core obligation is asset freezing. Under the various EU sanctions regulations, a Dutch bank that holds funds or economic resources belonging to a designated person or entity must freeze those assets immediately upon designation and report the freeze to the competent authority. In the Netherlands, the reporting obligation runs to the Ministry of Finance through the Financial Intelligence Unit (FIU-Nederland) and, for regulated institutions, to DNB.
Screening obligations require financial institutions to check all customers, counterparties and beneficial owners against the EU consolidated sanctions list, the UN consolidated list, and any applicable Dutch autonomous lists. DNB';s supervisory guidance expects institutions to screen not only at onboarding but on a continuous basis, with automated alerts triggered by new designations. The frequency and depth of screening must be proportionate to the institution';s risk profile.
A common mistake is treating sanctions screening as a binary pass-fail exercise. In practice, many transactions involve parties with names similar to designated persons, or entities that are not themselves designated but are owned or controlled by designated persons. EU sanctions regulations apply the 50% ownership rule: an entity owned 50% or more by a designated person is itself subject to the asset freeze, even if not explicitly listed. Dutch financial institutions that fail to apply this rule - and instead rely solely on exact-name matching - face significant supervisory risk.
De-risking - the practice of terminating relationships with entire categories of customers to avoid sanctions exposure - is itself a regulatory concern. DNB has indicated that blanket de-risking without individual risk assessment is inconsistent with the proportionality requirements of Dutch financial supervision law. Institutions must document their decision-making process for each relationship, including the specific risk factors that justified termination.
Correspondent banking relationships create particular complexity. A Dutch bank that processes a payment on behalf of a foreign correspondent bank bears responsibility for ensuring that the underlying transaction is not sanctions-prohibited. The "knowledge" standard under EU sanctions law is objective: a bank that had reasonable grounds to know that a transaction was prohibited cannot escape liability by pointing to representations made by the correspondent.
To receive a checklist on sanctions screening and asset freeze reporting obligations for Dutch financial institutions, send a request to info@vlolawfirm.com.
The discovery of a potential sanctions violation triggers a sequence of legal obligations and strategic decisions that must be managed carefully and quickly.
The first priority is containment. Any ongoing transaction that may be prohibited must be suspended immediately. Continuing a transaction after a compliance team has identified a potential violation significantly increases criminal exposure, because the continuation is treated as a new, intentional act rather than an inadvertent historical breach.
The second step is internal investigation. The company must establish the facts: which transactions are involved, which parties, what goods or funds, and over what period. This investigation should be conducted under legal professional privilege where possible, meaning it should be directed by external counsel rather than internal compliance staff, to protect the findings from disclosure in any subsequent enforcement proceeding.
The third step is legal analysis. The company must determine whether the transactions actually violated applicable EU or Dutch law, or whether they fall within a licence, derogation or exception. Not every transaction involving a sanctioned country or a listed person is automatically prohibited - many EU sanctions regulations contain specific carve-outs for humanitarian goods, pre-existing contracts, personal remittances and other categories. A thorough legal analysis may establish that no violation occurred, or that the violation was technical rather than substantive.
If a violation is confirmed, the company must consider voluntary disclosure. There is no statutory obligation under Dutch law to self-report a sanctions violation to the CDIU or the Public Prosecution Service, but voluntary disclosure is treated as a significant mitigating factor in enforcement proceedings. The Dutch Public Prosecution Service has published guidelines indicating that companies that self-report, cooperate fully, and implement effective remediation measures are more likely to resolve matters through an administrative settlement (transactie) rather than criminal prosecution.
The transactie mechanism under Article 74 of the Dutch Criminal Code allows the Public Prosecution Service to offer a settlement to a company in lieu of prosecution. The settlement typically involves payment of a financial penalty, disgorgement of profits, and implementation of a compliance programme. This mechanism is widely used in Dutch economic crime enforcement and represents a materially better outcome than a criminal conviction, which carries reputational consequences and can trigger debarment from public procurement.
Practical scenario three: a Dutch logistics company discovers that it transported goods on behalf of a customer whose ultimate beneficial owner was added to the EU sanctions list six months before the shipments. The company did not screen beneficial owners at the time. The company should immediately suspend the relationship, conduct a privileged internal investigation, assess whether the beneficial ownership was determinable at the time of the transactions, and consult with external counsel on whether voluntary disclosure is appropriate. The cost of non-specialist mistakes at this stage - for example, making premature disclosures to the wrong authority, or destroying documents in the belief that they are unhelpful - can transform a manageable compliance issue into a criminal prosecution.
The loss caused by an incorrect strategy at the post-discovery stage is often greater than the original violation. Companies that attempt to manage enforcement proceedings without specialist legal support frequently make procedural errors that foreclose settlement options and increase the risk of prosecution.
Building a sustainable compliance programme for international trade and sanctions in the Netherlands requires more than a screening tool and a policy document. Dutch enforcement authorities assess the quality of a compliance programme both as a factor in determining whether a violation occurred and as a mitigating factor in enforcement.
A robust compliance programme for a Dutch trading or holding company should include the following elements.
A risk assessment that maps the company';s specific exposure - by product, destination, customer type and transaction structure - against the applicable sanctions and export control regimes. Generic risk assessments that are not tailored to the company';s actual business are treated sceptically by enforcement authorities.
Written policies and procedures that translate legal obligations into operational instructions for sales, procurement, logistics and finance teams. Policies must be updated promptly when new EU sanctions measures enter into force - which can happen with very short notice, sometimes within hours of a Council decision.
Screening processes that cover all relevant parties - customers, suppliers, intermediaries, beneficial owners and end-users - against all applicable lists, with documented escalation procedures for potential matches. Screening must be repeated when new designations are published and when existing relationships undergo material changes.
Training programmes that ensure all relevant staff understand their obligations and know how to escalate concerns. Training records must be maintained and updated regularly.
Record-keeping systems that preserve all relevant documentation for the minimum statutory period. Under EU Regulation 2021/821, export control records must be kept for at least five years. Under Dutch anti-money laundering law, transaction records must be kept for five years from the end of the business relationship.
Internal audit and testing procedures that verify whether the compliance programme is functioning as designed. A programme that exists on paper but is not implemented in practice provides no meaningful protection in an enforcement proceeding.
Many Dutch holding companies that operate through complex international structures underappreciate the compliance obligations that attach to the Dutch entity as the controlling shareholder. A Dutch parent that directs, approves or facilitates a transaction by a foreign subsidiary can be held liable under Dutch law for the subsidiary';s sanctions violation, particularly where the parent';s directors were aware of the relevant facts.
We can help build a strategy for structuring a compliance programme that addresses your specific trade and sanctions exposure in the Netherlands. Contact info@vlolawfirm.com to discuss your situation.
---
What is the most significant practical risk for a Dutch company that trades through intermediaries in high-risk jurisdictions?
The most significant risk is the application of the "reasonable grounds to know" standard under EU sanctions law. A Dutch company does not need to have actual knowledge that a transaction is prohibited - it is sufficient that the circumstances were such that a reasonable compliance professional would have identified the risk. Intermediary structures that obscure the ultimate end-user or beneficial owner do not insulate the Dutch company from liability; they may in fact aggravate it, because the use of intermediaries in high-risk contexts is itself a red flag that triggers enhanced due diligence obligations. Companies that rely on contractual representations from intermediaries without independent verification are particularly exposed. The practical implication is that due diligence must be proportionate to the risk profile of the transaction, not merely to the face value of the documentation provided.
How long does a sanctions or export control investigation in the Netherlands typically take, and what are the financial consequences?
FIOD investigations in complex economic crime cases typically run for one to three years from the opening of a formal investigation to a charging decision. During this period, the company may face asset freezes, document seizures, and reputational damage from the investigation becoming public. Financial consequences vary widely depending on the nature and scale of the violation. Administrative fines from DNB for financial institutions can reach EUR 5 million or 10% of annual turnover. Criminal fines for legal entities under the WED are not capped in the same way and can be set at a level that reflects the economic benefit derived from the violation. Disgorgement of profits is applied separately. The total financial exposure in a serious case - combining fines, disgorgement, legal costs and remediation expenses - can reach the low tens of millions of euros for a mid-sized trading company. Early engagement with specialist counsel significantly affects the outcome.
When should a Dutch company choose voluntary disclosure over a wait-and-see approach?
Voluntary disclosure is generally the better strategic choice when the violation is likely to be discovered independently by enforcement authorities - for example, through a bank';s suspicious transaction report, a customs declaration, or a third-party complaint. In those circumstances, the company gains little by waiting and loses the mitigating benefit of self-reporting. Voluntary disclosure is also preferable when the violation involved a systemic failure rather than an isolated incident, because systemic failures are more likely to be identified in the course of a broader investigation. The wait-and-see approach carries a specific risk: if the company is investigated and it emerges that the compliance team was aware of the violation but chose not to disclose, this is treated as evidence of intentional concealment, which converts what might have been a negligent breach into an intentional one, with materially higher penalties. The decision should always be made with external legal counsel who can assess the specific facts and the current enforcement climate.
---
International trade and sanctions compliance in the Netherlands operates at the intersection of EU law, Dutch domestic legislation, and the operational realities of one of Europe';s most active trading jurisdictions. The legal framework is dense, enforcement is active, and the consequences of non-compliance - criminal, administrative and reputational - are substantial. Companies that invest in structured compliance programmes, conduct genuine due diligence on their counterparties, and respond promptly and strategically to identified issues are materially better positioned than those that treat compliance as a box-ticking exercise.
To receive a checklist on building a sanctions and export control compliance programme for Dutch trading and holding companies, send a request to info@vlolawfirm.com.
Our law firm VLO Law Firms has experience supporting clients in the Netherlands on international trade, sanctions compliance, and export control matters. We can assist with compliance programme design, licence applications, internal investigations, voluntary disclosure strategy, and representation in enforcement proceedings. To receive a consultation, contact: info@vlolawfirm.com.