Back Netherlands

    Status regarding Budapest Convention

Status regarding Budapest Convention

Status : Party Declarations and reservations : See legal profile

Cybercrime policies/strategies

The Dutch Department of Security and Justice published a first report on a national cyber security strategy (NCSS) on February 29, 2011. Part of the strategy was the establishment of a Cyber Security Council (CSC) with representatives of relevant parties in the public and private sector in order to elaborate and evaluate the NCSS. A second aim was the establishment of the National Cyber Security Center (NCSC) which officially started to function from January 12, 2012. The task of the NCSC is defining the measures and instruments required in view of implementing the NCCS and serving as a center of expertise. Its views were published on October 28, 2013. The NCSC is part of the organization of the National Coordinator Fighting Terrorism and Security of the Department of Security and Justice. Fighting Cybercrime is an essential aspect of the NCSS.


The current National Cyber Security Agenda (NCSA) of the Netherlands was published by the government and implemented starting 21 April 2018. The document proposes seven ambitions that contribute towards the overarching objective: The Netherlands is capable of capitalizing on the economic and social opportunities of digitalisation in a secure way and of protecting national security in the digital domain, namely:

  1. The Netherlands has adequate digital capabilities to detect, mitigate and respond decisively to cyber threats
  2. The Netherlands contributes to international peace and security in the digital domain
  3. The Netherlands is at the forefront of digitally secure hardware and software
  4. The Netherlands has resilient digital processes and a robust infrastructure
  5. The Netherlands has successful barriers against cybercrime
  6. The Netherlands leads the way in the field of cybersecurity knowledge development
  7. The Netherlands has an integrated and strong publicprivate approach to cybersecurity



The Integrated International Security Strategy 2018-2022 published by the Ministry of Foreign Affairs on 14 May 2018 also emphasizes cyber threats as one of the most important threats facing the Netherlands, acknowledges that the threat of hybrid and cyber warfare will continue to increase and strives for successfully developing clear international norms relating to cyberspace.


The Netherlands further attaches a great importance to international cooperation on cyber related issues, having developed also an International Cyber Strategy: Building Bridges that highlights cybercrime amongst the six areas for emphasis in any international discussion.

Specialised institutions

Expertise for the investigation on cybercrime cases in the broadest possible sense is centralised in the Landelijke Eenheid (National Unit) of the National Police in Driebergen. A separate police unit is the National Team fighting child porn and sex tourism (TBKK) located in Zoetermeer. 

The legal competence to begin and direct criminal investigations belongs to the Prosecution Service, with the technical support from police. It is also a competence from the Prosecution Service to send and to receive international cooperation requests.

However, there is a knowledge and expertise centre in the national prosecution unit located in Rotterdam.

The obligation to establish a 24/7 point of contact as required by Article 35 of the Budapest Convention is worked out as follows. The 24/7 contact point is one of the tasks of one national (LIRC) and six regional mutual assistance centres (IRC), which co-ordinate with the central authority of the Ministry of Security and Justice. [1]

On behalf of the judiciary a centre of expertise is established with the Court of Appeal of the Hage. Contact email can be found here

[1] Instruction investigating authorities, College of Prosecutors-general, September 1, 2014, Stcrt 2014, 24442.

Jurisprudence/case law

Judgement of the Supreme Court of March 26, 2013: a router is a computer system in the meaning of the legal definition. Hacking of it amounts to illegal access criminalized under Article 138a Sr, at present Article 138ab Sr. 

Judgement of the Supreme Court of February 2012 (Toxbot network): Explanation of notion “common risk for services” in Article 161sexies (computer sabotage).

Judgement of Supreme Court of June 28, 2011 (RuneScape): virtual objects are susceptible to theft.

Surpreme Court of February 20, 2007: relation between seizure of computer system and data and privilege of non-disclosure.

Supreme Court of march 23, 2010: an order to disclose customer data (including pass port photos) concerns sensitive data within the meaning of Article 126nd Sv and requires written empowerment of the investigating judge. [5]

Tools on Cybercrime & Electronic Evidence Empowering You!

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 


  Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?

  Share this information with us helping to keep this platform up to date.

Useful links