On the new Dutch Intelligence and Security Law

13th of June UPDATE: The Dutch government has failed to hire and house the promised new 10 oversight staff. Yet, the new law will be enacted July 1st, passing oversight to people that don’t exist. I surely enjoyed living under the rule of law, but it appears it was a passing thing.

“The Netherlands hosts some of the world’s largest internet exchanges. This obliges us to make the best use of these exchanges for our national security. With the Temporary Cyber Act, we will make optimum use of the data carried on our cables to protect The Netherlands against Russian and Chinese hackers” – Dutch government announcement

I wrote this earlier, but did not publish it then because I wasn’t happy with the post. However, since the new Dutch Intelligence and Security act just passed, it is relevant for an international audience. Earlier, I wrote a piece for about:intel, and in there you can find further discussion in English.

Of specific note, this law vastly expands when the Dutch agencies can perform SIGINT on Dutch Internet Exchanges like the Amsterdam Internet Exchange. These powers extend to any form of communication, including private peering and Private Network Interconnects (PNI). Every cable must be made available for ’exploration’, and it is likely that due to the wording in the new law, any request for such examination will be granted by the commission that rules on these things. Such exploration includes the right to send data to foreign intelligence agencies, including non-European ones.

Secondly, the law also makes it clear that requests for full intercepts should now mostly be judged on technical terms (‘is the request complete’) and with much less emphasis on the merits of full SIGINT. But do read on for the details.

Today, the upper house of Dutch parliament passed a law to reduce (I think) the oversight on the Dutch intelligence and security services, while simultaneously granting them more leeway to execute their powers. In 2022, I resigned as regulator of the Dutch intelligence and security services because of this attempt. Politico.eu wrote a comprehensive article about it, representing various points of view.

In this page I will try to explain how the new law works and what these changes mean. I also provide some context from the European Court of Human Rights. This page refers to the just passed version of the proposed legislation.

There is also a far longer page in Dutch. This post is an attempt to summarise the changes for an international audience.


The Dutch Law on Intelligence and Security Services defines a broad set of powers. It is also a somewhat odd law with a long history.

An English translation of a 2016 draft of the law can be found on the European Commission website. Note that this is a draft and it definitely differs from the law that is in force (Dutch).

A remarkable aspect of the law is that it is universally applicable - it extends as much powers to spy on Dutch people as those from other countries. There are no general protections for people from or in The Netherlands or in the EU. This stands in stark contrast to US legislation which provides some privacy protection to ‘US Persons’, but to no one else.

In addition, the powers can be used around the world - Dutch agencies are free to hack computers anywhere, or to intercept communications anywhere.


The services can investigate anything or anyone that gives rise to the suspicion that their activities or goals might be harmful for the survival of the system of democratic rule of law, for security or other important interests of the state. In addition, the services can investigate other countries.


The powers granted to the services are broad, but also largely ‘read-only’. The services do not operate drones (unlike the CIA), and they have limited powers to intervene or disturb things, with one exception.

  • Article 40: Observing and following people and objects
  • Article 41: Operate & instruct agents, who are allowed to break other laws under specific conditions
  • Article 42: Enter & investigate closed objects and premises
  • Article 43: Collect, store and match DNA data from people
  • Article 44: Intercept and investigate physical post and packages
  • Article 45: Hack ‘automated works’, computers in the very broadest sense of the word
  • Article 47: Intercept any form of (tele)communications from a specific person, organization of technical identifier
  • Article 48: Intercept & record whole cables
  • Article 49: Investigate data recorded under article 48 to find targets or technical identifiers
  • Article 50: Select part of the data recorded under article 48 for use in intelligence/security investigations
  • Article 54: Requisitioning data
  • Article 60: Perform automated analysis and “machine learning” on all data, including 48 data
  • Article 73: “Undertake measures to protect interests of the services”

Subjects of these powers

The law is somewhat unique that all these powers are only tied to the interests the services protect, and not to specific people. So unlike police forces, the services can spy not only on direct targets of investigation, they can also eavesdrop ’non-targets’ (who might know interesting things about targets) or even hack ’third parties’ that could function as a stepping stone to useful information.

Before the services can use their investigatory powers on non-targets or third parties, they do have to explain why this is the only way for an investigation to proceed.

Oversight, warrant process

For all of the powers, there must be internal sign-off. Depending on the nature, this sign-off can be mandated to lower ranking employees. The most infringing powers however need to be approved by the relevant minister. Then, the ex-ante regulator rules if this permission was obtained lawfully. The minister takes the political decision, the ex-ante regulator verifies this decision. The opinion of the ex-ante regulator is binding.

In addition, there is a non-binding ex-post regulator.

Administrative warrant extensions

The powers are available for use on people or organizations. If someone turns out to have an additional phone number, or starts using a different phone number, a warrant can administratively be updated with this new information. No new permission process is required. In addition, if a warrant was written to target an organization, if this organization was described well, newly discovered members of the organization can also be added to a warrant administratively.

Crucially, such administrative extensions can not be used to add non-targets or third parties - these can not have been a member of a well described organization.


The SIGINT or bulk interception powers are complicated. The intelligence and security law considers that the copying, collecting and storing of data is a lesser infringement than actually looking at the data. This is in line with recent European Court of Human Rights precedents. The infringement of privacy increases at every step of the intelligence process, from collection to storing to selecting relevant communications to exploiting such communications for intelligence/security purposes. Crucially however, merely intercepting and storing data is already an infringement that needs a justification.

Article 48 provides for the collection powers. Services need to describe why a specific cable is interesting, and what they expect to achieve with that data. They must also use a well-targeted cable, one that is expected to best provide the data the services are interested in. There are also some restrictions on traffic with origin and destination in The Netherlands.

Article 49 enables technical analysis of this data to see if it includes interesting targets or subjects. Article 50 meanwhile allows for the selection of communications for dissemination to intelligence teams.

Finally, with specific permission, article 60 allows for the algorithmic analysis of all data intercepted under article 48. It was not found possible to properly limit what “algorithmic analysis” might be, so this was left to the ex-ante regulator to determine. In an adversarial reading, “finding all email from a specific person” might be dressed up as an algorithmic analysis. This means article 60 could be an alternative to article 50, and thus it needs the same level of regulatory scrutiny.

Proposed changes

In the proposed additional ‘cyber law’, several things would change:

  • The non-binding ex-post regulator gets binding oversight powers on select capabilities. To actually stop an operation involves a heavyweight procedure which can also be stayed. In addition, the regulator needs a lot of new highly technical staff which has been hard to find.
  • Hacking operations no longer need to detail plans or technical risks to the regulator. These risks include the leaking of ‘zero days’, or damaging non-target or third party services. In addition, technical risk includes the possibility that the facilities installed by the services could be abused by yet other services or hackers.
  • Hacking operations no longer need to be tied to specific groups of people or organizations. It will become possible to hack into generic companies, for example to enable the retrieval of phone location data in the future. For such strategic hacks on infrastructure, no technical risks need to be described to the regulator.
  • Services gain the power to intercept and store any cable for a year, no matter where it leads to, and also store the data for six months running. No justification needs to be given for this exploration beyond that there is an interest in figuring out what traffic a cable carries. Data collected under this article may be investigated for a whole year, but (crucially!) not for any other purpose than finding targets. Such exploratory data can explicitly be shared with foreign and non-EU intelligence agencies.
  • In addition, the article 48 powers can now be applied based solely on ‘indications’ what the technical plans are with this data. The regulators are instructed to mostly only study these indications, to the detriment of proportionality, subsidiarity and ‘as targeted as possible’ requirements. The indications are non-binding and the services have the liberty to do other things during the year if they need to. In effect, regulators do not have a lot left to regulate with this change.
  • The administrative permissionless extension of warrants is extended to NON-TARGETS. This means that if a hacker group is being targeted, warrants for eavesdropping, hacking, requisitioning are automatically extended to the victims of those hackers as well. This means that the additional test that used to apply to non-targets is no longer required, and instead, non-targets now get less protection than targets (!).
  • Algorithmic analysis on bulk intercepted data no longer needs regulatory approval. Since it is not well described what this automated analysis entails, this is a large expansion of powers that are not regulated up front. The European Court of Human Rights argues explicitly that such automated analysis needs safeguards (see below)

Some context

  • CASE OF BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM - with particular attention to:
    • “330. The Court considers that Article 8 applies at each of the above stages. While the initial interception followed by the immediate discarding of parts of the communications does not constitute a particularly significant interference, the degree of interference with individuals’ Article 8 rights will increase as the bulk interception process progresses. In this regard, the Court has clearly stated that even the mere storing of data relating to the private life of an individual amounts to an interference within the meaning of Article 8 (see Leander v. Sweden, 26 March 1987, § 48, Series A no. 116), and that the need for safeguards will be all the greater where the protection of personal data undergoing automatic processing is concerned (see S. and Marper, cited above, § 103). The fact that the stored material is in coded form, intelligible only with the use of computer technology and capable of being interpreted only by a limited number of persons, can have no bearing on that finding (see Amann v. Switzerland [GC], no. 27798/95, § 69, ECHR 2000‑II and S. and Marper, cited above, §§ 67 and 75).”