Looking to 2026, the Netherlands faces crucial decisions about its technological and strategic future. We prepared an overview that summarizes the key regulatory trends (some of which still in transition) that investors and businesses should watch as they plan for 2026 and beyond.

Dutch policymakers increasingly prioritize resilience and autonomy, bringing more companies under tighter national security rules, in M&A and beyond. Continuing this trend in 2026, the Netherlands plans to adopt investment screening, operational resilience, knowledge protection, talent migration and procurement security rules.

The Wennink report and upcoming challenges for the Dutch investment climate

These developments are in part supported by the Wennink report, which has been making waves in boardrooms and attracted enthusiasm on LinkedIn. In the Dutch equivalent of the EU's Draghi report, Wennink highlights the risks of one-sided economic dependence in energy, digital infrastructure, and finance. Authorities at the EU and national level echo this concern. In its latest report, the European Commission noted that over 3,000 transactions were reviewed on national security grounds, twice more than in previous years. Approximately 10% of notified deals required mitigation and 5% were prohibited or withdrawn.

At national level, FDI screening is increasingly used as a tool to shape the Dutch investment landscape. While aiming to remain a relevant player in global value chains, the Netherlands must carefully balance investing in innovation with protecting its key industries. That balance has not been struck yet, according to the Wennink report. Unless simplified, The Netherlands’ growing web of national security regulations may reduce its attractiveness for innovation. Businesses continue to face overlapping requirements in operational resilience, (cyber)security, and investment screening. New rules introduce scrutiny of talent acquisition strategies and require businesses to integrate knowledge security into governance, HR, and collaborations. M&A plans involving talent relocation or R&D consolidation in the Netherlands may also be impacted.

As the Wennink report notes, concerns over strategic autonomy have led policymakers to act even when lacking appropriate policy instruments. In 2025, the Dutch government's reliance on a Cold War era law (Goods Availability Act, Wet beschikbaarheid goederen) in the semiconductor space led to significant disruptions in the global automotive supply chain. The measure (currently being challenged) was suspended after two months. For businesses and investors, this emphasizes the need to remain vigilant and consistently assess geopolitical risk in M&A and day-to-day business.

As these changes accelerate, many business leaders are questioning whether their previously unaffected businesses will soon face new obligations and/or scrutiny. We highlight the most pertinent ones below.

1. Investment screening affects more transactions

The Netherlands looks to expand investment screening. The Vifo Act remains a central pillar for national security review. But new instruments progressively expand its reach.

• More sensitive technologies in scope. A proposal seeks to extend investment screening to sectors such as advanced materials, artificial intelligence, biotechnology, nanotechnology, sensor and navigation technologies, and nuclear medicine.
  _{Instrument: Wijziging Besluit toepassingsbereik sensitieve technologie | Proposal | Likely adoption: 2026}
• Additional screening for defence-related activities. A 2024 proposal seeks to introduce an additional screening regime targeting for companies active in the defence sector and has three pillars: market regulation, investment review, and a certification scheme for foreign procurement.
  _{Instrument: Wet veiligheidstoets defensie-gerelateerde industrie | Proposal | Likely adoption: 2026}
• Energy-sector investments caught. Amendments extend investment reviews to LNG infrastructure and large electricity producers. Changes follow the 2024 introduction of review powers over offshore wind projects, including non-operational assets.
  _{Instrument: Energiewet | Adopted | Entry into force: January 2026}
• EU harmonisation expected soon. The proposed new EU FDI Screening Regulation will make investment screening compulsory across the EU, expand coverage to indirect investments and greenfield projects, and define a common "minimum" list of sensitive sectors.
  _{Instrument: EU FDI Screening Regulation II | Political agreement reached | Likely entry into force: 2027}

2. Increasing resilience at the cost of investment appeal

Planned 2026 updates to Dutch cybersecurity and operational resilience frameworks support the Wennink report's conclusion that energy, digital infrastructure, and financial services are crucial for national security.

• New national cybersecurity framework. The Dutch implementation of the NIS2 Directive is set to replace a regime that had barely taken effect in 2024. New rules cover 18 more sectors, including manufacturing, logistics, and waste management with companies in scope growing from 1,000 to 8,000. Obligations include board-level training, supply-chain cybersecurity audits, and incident reporting, with fines reaching EUR 10 million for large enterprises and EUR 7 million for medium ones.
  _{Instrument: Cyberbeveiligingswet | Proposal | Likely adoption: 2026}
• National resilience rules for critical entities. The implementation of the Critical Entities Resilience Directive covers sectors such as energy, transport, digital infrastructure, healthcare and financial services. Critical entities will have 10 months to conduct risk assessments and implement protocols to handle and report threats (physical, cyber, climate, sabotage).
  _{Instrument: Wet weerbaarheid kritieke entiteiten (WWKE) | Proposal | Likely adoption: 2026}
• Financial services seen as critical infrastructure. In November 2025, the Dutch Minister of Finance announced that an evaluation of the financial services sector revealed systemic dependency risks. The finding is likely to be followed by a proposal to amend the Vifo Act and the WWKE in 2026. The list of “vital” operators is still confidential but may include payment service providers, balance-sheet managers and participants in capital-market operations.

3. Safeguarding sensitive knowledge but restricting talent flows

Authorities are tightening controls on sensitive knowledge, skills, and human capital. Recent measures move from voluntary cooperation to mandatory screening and enforcement, due to concerns over technology leakage via research, education, and workforce movement.

• Researchers need government approval. A 2025 proposal introduces mandatory screening of students, researchers and non-academic university staff with access to sensitive R&D, which likely results from earlier EU Council recommendations.
  _{Instrument: Wet screening kennisveiligheid | Proposal | Likely adoption: 2026}
• Talent migration rules tighten. A proposal aiming to reduce knowledge migration, increases requirements for employers to act as sponsors for highly skilled migrants, salary thresholds for employees to qualify as skilled, and adds labour market conformity tests.
  _{Instrument: Verkenning aanscherping kennismigrantenregeling | Proposal | Likely adoption: 2026}
• Criminal law deployed. Diaspora espionage, leaking non-classified sensitive information, and cooperating with foreign governments to harm Dutch interests, are now criminal offences carrying maximum imprisonment sentences of eight to twelve years.
  _{Instrument: Expansion of the Criminality of Espionage Activities Act | Proposal | In force since: May 2025}

4. A tangled web of geopolitics and national security considerations

Broadening security toolkits see export controls, procurement rules, and private governance increasingly interlinked, with more sectors and activities affected.

Security standards introduced for public procurement. A revised ABRO framework targets digital espionage, cyber-attacks, sabotage and data leaks. It applies security requirements for public contracts across sectors if they involve sensitive information, critical processes or elevated security risks.
_{Instrument: Algemene Beveiligingseisen voor Rijksovereenkomsten (ABRO) | Proposal | Likely adoption: 2026}

• A Europeanised regime for semiconductor export controls. A new Ministerial regulation changed national rules on advanced semiconductor production equipment, aligning Dutch and EU export controls, including as regards procedural licensing requirements. Oversight lies with the Central Import and Export Office (CDIU) under the Ministry of Foreign Affairs.
  _{Instrument: Regeling intrekking […] geavanceerde productieapparatuur voor halfgeleiders | In effect since 15 November 2025}
• New powers for the BTI to enforce international sanctions. The EU operates over 40 sanctions regimes targeting states, entities and individuals. Measures include trade restrictions, asset freezes and travel bans. A proposal seeks to expand the BTI's enforcement powers and grant it the ability to intervene in corporate governance to block effective control.
  _{Instrument: Wet internationale sanctiemaatregelen | Proposal | Likely adoption: 2026}
• Reputational and other consequences of BTI enforcement. In 2025, the BTI publicly reported its sanctions-related activities. It conducted 54 investigations and found ties to sanctioned individuals in 70% of cases, leading to mitigation measures in every instance. Even without formal penalties, companies can still face risks arising from perceived association with sanctioned parties.

5. Looking ahead

Even for companies outside defence or critical sectors, national security considerations are increasingly relevant.

• Pre-deal planning and due diligence are essential. Screening and filing risks extend timelines and complicate risk allocation negotiations.
• Strategic autonomy drives enforcement and policy focuses on key capabilities and critical dependencies. Expect more scrutiny on deals involving sensitive technologies, and more risk in energy, infrastructure, finance, and defense-adjacent projects.
• Post-deal, integration planning is more complex because of cybersecurity, knowledge protection, and talent migration rules.
• Additional capital structures caught, including minority, indirect, and greenfield stakes.
• New security requirements affect defense certification, civil tender eligibility, and post-closing obligations.

If you are planning transactions, expanding operations, or restructuring, understanding regulatory expectations is now a board-level imperative. Our team stands ready to help you map your risk landscape, design effective strategies, and engage constructively with regulators. We are happy to align on how we can support your business in navigating the evolving national security environment in 2026 and beyond.