AI Regulatory Intelligence — by YRproject

factual analysis · traceable to primary sources

Compliance platform Work with us LinkedIn NL·EN·DE
Explainer

National supervisors: how AI Act enforcement is divided (the Dutch case)

Adopted 2026-06-22 · updated 2026-06-25 · ≈ 3 min read · Dirk Baaijen

The AI Act is largely enforced nationally. In the Netherlands a draft Implementation Act (consultation 20 April–1 June 2026) gives the AP and RDI a coordinating role over ten existing market surveillance authorities, with the AFM and DNB supervising the financial sector.

Short answer: Although the AI Act is a European regulation, it is largely enforced by the Member States themselves. Each Member State designates one or more national supervisors. In the Netherlands the RDI (Dutch Authority for Digital Infrastructure) plays a coordinating market-surveillance role and the Dutch Data Protection Authority (AP) is a central supervisor, alongside existing sectoral regulators.

Why supervision is national

The AI Act requires every Member State to designate competent authorities: at least one notifying authority (to designate conformity-assessment bodies) and at least one market surveillance authority (for enforcement). This choice is deliberately national: supervision can build on existing structures for product safety, data protection and sectoral rules. The downside is that the precise division of tasks differs by country.

The Dutch division

The Netherlands has opted for a model with a coordinating hub and several competent supervisors:

  • RDI (Dutch Authority for Digital Infrastructure) — intended coordinator of AI Act market surveillance and the point of contact towards Europe.
  • Dutch Data Protection Authority (AP) — central supervisor, with a unit for algorithms and AI; the natural fit where AI and personal data meet.
  • Sectoral supervisors — for example for finance, healthcare or products with existing CE marking, which remain competent within their domain.

The legal anchoring and exact mandates are set out in national implementing legislation; the broad line of RDI coordination and a strong role for the AP is settled.

The Implementation Act, now in consultation (April–June 2026)

On 20 April 2026 the State Secretary for Digital Economy put the Uitvoeringswet AI-verordening (AI Regulation Implementation Act) out for public consultation, which ran until 1 June 2026. The draft turns the broad lines above into law. Its core choice is a distributed model: rather than create one new AI regulator, it assigns AI Act tasks to ten existing market surveillance authorities, each within its own domain, with the AP and RDI given a coordinating role across the system. The AP is proposed as the lead supervisor — with a dedicated AI unit — for areas that lack a clear existing supervisor.

For the financial sector, supervision stays with the bodies that already hold it: the AFM (conduct) and DNB (prudential). On 12 June 2026 the AFM published its formal implementation assessment (uitvoeringstoets), concluding that the Act is workable but needs targeted adjustments for effective oversight: new expertise, additional supervisory instruments, and intensive cooperation with other supervisors, in particular DNB, plus an adequate publication and confidentiality regime, a data-sharing framework, and sufficient capacity. The AFM stresses that both it and DNB should be designated to supervise the AI Act's prohibitions and high-risk standards within finance — which matters because, from 2 August 2026, the high-risk obligations begin to apply, and AI for credit scoring and for life- and health-insurance pricing is high-risk. This is the financial-sector counterpart to the soft-law IOSCO supervisory toolkit: binding national designation on one side, a shared international supervisory vocabulary on the other.

What supervisors may do

National market surveillance authorities have substantial powers. They can request documentation and source-code-like information, check high-risk obligations, have systems withdrawn from the market, handle complaints and impose fines. For the model layer (GPAI), the power lies not with them but with the AI Office.

Cross-border cooperation

Because AI systems rarely stay within one country, national supervisors cooperate through the AI Board and the AI Office. This prevents the same provider from receiving a different interpretation in each Member State. For a deployer this means: the supervisor of your own country of establishment is usually your first point of contact.

What to do

  • Determine your competent supervisor: it depends on sector and on the nature of your AI system.
  • Follow the Dutch Implementation Act: the consultation closed on 1 June 2026; the final text will definitively set mandates and reporting points.
  • Know the complaints channel: see filing a complaint.
  • Distinguish model from application: GPAI falls under the AI Office, not the RDI or AP.
  • Prepare documentation: see preparing for an audit.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act); Art. 70 on designating national competent authorities and market surveillance authorities.
  2. https://digital-strategy.ec.europa.eu/en/policies/ai-office
    European Commission page on the governance structure; the AI Office coordinates with national supervisors.
  3. https://www.rijksoverheid.nl/actueel/nieuws/2026/04/20/kabinet-zet-stap-met-toezicht-op-europese-ai-regels
    Dutch government announcement (20-04-2026): draft Implementation Act in consultation to 1 June 2026; AP and RDI given a coordinating role.
  4. https://www.internetconsultatie.nl/uaiv/b1
    Public consultation on the Uitvoeringswet AI-verordening; ten existing market surveillance authorities receive AI Act tasks.
  5. https://www.afm.nl/nl-nl/persbericht/2026/jun/pb-uitvoeringstoets
    AFM implementation assessment (12-06-2026): the Act is workable but needs new expertise, instruments and close cooperation with DNB.

Share on LinkedIn

Read next

A

The interplay of the AI Act and DORA: one AI system, two supervisory frameworks

Financial institutions deploying AI fall under DORA (since January 2025) and the AI Act at the same time. This analysis maps where the frameworks meet, where the AI Act explicitly defers to financial services law, and where duplicate work looms.

W

Guide to primary sources: where AI regulation actually lives

To follow AI regulation, reading three primary sources well beats thirty summaries. This guide organises the official repositories — European, Dutch and standardisation — and notes per source what to use it for and what to watch out for.

U

Filing a complaint under the AI Act and how enforcement works

Anyone can file a complaint with the national market surveillance authority if an AI system breaches the AI Act. The supervisor investigates, can request documentation, require measures and impose fines. The process runs from report to decision and appeal.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject — programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method →

A project or programme? Work with YRproject →

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.