guidance NL effective 8/10
Government · Autoriteit Persoonsgegevens

The Dutch Data Protection Authority (AP) has issued a warning, based on its annual data breach report, that AI is significantly escalating the risks of cyberattacks, particularly phishing and data breaches. The AP highlights a 'flywheel effect' where AI creates more sophisticated phishing, leading to more breaches, which then fuel further AI-powered attacks. Organizations are urged to act immediately to strengthen their digital security, with a strong emphasis on management responsibility ('chefsache') to protect personal data and avoid severe financial and reputational damage.

Effective date

2026-07-08

Action required

Organizations must immediately implement robust digital security measures and prioritize digital safety at the board level to protect personal data against AI-enhanced cyberattacks and phishing, as warned by the AP.

Binding status

advisory

Governing body

Autoriteit Persoonsgegevens

Direction

restrictive

Innovation impact

constraining

Enforcement details

Agency

Autoriteit Persoonsgegevens

AI technologies

generative aipredictive analytics

Affected industries

all

Affected roles

cisoctogeneral counselchief ai officercompliance officerceoboard directorrisk managerprivacy officer

"'De afgelopen tijd hebben we in Nederland een reeks aan grote en ingrijpende hacks gezien. Door AI dreigen de gevaren bij zulke datalekken alleen maar groter te worden', waarschuwt AP-vicevoorzitter Monique Verdier."

Enriched 2026-07-09

Stay informed

Get daily intelligence briefs on this and related regulatory developments.

Start 14-day trial