GPSR Compliance in the Netherlands
The Netherlands has the second-highest ecommerce penetration in the EU and hosts some of the bloc's most aggressive consumer protection enforcement. The ACM can fine up to €900,000 per violation — here's what online stores need to know.
€900,000
Max fine per violation
#2 in EU
EU ecommerce penetration
14 million
Online shoppers NL
Dec 2024
GPSR in force since
Who enforces GPSR in the Netherlands?
GPSR enforcement in the Netherlands is split across multiple specialist authorities, each with significant powers and a history of using them.
Consumer protection & ecommerce
ACM
The Autoriteit Consument & Markt is the primary authority for online consumer protection. It oversees product information requirements, ecommerce transparency, and unfair commercial practices. Its fine ceiling of €900,000 per violation is among the highest in the EU.
Physical product safety
NVWA
The Nederlandse Voedsel- en Warenautoriteit (Food and Consumer Product Safety Authority) conducts physical product safety inspections, laboratory testing, and market surveillance checks. It can issue recall orders and halt product sales.
Data protection & cookies
AP
The Autoriteit Persoonsgegevens is the Dutch GDPR supervisor. It actively investigates cookie consent violations and has fined several major brands. Online stores with Dutch traffic are in scope even if based outside the Netherlands.
Imports via Rotterdam
Douane (Customs)
Rotterdam is the EU's largest port. Dutch customs inspect incoming goods for compliance documentation and CE marking. Non-compliant products imported through Rotterdam can be detained before they reach any consumer.
Rotterdam hub risk: non-compliant imports can be stopped before delivery
The Netherlands handles approximately 15% of all EU goods entering from outside the bloc. If your supplier ships via Rotterdam and products lack proper GPSR documentation — responsible person details, CE marking, traceability info — Dutch customs can seize the entire shipment. This is a distinct risk beyond just the fine exposure from the ACM or NVWA.
Netherlands-specific compliance requirements
These requirements apply in addition to the general GPSR rules — some are specific to Dutch law and ACM enforcement priorities.
Dutch-language safety information
CRITICALAll safety warnings, usage instructions, and hazard notices must be provided in Dutch for products sold to Dutch consumers. This applies to product page content, downloadable manuals, and any safety-related communication — not just physical packaging. The ACM actively checks this for online stores.
Manufacturer or EU responsible person details
CRITICALThe name, registered business address, and an electronic contact point of the manufacturer (or EU responsible person if you are non-EU) must be prominently displayed on each product page. For non-EU sellers, this is a hard GPSR requirement — the responsible person must be EU-based and legally contactable.
Product traceability identifier
CRITICALA unique product identifier — model number, batch number, or serial number — must be visible on each product page to enable traceability back to the manufacturer or production batch. This is critical for recall co-operation if the NVWA contacts you.
Cookie consent (AP enforcement)
CRITICALThe AP (Autoriteit Persoonsgegevens) is one of the EU's most active GDPR enforcement bodies. Dutch-facing stores must have valid cookie consent — no pre-ticked boxes, functional-only cookies before consent, and a clear way to withdraw consent. Non-compliant cookie banners have resulted in fines exceeding €750,000.
GPSR safety reporting channel
IMPORTANTConsumers must have a clearly accessible way to report product safety concerns. A dedicated email address or contact form labeled for product safety purposes is required and must be easy to find from product pages. Hiding this behind multiple navigation levels will not satisfy the ACM.
Privacy policy compliant with GDPR
IMPORTANTA complete, Dutch-accessible privacy policy is required. It must explain what data is collected, why, for how long, who it is shared with, and how consumers can exercise their rights. The AP has issued guidance specifically for ecommerce stores and checks for completeness.
The EU Responsible Person for non-EU sellers
If your business is based outside the EU (UK, US, China, etc.) and you sell physical products to Dutch consumers, GPSR Article 4 requires an EU-established responsible person. Because the Netherlands is a major logistics hub, many cross-border sellers already have EU warehousing that can fulfill this role — but it must be formally documented and displayed on product pages.
Importer
An EU-based company that buys your products and resells them within the EU. The importer takes on the responsible person role automatically under GPSR Article 4(1).
Authorised representative
A company or individual formally appointed by you to act as your EU responsible person via a signed written mandate. They must be named on the product or product pages.
Fulfilment service provider
An EU-based fulfilment warehouse or 3PL can act as responsible person if they handle your products. Dutch fulfilment centres near Rotterdam or Amsterdam commonly offer this service.
Check your compliance for the Dutch market
Run a free GPSR + EAA compliance scan. Get a severity-ranked report of what needs fixing before the ACM or NVWA come calling.
Scan your store for free
Enter any page URL from your store. Your homepage is a good starting point.
No account required · Results in ~60 seconds · First scan free
Frequently asked questions
Who enforces GPSR in the Netherlands?
GPSR in the Netherlands is enforced by two main authorities: the ACM (Autoriteit Consument & Markt) for consumer protection and ecommerce compliance, and the NVWA (Nederlandse Voedsel- en Warenautoriteit) for physical product safety inspections. The AP (Autoriteit Persoonsgegevens) separately enforces GDPR and cookie consent rules.
What are the fines for GPSR violations in the Netherlands?
The ACM can impose fines up to €900,000 per violation — one of the highest in the EU. The ACM has a track record of issuing substantial fines against online retailers, not just warnings. NVWA violations related to unsafe products can result in additional penalties and forced recalls.
Is Dutch language required for product safety information?
Yes. GPSR requires product safety information in a language easily understood by consumers in the member state. For the Netherlands, safety warnings, usage instructions, and manufacturer or responsible person contact details must be available in Dutch. English-only product pages do not meet this requirement.
What is the AP and does it affect my online store?
The AP (Autoriteit Persoonsgegevens) is the Dutch GDPR enforcement authority. It actively investigates cookie consent violations and has issued fines against major brands. If your Dutch-facing store uses tracking cookies without proper consent, has an incomplete privacy policy, or retains data longer than necessary, you face AP investigation independently of GPSR enforcement.