---
title: "AI Voice Agents in the Netherlands: AP Compliance Guide 2026"
description: "Deploy AI voice agents in the Netherlands under the Autoriteit Persoonsgegevens, UAVG, Bel-me-niet Register, ACM and the EU AI Act. Lawful basis and vendor checklist."
url: "https://ainora.lt/blog/ai-voice-agent-netherlands-ap-compliance-2026"
---

# AI Voice Agents in the Netherlands: AP Compliance Guide 2026

**Important Disclaimer:** This article provides general guidance only. It is not legal advice. Consult a Dutch data protection specialist (FG / advocaat) before deploying any AI calling system in the Netherlands.

AI voice agents in the Netherlands must comply with **GDPR** (Regulation 2016/679), the Dutch **UAVG** (Uitvoeringswet AVG), and the **EU AI Act** - supervised by the **Autoriteit Persoonsgegevens (AP)**. For outbound commercial calling, the **Bel-me-niet Register** opt-out list applies under telecom law. The **ACM** (Autoriteit Consument & Markt) regulates voice telemarketing.

## Key Dutch compliance terms

- **AP** - Autoriteit Persoonsgegevens (Dutch DPA).
- **UAVG** - Uitvoeringswet AVG (Dutch GDPR implementing act).
- **Bel-me-niet Register** - Dutch do-not-call register.
- **ACM** - Autoriteit Consument & Markt (consumer + market authority).
- **EU AI Act** - Art. 50 requires AI disclosure.

## What Is the Dutch Compliance Framework for AI Voice?

Four layers: GDPR baseline, UAVG national overlay, telecom rules (ACM) + Bel-me-niet for commercial outbound, EU AI Act transparency from 2 August 2026.

## Who Is the Autoriteit Persoonsgegevens?

Dutch supervisory authority. Among the most active EU DPAs on AI specifically. Has published explicit guidance on AI and automated decision-making. Has imposed multi-million fines on telemarketing operators.

## How Does the UAVG Implement GDPR in the Netherlands?

UAVG is the Dutch implementing law for GDPR. Key Dutch-specific additions:
- Minors must be 16+ for valid consent (NL went with the higher end of GDPR Art. 8 flexibility).
- Specific provisions on automated decision-making.
- Workplace monitoring rules (Works Council Act + GDPR).
- Heightened security for sensitive categories.

## What Lawful Basis Applies to AI Voice Calls in the Netherlands?

| Call type | Primary lawful basis | Dutch rule |
| --- | --- | --- |
| Inbound customer service | Art. 6(1)(b) contract | UAVG transparency |
| Inbound appointment | Art. 6(1)(b) contract | AI disclosure (AI Act Art. 50) |
| Outbound B2C commercial | Art. 6(1)(a) consent (since 2021) | Bel-me-niet screening + opt-in for B2C |
| Outbound B2B commercial | Art. 6(1)(f) LI | Bel-me-niet screen if personal number |
| Outbound debt collection | Art. 6(1)(b)/(f) | Wet Incassokosten + good practice |
| Call recording for QA | Art. 6(1)(f) LI | Works Council consultation + staff notice |
| Sensitive data | Art. 9(2)(a) explicit consent | Heightened security |

**Important Dutch rule:** since 2021, B2C telemarketing in the Netherlands requires **opt-in consent** (Telecommunicatiewet amendment). This is stricter than most EU member states.

## How Does the Bel-me-niet Register Work?

Dutch do-not-call register. Operated by Stichting Bel-me-niet Register. Consumers register phone numbers to refuse unsolicited commercial calls. Operators must:
- Consult the register before campaign.
- Refresh consultation every 30 days minimum.
- Keep proof of consultation for 3+ years.
- Combine with opt-in consent requirement (post-2021 for B2C).

## How Does the ACM Regulate Voice Telemarketing?

ACM enforces the Telecommunicatiewet alongside AP. ACM has imposed multi-million fines for unsolicited commercial calling without opt-in consent. Operators must disclose caller identity, purpose, and (now) AI nature.

## What Are Dutch Call Recording and Consent Rules?

- Disclose recording at start of call.
- Works Council Act requires consultation before introducing systematic call monitoring of staff.
- Sensitive content requires explicit consent.
- Retention period must be documented and minimized.

## How Does the EU AI Act Apply to Voice Agents in the Netherlands?

Art. 50: must disclose AI nature. AP + ACM will likely co-supervise. Transparency obligations from 2 August 2026.

## What Has the AP Decided About Automated Calling?

AP has imposed multiple fines on insurers and telecoms for unsolicited calling, automated processing without proper lawful basis, and failures around data subject rights.

## AP-Aligned Vendor Checklist

- DPA signed (GDPR Art. 28).
- Transparency notice in Dutch.
- AI disclosure script (EU AI Act Art. 50).
- Opt-in consent flow for B2C outbound (post-2021 requirement).
- Bel-me-niet register screening.
- Call recording disclosure.
- 72-hour AP breach notification.
- DPIA for high-risk processing.
- Works Council consultation for QA monitoring.

## Sources

- GDPR (Regulation 2016/679)
- UAVG (Uitvoeringswet AVG)
- EU AI Act (Regulation 2024/1689)
- AP guidance + decisions
- ACM decisions + telecom rules
- Bel-me-niet Register
- Telecommunicatiewet (2021 amendment requiring B2C opt-in)
- Works Council Act