New Espionage Legislation Forces Organizations Beyond Compliance: Three Themes for Dutch Resilience

On May 15, 2025, the Act on the criminalization of modern forms of espionage entered into force.¹ This not only sharpened the classic espionage image, but also explicitly criminalized digital espionage and diaspora espionage. For those who collect confidential information on behalf of a foreign power, the punishment can be up to eight years in prison, or even twelve years if the activities endanger lives.²

It shows how strongly the threat landscape has changed. Espionage is no longer limited to state secrets in government vaults. Today, it also involves penetrating networks, influencing communities, and subtly recruiting insiders.³ What once seemed far away now takes place in the middle of our own knowledge campuses and boardrooms.

The public discussion often focuses on cyberattacks. That is understandable, but it falls short of reality. Hybrid threats combine digital means with classic tactics: physical infiltration, influence campaigns, and economic pressure.

The thwarted Russian hacking attempt at the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague made this clear in 2018.⁴ What then seemed exceptional has now proven to be a structural pattern that the new espionage legislation now explicitly addresses. For a country like the Netherlands, host to international organizations and a hub in the European high-tech chain, this is a direct vulnerability.

With the new legislation, attention is explicitly shifting to the human factor. Not only espionage around state secrets is punishable, but also the passing on of sensitive business information or scientific knowledge now falls under it.⁵ This makes it clear that not only ministers or diplomats are targets, but also researchers, engineers, and employees with access to critical systems.⁶

For organizations, this means that integrity can no longer be an HR formality. A Certificate of Good Conduct or a standard database check offers no guarantee. It's about whether you really have insight into the risks that people, consciously or unconsciously, bring with them.

At Proximities, we see daily how large the gap is between standard screening and an intelligence-driven approach. Where a VOG or diploma check mainly confirms that someone is formally in order, we expose which factors in practice pose risks. Think of financial pressure that can influence behavior, interests that conflict with the role, or international connections that make sensitive information attractive. That makes the difference between a checkmark on paper and truly understanding what risks really exist.⁷⁸

The expansion of the espionage law does not stand alone. The Netherlands is rapidly strengthening its security architecture, with the Knowledge Security Act and the new Cybersecurity Act as additional pillars. Together, these laws form a clear signal: companies in high-tech, logistics, vital infrastructure, and defense-related manufacturing must do more than meet minimum compliance requirements.

The real challenge is demonstrably showing that you work structurally and proactively on resilience. International clients and governments are explicitly looking at the integrity and reliability of their partners. Investing in risk management, from due diligence in the chain to screening of key positions, is therefore not only protection, but also a strategic advantage.

‍

The new legislation is a powerful signal. But laws are by definition reactive. They create a legal framework, not practical protection. That remains a responsibility of organizations themselves. The question that must be asked in every boardroom is: how do we translate this into our own practice? Which functions are crucial for our continuity? Which partners do we allow into our chain? And how do we make integrity tangible in our daily work? The answer lies in the combination of geopolitical insight, human integrity, and strategic risk management. Organizations that take action now limit their vulnerability and increase their value as a reliable partner in an increasingly complex world.

1. AIVD – Meer vormen van spionage strafbaar (16 mei 2025)
2. AIVD – Onderwerpen: Spionage (2025)
3. AIVD – Vraag & Antwoord: welke vormen van spionage zijn strafbaar? (2025)
4. NOS – MIVD: Russische hack van OPCW in Den Haag voorkomen (4 oktober 2018)
5. Rijksoverheid – Strafbaarstelling van moderne spionagevormen (2025)
6. Rijksoverheid – Advies AIVD/MIVD wetsvoorstel verruiming strafbaarheid spionage (TK-advies, 2022)
7. Proximities – Producten & Onderscheidend Vermogen (2025)
8. Proximities – Brochure Screenen van Personeel v1.1 (2025)