Regulatory & Compliance

Regulatory & Compliance

Navigating in an increasingly complex regulatory world!

In a constantly evolving regulatory environment, companies must adhere to a growing body of rules and regulations as part of operations. Modern communications technologies have given rise to rules for privacy protection and wars have resulted in a growing volume of sanctions. Also, companies are more and more held accountable for unethical activities such as child labor, human rights abuses, and environmental damage.   

We provide tailormade solutions for regulatory demands

As well in M&A transactions as in commercial contracting regulatory compliance issues have increasingly become a major factor. Regulatory compliance encompasses a broad range of topics, ranging from cartel and merger control rules, anti-corruption, privacy, sanctions to financial supervision and tax compliance.

Competition law
European Union and Dutch Competition Law include rules to prevent cartels and abusive conduct by dominant undertakings and requires the notification and prior approval of mergers and other concentrations exceeding certain turnover thresholds. In the event of an effect on the EU internal market, the EU competition rules apply. Otherwise, the Dutch Competition Act will apply, which to a large extent applies the same principles as EU competition law.

The European Commission and The Netherlands Authority for Consumers and Markets (ACM) ensure fair competition between businesses and protects consumer interests. If you infringe the EU's or Dutch competition rules, you could end up being fined as much as 10% of your annual worldwide turnover. Therefore, compliance at every level of your organization is of utmost importance.

Corruption is a major disrupting force causing poverty, inequality and economic stagnation. Already in 1977, the United States of America adopted the Foreign Corrupt Practices Act (FCPA), which criminalizes corrupt interactions with foreign officials. Since its implementation, the FCPA serves to prosecute domestic and foreign companies, who bribe officials outside of the United States. On 1 July 2011 the UK Bribery Act of 2010 came into force, targeting bribery and receiving bribes both towards national and foreign public officials. Furthermore, it is assigning responsibility to organizations whose employees are engaging in bribing and hence obliges companies to enforce compliance-mechanisms to avoid bribing on their behalf. The Netherlands does not have a separate anti-corruption act, but corruption is penalized as a criminal offence under the Dutch Criminal Code.

Given the extraterritorial effect of in particular the FCPA, also Dutch companies of groups active in the USA need to implement proper anti-corruption compliance policies.

On 25 May 2018, the EU General Data Protection Regulation (GDPR) applies in all EU Member States, including Norway, Iceland and Liechtenstein as members of the European Economic Area (EEA). The idea behind the GDPR is to protect the personal data of European citizens while still allowing it to flow freely.

Personal data is any information that relates to an identified or identifiable living individual. Organizations must have a legitimate purpose to process personal data and must comprehensively inform data subjects about the use of their personal data and their rights of control over their personal data. Data subjects have the right (i) to access their personal data, (ii) rectification, (iii) erasure, (iv) restrict data processing, (v) to be notified, (vi) to data portability, (vii) to object to processing, and (viii) to reject automated individual decision-making.

Export of personal data from the EU/EEA is only allowed to countries for which the EU Commission has issued an adequacy decision, confirming that the country offers an adequate level of data protection. In the absence of an adequacy decision, data export is only allowed if appropriate safeguards are n place such as Binding Corporate Rules or Standard Contractual Clauses.

In the Netherlands compliance with the GDPR is supervised by the Dutch Data Protection Authority. Based on the severity of non-compliance, fines may be levied up to EUR 20 million, or 4% of the worldwide annual revenue - whichever is higher.

In a world with growing political instability, Restrictive measures (sanctions) are an essential tool in the USA’s and EU’s foreign and security policy, through which they can intervene where necessary to prevent conflict or respond to emerging or current crises.

In spite of their colloquial name ‘sanctions’, EU restrictive measures are not punitive. They are intended to bring about a change in policy or activity by targeting non-EU countries, as well as entities and individuals, responsible for the malign behaviour at stake.

The EU has over forty different sanctions regimes in place. Some are mandated by the United Nations Security Council, whereas others are adopted autonomously by the EU. The USA and EU sanctions regimes tend to have a substantial overlap, although there are notable differences, e.g. in relation to Iran.

The task of conducting investigations into potential non-compliance cases falls to the EU Member States and their national competent authorities. It goes without saying that violating sanctions may have severe penal consequences.

Corporate sustainability due diligence
In February 2022, the EU Commission adopted a proposal for a Directive on corporate sustainability due diligence. Once adopted, this Directive will place an obligation on companies to identify, end and account for all negative impacts of their business operations on human rights, climate change and their environmental impact. Failure to do so may result in their directors being held accountable. The EU Member States must appoint an authority for enforcing the Directive.

After implementation by the EU Member States, the Directive will apply to the more than 9,400 European companies with more than 500 employees and a worldwide net turnover of more than EUR 150 million (Group 1), and after a 2 years' grace period to a second group of some 3,400 smaller companies with more than 250 employees and more than EUR 40 million turnover in high impact sectors, such as textiles, agriculture and mineral extraction. The Directive will also apply to over 2,600 non-European companies.


Cees-Frans Greeven

Managing Partner | Lawyer
Send me an e-mail
+31 (0)20 333 8390 /+352 (0)2644 0919 21

Philip ter Burg

Partner | Lawyer
Send me an e-mail
+31 (0)70 318 4828

Related news & updates