Netherlands market: Many brokers as a result of tax regulations
The Netherlands market is well regulated and has many rules & characteristics. In order to do business, you must comply with some strict regulations. On this page we will address the Netherlands rules & characteristics. If you are interested in doing business in the Netherlands, we suggest you also read:


The Netherlands is part of the European Union. Within the EU, the General Data Protection Regulation (GDPR) is enforced.

This regulation is a European law on data protection and privacy for all citizens of the European Union. As a result all privacy-related information, such as e-mail address, home address, social security number, bank account number has to be processed in accordance with this regulation.

Most of this data is not allowed to leave the European Union. In some cases even the home country.

80% of respondents to a survey (sources: CIONET and Cegeka) said that they are legally obliged to store their data within the European Union.

Accessing this data from outside the European Union is considered as moving data outside the EU!

Research by “Autoriteit Persoonsgegevens” (Personal Data Authority) shows that 94% of the population is concerned about the protection of their personal data. Compared to citizens of other European countries, citizens of the Netherlands score above average on (43%) awareness of their rights.

During a first meeting with a prospect you should expect that this topic will be discussed. In addition to preparing a presentation on services offered, it is imperative to address the GDPR issue. This will give your prospect confidence that you are aware of the regulations and that you are complying with them.

Processing agreement
If you do business with a company in the Netherlands and your activities include the processing of personal data, you must draw up a processing agreement. More information about the content of the agreement can be found here →.

Here is a template → of a processor’s agreement.

Many IT service brokers

Due to tax legislation relating to chain liability, a customer is responsible for the payment of payroll taxes of his service providers. So if a service provider does not pay its payroll taxes, the customer will have to pay these taxes.

As 88% of IT companies in the Netherlands are small (5 persons or less), this legislation is very labour-intensive (checking the tax payments of IT service providers) or risky.

Risk mitigation
As a result of the chain liability act, companies arose in the Dutch market that act as intermediaries between clients and service providers (brokers). These brokers are contracted by clients and they hire the service providers. These brokers check the payment of wage tax by the service providers before they pay the invoice.

Large system integrators (CGI, Capgemini, Cognizant, etc.) still have direct contracts with their customers, but today “brokers” get the most time/material contracts and are in fact the largest providers of IT services to governments and businesses.

As these brokers get virtually all IT time/material requests from the market and most of the work is done by small businesses, there is also pressure on prices.


The market is changing rapidly. The Netherlands is a highly competitive market where risk mitigation and price and/or price mechanisms are crucial.

Suppliers must be creative and flexible and offer their customers alternative pricing models, such as Fixed Price, Shared Risk/Reward and Pay Per Use.

Projects versus time/material
Customers have negative experiences with time/material projects and are no longer willing to pay a lot of money for a project that takes longer than expected, becomes more expensive and does not deliver the agreed results.

Shared Risk/Reward
During the project, the customer pays a low rate. Once the project has been successfully completed, the customer pays a success fee.

Example: some companies charge 60% during the delivery of the project and an 80% bonus after successful completion. A bad project yields 60% of the average daily rate and a successful project yields 140% of the average daily rate.

Pay Per Use
The client pays when he uses the solution instead of paying for building the solution. Payment schedules can be based on the number of users per month or the number of transactions in the system, and so on.

Secure website (SSL certificate)

In the Netherlands, more and more people are buying online. The Dutch are in the Top 5 when it comes to online shopping.

In 2018, 96% of the Dutch population (over 15 years of age) bought online. This represented a value of 23.7 billion euros. These shoppers are aware of their rights and obligations with regard to their personal data.

If your website doesn’t have an SSL certificate, even if you don’t perform financial transactions through your website, customers will think that your website is not safe and will leave. This means that you lose a (potential) customer. Google places websites without SSL certificates lower in their ranking (search results).

Safari doesn’t even open an insecure website. You need to address this because the management level within your potential customers often uses Apple machines.

Agile and DevOps

Many companies have changed their approach to software development from “Waterfall” to “Agile”. The opinion is that Agile makes users more satisfied because results are delivered faster.

Large organisations hire complete scrum teams from their IT service providers. Companies such as Capgemini use mixed local and offshore teams in a virtual common office space to meet customer demand. Cognizant uses landed resources: they bring personnel from India to the Netherlands.

What does this mean

  • The General Data Protection Regulation lays down rules and restrictions for foreign companies: What data can be processed and in what way
  • Processing of personal data (even in a system test) requires a processor agreement
  • The Dutch market for IT services is highly competitive
  • Most customers turn to trusted IT partners or brokers to mitigate the risk of tax legislation
  • The market has a demand for time/material services, but also for projects
  • A ‘low price’ is not the only mechanism for winning customers. Competitors offer alternative pricing mechanisms, such as “Shared Risk/Reward” and Pay Per Use
  • Your website must have an SSL certificate
  • The Netherlands has a very high level of digitisation. It will be difficult to surprise customers with opportunities or offers

What to do

  • Get a good understanding of the GDPR. Know the rules on information processing in the Netherlands and the EU
  • Design, if possible, alternative pricing schemes
  • Arrange an SSL certificate
  • Be prepared to meet IT service providers as your prospect (more in-depth questions during meetings)
  • Offer virtual Agile teams