eEvidence seminar provides greater clarity on upcoming legislation

News

During the eEvidence seminar organised by NBIP on 22 April in Utrecht, it became clear that there are still a number of hurdles to overcome before 18 August 2026 – the date on which eEvidence comes into force. Collaboration between the Ministry of Justice and Security, the sector and other stakeholders will play a key role in this.

In short: what is eEvidence?

Under the eEvidence framework, competent authorities in EU Member States will soon be able to request direct access to electronic evidence (e-evidence) from digital service providers in other EU Member States. Providers must respond within 10 days of receiving a order, or within 8 hours in urgent cases. Currently, this period stands at 120 days. It is therefore expected that this legislation will lead to a significant increase in the number of orders. Digital service providers must be able to comply with these orders from 18 August 2026.

That is why NBIP, in collaboration with the Dutch Cloud Community and the Association of Registrars (in Dutch: VvR), organised an seminar to update the sector on the latest developments regarding eEvidence. The session featured a guest from the Ministry of Justice and Security (J&V), which is responsible for the implementation of eEvidence in national legislation. The session began with a presentation by Erik Planken, senior policy adviser at J&V, on the latest state of affairs regarding eEvidence and what providers can expect. This was followed by a panel discussion in which moderator Marc van der Ham (Tilburg University) spoke with Erik Planken, Wilfred van Duyn (J&V), Jacqueline van de Werken (Dutch Cloud Community), Margreth Verhulst (VvR) and Octavia de Weerdt (NBIP). The discussion addressed the most pressing questions from the sector regarding compliance with eEvidence and the steps required to achieve this.

The European portal: E-CODEX

During the presentation, it became clear that the Netherlands will definitely be using the European portal known as E-CODEX. This is in contrast to the Netherlands’ previous position of building its own portal for eEvidence requests. Through the portal, companies covered by eEvidence will have access to the web interface for processing disclosure and preservation orders (requests). The European Commission is working on the development of the Reference Implementation (RI) software for competent authorities and service providers, which will be implemented by the Netherlands.

Status of the eEvidence legislation in the Netherlands

The eEvidence package consists of two components: a European regulation and a directive. The regulation will apply directly from 18 August 2026 and does not need to be transposed into national law. The provisions of the directive, however, must be transposed into national legislation. The Electronic Evidence Implementation Act, the Dutch transposition of the directive, is currently before the House of Representatives. At present, it seems unlikely that the Implementation Act will be adopted by both Houses of the Dutch Parliament before 18 August. However, this does not mean that the regulation will not come into force on 18 August.

What does this mean for businesses? Organisations must in any case register via the registration portal, with applications being validated by the Netherlands Authority for Consumers and Markets (ACM), which will oversee compliance with the implementing legislation in the Netherlands. The panel discussion during the seminar revealed that if registrations have not been possible, the directive has not yet been implemented or the API is not yet operational, the Netherlands cannot yet comply with eEvidence orders. According to J&V, a Plan B must then come into effect, but the details of this are as yet unknown. Please note: the eEvidence package will exist alongside the current European Production Order (EPO).

Does the size of your organisation affect eEvidence?

The panel also discussed what impact this will have on the many organisations that will fall under the scope of eEvidence. Consider, for instance, the administrative burden on small businesses. Whereas other legislation, such as the Digital Services Act (DSA), still provides exemptions for (smaller) SMEs, this is not the case with eEvidence. Every digital service provider, as defined in the regulation and regardless of the number of employees or turnover, must comply with eEvidence. The reason for this is to prevent criminal activity from shifting or being attracted to service providers not covered by the regulation. It also became clear that not only must your parent entity be registered, but you must register every company falling under your parent entity for eEvidence.

Financial compensation for complying with eEvidence orders?

In some countries, such as the Netherlands, there is a national compensation scheme for the costs incurred by companies in complying with orders from competent authorities. This is not the case within the eEvidence package. When asked during the panel discussion, the Ministry of Justice and Security stated that, during discussions with the European Commission, there was no consensus among the 26 Member States regarding a reimbursement scheme.

For Dutch companies, this means that they will not receive any reimbursement if they receive an order from another country that does not have a reimbursement scheme.

The next steps for eEvidence

Drawing on its 25 years of experience with lawful interception and lawful disclosure, NBIP stands ready to support the sector, the Ministry and other relevant bodies wherever possible in implementing this legislation. One of the key issues, for example, is to clarify exactly which groups of service providers will be affected by eEvidence. In addition, the panel also discussed whether the registration requirement should be brought into force first, followed by the specific obligation. This question will be taken into account in the discussions with the technical committee responsible for eEvidence.

In the autumn, NBIP will organise a further information session on this topic, involving as many stakeholders as possible.

News

DDoS-attacks in Q1 2026
NaWas, News
28 April 2026
eEvidence: how is your organisation preparing for it?
Lawful Interception, News
20 April 2026
NBIP welcomes Jeroen Stevens (Interconnect Services) and Ruben van der Zwan (Worldstream) as new board members
News
10 February 2026
DDoS-attacks in Q4 2025
NaWas, News
29 January 2026

Wil je meer informatie of je abonneren op onze nieuwsbrief?

NBIP logo
NBIP NEXT
Platform- and supplier-independent Cloud with Haven

Thursday, 27 November – 1:50 p.m. – 2:30 p.m.

Haven is an open solution for platform- and supplier-independent Cloud services. Haven is a building block of the pGDI and the NDS. Haven offers agnostic configuration of Cloud technology and provides organisations with a feasible exit plan. Expect an inspiring story about the practice of ecosystem-driven collaboration, in which we use the power of digitisation for the benefit of society.

Highlights:

  • Haven+
  • Ecosystem-driven collaboration
  • Platform- and supplier-independent cloud services
  • Data sovereignty

About Jacco Brouwer

Jacco Brouwer works for the Association of Netherlands Municipalities as Cloud Policy Coordinator and represents municipal interests in the NDS implementation programme on Cloud. From the Innovation Knowledge Centre at VNG, Jacco is the initiator of the public Incubator GROEI, through which VNG guides municipal collaboration and innovations based on a start-up philosophy in scaling up to broad and collective use among municipalities and fellow authorities.

Jacqueline van de Werken is bijna 10 jaar actief als global general counsel bij Leaseweb, na een loopbaan in de advocatuur en actief te zijn geweest in legal & regulatory affairs bij buitenlandse telecom/ datacom aanbieders.

Sinds enige tijd is Jacqueline ook board member & secretaris van brancheorganisatie Dutch Cloud Community. Als president/chair bij Cloud Infrastructure Service Providers Europe richt ze zich ook op het behartigen van regulatory belangen van de IAAS cloud sector.

Woensdag 26 november 

Van vrijwillig naar verplicht: de nieuwe werkelijkheid van regelgeving voor providers

Interactieve sessie

11:15 – 12:00 uur

Ir. Bas Dunnebier EngD

Bas Dunnebier is Chief Science and Technology Officer (CSTO) bij de Algemene Inlichtingen- en Veiligheidsdienst (AIVD). De CSTO speelt in op de kansen en uitdagingen die technologische en wetenschappelijke innovatie met zich meebrengen, onder meer voor de offensieve en defensieve taken van de dienst.

Eerder vervulde Dunnebier verschillende andere functies binnen de AIVD, waaronder die van hoofd Unit Weerbaarheid. Hij heeft daardoor een brede expertise ontwikkeld op het gebied van (cyber)weerbaarheid, inlichtingen, en technologieën zoals AI, quantum en cryptologie. Hij studeerde Toegepaste Wiskunde aan de Universiteit Twente, en Informatie- en Communicatietechnologie aan de Technische Universiteit Eindhoven. Voordat Dunnebier bij de AIVD kwam werken, werkte hij onder meer bij Thales, TNO en Technolution.

Het huidige dreigingsbeeld volgens de AIVD: wat nu te doen?

Woensdag 26 november 
14:00 – 14:35
Parkzaal: Wet- en Weerbaarheid

During his presentation, Dr. Alberto P. Martí will provide an update on the European IPCEI Cloud Infrastructure and Services (CIS) project.

Thursday, 27 November

3:00 p.m. – 3:45 p.m.

Parkzaal: Towards digital autonomy

During NBIP NEXT, René will share more about the implementation of the eEvidence legislation that will come into force for internet service providers on 18 August 2026.

Wednesday 26 November

3:00 p.m. – 3:35 p.m.

Parkzaal: Track Law & Resilience

During NBIP NEXT, Johan will give a presentation as part of the DDoS Mitigation track on how to use a WAF to mitigate layer 7 attacks.

Wednesday, 26 November
1:15 p.m. – 1:50 p.m.
Fonteinzaal: Collaborative DDoS mitigation track (ENGLISH)

Dr. Cristina Caffarra is one of the driving forces behind EuroStack. This movement, which has the ear of politicians and policymakers in Europe, is campaigning for more investment in European technology, based on the belief that this is the only path to digital autonomy.

Caffarra is a competition expert and knows the world of big tech companies from the inside. She has made important contributions to competition investigations into mergers and antitrust cases for the European Commission. Caffarra does not mince her words and tells it like it is: we must work together to give shape to European digital autonomy as quickly as possible. At NBIP NEXT, she will share her vision during an inspiring keynote speech, followed by an opportunity for discussion.

Thursday 27 November
1:15 p.m. – 1:50 p.m.
Parkzaal: Towards digital autonomy