Small firms need proof of data access, cloud exits and platform decisions before pressure arrives.
On a quiet Tuesday morning, a Dutch webshop owner can have four screens open before the first coffee is finished: a marketplace dashboard, a payment provider, a cloud invoice and an advertising account. None of it feels like regulation. It feels like sales, fulfilment, customer service and cash.
The signal has to become readable
That is why ACM’s speech by Mickie Schoch, director Telecom, Transport and Post, matters. The speech on supervision of the digital economy and innovation puts telecom, the Digital Services Act, the Digital Markets Act, the Platform-to-Business Act, the Data Act and the Data Governance Act in one practical frame. Read that way, ACM digital-economy supervision is a business signal about dependence.
The rule has moved into the workday
Dutch digital supervision is no longer waiting at the edge of the company. Since February 2025, ACM has been authorised to supervise the Digital Services Act in the Netherlands. Rijksoverheid had already designated ACM provisionally as competent authority and Digital Services Coordinator in 2024. Dutch supervision now has a clear address.
The DSA is not only for social media giants. ACM public information says it applies to online services that transmit, store or disseminate user content. That includes social networks, marketplaces, web hosting and certain webshops. For a small firm, the first question is what the service actually does for users and traders.
The same widening appears around data. The Data Governance Act has applied since 24 September 2023. Data intermediation services must register and may not repurpose received data. The Data Act applies from September 2025 and concerns fair access to and use of data, including connected-product data and cloud switching. In the Dutch setup, most supervision sits with ACM.
Gatekeepers sit in the same practical picture. The European Commission enforces the Digital Markets Act, while ACM can investigate Dutch market signals and support Brussels. For a smaller firm, app-store access, operating-system access, payment restrictions and interoperability are no longer distant platform gossip.
The cost hides in dependence
A company often discovers digital lock-in too late. The cloud contract looks acceptable until migration starts. The marketplace looks profitable until a product page is limited. The app store looks like a sales channel until payment conditions change. The connected machine looks efficient until useful operating data sits elsewhere.
What the signal changes
These are margin problems. They affect the price of leaving a supplier, the hours staff spend rebuilding exports, the quality of customer evidence and the strength of the company when contracts renew. A weak digital position often appears first as extra labour, delay or lost bargaining power.
CBS gives the background. Its provisional 2025 figures show that 82 percent of personnel at Dutch companies with 10 or more employed persons used the internet for work. Around eight in ten such companies supported telework, and 33 percent used at least one of eight AI technologies. Among microbusinesses, firms using AI accounted for 17.9 percent of total microbusiness turnover in 2025.
The owner at the Tuesday desk may not call this a compliance perimeter. Even so, the company is already inside it through its tools.
Evidence before dispute
The practical discipline is evidence. If an online service blocks an account or removes content, ACM’s DSA information points to clear terms, explanations, complaint routes, advertising information and recommendation transparency. A business needs more than a sentence in terms and conditions. It needs records that show what happened, why it happened, who decided and what the user was told.
For a webshop, the review can start with scope. Does the site host reviews, trader content, user uploads, marketplace listings or other third-party material? If so, the label deserves attention before the first complaint. A small service does not need theatre. It needs clear roles, current terms, dated decisions and a person who knows where the records are.
For connected products, the question changes. A farmer using a milk robot, a transport company using truck systems or a technical service business using sensors may need data that helps run the work. The Data Act turns that into a practical conversation about access routes, formats, support, contracts and customer information. The safer business language is access and use, not a loose claim of ownership.
Cloud switching belongs in the same drawer. A founder should know how data can be exported, how long migration may take, what support is available, which formats are used and what continuity risk appears during the move. That is not an IT luxury. It is bargaining power.
The small company version
Return to the webshop owner. The business sells through its own site, uses a marketplace for reach, runs ads on a large platform, stores customer records in the cloud and experiments with AI for product descriptions. One company. Five dependency points.
What founders should check
A calm review would not start with panic. It would start with a map. Which platform can stop sales tomorrow? Which provider holds customer or product data? Which contract makes leaving expensive? Which user decisions are logged? Which supplier would a larger customer ask about if it reviewed security, incident handling or software updates?
This also matters to firms that do not sell software. A logistics company with vehicle data, a machine supplier with connected maintenance, a consultant using cloud tools or a small agency dependent on advertising access all face the same basic question. Can the company explain and prove how the digital route works when a customer, buyer, lender, insurer, adviser or supervisor asks?
ACM’s speech uses the old telecom lesson of interoperability. A notary with several telephones could not reach everyone because the networks did not speak to each other. Today’s version is quieter. It sits in apps, cloud exports, payment access, data formats, marketplaces and recommendation systems.
A calmer reading of supervision
This is no reason to treat every digital tool as a threat. That would be the wrong reading. The better reading is that digital dependence needs the same adult care as payroll, tax, insurance, rent and debtor risk.
DORA already applies in the financial sector. Cyber resilience rules for products with digital elements are moving on a known timetable. Dutch AI supervision is being designed. NIS2 implementation is moving through the Dutch legislative process. Each track has its own scope, but buyers and larger customers often translate these developments into supplier questions.
So the useful move is modest and concrete. Know your dependencies. Keep platform decisions traceable. Treat data access as part of product and service design. Ask cloud suppliers how exit works before renewal pressure starts. Keep dated evidence when a platform restriction affects sales, payment, ranking or customer contact.
The invoice is no longer only the price of the digital service. It also carries the cost of not being able to leave, explain, switch or prove. That is the compliance lesson in ACM’s digital signal, and it is a very practical one.
Sources
- Speech Mickie Schoch: Toezicht op de digitale economie en innovatie | ACM
- Rijksoverheid – DSA national coordination
- ACM – DSA enforcement start in NL
- ACM – DSA duties: account and content measures
- ACM – DSA duties: recommendations and ads
- Rijksoverheid – Data Act Dutch implementation (UWDV) — ACM executability review
- Rijksoverheid – Data Act applicability and Dutch supervision
- ACM – Data Act rights for smart devices (consumer explainer)
Referenced in the article
AEX Closing Brief | Market Pulse
AEX ends firmer, but the message is disciplined
AEX rose 0.44%; chips and Akzo helped, while Dutch spending signals stayed guarded.
Column | Ledger & Tax
A DGA’s Gym Bill Needs the Right Payroll Year First
Older arbo disputes and current WKR choices do not live under the same Dutch payroll rule.
Column | Compliance
When a Police Report Leaves Your Company Still Exposed
Reporting crime still matters, but small firms need their own evidence trail before the trail goes cold.
The Polder is written for readers who need the Dutch business environment translated into practical meaning. Corrections, source policy and editorial accountability are part of the publication record.
