ACM's Abykys refusal turns a clever platform model into a boardroom question about role, revenue and proof.
On a Tuesday morning, a founder is testing the first price sheet for a data marketplace. The demo looks clean. One customer has machine data. Another wants access. The invoice line says platform fee. Then someone asks the question that changes the room: what role is the company legally playing?
The signal has to become readable
ACM refused the registration of Abykys B.V. as a data intermediation service under the European Data Governance Act. ACM also says organisations active in data intermediation must register if they want to continue offering those services in the EU.
That makes the decision more than a one-company notice. It is a governance signal for anyone selling trust between data holders and data users.
The role comes first
Dutch government guidance defines a data intermediation service as a service that brings data holders and data users into contact so data can be shared. The registration duty can also cover matchmaking services such as a data marketplace. If the provider has its main establishment or legal representative in the Netherlands, the service must be registered with ACM.
The hard part starts when the revenue model arrives. The service must be neutral. Data received may only be used for sharing with the data user at the request of the data holder. The guidance also says the provider may not offer other data services and must help natural persons exercise GDPR rights where relevant.
The Abykys refusal is a warning against lazy labels. Calling something a platform, marketplace or exchange does not settle the role. The role follows what the company actually does with the data, who pays, what is kept, what is reused and what the contract says.
Ordinary firms are already in the chain
This reaches beyond large technology firms. CBS provisional 2025 figures show that, among Dutch companies with 10 or more employed persons in the surveyed sectors, 69 percent used cloud services, 69 percent used business software and 33 percent used AI. In the ICT sector, CBS reports 89 percent cloud use and 66 percent AI use.
What the signal changes
Those figures describe larger small firms, but they also describe the climate around the microbusiness. A one-person installer, small logistics broker, health-adjacent supplier or niche software studio may not call itself a data company. Still, its work may run through cloud tools, customer portals, connected devices, APIs and third-party dashboards.
The founder at the Tuesday table is not building in an empty field. Customers already use digital systems. Suppliers already ask for data feeds. Larger buyers already want audit comfort. The platform enters a chain where trust has to be shown, not assumed.
Revenue has to match the role
The hard question is not whether data has value. It does. The harder question is whether the company earns money in a way that still fits neutrality. Matching a data holder with a data user is one thing. Reusing the same flow for scoring, enrichment, analytics, resale or group-company insight is another.
This is where governance becomes practical. The website may promise neutral exchange. The sales deck may promise insight. The invoice may say platform access. The technical team may store data for later development. Each line can look defensible on its own, while the whole company tells a confused story.
A small firm feels that confusion in cash. Registration work, contract changes, logging, access controls and customer questions cost time before they appear as revenue. A buyer may pause onboarding until the role is clear. An investor may ask what the company is really selling.
Access rules are widening the question
The Data Governance Act sits inside a wider shift. The Data Act has applied from 12 September 2025, and the Dutch implementing law entered into force on 21 November 2025. That law designates ACM and the Dutch Data Protection Authority as supervisors. The wider theme is fair access to and fair use of data.
ACM's consumer guidance on smart devices makes the daily scene concrete. Users may share data from a smart device or connected service with another company. Providers must make sharing possible, with specific refusal grounds such as disclosure of business secrets.
What founders should check
Official measurement is still young. CBS says the current EU register is too thin to map the full field of data intermediation services. It also places data sharing, IoT and cloud measurement in a pioneering phase. The market can move faster than the map.
Make the company explain itself
For a founder, the useful discipline is a control file a normal director can understand. Who is the data holder? Who is the data user? What data is shared? For what purpose? Which entity signs? Does that entity match the Handelsregister position? What does the service keep, delete, refuse or pass on?
The ledger matters too. If invoices describe analytics while contracts describe neutral matching, the administration weakens the story. If one group company claims neutrality while another sells derived insights from the same flow, the governance problem arrives before the software problem.
This review is not a ritual. It is the company learning to speak one language across sales, contracts, finance and technology. Public claims, technical flows, access logs and customer terms should describe the same business.
Back at the Tuesday table, the founder still has a promising platform. The point is not to make innovation timid. The point is to stop treating data brokering as a clever idea without a supervised role attached to it.
A neutral intermediary sells trust before it sells scale. In the Netherlands, that trust now has registration, supervision and evidence around it. The calm business move is to understand the role early, price the cost honestly and make sure the data route can be explained before the market asks harder questions.
Sources
- CBS labour market data
- Besluit databemiddelingsdienst onder de Data Governance Act Abykys | ACM
- Ondernemersplein – Registration duty and neutrality of data intermediation services
- Wettenbank – Dutch implementing law for the Data Governance Act
- Overheid.nl Wetgevingskalender – Data Act implementation and the wider data-access regime
- ACM ConsuWijzer – Consumer access to data from smart devices
- CBS – SME digital intensity
- CBS – Official measurement gaps around data sharing, IoT, and cloud
Referenced in the article
Column | Human Resources
A Dutch 30 Percent Ruling Needs More Than a First Payslip
For international hires, the first contract can decide more than the first month’s wage.
Column | Governance
The ZuivelNL Ruling Puts Transparency Inside Daily Governance
A binding promise to ACM is not a press line, but a discipline for boards, invoices.
The Polder is written for readers who need the Dutch business environment translated into practical meaning. Corrections, source policy and editorial accountability are part of the publication record.
