Code of Conduct
Notice-and-Takedown

Code of Conduct for Notice-and-Take-Down 2026

Version 2.0 – April 2026

The Digital Services Act (DSA) places due diligence obligations on providers of intermediary services,

such as cloud and hosting companies, in handling notices of illegal content online. What the DSA refers

to as “illegal content” is referred to in this code of conduct as unlawful or criminal content.

Society must be able to trust that providers of intermediary services make efforts to remove unlawful

and criminal content from the internet.

This Code of Conduct for Notice-and-Take-Down (hereinafter referred to as “code of conduct”) is

aligned with the DSA, Dutch legislation, and practical experience within the sector. It replaces earlier

sector-specific arrangements and is intended to provide providers with practical guidance in applying

their obligations.

Scope of notices and procedures

This code of conduct applies to voluntary notices: requests made by notifiers to providers of

intermediary services to have unlawful or criminal content removed from the internet.

Outside the scope of this code of conduct fall orders from competent authorities, such as the ATKM,

law enforcement agencies, or the Public Prosecutor. For such orders, legal frameworks and

procedures apply; providers are required to comply with these regardless of this code of conduct.

For notices that do fall within the scope of this code of conduct, the procedures as described in this

code of conduct apply. In addition, supplementary arrangements have been made for certain categories

of content, such as with Offlimits for notices regarding child sexual abuse material. These

arrangements are set out in a separate addendum.

Definitions

In this code of conduct, the following definitions apply:

• Provider of intermediary services: a provider of digital infrastructure that facilitates public

access to internet services in the Netherlands, including mere conduit, caching, and hosting

services.

• ATKM: the Authority for Online Terrorist and Child Sexual Abuse Material, authorized to issue

removal orders for terrorist content and child pornography (CSAM).

• Competent authority: an entity with statutory authority to demand information or removal,

such as the ATKM or a law enforcement agency.

• Content provider: the person or entity that has placed certain (contested) content on the

internet.

• Notice: the act of a notifier reporting (alleged) unlawful or criminal content on the internet to a

provider of an intermediary service, with the aim of having that content removed.

• Notifier: the person or entity that submits a notice.

• Offlimits: the foundation that in the Netherlands receives, assesses, and issues NTD requests

for child sexual abuse material and, where necessary, forwards these to competent authorities.

• Manifest illegality: content that is demonstrably in violation of the law or the rights of third

parties without the need for in-depth investigation.

• Law enforcement agency: a legally designated entity with authority for supervision or

investigation, such as the police or the Public Prosecution Service.

• Trusted Flagger: a notifier recognized as a reliable party whose notices are handled with

priority. This includes both trusted flaggers designated by the European Commission under

Article 22 of the DSA, and parties designated as such by a provider of intermediary services.

Handling of notices

Providers of intermediary services maintain a publicly accessible procedure for handling notices of

unlawful or criminal content.

A notice contains at least the elements as set out in Article 16, paragraph 2 of the Digital Services Act:

• the name and contact details of the notifier;

• the location of the content (for example, a URL or IP address);

• a description of why the content is considered unlawful or criminal;

• a declaration that the notice is, to the best of the notifier’s knowledge, accurate and complete

Notifiers are preferably requested, where possible, to first approach the content provider before

directing the notice to another party. When submitting a notice, they should briefly explain why it is

directed at the relevant party and what steps have already been taken to have the content removed

through earlier links in the chain (such as the content provider).

Step-by-step approach for notices

When addressing notices, a step-by-step approach is applied. The starting point is that the content

provider is approached first, followed by the provider of an intermediary service (such as a hosting

provider), followed by other intermediaries such as registrars or access providers, and finally the

registry. This approach is consistent with the principle of proportionality and minimizes the risk of

unintended or disproportionate removal of content.

Notices from parties designated as Trusted Flaggers are handled with priority. This includes both

trusted flaggers designated by the European Commission under Article 22 of the DSA, and parties

designated as such by a provider.

For specific categories of content, such as notices from Offlimits regarding child sexual abuse material,

supplementary arrangements regarding timelines and procedure apply. These are set out in the

addendum to this code of conduct.

Assessment and measures to be taken

The provider confirms receipt of a notice within one working day and informs the notifier whether the

notice will be processed. For urgent notices or notices from trusted flaggers, a faster response is

provided.

Following receipt of a notice, the provider of an intermediary service assesses whether the content

constitutes manifestly unlawful or criminal content. The assessment is completed within one working

day of receipt of the notice. If the assessment requires more time, the notifier is informed with a

justification; the assessment is in that case completed no later than within five working days.

If the provider concludes that the content constitutes manifestly unlawful or criminal content, the

provider ensures that the relevant content is removed or made inaccessible promptly, but in any case

within one working day of receipt of the notice.

If no clear conclusion can be reached, the content provider is notified of the notice with a request to

voluntarily remove the content or to contact the notifier.

If the provider concludes that the content does not constitute unlawful or criminal content, the

provider notifies the notifier accordingly with a justification.

Communication

When content is removed or restricted, the provider informs the relevant content provider of the

measure taken and the reason for it, unless legal provisions prohibit this. The identity of the notifier is

not shared if the notifier has indicated wishing to remain anonymous.

The provider informs the notifier of the outcome of the assessment. If no measure is taken, the

provider provides a justification.

Due care and proportionality

Providers take measures that have as little impact as possible on other users or services. Only the

content to which the notice relates is removed or made inaccessible. Removal of more information than

strictly necessary is avoided.

Hosting providers that become aware of information giving rise to a suspicion of a criminal offence in

which the life or safety of one or more persons is threatened, shall immediately report this to the

competent authorities and provide all available relevant information. This follows from Article 18 of the

Digital Services Act.

Revision and management

This Code of Conduct for Notice-and-Take-Down will be reviewed annually, based on regulations,

feedback and experiences of the participants in this code of conduct. With each revision, the version

number will be updated and changes will be documented in the revision history. NBIP is the owner of

this code of conduct and responsible for version control.

Code of Conduct Representatives

De The following organizations have actively contributed to establishing this Code of Conduct:

• Stichting Digitale Infrastructuur Nederland (DINL)

• Dutch Cloud Community (DCC)

• Nationale Beheersorganisatie Internet Providers (NBIP)

• Vereniging van Registrars (VvR)

Code of Conduct Endorsers

The following organizations endorse the principles and objectives of this Code of Conduct and commit

to promoting and adhering to these standards:

• Anti Abuse Netwerk (AAN)

• ATKM

• Belastingsdienst

• Dutch Data Center Association (DDA)

• ECP | Platform voor de InformatieSamenleving

• Internet Society Nederland

• Ministry of the Interior and Kingdom Relations

• Ministry of Economic Affairs and Climate Policy

• NL Digital

• Offlimits

• Netherlands Public Prosecution Service (Openbaar Ministerie)

• SIDN

• Stichting BREIN

Revision History

Version 2.0 – April 2026

• Comprehensive revision based on practical experience, technological developments and new

legislation, including the Digital Services Act.

• Clarification of the scope: distinction between notices (voluntary, within the scope of this code)

and orders from competent authorities (outside the scope of this code).

• Timelines clarified: acknowledgement of receipt, assessment, and removal within one working

day.

• Clarification of the anonymity clause: the identity of the notifier is not shared without consent.

• Adjustment of the Trusted Flagger provision in accordance with Article 22 of the DSA.

• Annual review and version management under the responsibility of NBIP.

Version 1.1 – December 2018

• Addition of addendum on notices via EOKM (now: Offlimits).

• Establishment of 24-hour removal obligation for notices of child pornography.

• Exclusion of liability of EOKM for incorrect notices.

Version 1.0 – Oktober 2008

• First version of the sectoral Code of Conduct for Notice-and-Take-Down, drawn up by ECP in

cooperation with providers and government.

• Introduction of principles such as manifest illegality, step-by-step approach and proportional

content removal.

• Voluntary guideline for providers of intermediary services.