- with readers working within the Business & Consumer Services industries
- within Transport, Consumer Protection and Antitrust/Competition Law topic(s)
As of 1 January 2026, the Dutch public sector has introduced a broader and more stringent framework for information security in government contracts. Alongside the existing General Security Requirements for Defence Contracts (ABDO 2019), the General Security Requirements for Government Contracts (ABRO) have now formally entered into force.
Together, ABDO and ABRO establish a comprehensive set of security obligations for organisations that work with classified or strategically sensitive government information, both within and beyond the defence sector.
From defence contracts to a wider public‑sector framework
ABDO 2019 has long applied to external parties involved in defence‑related contracts concerning classified information or vital defence interests. It is an accreditation regime imposed contractually and supervised by the Dutch intelligence services, rather than a certification scheme.
ABRO builds on this framework and extends its scope to a much wider range of government contracts and suppliers outside the defence domain. While ABDO continues to apply to defence contracts, ABRO now governs many other public‑sector engagements that affect national security interests.
Both regimes are structured around five core pillars:
- governance and organisation;
- personnel security;
- physical security;
- cybersecurity; and
- cloud security.
ABRO also aligns more closely with existing standards such as ISO 27001 and the Baseline Informatiebeveiliging Overheid (BIO) and introduces stricter requirements in several areas.
Practical implications for organisations
The introduction of ABRO has important consequences for organisations active in or supplying to the public sector. Compliance obligations affect not only IT and security functions, but also contractual arrangements, personnel policies, governance structures and supply‑chain management.
Non‑compliance may lead to exclusion from tenders, termination of contracts, contractual penalties and reputational damage. In cases involving national security interests, administrative or criminal enforcement may also be relevant. At the same time, organisations that are able to demonstrate compliance may strengthen their position as reliable partners in public and defence procurement.
Given that implementation can be time‑consuming, early assessment and preparation are key.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
