In March 2025, the Minister of Economic Affairs established a new monitoring committee (the "Committee") for the Dutch Corporate Governance Code (the "Dutch Code") and the Committee updated the Dutch Code. The Dutch Code now includes the risk management statement (verklaring omtrent risicobeheersing, VOR). This statement is aimed at offering stakeholders more transparency regarding the management of operational, compliance and reporting risks at listed companies.

New monitoring committee

On 17 March 2025, the Minister of Economic Affairs established a new Committee for the Dutch Code. The Committee monitors and promotes the compliance, application, usability and relevance of the Dutch Code. The Committee reports annually on the compliance of the Dutch Code to the Minister of Economic Affairs, the Minister of Finance and to the State Secretary for Legal Protection.

The Committee is chaired by Rob van Wingerden and includes members John Bendermacher, Chris Figee, Karien van Gennip, Marnix van Ginneken, Marnix Holtzer, Daniëlle Melis and Lokke Moerel. The composition of the Committee is supported by the market participants and supporting organisations of the Dutch Code, including the National Federation of Christian Trade Unions in the Netherlands (Christelijk Nationaal Vakverbond), Stichting Eumedion, Euronext Amsterdam, the Association of Stockholders (Vereniging van Effectenbezitters), the Dutch Association of Listed Companies (Vereniging Effecten Uitgevende Ondernemingen) and the Confederation of Netherlands Industry and Employers (VNO-NCW). The Committee members are appointed for a period of four years.

Updated Dutch Code

In addition to the establishment of a new Committee and appointment of its members, the Dutch Code was updated last week. The updates include the implementation of the risk management statement into the Dutch Code (see below) and various technical amendments that do not change the Dutch Code's contents but only the text. These technical amendments include the adoption of the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CSDDD). For example, the explanatory notes to Principle 1.1 (Sustainable long-term value creation) now state that the CSRD and CSDDD have been adopted by the European Council, whereas the 2022 Dutch Code still referred to proposals. Any required changes to the Dutch Code following the Omnibus package (aimed at simplifying sustainability reporting) presented by the European Commission in February 2025 will be incorporated, where necessary, in the next update of the Dutch Code. In addition, the explanatory notes to Principle 2.6 (Misconduct and irregularities) now refer to the Whistleblower Protection Act, which replaced the House for Whistleblowers Act on 18 February 2023.

Risk management statement

Now that a new Committee has been established, the risk management statement (verklaring omtrent risicobeheersing, VOR), proposed by a working group led by Jaap van Manen in December 2023, has been fully incorporated into the Dutch Code. The VOR offers stakeholders more transparency regarding the management of operational, compliance and reporting risks at listed companies. The amendments are reflected in Principle 1.4, best practice provisions 1.2.1, 1.4.2, 1.4.3 and 1.5.3 and the related explanatory notes.

The implementation of the VOR into the Dutch Code requires the management board to account in the management report for (i) the design and operation of the internal risk management and control systems in the field of operational, compliance and reporting risks, and the frameworks used for this purpose, and (ii) its assessment of the effectiveness of internal risk management and control systems with regard to operational, compliance and reporting risks, all during the past financial year (best practice provision 1.4.2). The explanatory notes state that the management board should clarify how it has assessed the effective functioning of these systems. Additionally, the management board must declare in the management report that (i) the internal risk management and control systems provide at least a limited degree of assurance that the sustainability reporting does not contain any material inaccuracies, and (ii) the level of assurance these systems provide in effectively managing operational and compliance risks (best practice provision 1.4.3).

The explanatory notes state that the obvious way to proceed is to align the statement on the internal risk management and control systems with the CSRD's introduction. The CSRD and the accompanying European Sustainability Reporting Standards provide an extensive framework of standards and a detailed timeline for their implementation. It is expected that the statement on internal risk management and control systems with regard to sustainability reporting risks (in line with the CSRD) will assume limited assurance for the time being. However, a management board has discretion to state that these systems provide reasonable assurance that the sustainability reporting does not contain any material inaccuracies.

The terms 'assurance' and 'effectiveness' are not defined, and companies may explain how they define these terms.
The provisions regarding the VOR apply from the financial year starting on or after 1 January 2025.

Please see the following links for the amendments to the Dutch Code regarding the risk management statement. Both documents only show the changes to the Dutch Code:

• English version; no English translation of the Dutch Code has been made available by the Committee as of yet. This translation is provided by Houthoff for informational purposes only and may deviate from the English translation to be published by the Committee.

• Dutch version.

If you have any questions, please do not hesitate to reach out to us.