Administrative error patterns in the Dutch benefits system

1 April 2026 · 3 min read published
John van der Velden
John van der Velden
Independent Researcher

Summary

This analysis examines the systematic errors within the Dutch childcare benefits system that led to wrongful classification of citizens as fraudsters. The scandal was not caused by a single system failure but by an interconnected infrastructure of surveillance — RAM, FSV, Deloitte risk models, Heidi, and data sharing via RIEC/LIEC — that operated without legal basis, without oversight, and without the possibility of challenge.

The surveillance infrastructure

RAM (Risk Assessment Model) — 1998-2018

The largest surveillance instrument ever built by the Belastingdienst. Linked 69 source systems into one datawarehouse with 250 data tables. Profiled virtually all taxpayers. Made an estimated 500,000 selections over 20 years. 200 of 248 authorized users had unrestricted access. Contained nationality data in 112/250 tables. No legal basis was ever established. Deactivated one day before GDPR took effect.

FSV (Fraud Signalling Facility) — 2007-2020

Registered ~180,000 citizens as fraud suspects without verification, due process, or notification. All Belastingdienst directorates had access. FSV data was exported without filtering for profiling purposes and shared with FIOD. Total historical registrations: ~290,000 persons. Taken offline February 2020 after AP found practices unlawful and discriminatory.

Deloitte risk classification models — from 2013

Built SAS-based risk models for childcare and housing allowances using “BVR Nationaliteit” as fixed source data. Trained on only 200 examples (100 “good”, 100 “bad”). Stored on unsecured shared network drives. Deloitte employees worked full-time on-site for Belastingdienst.

Heidi — 2013-2017

Logging system on the benefits website collecting portal data including user behavior. Logs deleted or transferred September 2017.

RIEC/LIEC data sharing

Tax data from RAM and FSV shared with regional and national crime-fighting centers for organized crime investigations without citizens’ knowledge.

Key findings

  • Automated risk-profiling flagged dual-nationality families at disproportionate rates without human review
  • “Allochtoon” served as the first selection criterion for start-up visits by the MKB department
  • Internal reports identified discriminatory patterns as early as 2014; no corrective action was documented
  • The administrative appeals process lacked independent oversight, creating a closed decision loop
  • 11,236 tax returns were selected for additional scrutiny based on second nationality (2012-2014)
  • 71% of victims had a migration background (CBS)
  • The AP confirmed “discriminating processing” in RAM and identified 6 comparable systems still active

Key ECLI references

ECLIKey ruling
ECLI:NL:RBDHA:2023:11856Discrimination “cannot be excluded” — As-Soennah mosque
ECLI:NL:RBGEL:2023:4646Belastingdienst must search beyond FSV into all 600 processes
ECLI:NL:PHR:2021:619Advocate General: dual nationality as selection criterion, 240,000 on fraud list
ECLI:NL:RVS:2025:2720FSV registration based on ethnicity/surname
ECLI:NL:RVS:2019:3535Wendde ruling: systematic institutional failure confirmed

Analysis

The system design conflated statistical risk indicators with individual guilt. Administrative procedures presumed fraud rather than investigating it, reversing the burden of proof without legal basis. The Deloitte models ran with insufficient training data, producing unreliable risk scores that were nonetheless treated as definitive evidence of fraud.

The interconnected nature of the surveillance infrastructure means that a single FSV registration could cascade through multiple systems: RAM profiling, Deloitte risk scoring, OGS qualification, WSNP exclusion, and ultimately bankruptcy — without the citizen ever knowing which system triggered which consequence.

Timeline

  • 1998 — RAM becomes operational
  • 2007 — FSV becomes operational
  • 2013 — Deloitte builds risk models with nationality data; Heidi deployed on benefits website
  • 2014 — Internal reports flag discriminatory practices; no corrective action
  • 2017 — Heidi logs deleted; RAM security audit rated CRITICAL
  • 2018 — RTL Nieuws exposes scandal; RAM deactivated (May 24)
  • 2020 — FSV taken offline (February); cabinet resigns (January 2021)
  • 2021 — AP fines Belastingdienst €2.75M for FSV (total €3.7M)
  • 2025 — KPMG publishes RAM report; AP confirms discriminating processing
  • 2026 — CWS closed; 69,000+ registrations assessed; datakluis investigation ongoing
  • /en/entities/toeslagenaffaire

Internal References

  • /en/cases/toeslagenaffaire/
  • /en/investigations/ram-mkb-profiling-tip-of-iceberg
  • /en/investigations/riec-liec-belastingdienst-data-sharing
  • /en/investigations/heidi-logging-system-benefits-website

Sources

  1. Dutch Civil Code Art. 6:162 BW
  2. Parliamentary inquiry committee findings, 2020
  3. KPMG RAM report, February 2025
  4. PwC working document FSV effects, February 2022
  5. AP report RAM and comparable systems, July 2025
John van der Velden

John van der Velden

Independent Researcher · Open Brief Network

Independent researcher focused on institutional systems, accountability, and administrative processes. Background in network architecture, infrastructure integrity, and process optimisation.

Based in Croatia · Investigative Archive · Systems & Accountability
Full profile →