RAM never disappeared: the state profiles on

27 May 2026 · 17 min read confirmed
John van der Velden
John van der Velden
Independent Researcher
BelastingdienstTeusjan VlotSandra PalmenEelco EerenbergKPMGAutoriteit PersoonsgegevensUHTTweede Kamer

The Risk Analysis Model (RAM) was officially deactivated on 18 May 2018, one day before the GDPR took effect. But RAM never disappeared. Seven successor systems remain in production at the Tax and Customs Administration (Belastingdienst) in 2026, using largely the same data structures and profiling citizens and entrepreneurs without legal basis. The Dutch Data Protection Authority (AP) demanded immediate decommissioning of KTA and Informatiesjabloon in July 2025, the Belastingdienst ignored this. Senior civil servant Teusjan Vlot testified on 26 May 2026 that he still sees 'Excel sheets from the RAM system.' Vlot acknowledged that information management has been out of order for 25 years, that 'there was never really any drive behind action plans,' and that he personally approved the PEFD search queries that excluded HTML. The data vault with 64 million files, 24.3 million substantive, including ~2 million Excel files, contains the evidence. But the state refuses to search systematically. UHT has paid €59 million in penalty payments. Judges impose penalty fines of one euro. No one has been held accountable.

Summary

On 18 May 2018, the Risk Analysis Model (RAM) was deactivated, one day before the General Data Protection Regulation (GDPR/AVG) took effect. The timing was no coincidence. Anyone who thinks profiling by the Belastingdienst (Tax and Customs Administration) has stopped is mistaken. The KPMG report of February 2025 identified seven successor systems that have taken over RAM’s work. The Dutch Data Protection Authority (AP) demanded in July 2025 that two of them be decommissioned immediately, the Belastingdienst ignored this.

On 26 May 2026, senior civil servant Teusjan Vlot testified during the parliamentary debate on the data vault that he still “occasionally sees Excel sheets from the RAM system.” Vlot has only worked there for six years. RAM was shut down in 2018. The only explanation: the successor systems use the same data structures and export formats.

The data vault contains 64 million files, 24.3 million substantive, including ~2 million Excel files, holding evidence that could prove the scale of profiling. The state refuses to search systematically. Meanwhile, the recovery organisation UHT has paid €59 million in penalty payments because it cannot process decisions within statutory deadlines. Judges impose penalty fines of one euro.

The state profiles on, hides the evidence and fails at recovery. This investigation documents the facts, with sources.


RAM was renamed, not dismantled

The KPMG report of February 2025 (330 pages) identified seven systems still in production in 2025 that present “comparable risks” to RAM. The Dutch Data Protection Authority (AP) confirmed this in its letter of 9 July 2025 and concluded that KTA and Informatiesjabloon must be taken out of service immediately. The AP considered ordering the systems shut down per immediate, but found the consequences for the “public task” too far-reaching. The Belastingdienst ignored the call, the systems are still running in May 2026.

The successor systems (2025-2026)

SystemRisk levelUsersCore problemAP ruling
KTA (Customer Supervision Application)CRITICAL~18,000No authorisation roles; all screens accessible; sexual orientation derivableDecommission immediately
Informatiesjabloon (Information Template)CRITICALLimitedExcel export of personal data outside secured systems; unlawful processingDecommission immediately
IHP (Information Hub Platform)HIGH~2,000Consultations NOT loggedMitigate
IFL (Information for Career)HIGHLimitedExcel macros; no transition planMitigate
SMOB (Selection Module OB)MEDIUM2,314Passive monitoringMitigate
GruffMEDIUMLimitedNo solution architectureMitigate
PRISMA (Customs)MEDIUMLimitedRisk selection system with predefined rulesMitigate

Sources: KPMG report, chapter 6; AP letter 9 July 2025

The AP on RAM: “systematically violated”

The Dutch Data Protection Authority formulated four main conclusions about RAM that apply equally to the successors:

  1. Unlawful processing of personal data, including special categories (health, religion) and criminal data
  2. Discrimination on nationality, “no objective justifications known”; “discriminatory processing carried out”
  3. No security, “data could be freely exported from RAM and these extracts were also unsecured”
  4. Evaded oversight for years, no notifications to DPO or CBP/CPB; “supervisory authorities could therefore not act”

The AP: “The Belastingdienst has systematically violated the regulations regarding the protection of personal data with the RAM application for a long period of time. […] Fundamental rights of citizens were seriously violated.”

And the sanction? None. The AP did not impose fines because the violations “were committed more than seven years ago.” The fine for the FSV in 2020 was only €2.75 million, a fraction of a day’s budget for a government organisation. The government’s message to itself is clear: violating fundamental rights has no consequences.

Vlot’s testimony: RAM lives on

During the parliamentary debate of 26 May 2026, senior civil servant Teusjan Vlot stated that the Belastingdienst’s information management has been out of order for 25 years. Vlot: “We keep running into that. And that will continue to be the case, because we simply cannot structure that information.” Vlot admitted that the Belastingdienst had promised clean-up plans for the data vault, but “there was never really any drive behind those action plans and the actual cleaning up.” After a reorganisation, “no one felt ownership anymore” of the files. And: he had personally approved the extensions that PEFD used in its searches, the same searches that systematically excluded HTML.

Vlot also said something remarkable: he indicated that he still sees Excel sheets from the RAM system. Vlot has only worked at the Belastingdienst for six years. RAM was closed on 18 May 2018, long before Vlot joined. The only logical explanation is that the successor systems use the same Excel export formats and data structures as RAM. IFL runs on Excel macros and has no transition plan. Informatiesjabloon exports personal data to Excel outside all security controls.

Approximately 20 data coordinators had access to the data vault. Vlot confirmed that it also contains “documents about fraud approach, projects” that the Belastingdienst “has never been aware of.”

RAM never disappeared. It lives on under different names.


The data vault: what is the state hiding?

The letter to Parliament of 22 May 2026 (2026D24511) contains the first file type analysis of the data vault. The figures speak for themselves.

Total size

CategoryNumber of files
Total in data vault64 million
Substantive files (loose)~19,625,031
ZIP files~180,000 (containing ~4.7 million files)
Total substantive24,327,796
Technical/process files~40 million (“probably limited relevance”)

Source: Letter 2026D24511, appendix “File type analysis”

Breakdown by department

DepartmentNumber of filesPercentage
Belastingdienst (various directorates)13,245,22354.5%
Former Customs directorate6,184,71825.4%
Former Toeslagen (Benefits) directorate195,0890.8%
Other (ZIP, technical)~4,700,00019.3%

The government has spoken for months about “64 million files from toeslagen and customs.” This is misleading. Of the 24.3 million substantive files, only 0.8% comes from the Benefits directorate. The vast majority, 80%, comes from the Belastingdienst and Customs. These are precisely the departments that operated RAM and that still use the successor systems (KTA, IHP, IFL, Informatiesjabloon). The data vault is primarily a RAM and tax dossier, not a childcare benefits issue.

File types

TypeNumberDescription
.doc~4.5 million (18.3%)Legacy Word format, memos, letters, policy documents
.pdf~2.8 million (11.7%)Together with .doc: ~7.3 million documents
Images (.tif.jpg.gif)~4 million (~16%)Possibly scanned documents
Excel files~2 million (~8%)RAM exports, KTA exports, Informatiesjabloon data
HTMLunknownSystematically excluded during PEFD searches
ZIP180,000 (~0.7%)Containing ~4.7 million files

What the technical briefing revealed

During the technical briefing of 26 May 2026, Director of Information Security Richard Schuurs supplemented the figures:

  • 31,000 unique file types, the vault contains a vast array of formats far beyond the known .doc/.pdf/.xlsx
  • ~87,000 relevant files in the ~46,000 ZIP files yet to be extracted, Schuurs: “there are sufficient techniques to crack ZIP files”
  • Destruction freeze since 9 October 2025, nothing has been destroyed since
  • Logging IS present, unlike RAM, where extracts were untraceable, there is now a log of who accessed what
  • The vault contains not only business documents but also “photos from company parties” and “performance reviews”
  • Knowledge about the data vault has “become very thin” after years of neglect

The important role of Excel, 2 million hidden spreadsheets

The KPMG report documented that RAM produced 2,662 Excel files with RAM extracts, of which 1,170 were unique. Of these, 369 extracts contained nationality data. The State Secretary’s recovery investigation was limited to 14 spreadsheets.

There are potentially 2 million Excel files in the data vault.

The AP confirmed in its letter of 9 July 2025: “In the 20 years that RAM was used, approximately 500,000 selections were made. Of only 1,170 of these selections was a RAM extract found in the Belastingdienst’s archives (this is less than 0.25%).”

Less than 0.25% of RAM selections have been recovered. The remaining 99.75% may be in the 2 million Excel files in the data vault or was destroyed.

Even more hidden environments

The letter of 22 May 2026 revealed more than just the data vault:

  • 1,004 mailboxes, copies (not originals) of mailboxes and collaboration environments from former Benefits directorate staff, secured in May 2020. Unlike the data vault, the originals remained available for searches, but the copies were never searched
  • Q-drives and Connect People, Director-General for Fiscal Affairs Ardi Wissink confirmed that personal staff drives (“Q-drives”) and Connect People environments are also being sought, these have not yet been found
  • Woo requests potentially answered incompletely, Wissink: the approach also covers “older requests where information from the data vault could change the decision”
  • FSV data vault, the term “data vault” is also used for the shielded FSV environment
  • RAM as priority, RAM is explicitly named as a track-1 priority topic for the external committee

The state speaks of “one data vault.” The reality is an archipelago of shielded environments, data vault, mailboxes, Q-drives, Connect People, that have not been searched in any investigation.


The damage continues: UHT and the one-euro doctrine

While the state continues profiling and shields evidence, the recovery operation for childcare benefits victims is failing fundamentally. Trouw journalist Emiel Hakkenes documented on 24 May 2026 how the Recovery Organisation for Toeslagen (UHT) has paid €59 million in penalty payments because it cannot process decisions within statutory deadlines.

The case of the mother from Zwolle

A victimised mother filed four objections in September 2022 against reassessments of childcare benefit (2009-2012). Three and a half years later, UHT has still not processed those objections. Lawyer Narda Teke-Bozkurt went to court four times. Each time, the judge imposed a deadline with a penalty payment. UHT missed all deadlines and has by now paid ~€70,000 in penalties to this one mother.

Source: Trouw, 24 May 2026

The one-euro doctrine

The judge in Zwolle concluded that the penalties were apparently insufficient incentive. Instead of imposing higher penalties or making a decision itself, the judge imposed a penalty of one euro per day, with a maximum of one euro. Lawyer Teke-Bozkurt: “This is how you flush citizens’ legal protection down the toilet.”

Administrative law lecturer Rens Koenraad (Tilburg Law School): “Such a one-euro doctrine undermines the authority of judicial decisions.” He argued the judge should have made a decision itself: “Then you say to the government: if you don’t decide, I will.”

The two-week deadline set by the judge? Expired. No decision. The government ignores the judiciary and the judge cannot do anything more.

The systematic deadlock

This is not an incident. By the end of 2025, UHT had paid €59 million in penalties. The Council of State extended decision deadlines from 18 to 40 to 60 weeks. Even that doesn’t help:

PartyProblem
UHT“Insufficient staff”; prioritises “with penalty” files over normal track, “It is unclear what further happens at this department”
JudgesCan increase penalties (costs the state money) or extend (costs the citizen time) or give up (€1)
CitizensWait years for decisions; penalties are not compensation for unresolved damage
StatePays €59M in penalties instead of hiring more case managers

This is the state failing to recover from a scandal that brought down a cabinet, while the systems that caused the scandal are still running.


The timeline of concealment

From the letters to Parliament and the Trouw investigation of 26 May 2026, a pattern of systematic delay and information withholding emerges:

DateEvent
May 2019Data vault created with 64 million files
17 Dec 2020POK report “Unprecedented injustice”, data vault not searched
18 Dec 2020Last filling of data vault
Feb 2022PEFD established, data vault not searched
19 Oct 2022PEFD receives list of file extensions, HTML systematically excluded
End 2022Last delivery of files to PEFD, incomplete
26 Feb 2024PEFD report “Blind to people and law”, data vault not searched
Jul 2025Data vault “rediscovered” during hard drive cleanup
31 Jul 2025Memorandum to state secretaries about data vault
Aug 2025State Secretary Van Oostenbruggen initials; GBB signal to executive team
22 Aug 2025NSC leaves cabinet, political crisis right after data vault signal
16 Oct 2025Sample results on desk of State Secretary Heijnen, documents not delivered to PEFD
20 Nov 2025Inventory completed, confirmed: PEFD documents in vault, not delivered
Dec 2025December memorandum does not reach state secretaries
15 Apr 2026Parliament informed, 9 months after discovery
22 May 2026Letter with file type analysis
26 May 2026Parliamentary debate; Vlot testifies

Esther Lammers in Trouw: State secretaries already knew about the data vault in the summer of 2025. Civil servants wrote in draft letters that the vault was “no secret”, a state secretary corrected in the margin: “Mentioning something is not the same as informing.” In another note: “Tell it like it is.”

The state knew. The state remained silent. For nine months. During those nine months, Woo requests, AVG/GDPR requests and ongoing lawsuits proceeded, all without the data vault being mentioned.


The scale of surveillance

The scale of RAM’s profiling is difficult to comprehend. Here is what the official sources document:

MetricNumberSource
RAM entities (total)2.2 millionKPMG report 2025
Source systems linked69KPMG report
Data tables250KPMG report
RAM selections (20 years)~500,000AP letter July 2025; KPMG
RAM extracts recovered1,170 (0.25%)KPMG; AP
Selections on nationality14 extractsKPMG
Extracts with nationality data369 of 1,170KPMG
Excel files distributed2,662 (via USB, email, CD)KPMG
Citizens in Belastingdienst data11 millionWRR Working Paper 021, 2016
Companies in data1.5 millionWRR 2016
Transactions per day1 millionWRR 2016
Vehicles in RAM10.5 millionKPMG report, part 1
Data vault files (total)64 millionLetter 2026D24511
Data vault files (substantive)24.3 millionLetter 2026D24511
Excel files in data vault~2 millionLetter 2026D24511
Toeslagen files in data vault195,089 (0.8%)Letter 2026D24511
BD + Customs in data vault19.4 million (80%)Letter 2026D24511
FSV registrations~180,000 citizensPwC; Committee-Donner
Toeslagen families affected~26,000Parliamentary documents

The AP put it sharply: “In the 20 years that RAM was used, approximately 500,000 selections were made. Of only 1,170 of these was a RAM extract found, less than 0.25%. The total number of persons harmed by RAM cannot be determined.”

The WRR warned as early as April 2016, four years before the childcare benefits scandal: “An enormous and rapidly growing data complex is emerging […] This happens largely unnoticed, both as a result of the lack of transparency and the lack of attention from media and politics.” No one listened.


The constitutional crisis

The combination of continuing profiling systems, a hidden data vault and a failing recovery apparatus strikes at the heart of the rule of law:

Violated norms

NormViolation
Art. 1 Constitution (equal treatment)RAM and successors select on nationality, AP: “discriminatory processing”
Art. 8 ECHR (private life)20+ years of uncontrolled data collection; 2.2 million entities profiled
Art. 14 ECHR (discrimination prohibition)Systematic profiling on origin
Art. 6 ECHR (fair trial)No access, no objection, no appeal against profiling
Art. 1 P1 ECHR (property protection)Entrepreneurs harmed by profiling-based tax assessments
GDPR / WbpRAM never registered; AP: “systematically violated”; successors without legal basis analysis
Open Government Act (Woo)Data vault concealed for 7 years; Woo requests answered incompletely
Archives Act~9,000 files destroyed under GDPR pretext; Inspectorate OE (2021): “extraordinarily unfortunate coincidence”
Parliamentary Inquiry ActDocuments not provided to PEFD and POK, the data vault contains missing documents

The state as its own judge

The State Secretary concluded in December 2025: “no reason to assume that citizens were harmed” by the successor systems. This while:

  • KTA gives 18,000 employees access to all personal data without authorisation roles, AP demanded immediate decommissioning
  • Informatiesjabloon exports personal data to Excel outside all security, AP: “unlawful processing”
  • IHP consultations are not logged, impossible to know who viewed what
  • IFL runs on Excel macros without a transition plan, the state has no plan to fix this
  • The data vault with 2 million Excel files has not been searched
  • The recovery investigation was limited to 14 spreadsheets out of 1,170 known extracts

The AP summed it up in its letter: “These are violations so serious that a firm sanction would not be out of place.” But sanctions did not materialise. The government does not punish itself.

The external committee, an empty promise?

The letter of 22 May 2026 announced an “external committee” with four tasks: assessment of relevant documents, method of sharing with Parliament and society, relationship to past conclusions and reporting with an auditor’s statement. As of 27 May 2026, the committee has not yet been established. There are “discussions with potential committee members.”

At the same time, Director-General for Fiscal Affairs Richard Stavers warned during the debate: “no concrete indications that there is relevant information in the vault for individual cases.” This while the government’s own letter documents that PEFD documents were indeed in the vault and had not been delivered. Stavers also admitted that staff mailboxes at scale 16+ may have been missed during the PEFD searches.

The letter confirms that the approach also covers “older Woo and information requests” “where information from the data vault could change the decision.” Third track: previous Woo requests may have been answered incompletely because the data vault was not searched.


Why this matters

The profiling continues. Not in secret, Parliament has been informed about the successor systems (Letter 6 March 2025, Letter 3 December 2025). But the consequences are absent:

  1. No civil servant or office holder has been held personally accountable for profiling 2.2 million entities over 20 years
  2. No successor system has been taken out of service, the AP demanded this in July 2025; May 2026: everything still running
  3. The data vault is not being systematically searched, the external committee has yet to start; the investigation is limited to “track 1” with eight priority themes: PEFD, commitment de Vries (recovery operation), RAM, CAF, POK, HVB lists, Groningen and Uber
  4. Recovery for victims is absent, UHT cannot even process decisions (€59M in penalties), let alone compensate damage
  5. Judges are powerless, the one-euro doctrine shows that administrative law can no longer compel the government
  6. The AP cannot sanction, violations older than seven years are time-barred; the government simply lied long enough

The Ministry of Finance also classifies “hotspots”, events that lead to intensive interaction between government and citizens, including the voluntary departure scheme, MH17, Brexit and Covid. Archive documents relating to these hotspots are designated for permanent preservation. But the data vault, which may touch all of these topics, is only now, seven years after its creation, being indexed by external party Knowledge Plaza.


Preview: the next investigation

This investigation is the first in a series. In the next investigation, Courts as rubber stamps: how ministries make their own laws, we document:

  • How judges are structurally buckling under the combination of statutory deadlines, staff shortages at government agencies and administrative law that lacks effective enforcement mechanisms
  • How ministries introduce their own norm-setting that neutralises higher norms from the Constitution, ECHR and EU directives, including profiling systems operating without legal basis
  • Whether it is time for criminal reports, criminal liability of individual decision-makers for the systematic violation of fundamental rights of hundreds of thousands of citizens and entrepreneurs

The rule of law is not an abstract concept. It is the guarantee that the state uses its power within boundaries. When those boundaries are systematically crossed and no institution, not the judiciary, not parliament, not the regulator, is able to enforce redress, only one question remains: who stops the state?


References

Official documents

Media

OpenBrief research reports

Other sources

  • WRR Working Paper 021, “Big Data for Fraud Prevention” (April 2016), ISBN 978-94-90186-30-2, documents 11 million citizens, 1.5 million companies, 1 million transactions/day; “enormous and rapidly growing data complex […] largely unnoticed”
  • Dutch Data Protection Authority, FSV penalty decision July 2020 (€2.75 million)
  • Inspectorate for Government Information and Heritage report, April 2021 (ISBN 978-90-773541-0-0)
  • PwC working document FSV, February 2022
  • Committee-Donner, March 2020

Sources

  1. KPMG Report on RAM, 7 February 2025 (330 pages), rijksoverheid.nl
  2. Letter to Parliament: policy response RAM (6 March 2025), State Secretary Van Oostenbruggen
  3. Review of RAM-comparable systems (March 2025), rijksoverheid.nl
  4. Dutch Data Protection Authority (AP), letter on RAM and comparable systems, 9 July 2025 (ref. 2025-002145)
  5. Letter 2026D17991 (data vault), 15 April 2026 (Eerenberg & Palmen)
  6. Letter 2026D24511 (data vault file types), 22 May 2026 (Eerenberg & Palmen)
  7. Trouw, Esther Lammers: 'Parliament full of questions about discovered data vault at Tax Authority', 26 May 2026
  8. Trouw, Emiel Hakkenes: 'Even after 59 million euros in penalties, government insufficiently active for childcare parents', 24 May 2026
  9. Letter to Parliament 3 December 2025 (RAM follow-up), State Secretary Heijnen
  10. Debatdirect Tweede Kamer, 26 May 2026, Operation of digital data vaults
  11. WRR Working Paper 021, 'Big Data for Fraud Prevention', April 2016 (ISBN 978-94-90186-30-2)
  12. OpenBrief, 'RAM and SME Profiling: The Tip of the Iceberg', 14 May 2026
John van der Velden

John van der Velden

Independent Researcher · Open Brief Network

Independent researcher focused on institutional systems, accountability, and administrative processes. Background in network architecture, infrastructure integrity, and process optimisation.

Based in Croatia · Investigative Archive · Systems & Accountability
Full profile →

Case Timeline

High importance Medium Low
1998-01-01
system_operation RAM operational: start of covert profiling RAM never disappeared: the state profiles on
2016-04-28
external_report WRR warns: 'enormous and rapidly growing data complex, largely unnoticed' RAM never disappeared: the state profiles on
2018-05-18
system_change RAM officially deactivated, one day before GDPR RAM never disappeared: the state profiles on
2019-05-25
internal Data vault created with 64 million files RAM never disappeared: the state profiles on
2025-02-07
external_report KPMG report on RAM delivered (330 pages) RAM never disappeared: the state profiles on
2025-03-06
policy_change Letter to Parliament identifies RAM-like successor systems still active RAM never disappeared: the state profiles on
2025-07-09
external_report AP demands immediate decommissioning of KTA and Informatiesjabloon, Belastingdienst ignores RAM never disappeared: the state profiles on
2025-12-00
policy_statement State Secretary: 'no reason to assume citizens were harmed' RAM never disappeared: the state profiles on
2026-04-15
political Data vault with 64 million files reported to Parliament, 9 months after discovery RAM never disappeared: the state profiles on
2026-05-22
political Letter 2026D24511: 24.3 million substantive files, 1004 mailboxes, external committee RAM never disappeared: the state profiles on
2026-05-24
media Trouw: UHT pays €59 million in penalties; judge imposes €1 fine RAM never disappeared: the state profiles on
2026-05-26
political Parliamentary debate: Vlot testifies about 'RAM Excel sheets' he still sees RAM never disappeared: the state profiles on