Drawing on the plausible tomorrows above – and anchored in our baseline of ten key takeaways that underscore the strategic race between great powers, the unpredictability of generative AI timelines, the risks of proliferation and misuse, the vulnerabilities of digital dependencies and the ecological costs of scale – this section distils concrete lessons and identifies policy priorities. Table 1 summarises the estimated impact of each Plausible Tomorrow on the six Dutch national security interests detailed in the introduction.
Across all three Plausible Tomorrows, malevolent actors use AI to destabilise Europe’s information environment, turning sporadic disinformation into a constant stream of alternative truths that polarise society and weaken democratic legitimacy. These pressures are compounded by vulnerabilities in critical infrastructure, economic resilience and ecological sustainability. While Plausible Tomorrow 1 brings medium risks from uncontrolled proliferation of open-source AI models across state and non-state actors, Plausible Tomorrow 2 amplifies disruption through autonomous, agentic systems (so-called agentic AI). Plausible Tomorrow 3 delivers severe impacts across all six security interests as Europe is essentially a digital colony of foreign powers.
One key takeaway is that the Netherlands and the EU must act swiftly and firmly in a variety of domains to continue protecting their societies from AI-induced threats and should seize opportunities to build leadership. A key element herein is to pair safeguards for ethical AI with an assertive industrial strategy that nurtures Dutch and European capabilities. To move into this direction the Netherlands and the EU could consider the following recommendations:
First, restrict, regulate and license dual-use autonomous capabilities on EU soil before they cascade to malign non-state actors. The Rotterdam drone strike vignette underlines how consumer tech can become weapons systems. The mysterious drone flights at several European airports in September 2025, as well as the drone attack by a terrorist group towards a police helicopter performing an anti-drugs operation in Colombia in August 2025, show that this scenario is far from science fiction.[21] It is crucial for the Netherlands and the EU to critically assess high-risk consumer autonomy systems (for example, advanced drones and humanoid robots), ensuring that licensing, registration, geofencing[22] and manufacturers’ duty-of-care are non-negotiable and aligned with the EU AI Act’s application risk tiers.[23] This also includes strengthening AI literacy obligations for manufacturers and preparing the Netherlands’ competent authorities to enforce prohibitions and high-risk requirements as they come into force.
Second, mandate safe update practices for autonomous machines. The Plausible Tomorrows show how robots or self-driving systems could be compromised via malicious vendor updates. Independent audit and certification processes for software/firmware updates in any machine capable of autonomous movement are essential, so compromise cannot propagate silently at scale. This is no different than the road safety and food security checks that currently protect Dutch and European citizens from daily life risks.
Third, safeguard the information environment. Generative AI – not only text, but increasingly images and video as well – will continue to supercharge disinformation and truth decay, especially during electoral cycles. EU Member States are the ultimate bulwark to protect liberal democracies, and must behave accordingly. Scaling critical-thinking and digital-media literacy across all education levels, the civil service and society at large must be a top priority, implementing an important pillar of the vision on generative AI proposed by the Dutch government in 2024.[24] At the European level, it is important for the EU to hold the line on implementing the Digital Services Act (DSA), resisting pressures from (mostly American) tech companies and the US government.[25] Instead, the DSA should be used as a blueprint and best practice even for companies outside of the Act’s reach. The same applies for the AI Act. The 2025 European Commission’s guidelines clarify the definition of ‘systemic risk’ for general-purpose AI models and the mechanisms whereby models can be classified as such, which is a step in the right direction.[26] Yet, as with the entire digital-related body of law that was produced during the 2019–2024 Commission tenure, actual implementation will define the measure of success. Calls during the second semester of 2025 by Mario Draghi, industry groups and even Swedish Prime Minister Ulf Kristersson to pause implementation of the AI Act, for example, should be met with strong opposition.[27]
Moreover, in the context of a perceived global AI arms race between the United States and China, Europe cannot afford to focus on regulation alone, alongside a reactive, hesitant posture overall. Safeguarding the information environment will only be credible if regulatory enforcement is matched by continuous monitoring, rapid-response mechanisms for disinformation surges and cross-border coordination with allies. This means coupling long-term literacy and regulatory initiatives with capacities such as national rapid-alert systems and public–private fact-checking networks. Such investments in societal resilience will enable the Netherlands and the EU to adapt at the same pace that malign actors innovate.
Fourth, prevent algorithmic harms before they institutionalise. (Agentic) AI systems are prone to incorporate bias. In critical sectors where citizens’ sensitive data are managed, such as healthcare, justice or welfare, this risk can compound existing institutional shortcomings. The Dutch childcare benefits scandal of 2022 showed how damaging the combination of biased algorithms and lack of humans in the loop can be: the problem was not only the flawed risk model, but also a lack of effective oversight. [28] It is important that Dutch public bodies and vendors prioritise this concern, ensuring that the procurement of software or autonomous systems is contingent on demonstrated compliance with these principles. Where fairness cannot be assured, such as in the case of machine-learning algorithms, human oversight and non-automation serve as the appropriate default. This aligns with the Netherlands’ human-centred, risk-based stance on AI and with EU laws’ safeguards around high-risk usage of AI.
Fifth, a ‘rights-based’ approach ought to be brought to the forefront of the public discussion.[29] Better understanding is needed of the AI Act’s risk-based approach as a step towards a less dystopic situation than most doom scenarios propose. After all, the AI Act covers only a subset of an increasingly automated economy and society, contrary to what more than a few companies, government officials and critics seem to believe. In the Netherlands, as in many other countries, for instance, supermarkets have increasingly stopped employing humans in the check-out and payment area; and more and more banks are reducing the number of physical locations and counters that they offer. This touches upon the broader themes of digital divides, literacy and social exclusion. A rights-based approach would mean, for instance, that people who want to be served by fellow citizens should have the right to do so. Whether concerning the right to receive customer service from a human, the right to a human judge in court or the right to a human manager in a large warehouse, there are many cases where AI adoption should be strictly avoided.
Sixth, and crucially, ensure long-term, sustained and deep investments in the competitiveness and indispensability of strategic industries – the best possible defence across all Plausible Tomorrows. This means building and adopting own capacity by, among others:
Making the most of existing and planned domestic compute and facilities. The upcoming AI factory in Groningen should be embedded in a proper Dutch national and European plan that connects present and planned facilities, ensuring that researchers, start-ups, small and medium-sized enterprises (SMEs) and public agencies can access and use capacity under their own terms. This approach leverages existing and incoming investments to reduce external dependency (as flagged in Plausible Tomorrow 3) and aligns with the EU’s broader AI Continent Action Plan to turn European strengths into practical advantages.[30]
Support Dutch deep-tech supply chains. Dutch national funding and EU co-financing are best channelled towards strategic domains where the Netherlands is already strong, such as semiconductors, robotics, and cloud and compute niches anchored in the Brainport Eindhoven high-tech ecosystem. Programmes ought to prioritise high-end scientific research and its translation into products, services or applications that deliver broad societal benefits and/or strengthen Europe’s control over critical technological chokepoints. Prioritise high-impact sectors such as AgriTech, HealthTech and EdTech, which can bring direct benefits to the population. These strengths should be nurtured at home and promoted abroad as a way of further building market share, competitiveness and the standard-setting power of Dutch companies in third countries.[31] Public procurement should be leveraged to pool demand for key technologies, such as AI chips and cloud services, across EU Member States and to favour European solutions, thus ensuring that public spending strengthens domestic and European capabilities rather than flowing to non-European providers.
Anchor these policies within the Netherlands’ broader digital strategy and national security framework. The Dutch Digitalisation Strategy, updated in September 2025,[32] alongside the wider national Tech and Digital agendas, sets out the key pillars to operationalise. Expanding the pool of digital experts and channelling them to where it matters the most are essential: strengthening infrastructure, driving SME digital transformation, enhancing cybersecurity and focusing on Dutch strengths and niche sectors. Secure data-sharing remains a core enabler, but moving towards shared, well-governed data infrastructures – or data commons – can and should embed trust and sovereignty by design.
Channel EU capital effectively. To ensure good use by European researchers and start-ups of facilities such as AI factories, tap into the EU’s InvestEU programme, the InvestAI initiative and forthcoming instruments under the AI Continent Action Plan to crowd in private finance. At the national level, the Dutch government could incentivise pension funds to adopt mandates that allow them to (co-)invest in European digital strengths and autonomy. Aligning with Brussels’ drive to mobilise major funding for, for example, European AI factories and champions, Dutch programmes should be structured to qualify quickly for these EU envelopes. Positioning the Netherlands to optimise their usage should go hand in hand with increasing Dutch tech sovereignty. This also means improving structural conditions – such as fiscal incentives for companies that reinvest their profits into R&D&I or talent-retention policies – to build a self-sustaining ecosystem in the long term. An ambitious Netherlands would work towards lifting R&D spending to at least 3 per cent of GDP. At 2.23 per cent of GDP as of 2023, Dutch R&D spending is above the EU average, but below the OECD average and key peers such as South Korea, Japan, Germany and the United States, all of which consistently spend above 3 per cent of GDP on R&D.[33]
Seventh, and finally, governance must match speed with capabilities. To develop and implement a clear vision for how AI should serve Dutch society, the Netherlands could appoint a coordinating Minister of Digital Affairs under the Prime Minister’s Office, resembling models adopted in Japan and the United States. This office’s mandate would not only be to maintain a permanent foresight function – anticipating technological trends and risks – but also to articulate a long-term, values-driven vision for AI that aligns national security, industrial and digital policy agendas. Staffed with a lean office consisting of one or two officials from all the other ministries, this coordinating minister could also publish annual technology and AI readiness updates, tracking compute capacity, skills, procurement and safety incidents in the country. In addition, the office could monitor sectoral and industry developments to identify the Netherlands’ AI niches.
More fundamentally, such a governance structure should enable the Netherlands to confront a core strategic question: whether to shift from treating AI largely as a private good towards recognising it as a public one. That decision will shape how public capital is deployed – whether to build and sustain AI as a public good, developing common, shared infrastructures and digital commons, or to shape markets and standards that steer private innovation.
An integrated, capability-building posture grounded in this vision and approach would strengthen the Netherlands’ position as a producer of trusted and competitive AI – resilient in the chaotic world of Plausible Tomorrow 1, adaptive in the arms race of Plausible Tomorrow 2, and less dependent on the power politics of Plausible Tomorrow 3. The Dutch government would do well to bolster the digital commons — shared, open and well-governed digital infrastructures that serve the public interest —, strengthen the technological stack and turn its value-driven approach into an industrial advantage, so that whichever tomorrow arrives, Dutch society and Europe at large are better prepared.