90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-042
Government · Netherlands · 2021 · Automated-decision harm

The Dutch tax office used a risk algorithm that flagged families by nationality, and wrongly branded tens of thousands as benefit fraudsters

By Ellie Harris · Filed Wrongful accusations 2013 to 2019 (parliamentary inquiry period); risk model in use through the 2010s

Alleged: Belastingdienst (Dutch Tax and Customs Administration) developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

The Dutch tax office used a risk algorithm that flagged families by nationality, and wrongly branded tens of thousands as benefit fraudsters

What happened

The Dutch Tax and Customs Administration, the Belastingdienst, paid childcare benefits to working parents and, to catch fraud, ran a risk-classification model that scored claimants on how likely they were to be cheating. A high score could trigger an investigation, a halt to payments, and a demand to repay years of benefits in full.

The model’s inputs included things that should never decide who gets investigated. Having a non-Dutch nationality was used as a risk indicator. Low income was treated as suspicious. The effect, documented later by Amnesty International in a report it titled “Xenophobic Machines,” was systematic: families with immigrant backgrounds and modest incomes were flagged far out of proportion, not because they offended more often but because the system was built to see them as risks.

For the families caught by a wrong flag, the consequences were severe. Many were ordered to repay tens of thousands of euros in full and at once, with no payment plan and with penalties added. The demands pushed people into debt, unemployment, bankruptcy and divorce, and in some cases children were removed from their homes. Around 26,000 families were wrongly accused, with the parliamentary inquiry focusing on the period from 2013 to 2019.

When the scale became undeniable, a parliamentary inquiry found an “unprecedented injustice,” and on 15 January 2021 Prime Minister Mark Rutte and his entire cabinet resigned to take responsibility. The Dutch data protection authority separately found that the tax office’s processing of nationality data had been unlawful and discriminatory. Compensation schemes were set up, and were themselves criticised for being slow.

What an auditable version would have shown

The question the Belastingdienst could not answer for years was the one that mattered most: was the system treating people differently by nationality or ethnicity, and by how much. The discrimination was discoverable only after journalists, lawyers and researchers forced it into the open, because nothing in the process was measuring outcomes by group as the model ran. An auditable version records each risk decision and the inputs behind it, and computes a standing measure of how flag rates differ across protected groups, bound to those records. With that, disproportionate flagging of one nationality is a number visible from inside the system, early, rather than a finding extracted from the wreckage years later.

Where the gap was

Two gaps compounded. The first was that a protected characteristic, nationality, was allowed to act as a fraud signal at all. The second was that nothing measured the disparate impact this produced, and nothing recorded each decision in a way that let an accused family or an auditor see why they had been flagged. A ConstraintGate is the control on the first: features that stand in for protected characteristics are barred from the risk model, refused rather than quietly used. A MetricRecord is the control on the second: a signed, recomputable measure of flag rates across groups, so discrimination shows up as monitoring rather than scandal. A ConductRecord preserves each decision and its inputs, which is what makes a wrongful flag contestable instead of a sentence with no appeal.

What governance should have looked like

An automated system that can order a family to repay sixty thousand euros is making a decision as consequential as a court’s, and it was held to a far lower standard of evidence and explanation. The lesson is that consequence, not technology, sets the bar: a system this powerful needed protected characteristics kept out of it, continuous measurement of who it fell on, a recorded and contestable basis for every flag, and a human accountable for the outcome. None of that is exotic. Its absence cost tens of thousands of families their security and a government its office.

The reference implementation of ConstraintGate, MetricRecord, and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Belastingdienst (Dutch Tax and Customs Administration) could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →