SBR Reporting in the Netherlands: What Auditors Need to Know

What SBR is and why the Netherlands built it

SBR started in 2004 as the Netherlands Taxonomy Project. Government agencies, the NBA, banks, and software providers collaborated to create a standardised way of exchanging financial data using XBRL (eXtensible Business Reporting Language). Their goal was to eliminate the duplication of effort that came from reporting the same financial information in different formats to different agencies: the Belastingdienst for tax, the KVK for the trade register, banks for credit applications, and CBS for statistics.

The core principle is "report once, use many times." A company prepares its financial information using the Dutch Taxonomy (a standardised dictionary of data definitions maintained by SBR-NL) and transmits it through Digipoort (the secure government gateway). Each receiving agency then processes the same structured data according to its own needs.

For auditors, SBR changes the object you're giving an opinion on. The financial statements are no longer a PDF or printed document. They are a structured data file where every line item carries a taxonomy tag that identifies what it represents. Your auditor's report is no longer a physical letter. It is its own XBRL file, electronically signed, cryptographically linked to the financial statements. The shift is not cosmetic.

Which entities must file through SBR and when

The SBR filing mandate expanded in stages based on entity size.

Micro and small entities have been required to file through SBR since 2016. Medium-sized entities joined in 2017. These filings use XBRL format and are transmitted either through accounting software connected to Digipoort or through the KVK's online portal (Zelf Deponeren).

From financial year 2025, large entities must also file electronically through SBR. This is the expansion that affects audit firms most directly, because large entities are the ones most likely to have statutory audits. Previously, large companies could still file paper or PDF annual accounts with the KVK. That option is gone.

Companies can choose between two electronic formats: "classic" XBRL or Inline XBRL (iXBRL). Classic XBRL is a pure data file that cannot be read without rendering software. Inline XBRL embeds the XBRL tags into an HTML document, producing a file that is both human-readable and machine-processable. For entities with a statutory audit requirement, iXBRL is the more practical choice.

Entities with a 408-exemption (consolidation exemption) received a one-year postponement. For financial year 2025, these entities may still file the group annual report as a PDF by email. From financial year 2026, that exception expires.

A phase-in applies to tagging requirements. For financial years starting on or after 1 January 2025, small and medium-sized entities using iXBRL are temporarily exempt from tagging the notes. From 1 January 2026, block tagging of the notes, management report, and other information becomes mandatory.

XBRL versus Inline XBRL: what the auditor needs to understand

Both formats use the same underlying XBRL taxonomy. The difference is in presentation.

Classic XBRL produces a pure data file. Every figure, every text block, every taxonomy element is encoded in XML. You cannot open this file in a browser and read it. You need rendering software (or the Consistent Presentation specification developed by SBR-NL) to transform the data into something visually meaningful.

Inline XBRL embeds the taxonomy tags directly into an HTML document. The result is a single file that looks like a normal annual report in a web browser but contains machine-readable data tags invisible to the casual reader. For the auditor, this means you can review the human-readable version and the tagged data in the same file.

The risk shifts to whether the visible presentation matches the underlying tags. If a figure appears as €5.2M in the rendered HTML but the XBRL tag points to a different taxonomy element or carries a different value, the file is inconsistent. Standaard 3950N requires the auditor to check for this.

For firms accustomed to reviewing PDF financial statements, the practical change with iXBRL is modest. The document looks similar. But the auditor now has an additional responsibility: verifying that what the document shows matches what the data tags say.

How SBR relates to ESEF for listed companies

If your firm audits listed companies in addition to non-PIE clients, you'll encounter two parallel structured reporting regimes. ESEF (European Single Electronic Format) requires EU-listed companies to prepare their annual reports in Inline XBRL, using the ESMA taxonomy for IFRS. SBR requires Dutch companies to file with the KVK in XBRL or iXBRL, using the Dutch Taxonomy for Dutch GAAP or IFRS.

The two systems use different taxonomies but the same underlying technology. The NBA developed the Dutch approach to SBR Assurance before ESEF was introduced, which means the Netherlands has more operational experience with auditing XBRL reports than most European countries.

For non-Big 4 firms that do not audit listed companies, ESEF is not directly relevant. But the skills and procedures are transferable. A firm that has mastered Standaard 3950N procedures for SBR filings will find ESEF auditing procedurally similar if it moves into that market.

What Standaard 3950N requires from auditors

Standaard 3950N is a Dutch-only standard with no ISA equivalent. It governs the auditor's approach when the client's financial statements are filed through SBR. The NBA developed it to address the specific risks that arise when financial statements exist as structured data rather than static documents.

Under Standaard 3950N, the auditor must verify:

• Data integrity: that the numbers in the XBRL file match the audited financial records
• Tagging accuracy: that the correct Dutch Taxonomy elements have been applied to the correct line items
• Consistency: that totals in the notes reconcile with the primary statements within the XBRL structure

These verification steps come at completion, after the substantive audit work is done. They are not a separate engagement. They are part of the statutory audit.

The standard also requires the auditor to consider how the XBRL instance will be rendered. Under the Consistent Presentation rules, the same XBRL data should produce the same visual output regardless of which software renders it. The auditor's responsibility is to verify that the rendered output gives a true and fair view, consistent with the audited financials.

Practically, most audit firms do not perform the XBRL tagging themselves. The client or a specialist XBRL conversion firm prepares the XBRL file. The auditor's role is to verify the output, not to produce it. This distinction matters for engagement scoping and fee discussions. If the client expects the audit firm to handle XBRL conversion as part of the statutory audit fee, clarify this at engagement acceptance. XBRL conversion is a separate service, not an audit procedure.

The SBR Assurance model: three files, one signature

When a statutory audit engagement involves SBR-filed financial statements, the KVK receives not one document but a package of three files:

1. The annual report in XBRL or iXBRL format. This contains the financial statements, management report, and other statutory content, all tagged according to the Dutch Taxonomy.
2. The auditor's report in XBRL format. An XBRL taxonomy developed by the NBA supports the different report types (unqualified, qualified, disclaimer, adverse). The auditor must select the correct "commitment type" when generating this file.
3. The detached digital signature. This XML file links the annual report and auditor's report cryptographically and proves that neither has been altered since signing. Signing uses a qualified electronic certificate issued through the NBA's PKIoverheid-approved infrastructure.

The three-file model replaces the traditional "wet signature on paper" approach entirely for SBR filings. If your firm has not yet obtained the electronic signing certificates or tested the SBR Assurance tooling, this is a prerequisite, not an optional upgrade. The NBA's Statement Generator tool (verklaringengenerator) can produce the XBRL auditor's report and supports the digital signing process.

Worked example: Dijkstra Logistics files its first SBR annual report

Scenario: Dijkstra Logistics B.V. is a transport company in Rotterdam with €28M in assets, €31M in revenue, and 62 employees. The company has a statutory audit. For financial year 2025, Dijkstra must file its annual accounts through SBR for the first time. Financial statements are prepared under Dutch GAAP.

1. Client preparation (Q1 2026)

Dijkstra's accounting software (Exact Online) can export financial data in SBR format. However, the export covers only the primary financial statements. The notes, management report, and other statutory content must be tagged separately. Dijkstra contacts an XBRL specialist to prepare the complete iXBRL report package.

2. Audit completion (March 2026)

The audit firm completes the substantive work. Materiality was set at €310,000 (1% of revenue). The engagement team issues a clearance memo with no uncorrected misstatements above the clearly trivial threshold. The audit opinion will be unqualified. Before signing, the engagement partner must perform the Standaard 3950N verification.

3. Standaard 3950N procedures (late March 2026)

The engagement team runs the following checks on the iXBRL file:

• Data integrity: tagged financial data extracted and reconciled against the audited trial balance. All figures match.
• Tagging accuracy: sample of taxonomy elements reviewed. Revenue tagged as "Nettoomzet" (correct), not "Overige bedrijfsopbrengsten." Fixed assets disaggregated correctly.
• Consistency: subtotals in notes reconciled to primary statements. A €12,000 rounding difference found in the fixed asset note. The XBRL specialist corrects the file.

4. Signing and filing (April 2026)

The engagement partner generates the XBRL auditor's report using the NBA's Statement Generator, selects the commitment type, and applies her qualified electronic signature. The detached signature XML file is created, linking both files. Dijkstra's finance team submits the three-file package to the KVK through Digipoort. Confirmation received.

Practical checklist for your firm

1. Confirm whether your firm has the electronic signing certificates required for SBR Assurance. These are PKIoverheid-qualified certificates issued through the NBA's infrastructure. If not, begin the application process now; certificate issuance can take several weeks.
2. Test the NBA's Statement Generator (verklaringengenerator) on a non-live engagement before you need it for a real filing. Familiarise the engagement team with the commitment type selection and the XBRL auditor's report output.
3. For every statutory audit client that qualifies as a large entity, confirm the client's SBR readiness. Does their accounting software export in XBRL or iXBRL? Have they engaged an XBRL specialist? Build the Standaard 3950N procedures into the completion timeline.
4. Establish a policy for when the iXBRL file must be received from the client or conversion firm. One week before planned signing is a reasonable minimum. Late XBRL delivery should trigger a timeline discussion, not a compressed quality review.
5. Train engagement teams on the Standaard 3950N verification procedures: data integrity reconciliation, tagging accuracy sampling, and consistency checks between notes and primary statements.
6. Update your firm's standard completion checklist to include a Standaard 3950N sign-off step for all engagements where the client files through SBR.

Common mistakes

• Treating the XBRL file as someone else's problem. The XBRL specialist prepares the file, but under Standaard 3950N the auditor must verify it. Delegating preparation does not delegate responsibility for data integrity and tagging accuracy.
• Leaving Standaard 3950N procedures to the last day before signing. The verification can surface issues (tagging errors, rounding discrepancies, incorrect taxonomy element selection) that require the XBRL specialist to produce a revised file. Build buffer time into the completion schedule.
• Using outdated electronic signing certificates or untested tooling. The NBA updates the Statement Generator and signing infrastructure periodically. An expired certificate or incompatible software version on signing day is a preventable crisis.

Related tools and reading

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• Standaard 3950N: The Dutch-only standard governing auditor procedures for SBR-filed financial statements.
• SBR-NL: The organisation maintaining the Dutch Taxonomy and the Consistent Presentation specification.
• NBA Statement Generator (verklaringengenerator): Tool for producing XBRL auditor's reports and supporting digital signing.
• ESEF Regulation (EU 2019/815): The European Single Electronic Format requirements for listed companies, using the same XBRL technology.
• Digipoort: The secure government gateway for transmitting SBR filings to KVK, Belastingdienst, and CBS.