For fifty years, the Netherlands tolerated cannabis sales in coffeeshops while maintaining the fiction that the supply chain behind those shops was illegal. On April 7, 2025, that fiction ended—at least in ten municipalities. The Experiment Gesloten Coffeeshopketen (closed coffee shop chain experiment) made the Netherlands the first country to attempt a fully tracked, government-regulated cannabis supply chain in a market that already had a legal retail layer. The compliance architecture it created is unlike anything else in the world.

Understanding what the Netherlands built—and how it manages data, tracks products, and enforces compliance—matters not just for Dutch operators but for every regulator and cannabis business in Europe watching this experiment determine whether regulated supply can actually replace illicit sourcing.

What the Wiet Experiment Actually Is

The “gedoogbeleid” (tolerance policy) that defined Dutch cannabis for decades allowed coffeeshops to sell cannabis to adults but provided no legal pathway for coffeeshops to purchase their inventory. Supply was technically illegal; sales were tolerated. The result was a retail sector dependent on criminal supply networks—the famous “back door problem” that Dutch regulators debated for decades without resolving.

The Wiet Experiment attempts to solve this by creating a closed, government-supervised supply chain. Ten municipalities participate: Breda, Tilburg, Arnhem, Nijmegen, Almere, Groningen, Heerlen, Hellevoetsluis, Zaandam, and Maastricht. Within these cities, approximately 80 participating coffeeshops may only source cannabis from 10 licensed government-approved cultivators—companies that won contracts through a competitive selection process overseen by the Netherlands Food and Consumer Product Safety Authority (NVWA).

The “closed” designation means exactly what it implies: the supply chain is sealed from cultivation to retail. No mixing with illicit supply is permitted. Every gram that moves through the system is tracked. And that tracking requirement creates a compliance and data architecture that has no direct equivalent in any other European market.

The Compliance Architecture: Traceability End to End

The experiment’s compliance infrastructure functions as a national seed-to-sale tracking system, but built from scratch for the Dutch context rather than adapted from US models.

Cultivator obligations: The 10 licensed cultivators must maintain production batch records with 7-year retention. Every batch must be tested by NVWA-approved laboratories for cannabinoid content (THC, CBD percentages) and contaminant screens covering heavy metals, pesticides, mycotoxins, and microbial contamination. Test results are reported to NVWA before any batch ships to retail. Each batch carries documentation that travels with the product to the coffeeshop.

Coffeeshop obligations: Participating coffeeshops must record all inventory received from approved cultivators, maintain sales records, and submit documentation demonstrating that no illicit cannabis entered their supply. The transition to regulated supply happened in stages: during the transitional period (June 2024–April 2025), coffeeshops could maintain existing illegal stock while onboarding regulated products. After April 7, 2025, only regulated product may be sold.

The illegal hashish exception: The experiment covers cannabis flower produced by licensed Dutch cultivators. Hashish—cannabis resin products—presented an immediate practical problem: there are no licensed Dutch hashish producers in the experiment. The government granted coffeeshops a temporary extension permitting continued sale of tolerated (technically illegal) hashish until September 1, 2025, when supply constraints from the experiment’s initial months were expected to ease. This exception highlights a persistent challenge in rapid market formalization: the transition period itself creates a dual-compliance environment that is genuinely difficult to document.

Data Collection, GDPR, and Research Obligations

The Wiet Experiment is simultaneously a regulatory framework and a research programme. RAND Europe and an independent guidance committee track consumption patterns, public health outcomes, crime rates in pilot vs. control municipalities, and product safety metrics across the four-year experiment duration.

This research mandate creates data collection requirements that go beyond what typical cannabis compliance tracking demands—and those requirements must be reconciled with GDPR.

What gets collected: The experiment collects aggregate sales data (quantities, product categories, price points), product safety data (batch test results across the supply chain), public health data from patient registrations and municipal health services in pilot cities, and law enforcement data comparing illicit market activity before and after regulated supply.

The anonymisation imperative: Coffeeshop customer data presents a specific challenge. Dutch law and European human rights tradition have long protected cannabis consumer anonymity—coffeeshops are not permitted to require customer identification beyond age verification. The research programme must therefore collect behavioural and health data through opt-in channels (survey participation, voluntary health monitoring) rather than through mandatory customer tracking.

For the research data that is collected, the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) requires documented legal bases under GDPR. Public health research can proceed under Article 89 GDPR (processing for archiving, research, or statistical purposes) with appropriate safeguards: pseudonymisation of participant data, access controls limiting who can link anonymised research data to identifiable individuals, and retention limits aligned with the research programme’s timeline.

The NVWA data systems: Product safety and compliance data flowing through the NVWA creates a different data governance question—this is regulatory data rather than research data, held by a government authority rather than researchers. The NVWA’s systems must meet Dutch central government security standards, and cultivator compliance records held by NVWA are government databases subject to the Dutch Government Information Act, not GDPR.

What Compliance Looks Like Day to Day

For a coffeeshop participating in the Wiet Experiment in, say, Tilburg, the day-to-day compliance reality looks roughly like this:

Inventory arrives from a licensed cultivator with batch documentation attached—the product safety testing result, the cultivator’s licence number, and the batch origin record. The coffeeshop records this receipt. When a customer purchases, the coffeeshop records the sale against its inventory. At the end of the day, the inventory should reconcile: opening stock plus receipts minus sales equals closing stock.

If there’s a discrepancy, the coffeeshop has an explanation problem. Unlike US METRC systems, there’s no real-time digital reporting requirement for each transaction—the Dutch model is currently less granular than the best US state systems. But periodic reconciliation reports go to regulators, and systematic discrepancies trigger NVWA inspection.

The compliance documentation that coffeeshops must maintain includes: inventory receipt records, batch documentation from cultivators, sales records (aggregate, not individual customer), and evidence that no non-approved supply has entered the system. That last requirement—proving a negative—is the hardest. Inspectors conducting unannounced audits check not just the records but the product on hand: is it from a licensed cultivator, does it match batch documentation, and is the quantity consistent with the records?

The Hashish Problem as a Compliance Lesson

The transitional hashish exception deserves specific attention because it illustrates a compliance dynamic that appears in every market that transitions from tolerance to regulation: dual compliance is harder than either pure compliance or pure non-compliance.

During the transition period when coffeeshops could sell both regulated flower and tolerated hashish, they had to maintain separate inventory documentation for two product categories with different legal statuses and different documentation requirements. The regulated flower had to be tracked against cultivator batch records. The tolerated hashish had no supply chain documentation—it came from unregulated (criminal) sources that couldn’t produce it.

This created coffeeshops maintaining compliance records that were simultaneously thorough (for regulated products) and absent (for tolerated products). Regulators accepted this during the transition. The lesson for any operator navigating a transitional compliance environment: document everything possible, be transparent about what you cannot document, and maintain a clear distinction between regulated and non-regulated activity.

What the Wiet Experiment Signals for European Cannabis

Every serious European cannabis legalization proposal is watching the Wiet Experiment. Germany, the Czech Republic, Switzerland, and the UK are all at various stages of regulatory development, and the Dutch experience provides the only real-world data on what happens when a country that already has legal retail attempts to introduce regulated supply.

The early signals from 2025:

  • Supply constraints: The 10 licensed cultivators initially could not meet demand, creating supply gaps and the hashish exception. Scale-up of regulated cultivation takes time and capital.
  • Product diversity limits: Licensed cultivators produce standardised products with documented cannabinoid profiles. Coffeeshop customers accustomed to a wide variety of products may find the regulated range initially narrower.
  • Price pressure: Regulated production with compliance overhead costs more than illicit supply. If regulated product prices significantly exceed street prices, illicit supply remains attractive.

For cannabis operators in other EU markets, the practical takeaway is about compliance architecture: start with traceability. Whatever product tracking system you build, build it to generate audit-ready records automatically. The Dutch experiment shows that regulators building systems from scratch defaulted to compliance-by-documentation—and operators who can produce batch records, test results, and inventory reconciliation on demand will be better positioned in every regulatory environment moving toward formalisation.

Practical Notes for International Operators Watching the Netherlands

If you’re an operator or investor tracking the Wiet Experiment for market intelligence:

  • The four-year timeline: The experimental phase runs four years from April 2025, with a possible 18-month extension. The evaluation in 2027-2028 will determine whether the framework expands nationally.
  • License scarcity: The 10 cultivator licences are a significant constraint on supply. Any national expansion would require a substantially larger cultivator pool—and a licensing process with more slots.
  • Municipality choice: Only 10 of 344 Dutch municipalities participate. Coffeeshops outside experiment municipalities continue under the old tolerance model—regulated retail, illicit supply. This creates a compliance inequality that’s politically difficult to maintain long-term.
  • The RAND Europe evaluation: The research body evaluating the experiment is the same organisation that has produced credible cannabis policy research across Europe. Their 2027 interim evaluation will carry significant weight in Dutch and EU policy discussions.

The Netherlands built something genuinely novel on April 7, 2025. Whether it becomes the template for European cannabis compliance or a cautionary case study about transition complexity depends on outcomes still being measured. Every cannabis operator in Europe should be watching it.

CannaSecure monitors EU cannabis regulatory developments and helps European operators build compliance architectures suited to their jurisdiction’s specific requirements. Contact us to discuss compliance planning for your market.