CoE Framework Convention signatory
This content is for informational and educational purposes only and does not constitute legal advice.
The Ministry of Digitalisation and Public Governance published a draft AI Act on 30 June 2025, with public consultation closing on 30 September 2025. The government targets entry into force in August 2026, aligning with the EU's own high-risk system timeline. The Norwegian Communications Authority (Nkom) has been designated as the national coordinating supervisory authority for AI. Norsk Akkreditering serves as the national accreditation body for AI conformity assessments.
In March 2025, the government launched KI-Norge (AI Norway), a new national arena within the Norwegian Digitalisation Agency (Digdir) to coordinate responsible AI development. This includes an AI Sandbox for experimentation and a collaborative framework between Digdir, Nkom, and the Norwegian Data Protection Authority (Datatilsynet).
Norway was among the first states to ratify the Council of Europe Framework Convention on AI (CETS 225) and stated at the signing ceremony that it will apply the Convention fully to both private and public entities.
Norway published its National Strategy for Artificial Intelligence in January 2020, focusing on health, maritime, energy, and public administration. The 2024 National Digitalisation Strategy 2024–2030 sets longer-term goals for AI infrastructure, skills, and ethical use. Prior to the KI-loven, no AI-specific legislation existed — governance relied on GDPR (via the Norwegian Personal Data Act), sector-specific rules, and the national strategy.
On 7 October 2025, the Ministry of Children and Family Affairs and the Ministry of Digitalisation and Public Administration closes the consultation on the law mandating a 15-year minimum age for social media use. The law aims to protect children from potential harm, including exposure to criminal content. Providers must implement effective age verification. Services allowing public profiles, networking, and user-uploaded content are covered. However, certain services, including online marketplaces, job or housing listings, online games, closed educational or leisure groups, political or civic groups, and messaging applications, are exempt. Authorities will supervise compliance, with fines and penalties for breaches.
On 2 October 2025, the Norwegian Data Protection Authority issued a statement responding to the Government's proposed law mandating a 15-year minimum age for social media use. The authority supports setting a statutory age limit to protect children, but flagged concerns with the proposed age verification requirement. The authority highlighted privacy risks, unclear technical solutions, circumvention through virtual private networks, legal ambiguities, and enforcement challenges for foreign platforms. It recommends a two-step approach, including first implementing a statutory age limit, and further assessing age verification measures.
On 1 October 2025, the Norwegian Ministry of Digitalisation and Public Administration closes the consultation on a proposed Digital Services Act (DSA) to implement EU Regulation (EU) 2022/2065 into Norwegian law. The Act applies to large digital platforms, including Google, Meta, TikTok, and Amazon, to enhance online safety and consumer protection, especially for children. The Act proposes bans on targeted advertising to minors and the use of sensitive personal data for ads, requires transparent advertising disclosures, easier reporting of illegal content, and prohibits manipulative design tactics. It also mandates risk assessments by major platforms on illegal content, election interference, disinformation, and user health, with the National Communications Authority coordinating enforcement alongside other national authorities.
On 29 September 2025, the Norwegian Data Protection Authority (Datatilsynet) submitted a consultation statement to the Ministry of Digitalisation and Public Governance on the draft Act on Artificial Intelligence, which implements the European Union’s Artificial Intelligence Regulation (Regulation (EU) 2024/1684) into Norwegian law. The Authority urged full incorporation of the Regulation to ensure legal certainty and equal protection for individuals. It requested clarification of jurisdictional rules for cross-border and domestic AI use and expressed readiness to serve as the market surveillance authority for high-risk AI systems in law enforcement, contingent on receiving additional resources to fulfil these duties. Datatilsynet emphasised that its statutory independence must be preserved within cooperation structures and called for an independent, expert appeal body with the power for market authorities to seek judicial review. It also proposed a general ban on biometric remote identification, including for commercial use, citing serious privacy and human rights concerns. The Authority further sought confirmation that coercive fines may apply regardless of cross-border activity, recommended a legally mandated list of national authorities responsible for fundamental rights oversight, and requested clear rules for information sharing among supervisory bodies to ensure effective and consistent enforcement.
Last updated: 07/10/2025