Artificial Intelligence · Norway
AI regulation in Norway (2026)
Norway shaded by its artificial intelligence status
Norway does not yet have a comprehensive AI law in force. The government published a consultation (30 June 2025) on a national AI Act that will transpose the EU AI Act into Norwegian law through the EEA Agreement, with entry into force targeted for summer/late 2026. Until then, AI is governed by the non-binding 2020 National Strategy for Artificial Intelligence plus existing sectoral and data-protection rules (GDPR/Datatilsynet).
Key points
The Ministry of Digitalisation and Public Governance circulated a consultation on 30 June 2025 for a new Norwegian AI Act implementing EU Regulation 2024/1689. It adopts the EU's risk-based approach (bans on unacceptable-risk systems, strict obligations for high-risk systems, transparency for limited-risk). The consultation closed 30 September 2025 and the law is targeted to enter into force in 2026.
As of mid-2026 the AI Act remains a proposal undergoing the legislative process; the EU AI Act has not yet been formally incorporated into the EEA Agreement, so its provisions are not yet binding in Norway. Entry into force is planned for summer/late 2026, in step with the EU to preserve EEA market alignment.
The proposal designates the Norwegian Communications Authority (Nkom) as the national coordinating market-surveillance authority and EU contact point, with sectoral regulators supervising domain-specific high-risk systems and the Data Protection Authority (Datatilsynet) competent for certain uses such as law-enforcement applications.
Norway's binding-rules gap is currently filled by the National Strategy for Artificial Intelligence (2020), a non-binding policy document built on ethical principles, privacy/data protection and cyber security, prioritising AI in health, oceans, public administration, energy and mobility.
The government is establishing 'KI-Norge', a national arena hosted by the Digitalisation Agency (Digdir) to provide guidance, capacity-building and a regulatory sandbox for controlled testing. Datatilsynet separately runs an AI regulatory sandbox focused on data-protection-compliant AI development.
Pending the AI Act, AI use is constrained by generally applicable frameworks — notably the GDPR/Personal Data Act enforced by Datatilsynet — and sector rules, rather than a dedicated horizontal AI statute.
Timeline - major decisions & events
Norway's dedicated law implementing EU Regulation 2024/1689 is targeted for August 2026, aligned with the EU full-application date. It will establish a risk-based framework, designate Nkom as the coordinating market surveillance authority, and create a national AI regulatory sandbox hosted in Digdir.
Norwegian Ministry of Digitalisation and Public Governance (regjeringen.no) ↗Norway's Court of Appeal confirmed Datatilsynet's NOK 65 million fine against Grindr for sharing algorithmically inferred sensitive data (including sexual orientation) with ad-tech partners without valid consent, establishing a landmark precedent that AI-inferred sensitive attributes require explicit GDPR consent.
Datatilsynet ↗The Ministry of Digitalisation and Public Governance released the full draft of Norway's AI Act for consultation (deadline 30 September 2025), proposing to incorporate the EU AI Act into Norwegian law and adding national discretionary provisions on competent authorities, enforcement tools, and sanctions.
Norwegian Ministry of Digitalisation and Public Governance (regjeringen.no) ↗The government launched KI-Norge (AI Norway), a national AI coordination and guidance hub housed within Digdir, and designated Nkom (Norwegian Communications Authority) as the coordinating market surveillance authority and EU AI Office contact point, backed by NOK 30 million in dedicated funding.
Norwegian Government (regjeringen.no) ↗The government published 'The Digital Norway of the Future', setting a goal to make Norway the world's most digitalised country by 2030, with AI a central pillar — including a national AI infrastructure and a target that all public agencies use AI in their operations by 2030.
Norwegian Government (regjeringen.no) ↗Norway's Data Protection Authority opened one of the first national DPA-run AI regulatory sandboxes in the world, offering free, close-guidance testing of AI solutions under GDPR, and publishing sandbox reports as public guidance; the sandbox was later made permanent.
Datatilsynet ↗Minister of Digitalisation Nikolai Astrup published Norway's first national AI strategy, covering skills, ethical principles, data infrastructure, and regulatory adaptation, and committing to policy actions across the public and private sectors to maximise AI's societal and economic benefits.
Norwegian Government (regjeringen.no) ↗Norway enacted LOV-2018-06-15-38 (personopplysningsloven) to incorporate the GDPR into Norwegian law, providing the foundational legal framework for AI — including automated individual decision-making, profiling, and data-minimisation requirements that Datatilsynet now enforces against AI systems.
Lovdata (Norwegian official legislation portal) ↗Norway's Data Protection Authority released one of the first national DPA analyses of AI through a privacy lens, examining automated decision-making, profiling, transparency, and data-minimisation — laying the intellectual groundwork for the later AI sandbox, enforcement priorities, and the 2020 national AI strategy.
Datatilsynet ↗Norway - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →