Internet & Online Safety · Norway
Online safety & content laws in Norway (2026)
Norway shaded by its internet & online safety status
Norway, an EEA (non-EU) state, does not yet have a comprehensive online-safety/platform-regulation regime in force; the EU Digital Services Act is being transposed via a proposed national Act on Digital Services that completed public consultation on 1 October 2025 and is expected to apply from summer 2026. A separate bill imposing a social-media age limit (access from 1 January of the year a child turns 16) with platform-side age-verification duties is heading to Parliament, though it is not expected to take effect before 2027. Until these enter into force, online activity is governed by partial rules: intermediary-liability provisions of the e-Commerce Act and the 2020 Media Liability Act.
Key points
The Ministry of Digitalisation circulated a draft Act on Digital Services for consultation (deadline 1 October 2025) incorporating the DSA largely as-is, with supplementary obligations such as a duty on hosting providers to report suspected criminal content to police; the Government aims for it to apply from summer 2026.
Nkom (Norwegian Communications Authority) is to be the national Digital Services Coordinator, with the Norwegian Media Authority (Medietilsynet), the Data Protection Authority (Datatilsynet) and the Consumer Council assigned competence in their respective fields.
The Government will present a bill setting an absolute age limit for social media, with access permitted from 1 January of the year a child turns 16; it follows a public-consultation proposal (originally age 15) and targets platforms like TikTok, YouTube, Snapchat and Facebook.
Under the proposal, technology companies (not users) bear responsibility for verifying users' age at login; the Government is also raising the GDPR age of consent for information-society services to 15. EEA notification is planned before summer 2026 and rules are not expected to take effect before 2027.
The proposed Act on Digital Services adds mechanisms to make reporting illegal content easier, restrict manipulative 'dark pattern' design, and ban targeted advertising directed at children and young people, mirroring DSA obligations scaled to platform size (including VLOPs).
Pending the DSA Act, online intermediaries are subject to the limited-liability rules of Norway's e-Commerce Act (implementing the EU e-Commerce Directive), while editorial/publisher responsibility for online media is governed by the Media Liability Act (medieansvarsloven), in force since 1 July 2020.
Timeline - major decisions & events
After a public consultation on an initial 15-year threshold drew over 8,000 submissions, the Norwegian Government announced it will present a bill to Parliament setting the minimum social media age at 16 (aligning with Australia). Platforms will be responsible for age verification at login; exceptions apply for school-related and communication services.
Norwegian Government (regjeringen.no) ↗Norway's Digital Security Act — implementing EU NIS1 Directive 2016/1148 and enacted in December 2023 — entered full force for all covered operators of essential services and relevant digital service providers, ending transitional provisions and triggering mandatory cybersecurity risk management and incident reporting.
DLA Piper Norway ↗Norway's Ministry of Digitalisation circulated a draft law incorporating the EU Digital Services Act into Norwegian law, with Nkom proposed as competent authority and coordinator for digital services. The consultation deadline was October 1, 2025, with DSA obligations expected to apply from summer 2026.
DataGuidance / regjeringen.no ↗The Norwegian Government sent a draft law for consultation proposing an absolute minimum age of 15 for access to social media platforms, also raising the GDPR consent age to 15. This was Norway's first legislative step to restrict children's access to social media and generated over 8,000 public responses.
Norwegian Government (regjeringen.no) ↗A comprehensively revised Electronic Communications Act (adopted 12 November 2024), replacing the 2003 Act and implementing the EU European Electronic Communications Code, entered into force. It extended Nkom's oversight to data centre operators, strengthened cybersecurity obligations for network operators, and tightened cookie-consent requirements.
Norwegian Government (regjeringen.no) ↗Parliament enacted the Digital Security Act implementing EU NIS1, establishing mandatory cybersecurity risk management, incident-reporting obligations, and supervisory powers for NSM (the National Security Authority) over operators of essential services such as energy, transport, health, water, and digital infrastructure providers.
Schjødt ↗The Norwegian Supreme Court ruled that section 185 of the Penal Code provides stronger protection to minors than adults in online contexts, establishing that the same online statement can carry heavier criminal weight when directed at children — a landmark ruling defining the scope of online speech regulation.
Library of Congress Global Legal Monitor / Høyesterett ↗Norway's Data Protection Authority imposed its largest-ever GDPR fine (NOK 65 million, ~€5.4 million) on US-based Grindr LLC for sharing users' precise location and sexual orientation with advertising partners without valid legal basis, violating Articles 6(1) and 9(1) GDPR — setting a major precedent for online-platform data practices.
Datatilsynet ↗In twin landmark rulings, Norway's Supreme Court upheld criminal convictions under Penal Code section 185 for racist and anti-Muslim comments posted in a 'closed' Facebook group of ~15,000 members, confirming for the first time that ostensibly private social-media spaces constitute 'public' utterance under Norwegian criminal law.
Norges Domstoler (Norwegian Courts) ↗The Norwegian Personal Data Act of 15 June 2018 entered into force on 20 July 2018, incorporating the GDPR by reference through the EEA Agreement and granting Datatilsynet full enforcement powers including fines up to €20 million or 4% of global turnover — the bedrock of online data-processing regulation in Norway.
Datatilsynet ↗Norway's new Penal Code (originally adopted 2005) entered full force with section 185 replacing the old section 135a, formally applying hate speech criminal liability to online utterances. A 2012 Ministry of Justice proposal to classify the internet as 'public space' had informed the legislative drafting.
Library of Congress Global Legal Monitor ↗Following Copyright Act amendments enabling rightsholder-initiated court injunctions, Norwegian ISPs began executing DNS-based blocks on piracy sites including The Pirate Bay — Norway's first judicially mandated regime of online content restriction, subsequently expanded to dozens of streaming and torrent portals.
Hollywood Reporter ↗Norway enacted its foundational Electronic Communications Act implementing EU Directive 2002/58/EC on privacy and electronic communications, establishing Nkom as the sector regulator and creating the primary legal framework governing internet service providers, network security, and lawful interception for over two decades.
WIPO Lex ↗Norway - other topics
Last verified 5/23/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →