AI laws and regulation in Norway

Medium

The regulation (EU) 2024/1968 – Artificial Intelligence Act will be incorporated into Norwegian law through a dedicated AI Act, which is scheduled to enter into force in mid-2026. The Act was sent for public consultation in June 2025.

There are a number of technology-neutral regulations in Norway that currently (expressly or indirectly) apply to the development and use of artificial intelligence. Below is a non-exhaustive list of some of the most relevant ones:

• Data protection:

The Personal Data Act (PDA) implements the General Data Protection Regulation (GDPR) by incorporation. The PDA and GDPR apply to use of AI technology where personal data is processed.

• Consumer protection and digital services:

The Digital Content and Services Act implement the Digital Content Directive. The act sets requirements for the quality, updates, and remedies related to the provision of digital services. It obliges AI-based services to comply with these standards and safeguard consumer rights, applying to both paid services and those offered free in exchange for personal data.

• Health and medical devices:

The Act relating to Medical Devices incorporates the Regulation on Medical Devices, imposing general requirements regarding safety and performance, which effect the use of AI in healthcare.

• Employment:

The Norwegian Working Environment Act chapter 9 and 13 contains provisions regarding monitoring and control systems, and non-discrimination. Use of AI in employment must be in compliance with these provisions

• Product safety and liability:

The Product Control Act implements the General Product Safety Directive (GPSD). It serves as a delegation act, allowing the government to issue regulations that implement several product-related EU regulations incorporated under the EEA Agreement. The legislation imposes a general responsibility on manufacturers when software is integrated into a product.

• Use of AI by public authorities:

A new Public Administration Act, adopted in June 2025 but not yet in force, introduces rules for use of AI by public authorities in automated case processing.

• Copyright:

Directive on Copyright in the Digital Single Market (DSM) is adopted and will soon be implemented through changes in the Copyright Act and regulations to the Copyright Act. It governs situations where data protected by copyright is used for training AI systems.

• Product safety and liability:

The new Product Liability Directive will potentially impose even larger responsibilities on manufacturers that create AI-products. The directive will enter into force in the EU in December 2026, and is currently under assessment for implementation into the EEA Agreement.

The Data Protection Authority (Nw: Datatilsynet) is the current data and privacy authority. Datatilsynet provides guidance regarding AI-related data protection questions, and it operates an AI sandbox to help facilitate testing of AI technologies. These tests are also used to create guidelines.

The Norwegian Communications Authority (Nw: Nkom) has been designated as the national supervisory authority under the AI Act. Nkom will oversee responsible enforcement, provide guidance and coordinate policy implementation

The Norwegian Digitalisation Agency (Nw: Digdir) has established KI Norge as a national arena for innovation and responsible development of AI in both public and private sector. KI Norge will cooperate with Nkom and Datatilsynet in order to provide guidance and a regulatory AI sandbox.

The National Strategy for Artificial Intelligence (2020): A High-level policy by the government outlining ethical principles, privacy and democracy. The strategy is intended for the civilian sector, both private and public.

The National Digitalisation Strategy (2024–2030): Aims to position Norway as the world’s most digitalised nation, with key objectives including the adoption and development of artificial intelligence.

Furthermore, the Norwegian Data Protection Authority (Nw: Datatilsynet) has issued several rapports and guidelines on the use of AI and data protection. 

Norway’s National Strategy for Artificial Intelligence explicitly aligns with the OECD AI Principles, promoting AI built on ethical principles, data protection and cybersecurity.

The use of ISO/IEC standards are widespread in many sectors and referenced as AI standard in the National Strategy for Artificial Intelligence.

The Norwegian Standardisation Organisation (Standards Norway) is the Norwegian member of ISO. Standards Norway has, among others, adopted the ISO/EC 42001:2023 as a national standard. 

The EU AI Act has been adopted and will be incorporated into Norwegian law through a dedicated AI Act. The act is scheduled to enter into force in late summer of 2026. 

N/A.