3 We shall strengthen the prerequisites for digitalisation

Some prerequisites need to be in place in order to succeed with the digitalisation of our society. These form the foundation for digital development. With a solid foundation in place, we will be better positioned to accelerate our efforts in priority areas moving forward.

3.1 Strengthening governance and coordination in the public sector

Zoom in on image

Goals

In the run-up to 2030, the Government will ensure stronger cross-sectoral governance and coordination of digitalisation, so that we can harness the immense potential we currently have. We will create strong synergies between Norwegian and European digitalisation policy. The Government is seeking a change of pace in public sector digitalisation.

We shall have a public sector that offers better, more seamless digital services to citizens and the business sector. We shall use digitalisation for de-bureaucratisation and ensure that professionals can devote more of their skills to providing good services to people. We shall introduce labour-saving technology through trust-based and participatory digitalisation.

3.1.1 Strengthened governance of digitalisation policy

Status

Several societal challenges must be solved across sectors and administrative levels. Digitalisation is a tool for solving these challenges. In order for citizens and the business sector to experience seamless and comprehensive digital services, the entire public sector, irrespective of whether they are central or local government agencies, must cooperate to develop the services.

To make better use of the opportunities offered by new technologies and digitalisation, it is therefore necessary to consider how to manage and coordinate digitalisation across sectors and administrative levels. It is also necessary to enhance collaboration between the public and private sectors. In January 2024, the Government established the Ministry of Digitalisation and Public Governance. Among other things, the Ministry has been assigned primary responsibility for developing and coordinating digitalisation policy that encompasses both the private and public sectors, and will be a driving force for developing new public digital solutions. Extensive collaboration with additional actors is needed to succeed in this effort.

The Norwegian Association of Local and Regional Authorities is the Government’s partner in digitalisation efforts in the public sector and is responsible for appointing municipal sector representatives to national councils, committees and digitalisation projects. It is important that the association coordinates the municipal sector’s digitalisation efforts in relation to the central government and business sector.

According to the Digitalisation Circular 28 , government agencies are to follow principles for coordination with and involvement of the municipal sector in national digitalisation efforts that affect the municipal sector. These principles are equality and influence, representativeness and continuous involvement.

A prerequisite for seamless and comprehensive services across central and local government is digital maturity from all parties. Municipalities vary in terms of the progress of their digitalisation efforts, and a lack of skills and capacity increases the risk of smaller municipalities being marginalised from the digital community. 29

Collaboration between the public and private sectors is important for making the most of our resources. The programme digital samhandling offentlig privat (DSOP) 30 [Public–Private Digital Cooperation (PPDC)] is an example of successful collaboration.

Legislation determines the framework for digitalisation. Therefore, it is important to assess the legislation early on in the process of digitalisation initiatives. The legislation is intended to safeguard fundamental rights, including the right to privacy, freedom of expression and non-discrimination. Challenges in this domain include that technological development is outpacing legislative efforts and that the legislation is not technology-neutral or fails to address emerging needs. Furthermore, doubts may arise as to the scope of action provided by the legislation.

Digitalisation measures may necessitate a review of whether the state of the law must or should be changed. In addition, it is always necessary to consider how fundamental rights can be safeguarded when assessing what should be digitalised, what technology should be used, and whether the gap between existing and necessary legislation requires further legislative development. The National Audit Office of Norway has pointed out that although the public sector already shares data, there is significant potential for greater sharing. Increased data sharing requires, among other things, that legal issues are clarified and that privacy is safeguarded. 31

Charting the course towards 2030

In order to strengthen the coordinating role of the Ministry of Digitalisation and Public Governance, the Government will further develop existing digitalisation policy instruments while also developing new instruments. Several actors and policy instruments can be included in this work, including the Norwegian Digitalisation Agency, SKATE (management and coordination of services in e-government), Stimulab, medfinansieringsordningen [the Co-Financing Mechanism], the Digitalisation Circular and other legislation. Important steps in the coordination also include developing common standards and architectures, and contributing to increased use of joint solutions. Digitalisation also increases the need to safeguard cross-cutting considerations and investments across sectors, which requires the establishment of enabling mechanisms.

The Government will ensure a comprehensive and long-term prioritisation of digitalisation initiatives in the public sector. This prioritisation will be based on a comprehensive overview of digitalisation initiatives in the sectors, provide predictability and chart the course. It must be based on professional recommendations and consistent and transparent criteria, and it must have a multi-year perspective. The prioritisation is intended to ensure that the funds are allocated to the areas with the greatest need and that provide the greatest benefit to society.

To help ensure that even more beneficial digitalisation initiatives are implemented, the Government will strengthen the Co-Financing Mechanism. This scheme is a well-established and unbureaucratic policy instrument aimed at realising socio-economically beneficial measures that would otherwise not have been implemented.

When government agencies collaborate on digitalisation initiatives, it is challenging to identify models for cost-sharing and benefit calculation, including incentive mechanisms for working across sectors and administrative levels. Actors who make investments are not always the ones who reap the benefits. For instance, data sharing and solutions within the public sector often incur costs for the solution developer, while the benefits are enjoyed by others. One measure to meet this challenge is to establish good models for cost-sharing and benefit realisation in cross-cutting digitalisation initiatives. The Norwegian Agency for Public and Financial Management has therefore been commissioned to map various models for cost-sharing across sectors and administrative levels, as well as experiences with the models. 32

Together with its members, the Norwegian Association of Local and Regional Authorities has established a number of councils and committees to help coordinate and harmonise local government digitalisation efforts. Strategic coordination currently takes place through a joint governance structure for digitalisation. 33 The Norwegian Association of Local and Regional Authorities’ tasks will be solved in close collaboration with regional digitalisation networks. These networks are owned and managed by the municipalities and play an important role in contributing to the development of skills, the sharing of experience and the dissemination of joint solutions. The digitalisation networks also play a role in the introduction of national joint solutions and services for use in local government. Models should be established that contribute to an increased implementation of digitalisation in local government. The digitalisation networks play an important role in this effort.

Most municipalities actively engage in ICT projects, although some municipalities have lower levels of activity. 34 The Government wants to prevent excessive digital inequalities between municipalities. Better collaboration on digitalisation across sectors and administrative levels is necessary to ensure efficient resource utilisation and better services. Therefore, the Government will strengthen its collaboration with the Norwegian Association of Local and Regional Authorities on digitalisation across sectors and administrative levels.

PPDC has helped us realise major benefits for citizens, the business sector and the public sector through collaboration and interaction. One example is the consent-based loan application process. The Government will identify new areas for collaboration on digitalisation between the public, private and voluntary sectors.

The Government will strengthen its work on digitalisation-friendly legislation. In order to develop good digital services, we need to facilitate interdisciplinary collaboration from the outset, so that services and legislation are developed simultaneously. 35 Development work must take place at the intersection of language, law and technology. The legislation must be designed so that the digitalisation measures can be implemented technically, while digitalisation measures must simultaneously comply with the legislation. This interaction is necessary to strengthen the work on digitalisation-friendly legislation and clear language. The Norwegian Resource Centre for Sharing and Use of Data under the Norwegian Digitalisation Agency is a key interdisciplinary environment for work on digitalisation-friendly legislation. To be able to assist all sectors with the development of digitalisation-friendly legislation, the capacity of the resource centre should be increased.

The Government will

• Strengthen the coordination and implementation of digitalisation initiatives across sectors
• Ensure a comprehensive and long-term prioritisation of digitalisation initiatives in the public sector
• Strengthen the Co-Financing Mechanism for socio-economically beneficial central government measures
• Identify new areas for collaboration on digitalisation between the public and private sectors
• Further develop the collaboration with the Norwegian Association of Local and Regional Authorities on digitalisation in the public sector
• Establish legislative development on digitalisation, data sharing and AI
• Strengthen efforts on digitalisation-friendly legislation and clear legal text

3.1.2 Create synergies between Norwegian and European digitalisation policy

Status

The EU has an ambitious digitalisation policy based on the overarching Digital Decade strategy. 36 Legislation, funding, and skills development through programs are important policy instruments for achieving the goals of the strategy. In addition, a great deal of sectoral European legislation is being developed that guides and supports digitalisation in the various sectors of society. In a challenging geopolitical context, the EU wants to be a global actor in the field of technology. The EU is challenging the large global technology companies through legislation in a manner that individual countries like Norway cannot.

Many of the EU’s digitalisation policies affect Norway. Most of the legislation becomes Norwegian law via the EEA Agreement, and Norway participates in several EU programmes. The DIGITAL programme represents a concerted effort to enhance the competitiveness of European businesses, ensure better and more efficient solutions for the public sector, lay the foundation for a green transition and strengthen Europe’s cyber security and sovereignty. The strategy for Norway’s participation in DIGITAL 37 sets out goals and key priorities for Norway’s participation in the programme, as well as specific focus areas to ensure that we maximise the benefits of our participation. Other EU programmes also support the digitalisation ambitions, such as the EU’s research and innovation framework programme, Horizon Europe.

We are also working closely with our Nordic-Baltic neighbours on digitalisation, particularly within the framework of the Nordic Council of Ministers. 38 The Nordic Council of Ministers promotes joint Nordic solutions in areas where the Nordic countries can achieve better results by working together than by solving tasks separately. The Nordic cooperation also allows our countries to have a united voice in relation to the EU.

Charting the course towards 2030

It is important to create strong synergies between Norwegian and European digitalisation policy. Implementation of legislation from, and cooperation with, the EU can help to develop Norwegian digitalisation policy. For instance, the EU has in recent years adopted legislation that facilitates data sharing. Implementing such legislation into Norwegian law can help us achieve Norwegian policy goals of increased value creation using data.

Through the DIGITAL programme, Norway can, among other things, gain access to infrastructure and expertise that is useful for Norwegian actors. There is potential to include more Norwegian actors in the DIGITAL programme.

EEA cooperation requires continuous updates to the EEA Agreement with relevant EU legislation. Utvalget for utredning av erfaringer med EØS-avtalen [Committee for the Assessment of Experiences with the EEA Agreement] 39 believes it is a significant challenge that the EEA backlog has grown over the past decade, and that Norway must help to reduce the backlog. As part of the work to reduce the backlog, the Committee believes that Norway should look at the possibility of standardising and thus streamlining the work on EEA adaptations.

Close monitoring of legislative developments and policies in the EU helps ensure that we are better prepared for legal changes that will also apply in Norway. A more proactive and coordinated approach to work in the EU can also give us the opportunity to influence legislative and policy development. The Government will monitor legislative developments in the EU and implement adopted EEA-relevant EU legislation quickly, among other things to ensure the Norwegian business sector has the same competitive conditions as the rest of Europe.

Table 3.1 Key EU digitalisation legislation*

*The various pieces of legislation are at different stages in the EU legislative process and in their implementation into Norwegian law.

The Government will

• Actively participate in the design of the EU’s future long-term digitalisation programmes
• Reduce the backlog in the implementation of adopted EEA-relevant EU legislation on digitalisation into Norwegian law
• Conduct a comprehensive assessment of Norway’s participation in the EU’s future long-term programmes

3.1.3 A coordinated and innovative public sector for citizens and the business sector

Status

Overall, citizens are satisfied with both central and local government services; however, average satisfaction has declined since 2017. 40 Although there have not been major changes from year to year, satisfaction in 2023 reached its lowest level since 2010. Users often experience that the provision of services is fragmented. 41 Several government agencies are therefore working purposefully to create coherence in the provision of services, including through the work on seamless services within the seven selected life events. 42

By cooperating across sectors, administrative levels and industries, we can create seamless services. The principles 43 that have been established for collaboration between the central and local government on digitalisation have contributed to improved collaboration and more joint projects. However, many of these projects involve one specialised central government sector in collaboration with local government. One example of a cross-cutting collaboration is DigiUng.

Digitalisation offers great opportunities to develop health and care services for the benefit of all. The goal is for both citizens and healthcare professionals to have secure access to relevant health information when they need it. The main responsibility for digitalisation lies with the actors in the health and care sector. Digital interaction, enhanced comprehensive information management and increased standardisation will ensure that up-to-date health information is secure, of good quality and easily accessible. The Government’s strategy for digitalisation in health and care services is presented in Report to the Storting (white paper) 9 (2023-2024) Nasjonal helse- og samhandlingsplan [National Health and Cooperation Plan].

To be able to introduce digital services and to automate services, we depend on citizens’ trust in the public administration. A key success factor in leveraging new technologies is the ability of organisations to involve employees and employee representatives. The introduction of new technology may require changes in working methods and new skills requirements. The Trust Reform 44 is closely linked to the Government’s ambition to leverage technology and digitalise the public sector. The goal is to ensure greater well-being and better services to citizens and the business sector. If people find that services are of high quality, they will have greater trust in the public sector. In order to reap the benefits, free up time in primary services and maintain people’s trust in the public sector, we need to put digitalisation on the agenda in the collaboration of the parties, both locally and centrally.

Charting the course towards 2030

We want to make it easier for citizens, the business sector and voluntary organisations to interact with the public sector. They should experience seamless and comprehensive digital services, irrespective of the provider. Actors must work together if we are to achieve this ambition. Services should inspire trust, be universally designed and be more adapted to individual needs. Services for children and young people should be age-appropriate. Employee representatives in government agencies shall be a significant contributor to the development of services.

Zoom in on image

Citizens should receive accurate and unambiguous information about their rights, obligations and opportunities. 46 The Norwegian public sector currently has many websites, portals and digital services aimed at users. The myriad of communication channels makes it difficult for people to locate, understand and use information from the public sector. Experience from working with the life event “Seriously ill child” shows that families with seriously ill children spend an average of 19 hours a week navigating the vast amount of information and coordinating services from the public sector. 47

Work on seamless services within defined life events 48 shall be continued. Lessons learnt from the work that has been done are useful in the coordination and development of more seamless services. 49 An arena for exploring solutions to regulatory challenges and other barriers to collaboration may be a useful tool.

The voluntary sector is a pillar of Norwegian society and plays an important role in all arenas of society. The Government wants voluntary organisations to spend as much time as possible on generating activity and as little time as possible on paperwork. Therefore, we are continuing our efforts in the life event “Starting and managing a voluntary organisation”. The aim of this work is to facilitate the sharing and reuse of data in central government grant management and realise the once-only principle. Voluntary organisations should not have to submit the same information to the central government multiple times.

In collaboration with the Norwegian Association of Local and Regional Authorities, the Government will investigate a single gateway to general and personalised information and to digital public services. This may include access to your own personal data, such as relevant health information. Such a single gateway will enable users to quickly and easily fulfil their obligations and apply for and receive benefits. The solution can also include digital personal assistants that provide the user with support during the process. AI may be a tool for developing such assistants.

The EU Regulation Establishing a Single Digital Gateway (SDG) 50 aims to make it easier and more appealing for European citizens and businesses to establish themselves in Norway, and for Norwegian citizens and businesses to establish themselves in the EU. This will be achieved by making 21 services available digitally across national borders in the EU. In addition, the YourEurope portal 51 will help EU citizens navigate the public systems in other EU countries, thereby making it easier for them to exercise their rights and obligations. The SDG should be understood in the context of the initiative to investigate a single gateway to general and personalised information and to digital public services.

Digitalisation must be implemented so that the public sector can fulfil its obligations under the Language Act. The public sector is to communicate clearly and accurately with citizens and use a clear Norwegian or Sámi language. When the public sector develops and utilises new ICT tools and services, the work on language must be included from an early stage in the planning process.

New technology and digitalisation can be labour-saving and contribute to reduced growth in labour needs for the entire public sector. This can help increase productivity in the public sector. Examples of labour-saving technology include welfare technology and the robotisation of administrative functions. The Nasjonal helse- og samhandlingsplan 52 [National Health and Cooperation Plan] states that implications for personnel must be investigated as part of the decision-making basis for all measures within the Ministry of Health and Care Services’ sectoral responsibility. The Government will consider whether the investigation of implications for personnel should be a requirement as part of the decision-making basis for all public digitalisation initiatives.

Both citizens and personnel should have secure access to relevant health information when they need it. Technology and digital interaction solutions should help maintain or improve the quality of treatment for patients and users, and facilitate participation. In the National Health and Cooperation Plan, the Government has clarified the roles and responsibilities of relevant actors for digitalisation in the health and care sector. This will help ensure that the overall resources are utilised effectively and efficiently. New national needs require a faster transition from planning to trialling and introduction of digital solutions. Proposed solutions should be tested early on to allow for course adjustments along the way and enable quicker implementation. The health services must develop and adopt digital solutions to free up time for patient treatment, research, education and patient training, without jeopardising quality and patient safety.

AI has the potential to change the roles within the public sector and the relationship between government agencies and users (citizens, the business sector and the voluntary sector). How this will develop and what implications the use of AI will have over time is difficult to predict today. This is why it must be trialled in practice. AI must be used in an ethical and responsible manner, and in line with relevant legislation to ensure that its use is fair, transparent and in accordance with how we want to develop the public sector. The Government will monitor developments and continuously assess measures and the need for more regulation.

Stimulab is a scheme that stimulates the development of user-oriented solutions involving technology. The Government will further develop schemes that facilitate innovation in public services.

The Norwegian Agency for Public and Financial Management and the National Program for Supplier Development 55 assist government agencies in carrying out innovative procurements. Innovative procurement should be used as a tool to promote innovation in digitalisation and the use of AI in the public sector.

The Government wants to reduce the business sector’s costs associated with imposed regulations and the completion of public forms by NOK 11 billion by 2025. Such cost reductions can be achieved by amending acts and regulations or by making it easier for the business sector to fulfil current legislation, for example by further developing digital reporting.

Many enterprises find it difficult to navigate the business-oriented policy instrument system. Therefore, the Government has initiated the development of the Én vei inn [One-Stop-Shop] solution, which is a single digital gateway where enterprises can quickly receive clarification and guidance for further interaction with the policy instrument system. Innovation Norway is leading this development in close collaboration with other policy instrument actors.

The Government will

• Continue the work on life events and strengthen the work on seamless services, in collaboration with the Norwegian Association of Local and Regional Authorities
• Investigate a single digital gateway for citizens and other users to information and digital public services
• Establish a test arena for exploring regulatory and technological challenges in the work with seamless services
• Consider whether the investigation of implications for personnel should be part of the decision-making basis for all public digitalisation initiatives
• Further develop policy instruments for digitalisation and innovation in the public sector
• Increase the share of innovative procurements in the area of digitalisation and the use of AI in the public sector
• Continue efforts to reduce the costs to the business sector associated with imposed regulations and the completion of public forms
• Further develop the One-Stop-Shop digital solution, which gives the business sector a single gateway to the policy instrument system
• Continue and strengthen the work on simplification for the voluntary sector

3.2 Ensuring a secure and future-oriented digital infrastructure

Zoom in on image

Goals

Towards 2030, the Government will establish high-speed broadband and good mobile coverage for all, and ensure that we have robust electronic communications networks and services nationwide.

We shall ensure a well-functioning shared digital ecosystem for interaction and service development in the public sector.

3.2.1 A nationwide, secure, future-oriented and accessible digital foundation

3.2.1.1 Greater coverage, capacity and competition

Status

Data centres and mobile and broadband networks (electronic communications networks) make up Norway’s digital foundation and are a prerequisite for further digitalisation of society. The mobile and broadband networks in Norway already have good coverage. As society is becoming increasingly dependent on the internet, it is necessary to continuously improve the digital foundation.

New services and applications based on fibre optics and 5G mobile technology are rapidly being established in densely populated areas. They provide the basis for new ways of solving tasks and increase value creation and productivity. It is important that such services are also made available in more sparsely populated areas. 100 per cent coverage is first and foremost important for each individual citizen to be able to participate fully in society, but it is also important for the development of the business sector and for the public sector to maximise the benefits of digitalisation.

Access to high-speed mobile networks is important not only where people live, but also where people work and travel. Greater coverage of mobile networks is important for the country’s emergency preparedness and security.

Charting the course towards 2030

The Government will continue to pursue a market-based and technology-neutral policy for the development of mobile and broadband networks, and will contribute with targeted central government measures in areas where there is no commercial basis for development.

The Government’s goal is for all households and enterprises to be offered broadband with a download speed of at least 100 megabits per second by the end of 2025 and at least 1 gigabit per second by the end of 2030.

To cultivate a competitive landscape, freedom of choice and to enable innovation, not least in sparsely populated areas, the Government will continue to pursue the goal of at least three fully-fledged mobile networks that can compete in both the business and consumer markets.

The Government aims to significantly improve mobile coverage (geographical coverage) in the areas of the country where the need is greatest, particularly along key transportation routes.

The Government’s goal is for all households in Norway to have access to high-speed mobile networks.

Both mobile services and many other digital services are dependent on available frequency resources. These must be utilised and managed effectively to support the digitalisation of Norway.

The Government will

• Provide high-speed broadband to households and businesses through targeted grants in areas without a commercial basis for development
• Further facilitate the development and expansion of mobile networks where people live, work and travel
• Ensure an efficient management of frequency resources that, through timely allocation, cultivate an innovation and business development landscape which takes into account societal needs

3.2.1.2 Strengthened security and emergency preparedness in the digital foundation

Status

The digital foundation is increasingly responsible for carrying greater values and supporting critical services for Norwegian society. At the same time, the security situation in Europe has intensified, stresses from extreme weather and natural events have put electronic communications networks to the test, and the need for emergency communication has become even more important.

In sparsely populated areas, the networks are more vulnerable than in densely populated areas, which may result in more frequent and extended network outages. Because almost all services in society are dependent on electronic communication, such outages can have major consequences. Emergency communication is also dependent on functioning electronic communication networks.

In light of the new security policy situation, the Government is using grant funds to strengthen security and emergency preparedness in offshore e-infrastructure which underpins Norwegian oil and gas production. In addition, we have upgraded the priority subscription solution to 4G and 5G, and strengthened both the fibre-optic connection to Svalbard and the redundant communication solution with the archipelago.

Charting the course towards 2030

The digital foundation must become more robust, and redundancy and diversity must be further developed and strengthened so that communication services can be delivered in times of peace, crisis and war.

A prerequisite for such a service provision is greater variety – both in the form of multiple different networks, such as mobile networks, fixed networks and satellite systems, and through increased diversity and redundancy in the individual networks.

The Government aims to ensure that:

• More physically separate routes are utilised by all providers of transmission networks to towns in Norway, and that such providers be required to offer redundancy in their own networks;
• Mobile operators, to the greatest extent possible, distribute mobile traffic over several independent transmission networks;
• Norway will establish high-capacity connections to more countries from all regions of the country, ensuring high-capacity, low-latency connections within the country;

The Norwegian Communications Authority has conducted regional risk and vulnerability analyses of the electronic communications infrastructure in Finnmark, Troms, Nordland, and Trøndelag, and the Government aims to have similar analyses performed throughout the rest of the country.

As a result of the security policy situation, the need for exercises and cross-sectoral collaboration has increased. Exercises and collaboration are crucial to strengthening security and emergency preparedness in the years to come.

To safeguard cyber security, we need robust satellite-based systems and services. Satellite systems will increasingly be used for communication in crises. Therefore, it is necessary to further develop and strengthen national capability and resilience in the satellite sector.

Interference with communications, caused by electromagnetic noise from electrical and electronic equipment, installations, illegal transmissions, and increasingly, illegal jamming, is a frequent occurrence. Therefore, it is important to work to prevent such disruptions from resulting in serious consequences.

The Government will

• Ensure adequate national control of the part of the digital foundation that underpins critical societal functions
• Facilitate greater diversity and redundancy in the routing paths regionally, nationally and between Norway and abroad
• Enhance the security and emergency preparedness of the digital foundation in vulnerable municipalities and regions through targeted grants, and assess new measures in light of the changed security policy situation
• Conduct thorough risk and vulnerability analyses in all of the country’s regions, and assess and implement relevant measures upon completion of the analyses
• Strengthen collaboration on security and emergency preparedness across sectors, especially the electronic communications, energy, defence and justice sectors
• Carry out a pilot project for cross-sectoral collaboration on restoring mobile coverage in the event of service outages
• Contribute to preventing and minimising the adverse effects of electromagnetic interference on electronic communications
• Contribute to creating more robust satellite-based systems and services, while further developing national capacity in the satellite sector at the Andøya Space Centre
• Strengthen Nordic cooperation on electronic communications

3.2.1.3 Data centres

Status

Data centres are a key component of the digital foundation and represent modern industrial construction. Data centres located in Norway, combined with a strong and robust national digital foundation, enable the production of critical digital services domestically rather than abroad. This will bolster national control and ensure opportunities for national autonomy. At the same time, flexibility may be appropriate. This means that while some services may be produced on international cloud platforms, data storage and service production can be seamlessly transferred to Norwegian data centres in the event of a crisis or emergency situation. Conversely, in some critical situations we may need to move parts of the data storage and service production out of Norwegian data centres to allied countries.

Charting the course towards 2030

The Government wants to facilitate data centres that contribute to value creation, enhanced security and safeguarding of Norwegian interests. Our goal is for data centres and data centre services to have proper security in times of peace, crisis and war. The most critical digital services will be delivered from data centres in Norway or from data centres located with our close allies. To increase the industry’s national value creation and international competitiveness, the Government will take a strategic and comprehensive approach to increasing the net sustainability of Norwegian data centres.

For the sake of the Norwegian welfare state and a sustainable economy, it is crucial that we succeed with the digital and green transition. Data centres and artificial intelligence can and must play a role in efforts to meet the climate goals, and they can contribute to an efficient reduction in emissions. On the one hand, data centre services can support emission reductions in all sectors through digital solutions, such as more climate-friendly and efficient production processes and services in the business sector. On the other hand, data centres consume vast amounts of energy and lay claim to considerable space. The Government aims to increase the reuse of surplus heat from data centres in Norway and will work to make data centres more circular and resource-efficient. According to the Foundation for Scientific and Industrial Research at the Norwegian Institute of Technology (SINTEF), reusing surplus heat from data centres and other industries has the potential to free up more than 10 per cent of Norway’s power production. The development and use of data centre-based services offer significant sustainability potential across various sectors. There is a need for greater awareness and a better framework to increase and document both the sustainability potential and impact. Effective social and project planning and targeted innovation and technology development are key elements going forward.

The Government will

• Work to ensure that Norway is an attractive place for the data centre establishments that contribute to value creation
• Present a new data centre strategy

3.2.1.4 Work to ensure an open, free and safe internet

Status

New digital services bring new challenges. It is difficult to distinguish between truth and falsehood on the internet. Furthermore, we hand over considerable amounts of personal data when using digital services. Digital services provided over the internet can be misused to provide illegal products, services and content, and to manipulate users and spread disinformation.

The platform and data economy has bestowed considerable power on the major tech companies. The concentration of power in the hands of a few major global technology actors can pose a challenge to states and a threat to democracy and society. The intent of EU’s new platform regulations, the Digital Services Act (DSA) and the Digital Market Act (DMA), is to contribute to solving a number of these problems.

Online fraud has become a major societal problem. In 2022, Norwegians were defrauded of over NOK 600 million, and in the first half of 2023, the corresponding figure exceeded NOK 400 million. 56 A large proportion of fraudsters employ social engineering, or phishing, to fraudulently obtain sensitive information using fake links and similar methods. Online fraud affects individuals financially and emotionally, but it also has an adverse impact on the general trust in society. This can delay digitalisation and also has adverse effects on social participation, integration and value creation.

Charting the course towards 2030

The Government wants to help ensure that the internet is an open, secure and freely accessible societal resource, both nationally and globally. It is important that a country such as Norway, which has long democratic traditions and can represent a small-state perspective, takes greater responsibility in the further development of the internet. Norway will help to secure long-term strategic interests in global internet governance and set the agenda on issues of major significance. Our position is that the internet should remain an open and freely accessible arena, where anyone can freely give and receive information and claim ownership of their own information, and where fundamental human rights are protected. Norway is therefore a candidate for hosting the UN Internet Governance Forum (IGF) in 2025.

Swift incorporation of the DSA and DMA into the EEA Agreement and implementation of the legislative package into Norwegian law will help to ensure that end users and enterprises in Norway enjoy the same protection and rights as elsewhere in Europe, and to regulate the big tech companies.

For the Government, it is important to work to maintain trust in electronic communication services, and in the content communicated via these services. In addition, citizens need to become more resilient to fraud raising awareness about common fraud methods and learn how to stay safe online. 57

The Government will

• Host the Internet Governance Forum 2025
• Implement the Digital Markets Act (DMA) and Digital Services Act (DSA) in Norwegian law
• Establish a national DSA coordinator who, together with other relevant authorities, will enforce the DSA in Norway
• Prevent digital fraud by further developing interdisciplinary collaboration and disseminating information to citizens
• Assess the proposals by the National Expert Group against Digital Fraud

3.2.2 A digital ecosystem for cooperation and service development

Status

The public sector must accelerate the pace of digitalisation, while tighter financial constraints compel us to rethink how we develop and manage digital services. Similar needs in the public sector must be solved jointly, based on the established shared digital ecosystem for collaboration and service development (shared digital ecosystem 58 ).

In a shared digital ecosystem, public and private enterprises cooperate to build comprehensive and seamless services. They interact, reuse joint solutions, and adhere to standards, principles and reference architectures. In this way, digitalisation becomes more sustainable. Joint solutions such as Altinn, ID-porten, the National Population Register and sector-specific solutions such as the municipal FIKS platform and Feide are important for establishing digital interaction capabilities. The shared digital ecosystem is being improved and developed in collaboration between the actors, but there is still a need for further development and new solutions. One example of this is the need to establish public sector solutions ensuring that individuals can be digitally represented by an authorised person should they require this.

The voluntary sector is a separate sector of society, with distinctive characteristics, and thus differs from both the public and private sectors. A shared digital ecosystem and various national joint solutions should be utilised in national services and solutions pertaining to the voluntary sector.

Geographic data (geodata) generates new value and is increasingly aiding both the public and private sectors in addressing societal challenges, such as climate change adaptation, natural hazard prevention, and biodiversity conservation. Access to geodata is also important for ensuring civil protection and managing crises. Despite the growing usage, there remains significant potential to derive even greater benefits from geodata. This requires an up-to-date and easily accessible geographic infrastructure. The national geographic information infrastructure is an important part of the digital ecosystem and facilitates the collection, use and sharing of geographic information across the public and private sectors. The infrastructure consists of geodata, metadata and joint solutions. It is based on legal, administrative, technical and organisational prerequisites, such as the Geodata Act, the Geodata Regulations, the Geovekst [Geo-Growth] collaboration and the National Geodata Strategy.

The use of the joint solutions managed by the Norwegian Mapping Authority has increased considerably in recent years, from approximately 2 billion hits in 2011 to 18 billion hits in 2023. A growing number of public and private actors are using geodata to solve statutory tasks, deliver services and support business development.

Charting the course towards 2030

The public sector must accelerate the pace of digitalisation. To leverage the opportunities presented by technology and contribute to more efficient and sustainable digital development, we require a national architecture for collaboration. This architecture should describe the necessary resources for collaboration, such as joint solutions, 59 infrastructure for sharing data and standards, and standardised interfaces (APIs). A national architecture clarifies relationships and responsibilities and makes it easier to identify the need for measures.

The heightened security situation has rapidly and significantly altered the threat landscape for digital solutions. Attacks on digital solutions can lead to downtime for many public digital services. Consequences may also include the loss of sensitive personal information, financial losses and reduced trust in the public sector.

Organisations that are responsible for joint and sector-specific solutions must have framework conditions that enable them to remain relevant and secure. There is a need for governance and financing mechanisms, including cost-sharing models, which address the need for further development, management and operation of joint solutions.

Secure digital solutions are needed for the processing of unclassified critical national information. On behalf of the Ministry of Justice and Public Security, the National Security Authority has developed a concept for a secure national cloud.

When there is uncertainty about whether government agencies can utilise certain joint solutions without undergoing a procurement process, consideration should be given to making the use of these solutions mandatory. The Digitalisation Circular regulates when government agencies are required to use joint solutions. Greater collaboration between sectors and administrative levels indicates a need to investigate whether the requirements in the Digitalisation Circular should apply to the entire public sector, and whether they should therefore be laid down in acts or regulations. The Norwegian Association of Local and Regional Authorities will be involved in these efforts.

The business and voluntary sectors are currently unable to use joint solutions unless such use is part of the exercise of public authority. If the business and voluntary sectors are to be able to utilise all or part of the shared digital ecosystem in their service development and production, the consequences of facilitating such use must be investigated.

A key element of the digital ecosystem is access to electronic identification (eID). Today, almost a million people in Norway are prevented from participating digitally, partly because they are unable to obtain an eID with a high level of security. In April 2023, the Government adopted a new strategy for the use of eID in the public sector. 60 The measures in the strategy are followed up through an action plan. 61 Among other things, the action plan follows up on the EU’s eIDAS Regulation. 62 The Regulation, which is EEA-relevant, has been revised and entered into force in the EU in 2024. The Regulation entails that the public sector shall take responsibility for ensuring that everyone has the opportunity to obtain an eID with a high level of security and offer it to users by way of a digital wallet.

Those who are unable to use eID personally can be assisted by others via digital authorisation solutions. The National Strategy for eID in the Public Sector includes measures to develop solutions that enable access to public digital services on behalf of someone else, such as a guardian or close relative of an older adult or person with illness who requires practical assistance.

The Government wants individuals who are unable to use eID personally to be able to receive assistance from others via digital authorisation solutions.

It is important that the joint solutions in the geographical infrastructure, such as maps and map data, meet the needs of users and can utilise new technology. A key prerequisite for achieving this is sustainable financing models that can ensure the operation of joint solutions and the development of new functionality. The Government will further develop the national infrastructure for geographic information.

The Government will

• Investigate the mandatory use of joint solutions in public service development and involve the Norwegian Association of Local and Regional Authorities in these efforts
• Ensure that joint central government solutions have a predictable financial framework for sound management, security, operation and further development
• Establish a national architecture for a shared digital ecosystem, in collaboration with the Norwegian Association of Local and Regional Authorities
• Offer everyone a high-level digital wallet using eID
• Develop solutions for digital representation, including for guardianship
• Further develop the national infrastructure for geographic information, such as maps and map data

3.3 Bolstering security, emergency preparedness and crime prevention

Zoom in on image

Goals

Towards 2030, the Government will strengthen national cyber security and emergency preparedness to safeguard critical societal and fundamental national functions. To strengthen our work on national security and emergency preparedness, we will actively use digital technologies. The national capacity to combat cybercrime will also be strengthened.

3.3.1 Digitalisation for enhanced security and emergency preparedness

Status

Crisis management and military operations are characterised by short timelines, complex situational overviews, and a considerable need for information that cannot be managed without the use of digital technology. This is consistent with lessons learnt during the pandemic. During crises, data sharing is necessary to ensure adequate national situational awareness. The use of AI, in conjunction with other technologies, also enhances situational awareness and bolsters Norway’s defence capability.

Digitalisation can help strengthen national security and emergency preparedness capabilities. Effects that can be achieved with digitalisation include improved interaction in the total defence and with allies. Furthermore, digitalisation can contribute to faster and more comprehensive situational awareness and strengthen the ability to manage complex threats and other security-threatening activities.

Nødnett is the Norwegian critical communication network for the police, fire and health services and other actors with emergency response and emergency preparedness responsibilities. It is also an important total defence tool. Nødnett provides secure group communication both within and across organisations. Digital solutions such as national registers, the municipal FIKS platform, infrastructure for geographic data, and solutions in the health and care services are also important for interaction between organisations in crisis situations.

Data sets from the UN’s Intergovernmental Panel on Climate Change (IPCC) and historical data on Norwegian climate development are currently used to make projections about the Norwegian climate. The use of digital tools, such as simulators, contributes to better situational awareness in safety and emergency preparedness work.

Charting the course towards 2030

Today’s complex threats and challenges affect all sectors of society. A consequence of the threat landscape could be a decline in public trust in the authorities, diminished trust between individuals, and challenges to free democratic debate. This can in turn result in dilemmas that are difficult to manage, such as a cyberattack on critical digital infrastructure, in conjunction with a disinformation campaign that gives the impression that the authorities are unable to ensure Norwegian citizens safe access to the internet.

The Government will carry out a comprehensive and sustained investment in the Norwegian Armed Forces’ ICT systems, infrastructure and skills, in collaboration with relevant civilian and allied actors. To ensure national control, Norwegian crypto skills must be maintained and strengthened. 63

Increasing complexity demands a greater degree of cross-sectoral situational awareness, along with extensive national coordination and collaboration. We must leverage digitalisation to improve national situational awareness, for example by converting vast amounts of data and information into knowledge. This will create new opportunities for the dissemination of information between citizens and national authorities, NATO and other relevant actors in the event of serious incidents such as accidents, terrorism and natural disasters. Unwanted events necessitate cross-sectoral and cross-border interaction with neighbouring countries and other allies. Digitalisation is a tool for better collaboration between actors and for strengthening our defence capability and overall civil protection.

The ability of military and civilian actors to communicate securely is a fundamental prerequisite for a shared situational understanding and a functioning total defence across the entire crisis spectrum. Therefore, the Government will continue its efforts to roll out secure ICT solutions across actors within the total defence framework.

Today’s Nødnett functions well, but it is based on technology that is becoming outdated and will eventually have to be replaced with a new solution to maintain and further develop the emergency preparedness and handling capability of the emergency services. The Government wants to establish a new critical communication network with the possibility of increased and near real-time cross-sectoral collaboration and data sharing in the event of unwanted events. A concept has been chosen for group-based voice, data and video with a combination of state ownership and purchases from commercial mobile operators to capitalise on the strengths of both sectors and to ensure a solution that ensures national control.

The Government will

• Utilise digital solutions to increase situational awareness and manage complex threats, accidents, natural disasters and other unwanted events
• Strengthen Norway’s ability to conduct operations in the digital domain
• Utilise digital solutions to further develop and streamline training and exercises across sectors and administrative levels as well as with allies
• Establish secure, cross-sectoral ICT solutions with total defence responsibilities
• Continue to work on the establishment of a new critical communication network

3.3.2 Collaboration and coordination for enhanced cyber security

Status

The Government’s strategic direction, priorities and measures to safeguard cyber security are set out in Report to the Storting (white paper) 9 (2022-2023) National control and cyber resilience to safeguard national security. 64 The report builds on a strategic course developed over many years, including in national strategies, white papers and investigations.

The white paper clarifies and reinforces the strategic direction. It emphasises public-private, civil-military and international cooperation and underscores the importance of involving the whole of society.

Regulatory policy instruments play a key role in making enterprises accountable. At the same time, the authorities must help coordinate, strengthen and simplify preventive security efforts. In addition to prioritising prevention, Norway must ensure that it has sufficient capacity to address the growing number of cyberattacks.

Some key measures from the report that are particularly relevant for strengthening cyber security in the future are to increase the authorities’ work on coordination and governance and to support organisations in their security efforts to improve individual digital emergency preparedness and thereby enhance collective security in society. Other measures include using regulatory policy instruments to make Norwegian businesses accountable, including further development of the Cyber Security Act, and enhancing skills in cyber security (see also section 3.5. It is also important to participate in an international cooperation to maintain the trust of international partners, including as a basis for receiving information regarding cyber threats.

The report National Digital Risk Situation is published annually. In the 2023 report 65 , the Norwegian National Security Authority describes a challenging situation in which technological development is accelerating and technology is expanding its reach. Furthermore, generative AI challenges our ability to recognise the difference between what is real and what is fake, as well as what is true and what is false. At the same time, the gap between the competence and skills of threat actors and preventive security work is widening.

Each business is responsible for its own cyber security and must therefore ensure that its employees receive the necessary guidance and training in cyber security.

The Norwegian National Criminal Investigation Service (Kripos) estimates that generative AI will lead to an increase in both the scope and severity of cybercrime. 66 There are already threat actors using generative AI, including for large-scale phishing. 67 AI can also be used to prevent and detect cyber attacks. For instance, the Norwegian National Security Authority has further developed a warning system for digital infrastructure with AI-based sensors.

Charting the course towards 2030

The heightened security situation in the world means that cyber security and emergency preparedness efforts are becoming more important and are crucial for safeguarding critical societal and fundamental national functions. There is a need for increased cooperation and digital interaction within the framework of total defence 68 and with allies in NATO and the EU.

When introducing new digital solutions, consideration must be given to whether the solutions are to be available across the entire conflict spectrum (peace, crisis and war). Key digital services must remain operational when they are needed the most. They must be available nationwide under the most challenging security conditions.

The aim is to coordinate and simplify the public sector’s access to advice and guidance on cyber security and necessary measures for basic security. The public sector has developed several cyber security guides. Examples include the Grunnprinsipper for IKT-sikkerhet [Basic Principles of ICT Security] 69 and Stifinneren [Pathfinder]. 70

The local government sector is increasingly vulnerable to cyberattacks. Therefore, the Government is strengthening its work on cyber security in local government. This will enable municipalities to carry out the necessary risk and vulnerability analyses and implement measures to manage such risk. Among other things, the Computer Emergency Response Team (KommuneCERT), has been established to help increase the local government sector’s ability to prevent, detect and manage cyberattacks. In 2024, the Norwegian National Security Authority will also be strengthened with new resources to focus on cyber security in the local government sector. The Ministry of Digitalisation and Public Governance will also, in collaboration with the Norwegian Association of Local and Regional Authorities, implement measures to strengthen basic cyber security in the municipalities.

Cyber threats and attacks can paralyse the Norwegian business sector. Efforts and competence regarding such attacks must be enhanced. The Norwegian National Coordination Centre (NCC-NO) for research and innovation in cybersecurity is managed by the Norwegian National Security Authority and the Research Council of Norway. The centre will strengthen cyber security in Norway by supporting businesses, with a particular focus on small and medium-sized enterprises, and promoting collaboration across the sector, public sector, civil society and academia.

The voluntary sector also plays many crucial roles in war and crisis situations. Civilian sector resilience to cyber threats is a prerequisite for the Norwegian Armed Forces to be able to fulfil its missions in peace, crises and war.

The Government will

• Launch a joint national cyber security portal for all target groups
• Improve the coordination of advice and counselling resources related to cyber security
• Strengthen the work on cyber security in the public sector, in collaboration with the Norwegian Association of Local and Regional Authorities
• Bolster civilian sector resilience through the use of digital solutions

3.3.3 Prevention of cybercrime, a shared responsibility

Status

The rapid development of technology provides criminals with new tools, means and courses of action. Cybercrime is becoming more organised and professional. Although a great deal of good collaboration is currently taking place, there is a need to further strengthen these efforts. For example, the police require more effective tools to obtain information about criminal activities. Prevention must be managed jointly by way of increased collaboration between the public and private sectors.

Currently, the police have the means to obtain information through investigations and use such information directly as a knowledge base for prevention and mitigation purposes. The police share their knowledge with the business sector, public administration and society at large. This is a resource-intensive endeavour and requires extensive collaboration across these sectors. This knowledge enables citizens, as well as private and public enterprises to better prevent and protect themselves against cybercrime such as online abuse, data theft, data breaches, digital fraud and ransomware.

Citizens encounter a police presence on multiple social media and gaming platforms, where they can provide tips, advice and guidance on criminal activities on the internet. The presence of the police on the internet provides a better understanding of such crimes, enabling citizens to take action and avert situations.

Kripos prevents the sharing and making available of files containing abuse and terrorist-related content online by notifying the hosting companies. In turn, hosting companies remove illegal websites after being warned by the police.

Charting the course towards 2030

The increased capacity and ability to carry out cybercrime poses a threat to civil protection and, in extreme situations, to national security. To continue and strengthen efforts against cybercrime, including prevention, cooperation and knowledge sharing, it is necessary to strengthen the police’s capacity to combat cybercrime and ensure they have access to important information.

The Government wants the police and prosecuting authority to adapt their working methods and structures to what is required to keep pace with technological developments and to make use of big data analytics and AI.

Children and young people are particularly vulnerable to the adverse effects of digitalisation, 71 including in the form of crime. Preventive efforts to keep children and young people safe online have been developed on multiple fronts. The teaching concepts Delbart? 72 [Sharable?] and Dele=delta 73 [Sharing=Participating] contribute to enhanced knowledge and awareness of the illegality of sharing sexualised images online and videos depicting violence. Kripos is creating a blocking filter for primary and lower secondary schools that blocks access to illegal websites where abuse takes place. The filter can be installed in the ICT equipment that schools distribute to pupils and is important in keeping children safe online. Efforts to keep children and young people safe online should take place in collaboration with the local government sector.

The Government will

• Strengthen efforts to combat cybercrime
• Leverage new technology to increase the quality and effectiveness of criminal proceedings
• Strengthen preventive efforts to keep children and young people safe online
• Strengthen the knowledge base and research on cybercrime

3.4 Ensuring appropriate and safeguarded privacy for all

Zoom in on image

Goals

Towards 2030, the Government will safeguard privacy in all digitalisation efforts. All relevant IT solutions in the public sector shall have built-in privacy protection, and we shall ensure citizens’ privacy in their interaction with the Tech Giants.

3.4.1 Privacy as a societal value

Status

Privacy is a human right, protected by the Constitution of Norway and the European Convention on Human Rights (ECHR). The protection of privacy safeguards people’s integrity and private life and is also a prerequisite for other key democratic values such as freedom of information and freedom of expression. However, privacy is in a challenging position. Currently, assessments of privacy are not sufficiently comprehensive across sectors. There is a general tendency for the digitalisation of society to take place at the expense of privacy. 74 If we are to succeed with digitalisation, people must be willing to use digital services. Citizens need to be certain that we manage data appropriately. Effective privacy protection is therefore a prerequisite for successful digitalisation.

Charting the course towards 2030

Inadequate privacy protection can lead to undesirable outcomes such as a chilling effect 75 and echo chambers 76 , and can also be utilised for what is referred to as nudging . 77 To avoid such outcomes, we must emphasise privacy as a fundamental societal value. We must make the difficult trade-offs and consider matters of principle and ethical dilemmas. Privacy must be weighed against other interests. Privacy must be viewed from a holistic perspective, not just case by case, so that we can develop comprehensive privacy protection policies.

To ensure a comprehensive overview, the Government believes there is a need for an independent advisory body, similar to the Danish Data Ethics Council, 78 which can assess matters of principle that arise when privacy interests must be balanced against other weighty societal values. This ensures that privacy is a natural part of the public debate. A data ethics council can assess general ethical issues arising from digitalisation. The Government will therefore investigate the establishment of an advisory body that can assist with ethical assessments and examine privacy and digitalisation across sectors, disciplines and administrative levels.

3.4.2 Basic prerequisites for effective privacy protection

3.4.2.1 Fair balance of power

Status

In many cases, the uneven balance of power between users and providers of digital services can limit users’ ability to safeguard their privacy.

When interacting with the public sector, citizens have limited influence over how their personal data are processed. Data are shared both within and across agencies. They may also be disclosed for research and other purposes that are not directly related to the provision of the service. Disclosure is important for the public sector to be able to provide good services. At the same time, it can be difficult for individuals to gain an overview of how their personal data are processed and thereby safeguard their privacy.

In the business sector, data-driven business models are creating new opportunities for many enterprises and have therefore become commonplace. They are based on users being offered products and services in return for the disclosure of personal data, known as behavioural advertising . It can be very difficult for users to understand how much data is collected, how it is used, and with whom it is shared. Companies with such business models may dominate the market to the extent that users feel there are no alternatives to their services. Thus, large multinational corporations can dictate the standards for privacy.

Interacting with social media can be challenging for children. Such platforms are rarely age-appropriate. Children are more impressionable and vulnerable when using social media than adults, and many children have had negative experiences when using social media. At the same time, research on whether, and how, social media affects children is inconsistent.

Another domain marked by an uneven balance of power is the labour market, specifically between employers and employees. The use of digital tools in working life generates a number of digital footprints. These can be used by employers to monitor and control employees.

Charting the course towards 2030

Extensive data sharing in the public sector means that the authorities must take particular responsibility for ensuring that individual privacy is safeguarded through clear legislation, good guidance and effective enforcement of the legislation. When the public sector processes personal data, this is usually done as part of the exercise of authority, authorised by acts or regulations. The legislation must safeguard citizens’ rights and create and maintain trust among the population. The Privacy Commission, which has investigated the overall situation for privacy in Norway, 79 has highlighted several challenges and shortcomings in the current regulatory framework governing personal data. We need an effective and comprehensible regulatory framework based on thorough privacy assessments, and that safeguards the privacy of all citizens. The Government will therefore work towards a more uniform approach to the regulatory framework governing the processing of personal data, with clear and comprehensible privacy assessments.

Data-driven business models that challenge core privacy rights are problematic. The Government believes that citizens should not have to choose between digital services and effective privacy protection. Privacy shall be safeguarded in all services. Citizens must receive comprehensible information that enables them to make informed and conscious privacy choices. However, responsibility for effective privacy protection must lie with the responsible agency rather than the individual citizen. The Government will therefore explore Norway’s options for regulating digital services, with a focus on evaluating the implications of a national ban on behavioural advertising. However, digital services are largely provided by service providers outside Norway. Effective privacy protection therefore hinges on international cooperation, and we will ensure effective cooperation with the EU on privacy regulation.

Digital services are a large part of the day-to-day lives of children and young people, and also a large part of their social and creative lives. Children and young people are in a different position than adults in terms of understanding the risks and consequences of their actions or recognising their rights. Therefore, children are entitled to special protection. Ensuring such protection is the responsibility of parents, the public sector, the voluntary sector and businesses. Schools must safeguard the privacy of children and young people during school hours, especially when children and young people are required to use digital solutions provided by the public sector. In its efforts to implement the DSA in Norway, the Government will ban behavioural advertising to children based on personal data. The topic of children and young people’s everyday digital lives will be explored in greater detail in the upcoming white paper on a safe digital childhood, scheduled for presentation in autumn 2024.

The Working Environment Act and the Regulations issued pursuant to the Act currently regulate some of the issues surrounding the monitoring and control of employees. 80 Many employers are able to collect vast amounts of data about employees’ digital activities via digital tools used in the work setting. 81 The use of home office and digital work have become more commonplace following the COVID-19 pandemic. This presents new challenges to privacy. The uneven balance of power can make it difficult for employees to safeguard their rights, and data collection can give rise to mistrust and uncertainty. The Government will therefore review the rules governing privacy in working life to assess whether there is a need for special regulation.

3.4.2.2 Knowledge, guidance and supervision

Status

It can be difficult for citizens to gain an overview of the type of personal data being processed about them, what their rights are, and how they can exercise these rights.

The public, voluntary and private sectors have all highlighted a need for more knowledge and guidance to ensure compliance with the privacy legislation. The Norwegian Data Protection Authority’s regulatory sandbox for privacy-friendly innovation and digitalisation is a guidance measure that helps enterprises develop and adopt privacy-friendly and innovative solutions. Another important measure is to collaborate with industry trade groups, interest groups and others on the design and distribution of adapted guidance materials.

Charting the course towards 2030

The Government’s aim is for citizens to be aware of their rights, and for enterprises to know and fulfil their obligations under the privacy legislation. Guidance and information from the Norwegian Data Protection Authority and other relevant authorities play an important role in relation to both citizens and enterprises. Guidance and communication on compliance with the privacy legislation must take place in close dialogue and understanding with the Norwegian Data Protection Authority. This ensures coherence between the guidance on the legislation and the criteria and standards applied by the Norwegian Data Protection Authority when supervising compliance with the privacy regulations.

Knowledge of privacy protection is expected to be included in higher education where relevant, including in the fields of technology, law, teacher training and informatics. Effective privacy protection skills in related professions will benefit the population as new digital services and products are developed.

Effective guidance and enforcement of the legislation depend on a well-functioning supervisory system. The Government’s ambition is for the Norwegian Data Protection Authority to be equipped to fulfil its statutory duties, meeting both current and future challenges.

Effective compliance with a complex regulatory framework requires both legal and technological competence. Data protection officers can be an important resource in the work to enhance competence regarding privacy protection in enterprises. The Norwegian Data Protection Authority is experiencing a high demand for advice and guidance, and it is important that such guidance is as practical as possible, in the form of adapted advice, templates and checklists. Guidance efforts will be strengthened by preparing templates for privacy policies in the public sector. To support effective privacy impact assessments in legislative efforts, a separate guide will be drawn up to supplement the general guide to the instructions for official studies.

3.4.3 The public sector as a trailblazer

Status

The public sector in Norway processes and shares vast amounts of personal data about the population. Both the central and local government sectors process data about all of us from the cradle to the grave, including sensitive data. This data is collected and shared across agencies, sectors and levels, and between central and local government, and is also used for research purposes. Most of the personal data that we as citizens share with the public sector is either a result of mandatory self-disclosure or because the data in question is required to receive services or benefits. For example, we are required to report income data for tax purposes and health data to receive healthcare.

Charting the course towards 2030

The vast amount of personal data processed by the public sector entails a great responsibility for citizens’ privacy. Good digitalisation with effective privacy protection requires competence in technical, organisational and regulatory matters. Securing such competence is challenging.

The local government sector, in particular, has highlighted the challenges of safeguarding privacy and the need for better guidance and coordination to enable municipalities to meet privacy requirements in their digitalisation efforts. Among other things, they emphasise the need for support in safeguarding the privacy of children and young people in kindergarten and primary and secondary education and training.

Many of the measures implemented by the public sector to safeguard privacy have a considerable potential for reuse. This includes assessments of the privacy implications of digital solutions. In collaboration with the Norwegian Association of Local and Regional Authorities, the Government will therefore assess suitable measures to strengthen the sharing of skills and experience in the local government sector.

Once personal data has been collected, it may be relevant to use it for purposes other than the original purpose, such as research and quality improvement, training of algorithms for AI or audit purposes. Such reuse or data sharing can pose challenges to privacy protection. The Privacy Commission expressed concern that the public sector lacks a comprehensive approach to privacy, as no one is responsible for assessing the overall use of personal data. Even if the privacy impact of a single measure is considered minor, the sum of measures may entail a significant invasion of privacy. The Government will therefore ensure that comprehensive privacy impact assessments are carried out.

Personal data must be shared and reused in the most privacy-friendly manner. This means, among other things, that citizens must be given adequate information about how their data is shared and the opportunity to object to their data being processed as far as possible without jeopardising the purpose of the processing. Good access solutions should be facilitated, so that citizens can easily obtain an overview of what data are being processed.

The public sector is a major purchaser of various digital solutions. In its purchasing role, the public sector can set requirements and thereby create a demand for and contribute to the development of privacy-friendly services. Thereby, the public sector can also contribute to better privacy protection in other areas of society. There is a need for digital solutions and products for use in several parts of the public sector, such as teaching aids in schools and digital solutions for use in the health and care services. Privacy by design should therefore be a requirement in procurement processes.

Certain areas are dominated by a few big tech companies. As there are few alternative service providers, both the public and the private sector are dependent on using services from these companies. However, several of the companies have business models and terms and conditions that may present challenges to privacy. Due to their dominance, they are largely able to dictate terms and conditions. Being a major purchaser is therefore an advantage in terms of enforcing privacy requirements. In this context, the public sector, as a major customer, can play a key role in negotiating strong privacy protection terms, such as when making purchases for the school sector.

Through its communication policy, the public sector will be able to send signals and set standards for privacy protection. Government agencies that use online analytics tools shall carry out thorough risk analyses in line with the advice of the Norwegian Data Protection Authority. 82 The Government will set relevant requirements in the Digitalisation Circular.

3.4.4 Responsible business and voluntary sectors

Status

Norwegian businesses and organisations are doing considerable privacy protection work and are keen to ensure that privacy is safeguarded. 83 Many are requesting more guidance, common tools and templates that will make it easier to understand the requirements and how to fulfil them in practice. Lessons learned also indicate that many people find it difficult to know what is considered good enough, as well as which privacy measures to prioritise. They want the Norwegian Data Protection Authority to provide clarity through its decisions and supervisory activities.

Charting the course towards 2030

The business and voluntary sectors have a major responsibility to ensure effective privacy protection in digitalisation, both by safeguarding the privacy of their customers or members and as suppliers of digital services to the public sector. Accountability is also one of the basic principles of the General Data Protection Regulation (GDPR). The business or organisation that processes personal data is responsible for ensuring that it meets the requirements and safeguards the rights of the persons whose personal data is being processed (the data subjects).

It is necessary to make it easier for businesses and organisations to ensure effective privacy protection in practice. Public, private and voluntary actors must work together in order to achieve this. Tools and best practices should be shared, also between private businesses and voluntary organisations where appropriate.

The Government wants to strengthen programmes that assist Norwegian businesses in succeeding with effective privacy protection in practice. Certification and industry standards are specific and practical tools that, although not widely used today, can make a positive contribution to operationalising legislative requirements in practice. Privacy by design is a legal requirement, but also an opportunity. Building privacy into a solution from the ground up can improve the user experience and build trust, providing a competitive advantage in a world where personal data is highly valued.

The Government will

• Investigate the establishment and organisation of a data ethics council that can assess matters of principle in the trade-off between privacy and weighty societal interests
• Ensure a more uniform regulatory framework for privacy protection
• Strengthen guidance on and enforcement of the privacy legislation
• Identify measures to strengthen the sharing of skills and experience in the local government sector in collaboration with the Norwegian Association of Local and Regional Authorities
• Encourage the development and use of privacy-friendly technology by requiring privacy-friendly solutions in public procurements
• Include a requirement in the Digitalisation Circular that government agencies using web-based analysis tools must carry out thorough privacy risk assessments
• Review and evaluate how employee privacy is safeguarded
• Encourage a greater use of industry standards, common tools, experience sharing and certification for privacy protection

3.5 Securing future-oriented digital competence

Zoom in on image

Goals

By 2030, the Government wants to ensure that Norway has access to the necessary digital competence, both as a basic skill in all relevant education programmes and as specialised skills. Technology subjects will be prioritised in education. We will ensure that the public sector and the business sector have access to the necessary skills to succeed in the green and digital transition.

Status

Norway will need significantly more employees with ICT skills in 2030 compared to 2019. 84 The OECD highlights digital skills in the public sector as a challenge, with Norway below the OECD average in terms of developing and retaining digital skills. 85 We need a workforce that can support the green transition, including engineers, ICT specialists, bioinformaticians and skilled workers in technology and crafts. 86 We expect a labour shortage in the health and care services and occupations that require a trade certificate. Statistics Norway has estimated that we will have a shortage of healthcare professionals of almost 70,000 full-time equivalents in 2040. 87 Digitalisation and new technologies can free up labour for other tasks and reduce the overall demand for labour. Educational provisions in primary and lower secondary schools, upper secondary education and training, tertiary vocational colleges and higher education must support this endeavour.

Whereas it was previously common to complete an education at a young age, rapid changes in the labour market will now require skills enhancement and continuing education. The workforce must be able to handle new digital tools, ICT solutions and change processes.

The proportion of students enrolled in science and technology studies in Norwegian higher education is lower than the OECD average, 88 and the demand for labour with IT skills is greater than the supply. There is a demand in the labour market for individuals with digital skills adapted to the profession they are entering, as well as individuals with specialised technology skills. Cyber security and privacy protection should be incorporated into all ICT and technology educations. The Government’s aim is for society and the labour market to have access to people with relevant digital skills.

The digital maturity of government agencies varies to a large extent. 89 Managers and employees report unmet skills needs related to digitalisation and changing working methods. There are strong indications that managers’ competence, skills and expectations are key to agencies’ success in adopting digital solutions.

A commission for skills reform in the labour market 90 is investigating opportunities and policy instruments for learning in the labour market, how we can stimulate more supplementary and continuing education, and how we can facilitate the development of skills adapted to the needs of the labour market. The commission will examine these issues in light of considerable variations in challenges within the labour market and between the public and private sectors. The committee will present its report in the autumn of 2024.

Applications to educational programmes have vastly exceeded their capacity. The potential for qualifying more people with ICT skills appears to be relatively high, but the capacity of the programmes represents a bottleneck.

In 2021, ICT research and development (R&D) totalled more than NOK 26 billion in Norway. This is approximately one-third of the total R&D investment. In 2011, ICT accounted for 20 per cent of the total R&D investment. This development indicates how important ICT has become in all areas of society. In the business sector alone, the share of R&D devoted to ICT is 55 per cent. Approximately 85 per cent of R&D investments in ICT are funded by the business sector, either in the form of in-house R&D or purchased services from research institutes and the university and university college sector. Most of the business sector’s R&D are development activities. The majority of the research is publicly funded.

There is also research on ICT in the humanities, social sciences and law. Such research is important for understanding how ICT and organisations and people interact and influence each other. It is important to develop knowledge of how technology affects society and the legal consequences of its use.

Developments in AI research illustrate how a technological shift affects the direction of the overall research portfolio. In recent years, AI research has accounted for a growing share of ICT research funded by the Research Council of Norway. From 2019 to 2023, the annual allocation has increased from NOK 200 to 700 million.

Achieving the goals of digitalisation depends on strong, high-quality knowledge environments related to ICT, as well as R&D in areas that are important for Norway. Although much is happening internationally that we can benefit from, it is particularly important that we possess our own competence and R&D environments in certain areas; cyber security being one such area. Long-term, fundamental ICT research plays an important role in preparing for future challenges and needs. Developments in ICT have also shown that this is a field where groundbreaking changes often occur, as we have seen in recent years with the developments in AI. To be able to handle such rapid changes, fundamental research and understanding of the field at a basic level are essential. Foundational technology will often have applications beyond what was originally envisaged.

Charting the course towards 2030

Government agencies must develop competence related to the opportunities presented by digitalisation and AI. The local government sector has been working on this for several years. At the same time, a growing number of municipalities are finding that a lack of skills is hindering the development of their digital services. 91 Therefore, the Government will prepare a separate strategy for digital competence in the public sector, in collaboration with the Norwegian Association of Local and Regional Authorities.

Children and young people need to be able to critically handle technology and the diversity of information they encounter in everyday life in order to influence and actively participate in education, society and working life. They must be able to exercise good judgement when interacting online and when using and sharing information. Schools have an important role to play in helping students gradually develop these competencies. In line with Report to the Storting (white paper) 34 (2023-2024) En mer praktisk skole – Bedre læring, motivasjon og trivsel på 5.–10. trinn 92 [A more practical school – Better learning, motivation and well-being in grades 5-10], the Government is seeking a balanced and knowledge-based approach to the use of digital tools and devices in schools. This will ensure that pupils acquire the necessary digital skills, without jeopardising other basic skills such as reading. School should be an arena that promotes good choices and appropriate use of digital solutions and media, and that teaches children and young people to navigate and master the digital landscape.

Teachers’ professional digital competence is a particularly important factor in strengthening the digital competence of the population. The Government will support school owners in strengthening professional digital competence in education through teacher training programmes and supplementary and continuing education schemes for teachers, managers and other school staff.

In the new Education Act, the Government has placed greater emphasis on scaling upper secondary education and training in line with society’s needs. Society requires skills in many areas, both now and in the future, including skills that are important for the digital and green transitions.

In tertiary vocational education, the number of IT students has increased tenfold in the past decade – from 300 to more than 3,000 students. 93 The Government will prioritise study places in technical subjects in future allocations of study places to the tertiary vocational colleges and will facilitate a dialogue with the county authorities on how they can follow up this prioritisation in their administration of the sector.

In order to strengthen society’s access to specialised digital competence, the Government expects universities and university colleges to prioritise more study places in IT-related studies. This also includes supplementary and continuing education programmes. Ministry of Education and Research has commissioned the Norwegian Directorate for Higher Education and Skills to develop a better knowledge base that national and regional authorities, universities and university colleges can use in their scaling efforts.

The Norwegian Committee on Skill Needs 94 has been tasked with investigating how new technologies affect skills needs. The Committee is made up of the social partners, researchers and a representative from the county authorities.

The National Qualifications Framework for Lifelong Learning describes qualifications through learning outcomes, i.e., students’ skills and knowledge upon completion of studies. The Qualifications Framework was evaluated by the Norwegian Agency for Quality Assurance in Education in 2023. To improve the labour-market relevance of higher education, it will be beneficial in the follow-up of the evaluation to examine the learning outcome descriptions related to digitalisation, as announced for higher education in the Report to the Storting (white paper) 16 (2020-2021) Utdanning for omstilling 95 [Education for change].

Efforts will continue to ensure that Norway has good research environments in the field of ICT. It is important to conduct basic technological research and research into the societal consequences of technology, so that sound, knowledge-based decisions can be made. Strong academic environments for ICT research are crucial if Norway is to keep up with international developments in the field and be an attractive partner in research programmes, both in Europe and globally. Strong research environments are also a prerequisite for good ICT education programmes.

The Government will

• Follow up on the instructions to the universities and university colleges to prioritise technology subjects in the scaling of study programmes
• Develop a competence strategy for digital transition in the public sector, in collaboration with the Norwegian Association of Local and Regional Authorities
• Follow up the measures in the strategy for digital competence and infrastructure in kindergartens and schools, in collaboration with the Norwegian Association of Local and Regional Authorities
• Prioritise study places in technical subjects when allocating study places to tertiary vocational schools, universities and university colleges
• Assess the learning outcome descriptions related to digitalisation in the National Qualifications Framework for Lifelong Learning
• Facilitate strong research environments in the field of ICT