NORWAY: An Introduction to TMT: Information Technology

Overview

Norway is at the forefront of a regulatory revolution, reshaping its technology, media, and telecommunications sectors. Much of this is driven by the current geopolitical landscape with ever-increasing and more sophisticated cybersecurity threats as well as a surge of AI-powered digital solution offerings flooding the marketplace, causing both concerns and new opportunities.

With the introduction of key legislation like the EU AI Act and the Electronic Communications Act, businesses must adapt to new compliance standards while embracing digital transformation. As the landscape evolves, companies are increasingly turning to innovative solutions, cloud outsourcing, and specialised expertise to remain both competitive and secure in a rapidly changing environment.

New Legislation

Several new legislative measures are impacting the technology, media and telecommunications landscape in Norway.

The EU AI Act, which came into force on 1 August 2024, aims to establish a harmonised regulatory framework for AI systems across the EU. Once implemented in Norway, this regulation will have implications for the development, deployment, and use of AI technologies in technology transactions and outsourcing agreements involving AI systems.

The Network and Information Security (NIS) Directives, including NIS1 and the upcoming NIS2, set out cybersecurity requirements for operators of essential services and digital service providers. Norway has implemented NIS1 through the Norwegian Digital Security Act, and the NIS2 Directive will further strengthen cybersecurity requirements and expand the scope of the directive when enacted in Norway.

Additionally, the Directive on Digital Operational Resilience in the Financial Sector (DORA) introduces common IT security regulations for the financial sector. DORA introduces a common regulation of IT security for the entire financial sector, establishing requirements for managing ICT risk, monitoring security and operation of ICT systems, reporting ICT-related incidents, and testing operational resilience.

The Norwegian Transparency Act, which came into force in 2022, requires enterprises to ensure that outsourcing partners and suppliers comply with fundamental human rights, including the right to privacy and fair labour conditions.

Norway’s telecommunications sector has undergone significant regulatory developments with the enactment of the new Electronic Communications Act (Ecom Act) on January 1, 2025. The Ecom Act modernises Norway’s telecommunications framework, aligning it with EU directives such as the European Electronic Communications Code and the BEREC Regulation. The Act now covers all forms of person-to-person communication services, including VoIP, messaging apps, and email, not just traditional telephony. Providers must implement enhanced security measures and ensure transparency in their operations. Strengthened consumer rights, including clearer consent requirements for cookies and improved access to services applies. Operators with significant market power are mandated to provide access to their infrastructure, including passive elements like poles and ducts, to promote competition. The Ecom Act also provide new regulations for data centre providers, requiring them to register with the Norwegian Communications Authority (Nkom) and implement robust security protocols and emergency preparedness plans. Nkom has the authority to conduct security audits and enforce compliance, with potential penalties for non-compliance.

Economic Conditions

We see several business sectors in Norway rapidly modernising their IT-set-ups, with many businesses digitalising core functions and updating legacy IT systems to leverage new technology. This modernisation aims to reduce costs, enhance customer experiences, and mitigate information security risks. The demand for blockchain, cryptocurrencies, and NFTs has subsided, and Norges Bank is evaluating the implementation of central bank digital currency, although its use-case appears less clear compared to other European currencies.

In January 2003 Nkom opened the 3.8–4.2 GHz frequency band, offering 400 MHz of spectrum for local area 5G networks, allowing businesses and industries to establish private 5G networks. Licenses are available for up to ten years, with annual fees starting at approximately USD20 for a 20 MHz slot at low power, making it accessible for various sectors. This initiative aims to supplement national mobile network offerings and foster innovation in sectors like manufacturing and logistics.

The Norwegian government has allocated NOK400 million annually through 2029 to support news and current affairs media. This funding, administered by the Norwegian Media Authority, aims to promote media diversity and pluralism.

Trends and Developments

Despite high expectations, the adoption of AI in Norway’s private and public sectors remains slower than anticipated. A 2024 survey indicates that while AI usage is still in its early stages, there are plans for future implementation.

Norwegian businesses are increasingly adopting cloud-based outsourcing solutions to renew existing IT platforms, improve cyber-resilience, and enable business transformation initiatives. The shift from traditional IT outsourcing towards integrator services between hyperscalers and customers is notable. Additionally, there is a growing trend for Norwegian businesses to outsource their cybersecurity needs to specialised providers, including services like threat monitoring, vulnerability assessments, incident response, and security consulting.

The rise of multi-source and “best of breed” outsourcing reflects the evolving nature of the market and the growing recognition of the value of specialised expertise. Businesses are moving away from single-source models and adopting multi-source strategies to leverage the best available expertise for each component, resulting in improved quality, innovation, and cost-effectiveness. This shift provides businesses with greater flexibility, access to specialised skills, and the ability to adapt to changing technology trends.

The Norwegian data centre market is booming, expecting to see a compound annual growth rate of 10-15% going forward. International hyperscalers are drawn to Norwegian data centres offering with green hydropower, natural cool environment and a relatively stable political landscape.

Norway is also witnessing significant investments in 5G infrastructure. Companies like Ice Norway are strategically positioning themselves to disrupt the Norwegian market well ahead of the curve.

The Nordic TV/video market is experiencing a shift from paid subscriptions to free ad-supported streaming services. Despite economic challenges, revenues are increasing, and the number of paid streaming subscriptions is approaching 20 million in the Nordics. Online viewing now exceeds traditional TV viewing on a Nordic aggregated level. The Norwegian media eCommerce market sees a shift away from physical media sales towards digital consumption.

Potential Hurdles and Solutions

Managing complex multi-vendor landscapes can be challenging for businesses, requiring effective coordination among multiple vendors and strong governance and oversight. Ensuring compliance with stringent data security regulations, such as the GDPR, NIS and DORA, is crucial when handling data in technology transactions or outsourcing agreements. Addressing technical debt and from outdated IT systems that are not resilient to meet current cybersecurity threats is another significant challenge, with many businesses engaging in projects to modernise their IT infrastructure.