ThommessenFlow Find people

Business and national security

In a world shaped by significant power rivalry, reversed globalization and hybrid warfare, businesses are faced with an ever-increasing array of requirements and expectations from authorities, customers, partners and the public. We possess significant insight into both regulations and expectations arising from geopolitical conditions and security policy.

Thommessen thus is well-equipped to assist clients in navigating this unknown territory, offering legal and strategic advice in areas including:

The Norwegian Security Act

In response to an evolving landscape of risks and threats, Norway introduced a new Security Act in 2019. The purpose of the Act is to safeguard the nation's security interests. Businesses subject to the Act are considered particularly important for Norway and are therefore given greater responsibility to secure their operations. Since its initial introduction, the scope of the Act has been broadened. One notable change is the introduction of new ownership control guidelines, which have significantly expanded the range of transactions requiring formal notification under the Act.

Recent shifts in global and national security policies indicate that a broader cross-section of the Norwegian business community will become influenced by the Security Act. The Act not only affects companies that are directly subject to it, but is also relevant for suppliers and subcontractors. In addition, we expect principles of the Security Act to be applied in contracts outside the direct scope of its application. At Thommessen, we offer practical insights into navigating the intricacies of the Security Act, backed by a team familiar with the Norwegian Police Security Service (PST), the National Security Authority (NSM), and the Armed Forces.


The threat landscape in the digital realm is constantly evolving, making cyberattacks and security breaches some of the most pressing risk factors for businesses. The Norwegian Security Act also lays special emphasis on the need for robust information security protocols and secure information security systems.

How should businesses work to pre-empt cyber attacks, and what should the course of action be in the unfortunate event of a critical security incident? How can one prepare for the legal ramifications of a cyber attack? We provide bespoke solutions to help clients grasp and address the legal complexities tied to cyber threats, and offer guidance on fulfilling the multifaceted requirements set forth by the Norwegian Security Act.


Sanctions and export controls are among the most important tools for governments dealing with today's complex security situation. Regulations are frequently implemented on short notice. Businesses are required to not only interpret the regulations for sanctions and export control, but also be capable of making sound decisions where the rules are not directly applicable. Is there, for example, a crucial reputational risk associated with interacting with countries like China, Russia, and Iran – even if the interaction is legal as such?

We are familiar with the sanctions and export control regulations and able to efficiently assist in navigating current regulations, contributing to a business' assessment of its acceptable risk levels, and handling situations where lack of compliance leads to reputational loss, legal penalties, or fines.


As geopolitical tensions escalate, so do the demands and expectations placed on companies to scrutinize the security risks associated with their recruitment and employment practices. This intensification occurs without a fully corresponding parallel development in relevant legal framework.

What factors should be considered when recruiting individuals with connections to high-risk countries? How should businesses manage employees from such countries? Drawing on our extensive experience, we provide nuanced legal counsel on managing security related risks in employment and assist companies in making informed decisions.

The team