ThommessenFlow Find people

The Norwegian Security Act

In 2019, a new security act came into force in Norway, marking a significant step in protecting the nation's security interests. Entities that are subject to the Security Act are of particular importance to Norway's security. Since its enactment, the scope of the Act has been expanded in several areas, and recent security policy developments suggest that the Security Act will become increasingly relevant for more businesses going forward.

The purpose of the Norwegian Security Act is to protect the nation's fundamental security interests and to ensure stability and welfare in society. This includes protecting sensitive information and information systems, and ensuring that critical and important infrastructure is not destroyed. It also involves preventing businesses critical to national functions from being acquired by foreign powers in contradiction to Norway's security interests. Therefore, businesses covered by the Act are deemed particularly important for Norway's security and are given increased responsibility to secure their operations. It is essential that these businesses recognize and manage the risk associated with potential security threats to prevent unwanted incidents.

Although the Norwegian Security Act is relatively new, it has already been revised and significantly expanded. In June 2023, its scope was broadened, and the sections on ownership control were revised. Recent security policy developments indicate that the Norwegian Security Act will become increasingly important for more sectors and, thus, businesses. The Act is highly relevant not only for companies directly subjected to it, but also for suppliers and subcontractors to these companies. More businesses are expected to be covered by the Act, and we expect that the principles set out in the Act are likely to be implemented into contracts outside of its direct application.

Understanding the Norwegian Security Act and the manner in which it is approached and practiced by relevant authorities can be challenging. Sector-based responsibility, both for designating businesses to be subject to the Act and for subsequent implementation, may cause different approaches. At Thommessen, we help our clients comply with the current requirements of the Act but also prepare them for future challenges and opportunities. We have practical experience with the workings of the Act and employees with extensive knowledge of the Norwegian Police Security Service (PST), the Norwegian National Security Authority (NSM), and the Norwegian Defence.

Topics of assistance, among others:

  • Implementation of the Norwegian Security Act: We help ensure that your business meets the requirements set out in the Act.
  • Transaction advisory: Focusing on foreign direct investment regulations (FDI), but also a broader scope when relevant, we assist in assessing security risks in transactions, both for companies covered by the Act and entities that may be affected indirectly.
  • Corporate law: We can clarify the rights and obligations in group relations where one or more entities are subject to the Security Act.
  • Security-graded acquisitions: The Security Act and other regulations impose special requirements on how clients and suppliers must consider security in acquisitions. We assist in conducting risk assessments to identify if security considerations are necessary in acquisitions, and in complying with the rules for security-graded acquisitions.

The team