Yes — Norway follows the EU cybersecurity framework through the EEA, implemented nationally via the Digitalsikkerhetsloven. Norwegian companies in energy, transport, health, manufacturing, digital services and their suppliers should align with NIS2 requirements now, as supervision and enforcement mature through 2026.
What Norwegian businesses should know
- Both essential and important entities face risk-management duties and incident reporting (24-hour early warning)
- Management carries personal accountability for compliance
- Suppliers get pulled in through customers’ supply-chain requirements even below size thresholds
- ISO 27001 covers much of the ground but not the reporting and liability rules
Full breakdown: NIS2 compliance services — including our 8-12 week readiness programme run from Stavanger.