Norway: Introduced Electronic Communications Act (Prop. 93 LS) including cybersecurity regulation

On 12 April 2024, the Ministry of Digitisation and Administration submitted the Electronic Communications Act, including cybersecurity regulations, to the legislature of Norway. This Act includes security measures for electronic communication networks and services, including the obligation for operators to conduct continuous risk assessments and update their security protocols accordingly. Additionally, the Act requires service providers to notify the Norwegian Data Protection Authority within 72 hours about significant security breaches and users within 24 hours if it detects specific risks of security breaches, including those endangering stored data, or compromising subscriber or user privacy.