On 1 October 2025, Norway started the Digital Security Act. The law protects important services from online attacks.
It follows the EU NIS Directive. This is a set of rules for online safety.
Company leaders are now responsible for online security. Norway now has the same rules across many sectors.
Who must comply with the Digital Security Act Norway?
The law applies to companies that provide essential services.
This includes energy, transport, health, water, banks, and digital networks.
The law also applies to some digital services. This includes cloud platforms, online marketplaces, and search engines.
In total, the law lists 28 types of important companies.
Steps for cyber security compliance under the law
Companies must check their online risks. They must report serious online problems to the authorities.
There is no grace period. All rules start 1 October 2025.
If companies fail to comply, they may face fines. The fines can be up to 4% of turnover, capped at NOK 50 million.
Companies must also do a risk check, set up security measures, create reporting routines, and make sure their suppliers follow the rules.
How Achilles supports NIS Directive Norway compliance
The law changes how companies manage online safety. Leaders are responsible. The rules cover all suppliers.
Achilles can help companies check suppliers, find weak points, show they follow the law, and build trust and resilience.
Preparing for the Digital Security Act Norway and cyber security compliance
Companies should start early.
Check systems. Check suppliers. Make online safety a daily habit.
Working with Achilles helps companies stay safe, follow the law, and reduce risk.
Start taking action now. Check your company’s online security. Find areas that need improvement. Make sure your suppliers follow the rules. Work with Achilles to make this easier. This helps your company stay compliant and protected. It keeps your business resilient and prepared. It keeps your company safe and secure. Customers and regulators will trust your company more.
