Hopp til innhold
SafeMedia AI
All writing

Regulation

Datatilsynet's AI guidance, decoded: what Norway's regulator is actually saying

Norway's Data Protection Authority has built one of Europe's most coherent AI playbooks: a regulatory sandbox, a published strategy, and a stack of real case reports. Here is what it adds up to for anyone shipping AI in Norway.

9 min readBy SafeMediAI Editorial

There is a default European posture toward AI regulation that most national supervisors fall into. It looks like this: publish a slightly stern statement, wait for the EU AI Act to do the heavy lifting, occasionally fine a company that did something obvious. It is reactive, low-resolution, and largely defensible.

Norway's Data Protection Authority, Datatilsynet, has been doing something noticeably different. Since 2020 it has run one of Europe's longest-running AI regulatory sandboxes, published a string of detailed case reports from real projects, and in March 2024 issued a formal AI strategy[1] that integrates the work into how the agency itself operates. For organisations shipping AI into Norwegian regulated work, this is the closest thing to a usable map of what the supervisor actually expects.

This piece is a walk through that map: the sandbox principles, the case reports that have come out of it, and the through-lines that emerge when you read them as a single body of practice rather than as scattered press releases.

The strategy in one paragraph

Datatilsynet's AI strategy, published 22 March 2024, names four operating priorities for the authority itself: internal coordination on AI questions, competent supervision (building the technical depth to oversee AI work credibly), integration of AI-related work across the agency's case-handling and guidance, and quality and efficiency in AI-touching tasks.[1] The framing is unusual for a national DPA: it treats AI not as a topic to be regulated from a distance, but as something the agency itself must become capable of reading at the technical level.

The substance behind the strategy is the sandbox.

The sandbox: how it actually works

The Norwegian AI regulatory sandbox launched in 2020, well before the EU AI Act required member states to set one up.[2] It is, in effect, a structured way for organisations developing or deploying AI to work through privacy and lawfulness questions with the regulator before they ship. Participation is voluntary; the output is a published final report that becomes guidance for the rest of the market.

The framework rests on three principles, inherited from the European Commission's 2019 Ethics Guidelines for Trustworthy AI[5]:

  • Lawful. The system respects all applicable laws and regulations.
  • Ethical. It respects ethical principles and values.
  • Robust. It is technically sound and minimises unintended consequences.

The sandbox is open to both private and public organisations, both new AI solutions and existing systems being deployed into new contexts. The deliberate breadth matters: it means a healthcare algorithm vendor, a transport authority, and an academic research team can each be in the sandbox simultaneously, producing reports the rest of the sector can read.

What the case reports actually say

The sandbox is most useful when you read the published reports.[3] Eight have been issued at the time of writing. Five of them tell you most of what you need to know.

NTNU on Microsoft 365 Copilot (November 2024)

This is the most consequential recent report.[4] The Norwegian University of Science and Technology took Microsoft's Copilot for M365 into the sandbox to work through whether a research university could deploy it without breaching GDPR.

The findings are not a binary yes or no. They are a map of the actual decision points: how Copilot's grounding on tenant content creates new data flows that need a separate lawful basis; how the model's interaction with personal data in shared mailboxes and document libraries triggers data-minimisation obligations that the default deployment does not handle; how the audit and access controls around prompt history need to be designed if a subject access request lands on the system. The report is structured so that any organisation deploying a similar enterprise LLM can lift the analysis with minor adaptation.

The implicit message: the supervisor is not opposed to enterprise generative AI. It is opposed to enterprise generative AI deployed without the analysis NTNU did first.

Ahus on bias in clinical prediction (February 2023)

Akershus University Hospital brought a heart-failure prediction model into the sandbox jointly with the Equality and Anti-Discrimination Ombud. The report walks through how to actually measure and document algorithmic bias on a clinical prediction tool: which subgroups to test, what metrics distinguish meaningful bias from acceptable variation, how to surface the results to clinicians using the tool.

This is the kind of work most healthcare AI vendors claim to have done. The Ahus report is the closest thing in Europe to a public worked example of doing it properly.

Ruter on transparency in a transport app (March 2023)

Norway's largest public transport operator used the sandbox to design an in-app explanation layer for the AI features behind ticketing, journey planning, and personalised offers. The conclusion is dry but worth quoting: transparency does not mean publishing model weights or technical detail. It means giving a user, in plain language and in context, the answer to "what is the AI doing with my data and what should I do if I disagree."

For consumer products this is the only operational standard for GDPR Article 13 transparency that any European regulator has shipped as a written example.

PrevBOT (March 2024) and Doorkeeper (November 2023)

PrevBOT, from the Norwegian Police University College, is an AI tool for detecting online sexual exploitation of minors. Doorkeeper applies AI video analytics to mask identifying information in shared video. Both deal with the same structural question: how to build an AI system whose explicit purpose is to operate on personal data of vulnerable groups, in a way that is lawful, proportionate, and reviewable.

The reports do not handwave. They walk through purpose limitation, the specific necessity tests, the operational reviews, the human-in-the-loop requirements. Read together with the NTNU report, they describe a regulator that has thought harder about deployment-time AI questions than almost any peer in Europe.

The 2023 ChatGPT moment

It is worth naming a moment from 2023 explicitly, because it shaped the strategy. After OpenAI's ChatGPT launched and rapidly entered Norwegian workplaces, Datatilsynet did not issue a blanket ban (as some peer DPAs did) and did not stay silent. It opened the sandbox to generative AI projects specifically and used the public communication around that decision to articulate what it expected of organisations deploying off-the-shelf large language models for work tasks.

The substance of that expectation has not changed since: have a lawful basis for the personal data the system processes, do not feed sensitive data into models without specific contractual and technical safeguards, document how transparency and access rights will be honoured. The form of the expectation is what is unusual: an open invitation to bring the question into a structured process before the deployment, not after.

Where Datatilsynet sits in the EU AI Act

The EU AI Act, which entered into force in August 2024, requires every member state to establish at least one AI regulatory sandbox by 2 August 2026.[6] Norway's sandbox predates that requirement by six years, and the sandbox's principles map cleanly onto the Act's "trustworthy AI" framing.

The practical consequence for organisations operating in Norway: the path of least friction is already built. Bringing a high-risk AI system through the Datatilsynet sandbox produces a record that maps onto the AI Act's conformity assessment requirements, gives the supervisor visibility before deployment, and produces documentation that survives later supervisory review. This is not a small administrative advantage.

What this means for AI vendors in Norway

Three patterns run through the published work, and they are worth naming because they are not always explicit in the reports themselves.

Lawful basis is a deployment question, not a procurement question

Every sandbox report frames lawful basis around the specific personal data flows the system creates in deployment. Procurement-time analysis based on the vendor's privacy notice is treated as preliminary work, not as the answer. For AI redaction tools, document classifiers, generative assistants, and clinical prediction models alike, the question "what is the lawful basis" is asked in terms of how the system actually touches data in the customer's environment.

Transparency is operational, not documentary

The Ruter report is the clearest expression. A long privacy policy is not transparency. A clear, contextual explanation, surfaced in the user's actual workflow, of what the AI is doing and how to disagree, is. For any AI product shipping a UI into Norway, this is the relevant standard.

Human-in-the-loop is not lip service

The PrevBOT and Doorkeeper reports both spend serious space on how the human review step actually works: what gets reviewed, at what cadence, with what training, what happens when the human disagrees with the model. "There is a human in the loop" without that detail is treated as essentially uncommunicative.

A short reading list

For practitioners shipping AI in Norway, three documents are worth keeping open in tabs.

  1. The Datatilsynet AI strategy[1] for the high-level orientation of how the supervisor approaches the field.
  2. The sandbox framework[2] for the principles that govern admission and reporting.
  3. The NTNU Copilot report[4] as the canonical worked example for enterprise generative AI deployment under GDPR.

Together they are a usable picture of what the supervisor expects. Most of the surprises in a Norwegian AI deployment are surprises only to people who have not read them.

A closing observation

It is unusual for a national data protection authority to be ahead of the EU framework rather than behind it. Datatilsynet has been, and the work shows. The sandbox is not a marketing exercise; the case reports are not redacted into uselessness; the strategy is not a list of values. The combination is the closest thing in Europe to a public, operational definition of what trustworthy AI deployment looks like under GDPR.

For anyone shipping AI into Norwegian regulated work, that is genuinely useful. For anyone shipping AI into the rest of Europe, it is a preview of where the conversation is heading.

References

  1. Datatilsynet, Strategi for arbeidet med kunstig intelligens (22 March 2024)
  2. Datatilsynet, Framework for the Regulatory Sandbox for Artificial Intelligence
  3. Datatilsynet, Reports from the sandbox projects (collected sandbox final reports)
  4. Datatilsynet & NTNU, Copilot Through the Lens of Data Protection (sandbox final report, 26 November 2024)
  5. European Commission High-Level Expert Group on AI, Ethics Guidelines for Trustworthy AI (2019)
  6. Regulation (EU) 2024/1689 (EU AI Act), Article 57 on regulatory sandboxes

Related writing