Norway

In summary, Norwegian authorities grant supervisory bodies the rights to order corrective and preemptive actions to strengthen IT-security, and to impose fines in order to enforce the laws and regulations described under Question 3 and Question 3.1, above. Below, we have specified the authorities which are responsible for enforcing the applicable laws and regulations under Question 3. and Question 3.1:
A. The telecom regulations are enforced by the Norwegian Communications Authority (the "NCA"). The NCA enforces the ECA and ECR, and is furnished with the following legal instruments/rights:
(i) Right to information (supervision/audit rights), and may demand information that is necessary for the implementation of the ECA.
(ii) Right to order telecom providers to take corrective action and make changes in order to fulfil IT security requirements.
(iii) Right to impose coercive- and infringement fines, charges and penalties.
(iv) Right to revoke licenses, order closure of networks, etc.
(v) Confiscation of equipment.
B. The energy sector regulations are enforced by the Water Resources and Energy Directorate (abbreviated as "NVE" in Norwegian). The NVE enforces the Emergency Regulation, and is furnished with the following legal instruments/rights:
(i) Right to information (supervision/audit), and may demand information from energy providers.
(ii) Right to order energy providers to take corrective action and make changes in order to implement the provisions of the Emergency Regulation .
(iii) Right to impose coercive- and infringement fines, charges and penalties.
C. The offshore sector regulations are enforced by the Ministry of Petroleum and Energy and the Petroleum Directorate by delegation. The ministry is furnished with the fol-lowing legal instruments/rights:
(i) Right to order petroleum enterprises to enact necessary measures to comply with the applicable petroleum regulations, including IT-security requirements and, in particular to suspend activities which violate the applicable IT-security re-quirements, etc.
(ii) Right to impose coercive- and infringement fines, charges and penalties .
D. The public sector regulations are supervised by Norwegian National Security Authority ("NSM"). NSM is furnished with the following legal instruments/rights:
(iii) Right to order improvements to IT-security.
(iv) Right to impose coercive- and infringement fines and charges.
E. The health sector's IT security regulations are supervised by the Norwegian Data Inspectorate, which is furnished with the following legal instruments/rights:
(i) Right to order processing of personal health in violation of the applicable IT-security requirement data to cease.
(ii) Right to impose infringement fines and charges and penalties.