Critical-Infrastructure

Total Defence Year 2026

8 mins

Government Enterprise Reference Total-Defence Digital-Sovereignty Norway Preparedness Cyber-Security Critical-Infrastructure Total Defence Digital Preparedness Cyber Security National Resilience Critical Infrastructure NIS2

In 2026, Norway mobilizes for a new security reality. Totalforsvarsåret (Total Defence Year) is a national effort coordinated by DSB and the Armed Forces to strengthen Norway’s collective resilience against crisis and war.

Sikkerhetsloven

1 min

Public-Sector Security Enterprise National-Security Security-Clearance Classified-Information Critical-Infrastructure Cybersecurity Critical Infrastructure

The Norwegian Security Act creates a comprehensive framework for national security. It requires security clearances for personnel accessing classified information and establishes classification levels (RESTRICTED, CONFIDENTIAL, SECRET, TOP SECRET). Organizations handling classified information must implement security measures and undergo security audits. The Act enables the government to impose security requirements on critical infrastructure operators and assess foreign investments for national security risks. It covers information security (protecting classified data), personnel security (vetting individuals), and supply chain security (managing risks in procurement). NSM (Norwegian National Security Authority) oversees implementation, while PST (Police Security Service) handles threat assessments. The law interacts with data protection rules, allowing certain national security exemptions while maintaining proportionality requirements.

Cybersecurity Law

1 min

Enterprise It-Ops Data-Localization Critical-Infrastructure Security-Review Real-Name-Registration Cybersecurity Digital-Sovereignty Critical Infrastructure

China’s Cybersecurity Law of 2017 establishes foundational requirements for network security. Critical Information Infrastructure Operators (CIIOs) in sectors like telecoms, energy, transport, and finance must localize personal information and ‘important data’ collected in China. Cross-border transfers require government security assessments. Network products and services used by CIIOs must undergo security reviews. The law requires network operators to maintain logs for at least six months and provide technical support to public security organs for investigations. Real-name registration is required for online accounts. The law’s broad definitions and vague language create compliance uncertainty. Combined with the National Intelligence Law, it means Chinese network operators must both assist intelligence work and implement technical capabilities for lawful access.