Is Sharing Passwords Legal in Norway After the 2026 Policy Reforms?

No, sharing passwords in Norway violates the Electronic Communications Act (Ekomloven) and the General Data Protection Regulation (GDPR), risking fines up to NOK 20 million or 4% of global turnover. The Norwegian Data Protection Authority (Datatilsynet) enforces strict access control mandates, prohibiting unauthorized credential sharing under Sections 2-1 and 2-2 of Ekomloven. Recent 2026 amendments tighten obligations for service providers to implement multi-factor authentication, further criminalizing password sharing practices.

Key Regulations for Sharing Passwords in Norway

• Electronic Communications Act (Ekomloven §2-1): Prohibits unauthorized access to electronic communication services, including password sharing, with penalties under §10-1.
• GDPR Art. 32 & Norwegian Data Protection Act (Personopplysningsloven §13): Mandates secure access controls; shared credentials breach integrity requirements, triggering liability for data controllers.
• Norwegian Penal Code §204: Criminalizes fraudulent access via shared credentials, punishable by fines or imprisonment up to 2 years for aggravated cases.

The Norwegian Consumer Authority (Forbrukertilsynet) also monitors B2C service providers, requiring clear terms prohibiting password sharing in user agreements. Financial institutions face additional scrutiny under the Financial Contracts Act (Finansavtaleloven), where shared credentials invalidate fraud liability protections. Non-compliance exposes entities to sector-specific sanctions, including revocation of operating licenses.