Norwegian Transparency Act 2026, Practical Compliance Checklist for Businesses in Norway

The Norwegian Transparency Act (Åpenhetsloven) requires larger enterprises operating in or into Norway to carry out human-rights and decent-working-conditions due diligence across their supply chains, publish an annual account of that work, and answer public information requests, all under the supervision of the Norwegian Consumer Authority (Forbrukertilsynet), which now actively enforces the law with binding orders and fines. Whether you run a Norwegian-domiciled company or a foreign subsidiary selling goods and services into the Norwegian market, the Act imposes three concrete duties: conduct and document proportionate supply-chain due diligence, publish an annual transparency report on your website, and respond to any person’s written request for information about how you handle actual and potential adverse impacts.

Failure to comply exposes the enterprise to enforcement action, coercive fines, and reputational damage at a time when Norwegian authorities have signalled a sharper enforcement posture.

This guide provides a transparency act compliance checklist built for general counsel, compliance officers, and legal teams at Norwegian SMEs and multinational subsidiaries. It walks through each obligation step by step, from establishing whether the thresholds apply to your entity, through preparing the annual report and fielding information requests, to embedding robust contract clauses in your supplier agreements. Every section references the statute itself (hosted on Lovdata), the official English translation published by the Norwegian Government (Regjeringen), and the enforcement guidance issued by Forbrukertilsynet, so you can trace each requirement back to its primary legal source.

What the Norwegian Transparency Act Is and Who It Applies To

The Norwegian Transparency Act entered into force on 1 July 2022 with an overarching objective: to promote enterprises’ respect for fundamental human rights and decent working conditions in connection with the production of goods and the provision of services, and to ensure the general public’s access to information about how enterprises address adverse impacts. The statute aligns Norway’s domestic obligations with the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights, creating a legally binding framework rather than a voluntary standard.

Norwegian corporate transparency obligations under the Act extend to two categories of enterprise. The first is any enterprise that is resident in Norway and meets the size thresholds set out in Section 3 of the Act. The second is any larger foreign enterprise that offers goods or services in Norway and is liable to tax in Norway, provided it also meets the same size criteria. The transparency act Norway framework therefore catches both domestic companies and certain foreign operators with a genuine Norwegian-market nexus.

Thresholds, Does the Act Apply to Your Business?

An enterprise falls within the scope of the Act if it meets at least two of the three size criteria set out in Section 3, which mirrors the thresholds used for “larger enterprises” in the Norwegian Accounting Act (Regnskapsloven). The thresholds are assessed on a consolidated basis where the enterprise is a parent company.

If your enterprise satisfies at least two of the three criteria above, it is covered. Parent companies must calculate the thresholds on a consolidated group basis, which means a small Norwegian holding company can be swept in if its subsidiaries collectively exceed the limits. Industry observers note that this consolidation rule catches more groups than many initially expect, particularly where several smaller subsidiaries operate under a single Norwegian parent.

Who Is Liable, Resident Companies vs Large Foreign Enterprises

Norwegian-registered entities (AS, ASA, and other legal forms) that meet the thresholds are directly covered. Foreign enterprises are covered if they (a) offer goods or services in Norway, (b) are liable to tax in Norway under internal law or a tax treaty, and (c) meet the size thresholds. In practice, this means a foreign company with a Norwegian branch (NUF) exceeding the thresholds will be subject to the Act. The statute does not apply to sole proprietorships that fall below the size criteria. Businesses needing guidance on cross-border scope can consult our international business law guide for broader context on jurisdictional triggers.

Annual Transparency Report, What to Include and Deadlines

The annual transparency report is the centrepiece of transparency reporting Norway obligations. Section 5 of the Act requires every covered enterprise to publish an account of its due diligence activities at least once per year and to make that account easily accessible on its website.

Section 5 Explained, The Publication Duty

Section 5 of the Norwegian Transparency Act sets out six categories of information the annual account must cover:

• General description of the enterprise’s structure, area of operations, and guidelines and procedures for handling actual and potential adverse impacts on fundamental human rights and decent working conditions.
• Information about actual adverse impacts and significant risks of adverse impacts that the enterprise has identified through its due diligence.
• Information about measures the enterprise has implemented or plans to implement to cease actual adverse impacts or mitigate significant risks, and the results or expected results of those measures.

The account must be published no later than 30 June each year, covering the preceding financial year. For enterprises with a standard calendar-year financial year, this means the report for the financial year ending 31 December must be live on the company website by 30 June of the following year. The report must be signed by the board of the enterprise, which reinforces that this is a board-level governance obligation and not merely an operational task.

Step-by-Step, Preparing the Annual Transparency Report Norway

A structured preparation process reduces last-minute scrambles and ensures the report meets both the letter and spirit of the statute. The following sequence reflects recommended practice drawn from the Altinn guidance for businesses and the Forbrukertilsynet enforcement expectations.

1. Assign a report owner. Designate a senior compliance or legal officer responsible for co-ordinating input from procurement, HR, and operations.
2. Gather due diligence documentation. Collect supplier risk assessments, audit findings, remediation correspondence, and any grievance-mechanism reports generated during the financial year.
3. Map your supply chain. Identify Tier 1 suppliers and, where risk levels warrant, key Tier 2+ suppliers. Document the methodology used, proportionality is explicitly permitted, but the methodology itself must be explained.
4. Draft the account. Use the six-category structure from Section 5 as a template. Each section should include a factual narrative supported by data (e.g., number of suppliers screened, audits conducted, corrective actions initiated).
5. Board review and sign-off. The account must be approved and signed by the board before publication. Schedule a board meeting in Q2 to ensure timely clearance.
6. Publish and notify. Upload the report to a clearly identified section of your website. Good practice, although not a statutory requirement, is to also file a reference to the report in the Brønnøysund Register Centre (Brønnøysundregistrene) and to notify Forbrukertilsynet that it is available.

Annual Report Content Checklist

Reporting Obligations Summary by Entity Type

Public Information Requests, How to Prepare and Respond

Section 6 of the Norwegian Transparency Act grants any person, whether a consumer, journalist, NGO, investor, or competitor, the right to request information from a covered enterprise about how it handles actual and potential adverse impacts on fundamental human rights and decent working conditions. This right goes beyond the general information in the annual report: requesters may ask about specific products, services, or supply-chain segments.

Enterprises must provide a written response within three weeks of receiving a request. Where the request is unusually extensive or involves complex information, the deadline may be extended to two months, but the enterprise must notify the requester of the extension and the reason for it within the initial three-week window. According to the Forbrukertilsynet guidance, a response must be “adequate”, meaning it should substantively address the question rather than offering a generic redirect to the annual report.

There are limited grounds for refusal. An enterprise may decline to provide information that constitutes a trade secret (as defined in the Norwegian Trade Secrets Act) or that relates to classified security matters. However, even when a refusal is justified, the enterprise must explain the legal basis for refusing and describe the type of information withheld.

Practical preparation is essential. Companies that lack an internal triage process risk missing the three-week deadline, a failure that is itself a breach. The recommended approach involves four steps:

• Centralise receipt. Designate a single mailbox or contact point for all Transparency Act requests and publicise it on your website alongside the annual report.
• Triage and assign. Route each request to the relevant department (procurement, HR, or legal) within 48 hours. Log the date received and the three-week deadline in a tracking system.
• Draft and review. The assigned team drafts a substantive response. Legal reviews for trade-secret or confidentiality issues before sign-off.
• Send and archive. Dispatch the written response within deadline and retain a copy, along with all supporting documentation, for at least five years.

Template, Public Information Request Response

The following template provides a starting framework for responding to a request under Section 6. Enterprises should adapt the wording to the facts of each request:

“Dear [Requester], thank you for your request dated [date] regarding [subject]. [Company] is subject to the Norwegian Transparency Act and takes its obligations seriously. In response to your query about [specific product/service/supply-chain segment], we can confirm the following: [Describe the due diligence measures conducted, risks identified, and actions taken or planned]. [If refusing any part of the request: We are unable to disclose [specific information] as it constitutes a trade secret within the meaning of the Trade Secrets Act. The withheld information relates to [general description of nature of information]. Should you wish to discuss this response further, please contact [designated contact]. Yours faithfully, [Signatory, position].”

Businesses handling cross-border supply chains may find our guide on protecting intellectual property across borders helpful for understanding when trade-secret defences are available in international contexts.

Supply-Chain Due Diligence Norway, Step-by-Step Process and Contract Clauses

The Norwegian Transparency Act requires covered enterprises to carry out due diligence “in accordance with the OECD Guidelines for Multinational Enterprises.” Section 4 sets out the statutory due diligence duty as a six-step cycle: embed responsible business conduct into policies, identify and assess actual and potential adverse impacts, cease or mitigate adverse impacts, track implementation and results, communicate how impacts are addressed, and provide for or co-operate in remediation where appropriate.

The statute explicitly applies a proportionality standard: due diligence must be proportionate to the size of the enterprise, the nature and context of its operations, and the severity and probability of adverse impacts. This means a 60-person Norwegian wholesaler importing finished consumer goods is not expected to replicate the supply-chain mapping of a global extractives company, but it is expected to do something meaningful and to document what it has done and why.

Practical Tools, Supplier Questionnaires, Risk-Scoring, and Escalation

Effective supply chain due diligence Norway programmes typically deploy three core tools, scaled by supplier tier:

The KPMG review of the Act commissioned by the Norwegian Government found that many enterprises underestimate the documentation requirement. Even where a company concludes that no adverse impacts exist in its supply chain, the statute requires it to explain the due diligence process that led to that conclusion. The absence of findings is not, by itself, a compliant report.

Sample Contract Clauses for Supplier Agreements

Embedding compliance obligations in commercial contracts is the most effective way to operationalise the Norwegian Transparency Act throughout a supply chain. The following clauses are illustrative, enterprises should tailor them to sector-specific risks and the commercial relationship. For deeper coverage of international commercial contracting, see our dedicated practice guide.

• Warranty and representation. “The Supplier warrants that it complies, and shall procure that its sub-suppliers comply, with all applicable laws relating to fundamental human rights and decent working conditions, including the Norwegian Transparency Act (Åpenhetsloven).”
• Audit and co-operation. “The Supplier shall, upon reasonable notice, permit the Buyer (or its appointed third-party auditor) to access the Supplier’s premises, records, and personnel for the purpose of verifying compliance with this clause. The Supplier shall co-operate fully with any such audit.”
• Remediation and corrective action. “Where a non-conformance is identified, the Supplier shall implement a corrective action plan agreed with the Buyer within [30/60/90] days. Failure to remediate within the agreed period shall constitute a material breach.”
• Termination trigger. “The Buyer may terminate this agreement with immediate effect if the Supplier (a) commits a material or repeated breach of this clause, or (b) refuses to co-operate with an audit or information request.”
• Flow-down obligation. “The Supplier shall include equivalent provisions in its agreements with sub-suppliers and shall use reasonable efforts to monitor sub-supplier compliance.”

Enforcement, Penalties, and Practical Risk Mitigation Under the Norwegian Transparency Act

The Forbrukertilsynet (Norwegian Consumer Authority) is the designated enforcement body. Its powers include issuing orders to compel compliance, imposing prohibitions against continued infringements, and levying coercive fines (tvangsmulkt) that accrue daily until the enterprise comes into compliance. In addition, the Market Council (Markedsrådet) may impose infringement fines (overtredelsesgebyr) for serious or repeated breaches.

The KPMG review commissioned by the Norwegian Government documented early enforcement activity and identified common compliance gaps: enterprises publishing overly generic annual accounts that fail to address specific adverse impacts; companies missing the three-week deadline for information requests; and businesses relying entirely on boilerplate supplier codes of conduct without any verification or follow-up mechanism. Industry observers expect the penalties transparency act framework to tighten further as the Consumer Authority builds institutional capacity and learns from the initial compliance cycles.

Practical Escalation Plan for Detected Violations

When an enterprise identifies, or receives a complaint about, an actual adverse impact in its supply chain, the following escalation plan reduces both legal exposure and reputational risk:

1. Acknowledge and log. Register the issue in the company’s compliance management system within 24 hours. Assign an investigation owner.
2. Assess severity. Determine whether the impact is actual or potential, its scale, and whether it is reversible. This assessment drives the speed and intensity of the response.
3. Engage the supplier. Issue a formal notice requiring explanation and corrective action within a defined period. Document all communications.
4. Implement or verify remediation. Monitor the supplier’s corrective action plan. Where remediation is inadequate, escalate to suspension or termination of the commercial relationship.
5. Report externally. If the adverse impact is severe (e.g., forced labour, child labour), consider whether notification to relevant authorities is legally required or advisable. Reflect the incident and response in the next annual account.

Mitigation strategies that reduce enforcement risk include maintaining a documented, board-approved due diligence policy; retaining complete audit trails; designating a trained compliance officer; and carrying appropriate directors’ and officers’ liability insurance. The Global Law Experts lawyer directory connects businesses with practitioners experienced in Norwegian regulatory compliance and supply-chain risk management.

How to Comply With the Transparency Act, Practical Compliance Checklist and Next Steps

Use the following checklist as an immediate action plan. Each item maps directly to a statutory obligation and can be completed within a 30/60/90-day framework.

Days 1–30:

• Assess whether your enterprise meets at least two of the three size thresholds (NOK 70 million turnover, NOK 35 million balance sheet, 50 FTEs), calculate on a consolidated basis if you are a parent company.
• Appoint a compliance owner (senior legal or compliance officer) with board-level reporting.
• Establish a centralised mailbox and web contact point for public information requests under Section 6.

Days 31–60:

• Map your Tier 1 supply chain. Distribute self-assessment questionnaires to all direct suppliers.
• Conduct a rapid risk screening using country-risk and sector-risk indices to prioritise deeper due diligence.
• Review and update supplier contracts to include Norwegian Transparency Act warranty, audit, remediation, and flow-down clauses.

Days 61–90:

• Prepare a draft annual transparency report using the Section 5 content structure and the checklist table above.
• Schedule a board meeting in Q2 to review and sign off the report before the 30 June publication deadline.
• Publish the finalised account on a dedicated page of your website and archive it for at least five years.
• Monitor for incoming information requests and respond within three weeks (or notify extension within three weeks for complex queries).

For enterprises operating across multiple jurisdictions, understanding how the Norwegian Transparency Act interacts with broader international business law obligations, including the EU Corporate Sustainability Due Diligence Directive (CSDDD), is an essential next step in building a unified compliance programme.

Sources

1. Lovdata, Act relating to enterprises’ transparency and work on fundamental human rights and decent working conditions (Transparency Act)
2. Regjeringen, Transparency Act (English translation PDF)
3. Forbrukertilsynet, The Transparency Act (Consumer Authority guidance)
4. Regjeringen, Review of the effects of the Norwegian Transparency Act (KPMG)
5. Altinn, The Transparency Act and who it applies to
6. University of Oslo, Academic commentary on the Norwegian Transparency Act
7. DNV, Norwegian Transparency Act guidance
8. Sedex, Norway’s Transparency Act: what you need to know