Reflections from the largest political gathering in Norway, Arendalsuka, on digital sovereignty, shared responsibility, and choosing the right tools for the job.
By Henrik Notevarp, Specialist in Digital Trust & Secure Communications, Norway
The Nordic region is taking meaningful steps toward digital sovereignty. In Norway, we see promising signs – particularly by the Norwegian Ministries’ Digitalization Organization (DIO), which appears to be adopting elements of NSM’s guidance on hybrid and national cloud infrastructure. Recent contract awards suggest a growing awareness of the need to match technology choices to different levels of sensitivity. The direction is encouraging, but it’s still early days.
Yet even as progress is made, we still see a two-track reality: one track for broad collaboration, and one for classified or sensitive communication. As it stands today, you can use your everyday video meeting solution for quite a lot – but not everything.
That’s where tools like Pexip come in. We're part of the solution, building video solutions for sensitive use cases. But tools alone are not enough. If we want to strengthen digital resilience across the public sector, we also need adoption, understanding, and clearly defined responsibility at every level.
National security isn’t managed only at the ministry level. It’s also handled in municipalities, local energy companies, and other parts of the critical infrastructure that hold confidential information but may lack the resources or expertise to fully meet legal and security requirements.
Take the power sector, for example. It’s vital to national stability but often managed locally. If we want to build a digital defense line that truly holds, it must include the full breadth of the public sector – not only the central “headquarters.”
As new technologies like AI enter the picture, security challenges evolve even more rapidly. This means that our approach must go beyond defending against external threats and ensure the way we communicate, meet, and collaborate is inherently secure.
We must use the right technology for the right purpose. That means:
At Pexip, we focus on enabling private and trusted video communication. Our approach is based on transparency, traceability, and control, with security built into the platform, not bolted on as an afterthought.
At Arendalsuka this week, we discussed how laws and responsibilities are evolving. Regulatory frameworks now place clear accountability on leadership and system owners. But in practice, the responsibility is shared…and the lines can blur.
Who’s responsible when IT is delivered through multi-cloud setups or outsourced partners? How do we follow rules that some argue are almost impossible to implement? The answer, I believe, lies in usability.
Ultimately, security only works when people use it. And people only use it when it’s simple.
That’s why adoption matters. When secure tools are easy to access, understand, and use, they become the default. And when “secure” becomes the default, we raise the overall level of protection, without placing an extra burden on the user
Across Europe, and in Norway, we see a tightening of rules around data access, control, and transparency. The direction is clear. But these regulations only make a difference if they’re applied in practice, by everyone, not just IT or leadership.
Digital sovereignty isn’t a one-time decision. It’s something we commit to again and again – every day, in every meeting, with every tool we choose to use.
That’s the space where Pexip fits in. Not as the only solution, but as a trusted, secure alternative that enables public sector organizations to meet, collaborate, and share sensitive information with confidence.