Norway has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Norway has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Norway has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

The Act Relating to Consumer Purchases (2002) complies with EU Directive 2011/83/EU (Consumer Rights), implementing strong consumer protections in Norway. The act mandates inter alia that the seller must provide a cancellation period, includes a description of how and what sales contracts should include, and specifies that the seller must provide contact information.

The Act on Electronic Trust Services (2018) implements EEA Agreement Annex XI Electronic communications, audiovisual and information society services (Regulation (EU) No 910/2014 ) in Norway. The Act provides the legal basis for electronic trust services and e-signatures.

The Act on the processing of personal data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. Art. 27 of the GDPR requires a local representative for data controllers or processors not established in the EU.

It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 40. However, there is exception to this rule that comes from the VAT on E-Commerce (VOEC) scheme. Under this scheme, online retailers who export more than 50,000NOK (approx. 4600 USD) worth of low-value goods (less than 3000 NOK, approx. 280 USD) into Norway annually are exempt from paying customs duty and instead must charge VAT at point-of-sale and register with the Norwegian Tax Administration, as if they were a Norwegian retailer. In effect, this creates a de minimis threshold of 3000 NOK for which customs duties are no longer imposed.

Only Norwegian organizations and private individuals over the age of 18 can subscribe to a Norwegian domain name. Organisations must be registered with the Central Coordinating Register for Legal Entities (Enhetsregisteret), and individuals must be registered in the National Population Register with a national identity number. Further, all subscribers must have a Norwegian postal address.

The Regulations on electromagnetic compatibility (2017) implement Directive 2014/30/EU of the European Parliament and of the Council in Norway. Chapter 4 establishes a self-certification mechanism which is detailed fully in Annex II of the regulations.

The Regulations relating to the Export of Defence-Related Products, Dual-Use Items, Technology and Services harmonises Norway's export controls with those of the European Union by subscribing to the European Dual Use Export Control Annex. The Annex identifies a range of dual-use items that face either authorization requirements or outright bans for exportation outside of the EU.

It is reported that Norway imposes identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners, to activate a new prepaid SIM card.

The Act on certain aspects of electronic commerce and other information society services (e-commerce law) implements Directive 2000/31/EC (E-Commerce Directive), establishing a conditional safe harbour for Internet Service Providers (ISPs) in Norway. The limitations on liability in the Directive apply to certain clearly delimited activities carried out by internet intermediaries, rather than to categories of service providers or types of information. These are caching, conduiting and hosting (Sections 16–18), while Section 19 releases ISPs from monitoring obligations.

In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or disable access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. Finally, Norway is obliged to implement Directive 2019/790 on Copyright in the Digital Single Market, however it has not yet done so as of May 2022.

The Act on certain aspects of electronic commerce and other information society services (e-commerce law) implements Directive 2000/31/EC (E-Commerce Directive), establishing a conditional safe harbour for Internet Service Providers (ISPs) in Norway. The limitations on liability in the Directive apply to certain clearly delimited activities carried out by internet intermediaries, rather than to categories of service providers or types of information. These are caching, conduiting and hosting (Sections 16–18), while Section 19 releases ISPs from monitoring obligations.
In addition, ISPs are responsible for illegal content (including copyright infringement) if they obtain knowledge or awareness that such content is present and do not expeditiously remove or disable access to the content. As a result, many ISPs have proactively introduced user agreements to allow them to remove any controversial content – including content that is not necessarily illegal – in order to protect themselves from liability. The Ministry of Culture is working on the implementation of the Directive 2019/790 on Copyright in the Digital Single Market.

The Act on the processing of personal data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. The GDPR requires that organizations conducting "regular and systematic monitoring of data subjects on a large scale" or whose activities include the processing of sensitive personal data on a large scale, must appoint a Data Protection Officer (DPO).

The Act on the processing of personal data (Personal Data Act) implements the General Data Protection Regulation (GDPR) of the European Union in Norway. Under the GDPR, Data Protection Impact Assessments (DPIAs) are mandatory for data processing activities likely to result in a high risk to the rights and freedoms of natural persons.