Digital Identity Management in Norway Is a Catastrophe
Recorded: May 29, 2026, 1:01 p.m.
| Original | Summarized |
Digital Identity Management in Norway is a Success but also a Disaster Jump to main content
UiO No Menu For employees Search our webpages Search Home All articles Apollon Go to uio.no Sub menu All articles photos All articles 2026 Digital Identity Management in Norway is a Success but also a Disaster Although digital identity management in Norway is a success in many respects, it faces serious challenges and deficiencies, states Marte Eidsand Kjørven. She is a professor at the Department of Private Law at the University of Oslo. Photo: UiO. By Published May 29, 2026 Technology Although digital identity management in Norway is a success in many respects, it faces serious challenges and deficiencies, states Marte Eidsand Kjørven. She is a professor at the Department of Private Law at the University of Oslo and has led the project "Societal Security and Digital Identities," known as the SODI project. Kjørven received the Rule of Law Award (Rettssikkerhetsprisen) for this work in 2024.Market-based electronic solutions such as BankID, Buypass, and Comfides have contributed significantly to the digitalization of both the private and public sectors. These "universal keys" provide access to a range of vital services for large portions of the population, including online banking, tax services, health services, and Altinn.At the same time, these solutions bring serious challenges related to social exclusion, ID abuse, and failing legal protection. Digital identity management is complex, functioning almost as an ecosystem with numerous actors, technical solutions, and legal regulations. This digitalization has occurred rapidly.In a podcastepisode at 'Universitetspodden' Kjørven and Henriksen discuss the problems (only in norwegian).However, Kjørven explains that the legal rules intended to ensure responsible digitalization do not sufficiently account for the serious consequences this has brought about.Scathing CriticismIn the project's final report, the research group directs scathing criticism at what they believe are serious failings in the public governance of digital identity management in Norway. The word "catastrophe" is communicated clearly as early as the introduction.Key terms Kjørven uses to describe this catastrophe include disclaimers of responsibility, lack of legal protection resulting in financial miscarriages of justice, human rights violations, and challenges to democracy and national security.Digital Exclusion and Disempowerment It is vital to maintain good control over who has access to electronic ID solutions to avoid abuse and fraud. Simultaneously, digital exclusion is a major problem under current conditions.Digital identity management is characterized by some actors and parts of the population reaping the benefits, while vulnerable groups bear the disadvantages and costs. For many elderly people and individuals with disabilities, it is impossible to use electronic ID solutions without assistance. 'Bendik' has Down syndrome and is denied BankID. Photo: Colourbox.The report tells the story of Bendik, who has Down syndrome and is denied BankID, thereby losing access to digital public services due to his diagnosis.– When a "universal key" in the form of an eID is necessary for access to essential services and real participation in society, the consequences are extremely serious for those without such a key, Kjørven points out. Norwegian authorities have left it to private actors to decide who shall have access to digital public services and who shall be excluded and thus disempowered.Sent Backwards in TimeKjørven believes it can be difficult for those who have access to the digital services they need to imagine how intrusive it is to lack an eID, and BankID in particular.– These people have not just been left on the platform while the digitalization train has raced past; they have been sent on a train moving backwards. They do not have access to the same basic services as others, which constitutes a very serious problem, including from a human rights perspective, the law professor emphasizes.Miscarriages of Justice, Financial Ruin, and Broken LivesSeveral serious digital fraud cases have been featured in the media in recent years. Phishing for personal information is common method fraudsters use to trick victims into giving up usernames, passwords, and credit card numbers. Last year, DNB customers were targeted in fraud attempts worth over 3.3 billion NOK, a 30 per cent increase from the previous year. Of these, the bank managed to stop 3 billion NOK from falling into criminal hands.Criminals who steal others' electronic IDs can manipulate information in public registers, apply for loans, transfer money, set up companies, and receive public benefits on false grounds. This leads to major losses for individuals, companies, and the public sector.Professor in Law Marte E. Kjørven and director Marianne Henriksen at Skatteetaten. Photo: UiO.Individuals can have their finances destroyed and, in extreme cases, face criminal prosecution and miscarriages of justice. Some are forced to move from their homes and have their entire futures ruined.– These are millions of pounds from the welfare state, individuals, and businesses being channeled into organized crime, which can contribute to increased criminality and all the associated consequences, Kjørven explains.Defrauded by Close RelationsFraud within close relationships is also not uncommon, and the Supreme Court is currently hearing such a case. A man handed over his BankID to his ex-partner to get help with daily tasks due to mental health challenges. The woman abused this access to take out several large consumer loans, for which she was later criminally convicted.Nevertheless, the credit company has sued the man to cover its loss. The Supreme Court must decide whether the voluntary handover of BankID can mean the man is legally bound to cover the loss, despite being a victim of fraud and identity theft.It is also noted that BankID code devices have for years been sent to customers via the post without any verification of who collects them.Lack of National GovernanceAt the heart of these challenges lies the absence of a holistic strategy and governance of digital identity management in Norway, according to the project group. They write in the report that responsibilities are fragmented, coordination fails, and there is a lack of democratic anchoring. They believe important decision-making processes are opaque and that stakeholders are not sufficiently involved.The report proposes how these problems can be mitigated and how the field can be managed more holistically. It contains a range of objectives and measures and resembles an Official Norwegian Report (NOU), Kjørven suggests.The report and its recommendations are based on collaboration between four research institutions in Norway and Estonia, as well as various public and private partners, including the Tax Administration (Skatteetaten) and one of their directors, Marianne Henriksen.Justified CriticismMarianne Henriksen believes the criticism presented in the report is constructive and justified. – The SODI project has done a very important job that the public sector can benefit from. The Tax Administration has collaborated with the project through its role as owner of the National Population Register (Folkeregisteret). She describes the project's research as well-founded, constructive, and valuable. The SODI-project:The SODI project is funded by the Research Council of Norway and began in 2021 as a multidisciplinary collaborative project. The project group included Rolf Riisnæs, Tobias Mahler, Malcolm Langford, Tone Linn Wærstad, and Petter Omland (all from UiO), as well as Kristian Gjøsteen (NTNU). The report also draws on practical experience from the legal aid service "ID-juristen".Sources sodi-rapport-5-2025.pdfDNB har aldri stoppet flere svindelforsøk - DNB NyheterSymptom på et større problem | DN Published May 29, 2026 10:19 AM E-mail this page Share on Facebook Share on X Research News Contact information About the website Responsible for this page Managing editor research Log in |
Digital identity management in Norway presents a dichotomy, characterized by significant progress alongside severe systemic challenges, as detailed by Marte Eidsand Kjørven. While market-based electronic solutions such as BankID, Buypass, and Comfides have successfully facilitated the digitalization of both the private and public sectors, granting access to essential services like online banking, tax services, health services, and Altinn, these advancements are accompanied by serious deficiencies concerning social exclusion, identity abuse, and inadequate legal protection. The complexity of this system, operating as an ecosystem involving numerous actors, technical solutions, and legal regulations, has developed rapidly, yet the existing legal framework fails to sufficiently account for the profound consequences of this rapid digitalization. The research group that led the project "Societal Security and Digital Identities" (SODI) has directed scathing criticism toward the public governance of digital identity management in Norway, labeling the situation a catastrophe. This criticism centers on serious failings in public oversight, the lack of legal protection resulting in financial miscarriages of justice, human rights violations, and threats to democracy and national security. Kjørven points out that the legal rules established to ensure responsible digitalization do not adequately address these serious repercussions. A major consequence of the current system is digital exclusion and disempowerment. The distribution of benefits from digital identity solutions is uneven, with some groups reaping advantages while vulnerable populations bear significant disadvantages. For many elderly individuals and people with disabilities, accessing essential electronic ID solutions, such as BankID, often requires assistance, leading to exclusion. This disparity is starkly illustrated by cases where individuals, such as Bendik, are denied access to vital public services due to their diagnosis, highlighting the severe impact of lacking a universal key for societal participation. Kjørven suggests that those without digital IDs are effectively left behind as the digitalization process proceeds, moving backward rather than facilitating forward progress, which raises significant human rights concerns. Furthermore, the digital identity landscape is rife with criminal activity. Serious instances of digital fraud, including phishing for personal information, are common methods used by fraudsters. In recent years, financial losses have been substantial, with DNB customers facing fraud attempts worth billions of Norwegian Kroner, though the bank managed to mitigate a significant portion. Criminals are also capable of manipulating public registers, obtaining loans, transferring funds, and fraudulently receiving public benefits, which channels vast sums from the welfare state, individuals, and businesses into organized crime, exacerbating criminality. The text also notes issues arising from fraud within close relationships, where access to identity tools has been misused, leading to criminal convictions and disputes over liability. The handling of security protocols is also questioned, noting that BankID code devices have been distributed without proper verification of recipients. At the core of these systemic failures is a profound lack of national governance. The research group observed that responsibilities are fragmented, coordination among stakeholders fails, and there is a deficit in democratic anchoring. Decision-making processes concerning digital identity are often opaque, and stakeholders are insufficiently involved. To address these issues, the report proposes a holistic strategy encompassing various objectives and measures, resembling an Official Norwegian Report. This work is supported by collaboration between four Norwegian research institutions and Estonia, alongside public and private partners, including the Tax Administration (Skatteetaten). While Marianne Henriksen believes the criticism is justified and constructive, acknowledging the valuable work contributed by the project and partners like the Tax Administration, the fundamental call remains for a more coherent and democratically grounded management of digital identity in Norway. |