The National Strategy for Artificial Intelligence

To table of content

2 A good basis for AI

The Government will facilitate world-class AI infrastructure in Norway in the form of digitalisation -friendly regulations, good language resources, fast and robust communication networks, and sufficient computing power. It will facilitate data sharing within and across industries and sectors.

Data urns by the Austrian artist Daniel Huber. Three richly decorated urns. Used with permission from Ars Electronica.

«Data urns», Daniel Huber (AT) – Photo: Ars Electronica

2.1 Data and data management

Data is vital to AI. Today vast datasets are generated from many different sources. AI and machine learning can use this data to provide important insights. Access to high-quality datasets is decisive for exploiting the potential of AI. The Government's goal is to facilitate sharing of data from the public sector so that business and industry, academia and civil society can use the data in new ways.

Data can be regarded as a renewable resource. Sharing data with others does not mean that one is left with less data. In fact, the value of data can increase when shared because it can be combined with other types of data that can offer new insights or be used by organisations with the expertise to use the data in new and innovative ways.

Open public data

In principle, all information that is lawfully published on public websites can also be made accessible as open data. Personal data that is exempt from public disclosure or that is subject to confidentiality must not, however, be made accessible unless specific reasons apply for doing so. Weather data from the Norwegian Meteorological Institute and traffic information from the Norwegian Public Roads Administration are examples of open data from the public sector.

Personal data

The issues related to sharing and using data are closely connected to the type of data involved. It is important to distinguish between use of personal data and use of data that cannot be traced back to specific individuals, such as weather data. Use of personal data for developing AI raises a number of issues that must be addressed before such data can be shared or used.

Data sharing principles

Principles for sharing open public data

Even though there is no statutory obligation that requires open public data to be made accessible, the Government's goal is for such data to be shared so that it can be used by others (what we refer to as 'reuse').

Report to the Storting no. 27 (2015–2016 ) Digital agenda for Norway: ICT for a simpler everyday life and increased productivity highlighted five sectors where reuse of open public data is regarded to be of particular economic value: culture, research and education, government expenditure, transport and communications, and maps and property (geodata). Specific strategies have been developed for data sharing in these areas. Furthermore, the Norwegian Government Agency for Financial Management (DFØ) has developed a system for publishing data pertaining to public expenditure.

The Freedom of Information Act regulates how public data should be made available for reuse. Since 2012, the Digitalisation Circular has required government agencies which establish new or upgrade existing IT-systems or digital services to make data from these accessible in machine-readable formats. The agency should arrange for data to be accessible in the long term, with integrity, authenticity, usability and reliability intact.

The Nordic countries share many interests and values with respect to artificial intelligence. The Nordic countries therefore cooperate through the Nordic Council of Ministers in several areas related to AI. One of these areas concerns data. A working group has been formed to identify datasets that can be exchanged between Nordic countries and create added value for Nordic enterprises – public and private alike – while still respecting the ethical aspects and the trust and values particular to the Nordic countries.

One important measure in the digitalisation strategy for the public sector 6 is to establish a national resource centre for data sharing in the Norwegian Digitalisation Agency. The centre is intended to serve as a knowledge hub, and one of its tasks will be to increase awareness about the value of sharing data.

Principles for data sharing between public-sector agencies

The Government has established a 'once only' principle to ensure that citizens and businesses do not have to provide identical information to multiple public bodies. 7 Updated and quality-assured information that is shared across public administrations is a prerequisite for implementing the once-only principle, and is important for developing better, more coherent public services.

Some information is held in central registries, such as the National Population Register and the Central Coordinating Register for Legal Entities, but a lot of information exists outside such registries. To facilitate sharing of this data between public agencies, the Brønnøysund Register Centre and the Norwegian Digitalisation Agency have established the National Data Directory to provide an overview of the types of data held by various public agencies, how they are related, and what they mean. This catalogue will also provide information on whether data may be shared and on what terms.

The Digitalisation Circular requires agencies to publish data that can be shared with others in the National Data Directory and on data.norge.no.

Principles for publicly funded research data

Research that is publicly funded should benefit everyone. It is therefore important that research data be made accessible to as many as possible; to other researchers as well as to public administration and the business sector. Better access to research data can boost innovation and value creation by enabling actors outside research communities to find new areas of application. It can also contribute to smarter service development in the public sector, opportunities for new business activities, and new jobs.

There is no doubt that far more datasets from research can be made accessible, along with pertinent protocols, methods, models, software and source codes. Such access must be safeguarded by sound data protection practices and give due consideration to security, intellectual property rights and business secrets. However, the vast and growing amount of research data means that not all data can be activated and maintained for the same long periods. The costs of making datasets genuinely reusable must be weighed against the benefit to research communities and society.

The Government has presented a strategy on access to and sharing of research data. 8 The strategy sets out three basic principles for publicly funded research data in Norway:

  • Research data must be as open as possible, and as closed as necessary.
  • Research data should be managed and curated to take full advantage of its potential value.
  • Decisions concerning the archiving and curation of research data must be made within the research community.
Principles for data sharing in the business sector

In principle, companies own their own data, and it is up to each company to decide how it wants to use its data within the parameters of data protection regulations. Few industries and businesses are aware of the value of data sharing. Many companies have a poor overview of their own data, and therefore have neither categorised it nor assessed its potential benefit to themselves or to other organisations. 9

Norway has some examples of voluntary data sharing within the private sector and between businesses and the public sector:

  • The oil and gas industry: In 1995 the Norwegian Petroleum Directorate and the oil companies operating in the Norwegian continental shelf established the Diskos National Data Repository (Diskos). Diskos is a national data repository of information related to exploration and extraction from the Norwegian shelf. The data is directly accessible online to members of the Diskos joint venture. The idea behind Diskos is that the oil companies should all cooperate on storing exploration data and compete in interpreting it. 10
  • Geodata: Norway Digital is a broad cooperation programme between agencies that are responsible for obtaining geospatial information and/or that are large users of such information. The cooperation partners comprise municipalities, counties, national agencies and private enterprises such as telecom and power companies. 11 Geonorge.no is a national website that has been created for weather data and other geospatial information in Norway under the Norway Digital partnership.
Framework for data sharing in the industry sector

In Germany, a framework for sharing data in the industry sector, International Data Spaces, was established in connection with the Industry 4.0 initiative. The initiative has been expanded to industry sectors in other countries, and in Norway SINTEF has enabled Norwegian companies to use the framework. The framework offers a common infrastructure for the secure storage of industry data. The framework offers companies control of their own data while enabling them to share it if they wish to do so.

Sources: Fraunhofer institut, SINTEF

The authorities are generally hesitant about requiring private enterprises to share data. The Government's position is that private enterprises with a mutual interest in sharing data should do so on their own initiative. Nonetheless, this can prove difficult to achieve in practice.

The Government has set out the following principles for sharing data from the business sector: 12

  • Voluntary data sharing is preferable, particularly between parties with a mutual interest in sharing data.
  • The authorities can facilitate the sharing of data which enterprises themselves see no value in sharing if sharing such data would enhance public benefit.
  • Data sharing may be imposed if necessary; for example for reasons of public interest.
  • Data must be shared in such a way that individuals and businesses retain control of their own data. Privacy and business interests must be safeguarded.

Some activities in the business sector are performed for the public sector or under permits or licences granted by public authorities. Public agencies have taken little advantage of opportunities to set requirements for data access or sharing in connection with entering into contracts or awarding licences. The Government will therefore consider whether the public sector can contribute to making more datasets from the business sector accessible by setting requirements for data sharing in conjunction with entering into public contracts wherever appropriate. The Government will also consider evaluating requirements to make data publicly accessible in licensing areas where such access is considered to be of particular benefit to society.

Methods of sharing data

A variety of methods are available that can make it simpler and safer to share data between different stakeholders:

Data lakes

A data lake is a central repository for storing data, such as a cloud service. The data can be stored as is, in its original format, and can be a combination of structured and unstructured data. The data need not be structured or labelled. The data lake can then be used to retrieve data for machine learning or for other analyses.

Data trusts

A data trust is a legal structure where a trusted third party is responsible for the data to be shared. The third party decides which data should be shared with whom, in compliance with the purpose for which the data trust was set up.

Anonymisation interface

An anonymisation interface allows various analyses to be carried out on register data containing personal data from multiple data sources without being able to identify individuals. The Remote Access Infrastructure for Register Data (RAIRD) is a cooperation project between the Norwegian Social Science Data Services and Statistics Norway on such an anonymisation interface. The information model for RAIRD is openly accessible and can be used by anyone. 13

Synthetic data

Synthetic data can in many cases be an alternative to identifiable data or anonymised data. If synthetic datasets can be produced with the same features as the original dataset, they can be used to train algorithms or be used as test data. This means that even datasets which normally would be considered sensitive could be made openly accessible for use in research and innovation.

Common open application programming interfaces

An application programming interface (API) makes it possible to search directly in a data source to retrieve the desired data. This is a prerequisite for being able to use data in real time. The Digitalisation Circular establishes that public agencies must make appropriate information available in machine-readable and preferably standardised formats, ideally using APIs.

Generation of synthetic test data for the National Registry

The Norwegian Tax Administration is in the process of developing a solution in which machine learning is used to generate rich synthetic test data in a dedicated test environment for the National Registry. The synthetic National Registry will offer synthetic test subjects in addition to simulating events. The objective is to allow enterprises that use information from the National Registry to test their integrations without using authentic personal data in the tests. Initially the synthetic National Registry will be made available to parties needing to test integration with the National Registry. Eventually it will be available to everyone who needs National Registry data for testing purposes.

Source: Norwegian Tax Administration

White paper on the data-driven economy

The Government will prepare a white paper on data sharing and the data-driven economy. The white paper will discuss important issues such as data ownership, incentives for sharing data, and possibilities for equitable sharing of the economic gains from a global digital data economy. Other important issues are data protection, secure data sharing, and ethical use of data. The white paper will also discuss issues relating to competence in data science and data sharing, and to infrastructure for data capture and sharing.

As part of the work on preparing the white paper, the Minister of Digitalisation will appoint an expert group to examine the prerequisites and terms for sharing data within and from the business sector.

The Government will

  • present a white paper on the data-driven economy and innovation
  • establish a resource centre for data sharing, with specialist expertise in the interrelationship between law, technology, business and administrative processes
  • establish a set of principles for extracting and managing data from central registries, and a common API catalogue to promote better utilisation of basic data by providing an overview of data interfaces (APIs)
  • consider policy instruments that can make it easier for industry sectors to share data and that simultaneously safeguard privacy and data protection, security, and business interests
  • give guidance to public agencies on how they can ensure access to data when entering into contracts by, for example, proposing standard clauses
  • consider which areas it may be in the public interest to require that data from the business sector be made accessible, and examine whether requirements for data access in connection with licences might be a suitable policy instrument in this regard

2.2 Language data and language resources

Language technology in the form of, for example, speech recognition and language comprehension, represents a key component in AI. Natural language processing (NLP) involves registering natural language (text/audio) and understanding the meaning and context. Natural language generation (NLG) involves producing text based on data. These technologies combined are important in the development of virtual assistants and in analyses based on unstructured data.

Analysis and classification of unstructured data in the MFA

Every year, the Ministry of Foreign Affairs (MFA) receives up to 6,000 reports from Norwegian embassies, delegations, etc. Previously it was extremely difficult to navigate all this information. Since the MFA adopted machine learning and NLP to analyse and classify the content of these documents, it has been possible to find almost all relevant information on a given subject matter. The solution is also used to extract key information in reports and prepare summaries.

In the work on developing this solution, the MFA cooperated with the University of Oslo, which provided solutions for categorising the Norwegian language. The plan is to gradually expand the solution with information from archives and external research reports.

Source: Ministry of Foreign Affairs

To make systems like these accessible in written Norwegian and Sami and in dialects, the technology must be adapted to these languages and to local conditions. This requires language resources.

Språkbanken, a service provided by the National Library of Norway, makes language data available for developing language technology in Norwegian. The National Library of Norway and the Language Council of Norway will cooperate by coordinating their efforts to further develop the resources held in Språkbanken. They also have a responsibility to make sure that the public sector as buyer, and developer communities in both the public and private sectors, be informed about and request these language resources.

The Sami languages are particularly vulnerable. Language technology and language technology resources in Sami are important for contributing to future development and use of the language and eventually for developing services in Sami based on artificial intelligence. Divvun and Giellatekno, the research group for Saami language technology at the Arctic University of Norway, are both developing different language technology tools for Sami. The Government will return to the issue of Sami language data and language resources in a white paper on Sami language, culture and society. The main topic of the white paper will be digitalisation.

One of the challenges in the work on facilitating language technology in Norwegian and Sami is obtaining sufficient amounts of language data within different domains, such as medicine, ICT and transport. There is a need for both written and oral data that covers dialects and pronunciation variations. Examples of useful resources include multilingual terminology lists, area-specific texts and speech recordings or parallel texts in Norwegian bokmål and nynorsk and different Sami languages. The linguistic structures in text produced by the public sector constitute valuable data for language technology research and development. It is important to facilitate reuse for these purposes.

There is reason to believe that the public sector possesses far more data that could be used in developing language technology than it realises. The Government will therefore promote awareness of language data and language resources in the public sector by, among other things, addressing such data specifically in the Digitalisation Circular.

The Ministry of Local Government and Modernisation has strengthened the infor¬mation management resource centre in the Norwegian Digitalisation Agency in order to facilitate closer cooperation with the National Library and the Language Council of Norway. The agencies will cooperate on strategies to ensure that public language resources can be used for language technology purposes, guidance on what can be regarded as language resources and on ensuring deposits of language resources for Språkbanken.

Language technology aids

Tuva is an aid for dictating text (speech recognition) and navigating a PC using voice control. The product was developed by Max Manus in 2017 and is provided to people with permanent disabilities. The solution uses AI and builds on resources from Språkbanken. The dataset developed specially for this system is now openly accessible to other developers in Språkbanken.

eTranslation is a machine translation service developed by the EU that can be used by the public sector in the EEA area. The functionality for Norwegian is built on translations by the Unit for EEA Translation Services in the MFA, translations by Semantix for public agencies and from standards translated by Standard Norway. Språkbanken makes the datasets accessible to developers and researchers.

Source: Ministry of Culture

The Government will

  • make a recommendation in the Digitalisation Circular that text produced by the public sector be made available for language technology purposes and deposited in Språkbanken at the National Library of Norway and the national term bank.
  • formulate standard clauses for use in public-sector contracts in order to give the public sector rights to the language resources produced by translation services and other language-related services
  • present a white paper on language
  • continue cooperating with the University of Oslo on plain and digitalisation-friendly legal language
  • present a white paper on Sami language, culture and society that focuses on digitalisation

2.3 Regulations

Norway has a tradition for modernising its legal framework to meet new technological developments, starting with the eRegulation project 14 in 2000. The aim is to make laws and regulations as technology-neutral as possible so that they can be applied even when new technologies and digitalisation change our society and the way we live.

At the same time, we often see that regulation is called for when new technologies give rise to problematic applications. We have seen examples of this with artificial intelligence in connection with electoral manipulation in social media and 'deep fakes'. However, it is challenging – and often inexpedient – to regulate a technology that is still in an early phase. Regulating too early can have unintended consequences on developments, create bias in the market and reduce the potential for innovation. Moreover, any technology will often have both positive and negative applications. The same underlying technology used to produce deep fakes can also be used to, for example, create synthetic data, a technology that helps protect personal data.

Digitalisation-friendly regulations

The Government wants the legal framework to reflect the opportunities and challenges that come with new technology, including artificial intelligence. It also wants regulations to be digitalisation friendly. Regulations ought to facilitate fully and partly automated administrative proceedings and not contain unnecessary discretionary provisions. 15 Regulations suitable for automated administrative proceedings ought to be machine-readable so that they can be used AI-systems.

There is a need to consider whether there are areas where regulations impose inexpedient and adverse limitations on the development and use of artificial intelligence. Among other things, there is a need to review laws that apply to some public agencies to see how the regulations can better facilitate sharing and using data and developing and using artificial intelligence.

Such a process will require thoroughly reviewing sector-specific regulations and drawing on cross-sectoral expertise so that consideration is given to society's needs, the individual's right to privacy, and the technological possibilities. This work must be viewed in connection with the regulatory review aimed at removing barriers to digitalisation and innovation, as discussed in the Government's digital strategy for the public sector.

Areas that create particular challenges:

Interoperability

The fact that different sector-specific regulations use the same concepts in different ways can present challenges. Income , for example, does not mean the same in the Norwegian Tax Administration as it does in the Norwegian Labour and Welfare Administration (NAV), and the concept of co-habitant is defined in a variety of ways in different regulations. The Government aims to achieve semantic interoperability in its legislation to make it easier to be read by machines and used for artificial intelligence. If concepts do not have the same meaning, it is important to have information on this to prevent the system from producing misleading results.

Personal data: consent and statutory authority

Personal data is covered by the Personal Data Act. The principle of purpose limitation means that the purpose for processing personal data must be clearly stated and established when the data is collected. This is fundamental to ensuring that individuals have control of their data and can give informed consent to data processing. Development and use of artificial intelligence often require different types of personal data; data which in some cases was originally collected for other purposes. Moreover, processing of data – such as health data – may be subject to other regulations, such as the Health Registries Act.

The most widespread way of gaining lawful access to personal data for use in AI is consent . Consent is often obtained by the users' approving an end user agreement and consenting to data processing when they want to use a service. The agreement should state, among other things, how the entity will use the data collected and with whom it may be shared. It must also be possible to withdraw consent, and some services allow end users to administer how their personal data is used in more detail.

The public sector often collects and processes personal data without the explicit consent of the user. In such cases, collection is based on a statutory provision that provides legal basis to collect and use data on citizens for specific purposes . Norway currently has no common system whereby citizens can see what information is collected and administered by the public sector, though solutions have been established in some important areas, such as helsenorge.no. Here users can administer which healthcare personnel may access their summary care record and clinical documents; withdraw their consent to be registered in certain health registries; and grant power of attorney to family members.

Datasets that are based on consent will in most cases be incomplete or contain bias that may influence the outcome of any analyses performed on the data. This is an important reason for having central registries where registration is statutory and mandatory.

When personal data is collected pursuant to a statutory provision, opportunities to use the data for purposes other than the original purpose are limited unless the new use is also permitted by a statutory provision. This means that public agencies have little scope to use the data they collect to perform analyses on their own activities using AI beyond the statutory authority provided for the relevant dataset. The Government wants to expand the scope for public agencies to use their data to develop and use AI.

Regulatory challenges in the health area

There may be a need to develop regulatory frameworks in some health-related areas before testing of methods based on AI takes place. Other areas are already safeguarded under existing regulations. For example, algorithms used in medical equipment software, such as surgical robots or software for enhancing or processing images in diagnostic imaging instruments, are subject to regulation of medical equipment. The Norwegian Medicines Agency provides guidance and supervises compliance with regulations governing such equipment in the Norwegian market.

Development and use of tools based on artificial intelligence are dependent on information from sources beyond the individual patients who receive health care in a specific case. Use of data for patient treatment and use of patient data for research purposes (secondary use) are currently regulated differently. The current regulations provide no clear legal basis for using health data pertaining to one patient to provide healthcare to the next patient unless the patient gives consent. However, exemption from the duty of confidentiality may be granted to use patient data for research purposes. Artificial intelligence challenges the distinction between research purposes and patient treatment because there is often a need to include patient data from research when AI-based tools developed in a research project are used to provide treatment. Exemption from the duty of confidentiality will no longer apply in such cases, and the use of personal data will no longer be legally permitted.

In July 2019 the Ministry of Health and Care Services distributed a proposal for consultation regarding access to health data and other health-related data in health registries. 16 The proposal concerns access to health data for use in statistics, health analyses, research, quality improvement, planning, management and emergency preparedness in order to promote health, prevent disease and injury, and provide better health and care services.

The Ministry of Health and Care Services is also considering amendments to regulations governing access to health data in connection with teaching and quality assurance. This work includes reviewing permission to use health data in decision support tools. Moreover, the Norwegian Directorate of Health, the Directorate of eHealth and the Norwegian Medicines Agency have, in consultation with the regional health authorities, been tasked with identifying the opportunities and challenges posed by artificial intelligence and what adaptations in regulatory conditions at national level night be needed.

In the long term, more tasks which today are performed by healthcare personnel may be performed by autonomous systems and artificial intelligence. Relevant examples span from automatic generation of patient records, patient logistics and fleet management of the ambulance service to autonomous surgical robots. Although the scope of automation and autonomous tools will expand in the health sector, health personnel will still be responsible for ensuring proper provision of healthcare.

Health analysis platform

The Government will establish a health analysis platform, a national system for making health data accessible for research purposes and for other, secondary uses. The platform will allow more advanced analysis of Norwegian health data and will form the basis for new types of medical and health research. Among other things, it will allow health data to be used more actively in developing medicines and medical technology.

Source: Norwegian Directorate of eHealth

Regulatory sandboxes

Regulatory sandboxes are first and foremost a policy instrument for promoting responsible innovation. A regulatory sandbox is intended to give enterprises opportunities to test new technologies and/or business models within specific parameters. In this strategy the concept is used to refer to:

  • legislative amendments that allow trials, for example subject to application, usually within a limited geographical area or time period
  • more comprehensive measures in areas where close monitoring and supervision is needed, usually by the relevant supervisory authority

The concept of regulatory sandboxes is best known in the financial sector, where supervisory authorities in several countries have given enterprises opportunities to test specific products, technologies or services on a limited number of customers for a limited time period and under close monitoring. In December 2019 the Norwegian financial supervisory authority (Finanstilsynet) established a regulatory sandbox for financial technology (fintech). The purpose of the regulatory sandbox is to expand Finanstilsynet’s understanding of new technological solutions in financial markets, while at the same time expanding enterprises' understanding of regulatory requirements and how they are applied to new business models, products and services.

However, it makes little sense to talk about one regulatory sandbox for AI. AI solutions do not represent a homogeneous group of services, and are subject to a broad spectrum of regulations and regulatory authorities, depending on their purpose and functionality.

The Government has already established regulatory sandboxes in the area of transportation, in the form of legislative amendments that allow testing activities. An act has been introduced allowing pilot projects on autonomous vehicles. The act entered into force on 1 January 2018. 17 The Norwegian maritime authorities established the first test bed for autonomous vessels as early as 2016. A further two test beds have since been approved. 18 In 2019 the Storting adopted a new Harbours and Fairways Act 19 which, subject to application, permits autonomous coastal shipping. Such permission allows sailing in specific fairways subject to compulsory pilotage or in areas where no pilotage services are provided.

Investment in autonomous ships

The Norwegian shipping industry is at the forefront of developing and exploiting new technologies. Norway will have the world's first commercially operated autonomous ship: Yara Birkeland. On commission from Yara, the Kongsberg Group is supplying equipment for the world's first electric, zero-emissions, autonomous container ship. The ship will transport fertiliser from Yara's factory on Herøya to the ports of Brevik and Larvik. The ship, which is due to be delivered in 2020, will gradually move from manned operation to fully autonomous operation with remote monitoring in 2022. The ship will replace a substantial volume of road haulage (estimated at 40,000 truck journeys annually), emit fewer greenhouse gas emissions, improve local air quality and produce less noise.

In addition, NorgesGruppen (ASKO) has received funds from ENOVA (NOK 119 million) to establish an autonomous transport chain across the Oslo fjord, between Moss and Holmestrand. Two sea drones will then replace 150 daily (approximately 50,000 annual) truck journeys between Østfold and Vestfold. These all-electric, autonomous transport ferries are scheduled for commission in 2024.

Sources: Norwegian Maritime Authority/Yara and Enova

Where pilot projects depart from applicable laws and regulations, they can be conducted with statutory authority in special laws, as in the examples mentioned, or in the Pilot Schemes in Public Administration Act. Under the Pilot Schemes, public administration can apply to the Ministry of Local Government and Modernisation to depart from laws and regulations in order to test new ways of organising their activities or performing their tasks for a period of up to four years. In the white paper on innovation in the public sector we will consider whether the Pilot Schemes allows sufficient scope to test new solutions based on AI.

The Government will establish a regulatory sandbox for data protection under the remit of the Norwegian Data Protection Authority. Such a measure will fulfil several purposes:

  • Enterprises can gain a better understanding of the regulatory requirements placed on data protection and reduce the time from development and testing to actually rolling out AI solutions to the market. Systems that are rolled out after being developed in the sandbox can serve as leading examples, and can help other enterprises that are interested in developing similar systems.
  • The authorities can gain a better understanding of new technological solutions and more easily identify potential risks and problems at an early stage so that guidance material can be produced to clarify how the regulations should be applied.
  • The authorities and industries can identify sectors with a need for their own industry standards.
  • Individuals and society as a whole will benefit from new and innovative solutions being developed within responsible parameters.
The Information Commissioner's Office's regulatory sandbox

The Information Commissioner's Office (ICO) in the UK is testing a regulatory sandbox designed to support development of products and services that are innovative and widely beneficial. Organisations can have the way they use personal data in their systems reviewed and assessed. ICO can provide some comfort from enforcement action during the testing and development phases of their systems. ICO wants to work on products and services that are at the cutting edge of development and that operate in areas where there is genuine uncertainty about how regulations should be interpreted.

Following an open application process, the ICO selected 10 organisations of varying types and sizes and from different sectors to be provided with free, professional guidance from ICO staff. One of the successful applicants is Heathrow Airport's project to assess whether facial recognition technology can be used for checking in, security checks, self-service bag drops, etc. to create a frictionless journey through the airport. Another project selected comes from TrustElevate, which is developing a model using AI for age-checking children and young people under 16 in connection with accessing social media.

Source: The Norwegian Data Protection Authority

The Government is positive towards developing new regulatory sandboxes in different areas. Responsibility for such regulatory sandboxes ought to lie with the communities best qualified to test new systems. In some areas, such as further development of smart cities and autonomous transport systems, it may be natural for this responsibility to lie with local and regional authorities or other enterprises.

Public Administration Act and Archival Act

The reports published by the Law Commission on the Archival Act 20 and by the Law Commission on the Public Administration Act 21 will both have a bearing on public-sector administrative proceedings and on the use of AI in public administration.

Administrative proceedings in the public sector are highly regulated, though some degree of discretionary assessment may be exercised in the process. This means that a system does not have to be either manual or automated. It can have solutions where only exceptional cases are processed manually or have processes where an executive officer must examine certain points in order to make an assessment, but where the rest of the process is automated and rule-based. Many public-sector administrative proceedings are already automated. There are case management systems with integrated application dialogue making it possible to make automated decisions immediately.

A feature common to all of the current automated case management systems is that they are rule-based. The regulations are programmed into the solution, making it possible to give reasons for the decisions made. The Public Administration Act requires grounds to be given for all decisions affecting individuals. This obligation to state grounds is important for safeguarding citizens' opportunities to verify and check decisions made concerning them.

There is huge potential to increase the use of artificial intelligence in public-sector administrative proceedings in the form of both rule-based systems and machine learning. The Law Commission on the Public Administration Act emphasizes that automation can promote equal treatment and consistent implementation of regulations. Nonetheless, when case management systems containing AI elements are implemented, the algorithm's judgement must be at least as sound and as trustworthy as the human discretion it replaces. To ensure this, we need systems that are transparent and explainable.

NOU 2019: 5 Ny forvaltningslov [New Public Administration Administration Act]

The Law Commission on the Public Administration Act was appointed in 2015 and submitted its report in the spring of 2019. A central element in the commission's mandate was 'to draft an act that facilitates and builds on the fact that most administrative proceedings are performed, or will be performed, digitally'.

The commission points out that automation of decision-making systems can generate substantial efficiency gains, particularly where case volumes are large. Automation can also promote equal treatment, given that everyone who is in the same situation, according to the system criteria, is automatically treated equally. Automation enables consistent implementation of regulations and can, among other things, prevent unequal practice. Automated administrative proceedings can also enhance implementation of rights and obligations; for example, by automatically making decisions that grant benefits when the conditions are met. This can particularly benefit the most disadvantaged in society. More consistent implementation of obligations can lead to higher levels of compliance and to a perception among citizens that most people contribute their share, which in turn can help build trust.

Wherever there is a need to exercise discretion, rule-based systems can filter out cases or checkpoints for manual assessment. The commission points out that machine learning can offer new possibilities for automating assessment criteria.

The majority of the commission proposes that statutory authority be provided in the regulations to allow administrative bodies in specific areas to make decisions using fully automated administrative proceedings. Decisions with a low impact on individuals may be made without providing statutory authority in regulations. The commission also proposes that the administrative body must document the legal content of automated decision-making systems. Such information should be made public unless laws, regulations or special considerations dictate otherwise.

The Law Commission on the Public Administration Act sees the difficulty in implementing cohesive services without sharing data across agencies. The absence of authority to share information can make it difficult to organise the public administration appropriately, and prevent full automation of administrative proceedings in areas that lend themselves to this. The commission therefore proposes that authority be given to share confidential information with other administrative bodies on a need-to-know basis. This constitutes a broader application than current laws.

Source: NOU 2019: 5 Ny forvaltningslov - Lov om saksbehandlingen i offentlig forvaltning (forvaltningsloven)

In its report, the Law Commission on the Archival Act points to the importance of ensuring that AI-driven processes and decisions are documented and that the documentation is protected in ways that render it authentic and usable. Existing archiving procedures, archiving systems and archiving institutions in the public sector are currently not equipped to address this challenge. The commission therefore recommends that consideration be given to how archiving functionality can be built into the administrative processes and to identify any specific aspects resulting from the use of artificial intelligence.

Artificial intelligence can also be used to achieve better, more efficient classification and sorting of information and thereby simplify and improve record-keeping and archiving practices in the future.

The Government will

  • review and assess regulations that hamper appropriate and desired use of artificial intelligence in the public and private sectors
  • set requirements for transparency and accountability in new public administration systems in which AI is part of the solution
  • establish an advisory body and a regulatory sandbox in the area of privacy and data protection
  • be receptive to requests from public and private enterprises to establish more regulatory sandboxes
  • establish a health analysis platform to streamline and simplify access to health data for research and analysis and simultaneously strengthen privacy and data protection
  • facilitate more active use of health data for testing the effects and safety of medicines and medical technology

2.4 Infrastructure: networks and computing power

Deployment of the electronic communication networks

The electronic communication networks, and the mobile communication networks in particular, are a cornerstone in the digital transformation of society. Norway has a well-developed fourth-generation (4G) mobile network with excellent coverage. There are plans to deploy a nationwide 5G network in the Norwegian mobile market by 2023. 22 This will be important for leveraging the opportunities that lie in 5G technology and 5G networks, not least as an underlying technology for the Internet of Things (IoT).

IoT is a term often used to refer to the ever increasing amount of sensors connected to the internet. It can cover everything from mobile phones and private smart home solutions to sensors measuring air pollution, water quality, noise levels, and so on. The data can be used in predictive maintenance, decision processes and development of new business models. IoT solutions are already deployed in today's 4G networks, but because 5G is faster than 4G, has better capacity and detect weaker signals, it will play a significant role in the development of IoT. Better capacity is particularly important in densely populated areas.

5G infrastructure will therefore be important for implementing a full-scale realisation of IoT with a capacity that cannot be delivered by today's technology. This will enable completely new applications in different sectors of society, such as transport, health and care, and smart cities.

The mobile networks will be a vital enabling technology for AI, due not only to their role as a communication infrastructure but also to the vast amount of communication data generated by producing the services. Anonymised metadata from the mobile networks can be used as input in systems that use AI for analysis, improving the underlying data for decision-support, and processes controls. Such data is already commercially available from mobile network operators (Telenor, Telia and Ice). Use of such data falls under a range of regulations, both sectoral laws and the Personal Data Act. The Government will monitor developments in this area and consider how to facilitate more use of this data

In the transport sector, deployment of the electronic communication networks, expansion of IoT technology and access to anonymised metadata from communication will represent key elements in leveraging the opportunities that lie in AI, such as:

  • self-driving and autonomous cars, buses, trucks, drones, trains and ships
  • intelligent traffic management, controlling and influencing behaviour in traffic
  • early warning of the need to make replacements and maintain infrastructure
  • prediction of travel behaviour
  • more advanced route optimisation

Transport and communication infrastructure is also a key element in the development of smart cities and municipalities. Smart city solutions such as adapted health services, smart energy supply, and building control systems based on big data and AI will depend on fast and robust electronic communication networks.

The Government wants to accelerate the pace of further broadband deployment. The draft legislation on broadband deployment includes measures to facilitate the common use of existing physical infrastructure; measures to ensure that developers of mobile and broadband networks receive information on, and can participate in, ongoing and planned building and construction projects; and measures to ensure that developers receive information on existing physical infrastructure. The new act will require new buildings and buildings that undergo renovation to be made ready to connect to high-speed networks.

The Government will present a white paper on electronic communication.

High-performance computing (HPC)

The amount of data in many areas of research and public administration is growing rapidly. In addition to experiments and theory development, calculations and data-driven research have become important work methods for researchers. This creates a growing need not only for storing and accessing data, but also for the computing power to process the data. Scientific calculations make it possible to analyse and identify new theoretical relationships in the vast datasets generated by, for example, genetic sequencing, satellite observations or research vessels.

Many research projects that process large datasets can use local resources or buy capacity from one of the large cloud service providers. If the chosen provider stores and processes data in compliance with the General Data Protection Regulation, most unclassified data can be processed in cloud services. Use of cloud services from large commercial players like Google, Amazon and Microsoft offer more capacity (for storage and computing power) and various commercially available analytical tools.

However, these services are often insufficient for processing larger datasets or data requiring large-scale parallel calculations. Such situations call for larger computing resources, which are more cost-effective to establish at national or international level. UNINETT AS develops and operates Norway's high-speed research and education network. UNINETT'S subsidiary, UNINETT Sigma2, is responsible for procuring, operating and maintaining national resources for HPC and data storage in Norway.

For some research areas, such as astrophysics and marine research, the datasets are so large and require such high computing speeds that our national resources lack the necessary capacity. We are dependent on cooperation and on buying capacity in international consortia. Such high-performance computing centres can have up to 100 times more capacity than the national resources.

In 2017 the European Commission took the initiative to establish the European High-Performance Computing Joint Undertaking (EuroPHC), which is jointly funded by the European Commission and national contributions. From 2021 Norway's continued participation in EuroPHC will depend on Norway's participation in the Horizon Europe framework programme and the Digital Europe Programme (DEP). UNINETT Sigma2 is Norway's national competence centre for high-performance computing in the EuroHPC partnership.

HPC produces vital knowledge about major societal challenges

Life cycle assessments and material flow analyses are key elements for gaining an overall picture of the environmental impacts of different products from cradle to grave. Such analyses demand large datasets and immense computing power. Combining data from the oceans with atmospheric measurements will provide a better data source for climate modelling. Climate models require increasingly higher resolution in time and space, and thereby more calculations, if they are to provide the necessary local insights into how climate change will affect the risk of floods, land slides and extreme weather.

Similarly, modelling of space weather will be essential for avoiding paralysis of critical infrastructure by severe solar storms.

Health research has been revolutionised in recent years by genetic sequencing and advanced algorithms, which in turn have opened the door to personalised medicine and new advanced forms of treatment. These methods generate vast amounts of sensitive data that must be analysed by high-performance computers and stored in highly secure environments.

Source: Ministry of Education and Research

Some areas require high levels of cyber security while simultaneously allowing the data to be processed efficiently. Relevant examples are high-resolution MR images, DNA data, videos of patients and other sensitive data. Solutions for storing and processing such data are mainly provided through the Service for Sensitive Data (TSD), which is operated and developed through collaboration between the University of Oslo and UNINETT Sigma2.

Norwegian data centres as a resource for AI

Cloud services are fundamental for enabling enterprises to exploit the potential of AI technology. Cloud services provide access to computing power and frameworks for machine learning, which are not available locally.

Many factors are driving the increase in data, among them IoT and the possibility to perform more and increasingly advanced analyses on complex data sources. This increases the demand for storage and processing capacity 'in the cloud', which in turn increases the need to establish more data centres.

The Government wants Norway to be perceived as an attractive host country for data centres and other data-driven industry. A national data centre strategy was published in 2018. 23 Several measures laid out in the strategy, such as reduced electricity supply costs for data centres, removal of the 'machinery tax' and a more straightforward site zoning process for data centres, have made Norway even more attractive to the data centre industry. Clean energy, good communications infrastructure and political and geological stability are other important arguments for choosing Norway as a host country for data centres.

The number of data centres established in Norway has grown in recent years. Many Norwegian data centres have major international customers, and several large international cloud service providers have opted to establish their own data centres in Norway. We are also witnessing a trend whereby customers – including international companies – are moving tasks that require large amounts of computing power to Norwegian data centres because they can offer scalable capacity based on renewable energy. This is a positive trend from a business perspective, and provides Norway's business and public sectors with a wider choice of suppliers. It is particularly important for enterprises with stringent latency requirements or that process data that needs to be stored and processed in Norway due to legal requirements (e.g. The National Security Act).

The Government will

  • consider how to facilitate increased use of anonymised metadata from the mobile networks
  • present a bill on broadband deployment that will contribute to accelerating the pace of deployment of high-speed networks in Norway
  • facilitate the rapid rollout of 5G
  • present a white paper on electronic communication
  • consider further participation in EuroHPC in connection with Horizon Europe and the Digital Europe Programme (DEP)
  • establish a marketplace for cloud services which will, among other things, guide public agencies on procuring cloud services, with particular focus on security
  • follow up the data centre strategy Powered by Nature Strategy: Norway as a data centre nation


Footnotes

6.

Ministry of Local Government and Modernisation (2019): One digital public sector. Digital strategy for the public sector 2019–2025

7.

Report to the Storting no. 27 (2015–2016) Digital agenda for Norway: ICT for a simpler everyday life and increased productivity

8.

Ministry of Education and Research (2012): National strategy on access to and sharing of research data

9.

Veritas Technologies LLC (2015): The Databerg Report: See what others don't

10.

Ministry of Petroleum and Energy (2015): DISKOS 20 years of service for petroleum geology. https://www.npd.no/en/diskos/

11.

www.geonorge.no/en/

12.

The principles are inspired by: Dutch Ministry of Economic Affairs and Climate Policy (2019): Dutch vision on data sharing between businesses

13.

RAIRD Information Model RIM v1_0 accessible at https://statswiki.unece.org/display/gsim/RAIRD+Information+Model+RIM+v1_0

14.

Ot.prp. nr. 108 (2000-2001) Om lov om endringeri diverse lover for å fjernehindringer for elektroniskkommunikasjon[Draft resolution and bill to amend various acts in order to remove obstacles for electronic communication]

15.

Ministry of Local Government and Modernisation (2019): One digital public sector. Digital strategy for the public sector 2019–2025

16.

Helse- og omsorgsdepartementet (2019): Høringtilgjengeliggjøringavhelsedata (endringerihelseregisterlovenm.m.) [Ministry of Health and Care Services (2019): Public hearing on making health data available and amending the Health Register Act]

17.

LOV-2017-12-15-112 Lov om utprøving av selvkjørende kjøretøy [Act relating to testing self-driving vehicles]

18.

Sjøfartsdirektoratet (2017): Horten blir testområde for autonome skip [Norwegian Maritime Authority (2017): Horten to be test bed for autonomousships]. www.sdir.no/en/

19.

LOV-2019-06-21-70 Lov om havner og farvann (havne- og farvannsloven) §25 [Act relating to Harbours and Fairways, section 25]

20.

NOU 2019: 9 Fra kalveskinn til datasjø – Ny lov om samfunnsdokumentasjon og arkiver [Official Norwegian Report on a new Archival Act]

21.

NOU 2019: 5 Ny forvaltningslov – Lov om saksbehandlingen i offentlig forvaltning (forvaltningsloven). [Official Norwegian Report on a new Public Administration Act]

22.

Telia (2019): Teliaskalbyggeutetnasjonal 5G-nett iløpetav 2023 [Telia to deploy a national 5G network by the end of 2023]. Press release, 8 October 2019

23.

Ministry of Trade, Industry and Fisheries (2018): Powered by Nature – Norway as a data centre nation. Strategy