2 Introduction and summary

Worldwide, approximately 40 000 searches are made in Google every second. At the same time, three hundred hours of video are posted on YouTube every hour. Furthermore, smart sensors and processors produce more than 5 quintillion bytes of data on a daily basis.Put together, these examples point to a trend where the volume of data produced, stored, copied and consumed worldwide is growing at lightning speed. Over the last two years alone, more data has been produced than in the entire history of mankind prior to this.

A data-driven economy means increased demand for data centre services. Many key functions in society, such as health care, policing and transport, rely on services provided by data centres.

When Norwegian industry and public administration are given access to data services from a data centre, this could have a number of effects on the productivity of the enterprises through cost savings, more flexibility and use of new technology. Although such effects could also be achieved to some extent when using a data centre in another country, for example in Sweden or Denmark, they are likely to be greater when using a data centre in Norway with a closer geographical proximity.1

Norway has many features that make us a very attractive country for establishing data centres, with a surplus of renewable energy, low electricity prices, good digital infrastructure, a cool climate, political and economic stability and reliable operational conditions (interruption-free, low-cost and scalable electricity supply). Norway can offer clean and green solutions, and thus contribute to a more sustainable global data economy. The Norwegian Government launched its data centre strategy in 2018, which was one of the first in the world. The objective of this strategy was to attract and develop new industries that can create jobs and boost value creation in Norway. The investment in Norwegian data centres has increased since the strategy was launched, and the data centre industry reports that the strategy has contributed to this development.

Zoom in on image

Norwegian authorities received an award for stimulating investment in data centres

Source: Datacloud Global Awards

The Government wants Norway to be an attractive investment destination for data centres and other data-based industries, and will devise measures that can help boost growth in the data centre industry in the years to come, whilst also ensuring that this development is sustainable.

2.1 The Government will:

1. Strengthen the marketing of Norway as a data centre location
• Strengthen Invest in Norway, including with a view to better facilitating investment in data-based value creation and data centres in Norway.
• Continue its dialogue with Norwegian industry and leading international technology companies to obtain input on the work to facilitate investment in data-based value creation and data centres in Norway.
2. increase competitiveness
• Produce a guide in English (website) with relevant information on how to establish a data centre in Norway.
• Ensure continued stable framework conditions for the data centre industry.
• Consider how processes related to the expansion and licensing of the transmission network can be streamlined. The Government has appointed a public commission to consider this and other issues.
• Continue the efforts to develop ICT competence in Norway.
• The Government will make provisions for the actors in the data centre industry to sign partnership agreements with educational institutions.
3. Facilitate sustainable development
• Establish a national heat map to ensure better utilisation of waste heat.
• Help facilitate sustainable development of the data centre industry in Norway – including by introducing requirements for waste heat in data centres.
• Participate actively in the European cooperation to develop appropriate, and primarily pan-European, solutions that ensure digital security, combat crime and protect national security interests associated with data centre activities.
• Assess data centres with a view to regulate within the scope of the Electronic Communication Regulations and other appurtenant regulations to ensure digital security and protect national security interests.
4. Reinforce the digital foundation2
• Undertake thorough risk and vulnerability analyses in at least five new, vulnerable regions, and phase in new measures after annual reviews.
• Continue to facilitate commercial expansion of networks that connect Norway to other countries.
• Continue state grants to broadband expansion in rural areas.
• Continue to take a long-term perspective of state investment in fibre infrastructure, help ensure that more capacity is built into the system than initially needed, and ensure that provisions are made for market-based leasing of capacity on open and transparent terms.

The updated data centre strategy is part of a comprehensive government initiative aimed at digitalisation and the data-driven economy, which is reflected in separate reports to the Parliament (Stortinget) on the data-driven economy and innovation and our shared digital foundation. The revision of the data centre strategy is part of this comprehensive initiative. Through its updated data centre strategy, the Government seeks to devise further measures that can help boost growth in the data centre industry in the years ahead, while ensuring that this development is sustainable.

The Government wants to ensure that the potential for growth that the data centre industry represents is realised, and describes below some of the main efforts being undertaken in the areas that are relevant for this industry.

In this strategy we will look at the following areas in particular:

• The economic impact of the data centre industry
• Security in Norwegian data centres
• Data centres – a sustainable growth industry
• Renewable energy – grid connection
• Digital infrastructure – transmission routes
• The need for ICT skills
• Internationalisation and investment
• Framework conditions

2.2 What is a data centre?

A data centre is a facility that consists of servers and other components that are used to organise, process, store and transmit large amounts of data.

Zoom in on image

The Digiplex data centre at Fetsund in Lillestrøm municipality

Source: Digiplex

The size of a data centre can vary from a small room in a basement to huge halls covering hundreds of thousands of square metres. A data centre can be part of the internal infrastructure of a business, or it can be a core activity in the form of data centre services that are supplied to external clients. All businesses send and receive data, and the data centre is therefore a critical component for the operations of many business. Data centre services are provided according to different business models with varying service levels.

Data centres can be roughly divided into three categories: Hyperscale, Colocation and Edge.

• Hyperscale (large, dedicated data centre): These data centres tend to be owned and operated by Big Tech actors such as Facebook, Microsoft, Apple, Amazon and Google to allow them to deliver their own services, in the form of infrastructure (data storage and processing), platform services or computer software supplied as a service. These services are used by many different users, and depending on the type of service, can be marketed to businesses and/or consumers.
• Colocation (co-located data centres): These data centres are owned and operated by a data centre operator, such as Digiplex, Bulk and Green Mountain in Norway or companies such as Equinix, NTT and CenturyLink internationally. The operator sells storage space, cooling, network connections or power to a range of different customers operating their own IT systems, or else IT operations are sold as a service. Microsoft, for example, runs some of its cloud services aimed at Norwegian customers from co-located data centres in Norway.
• Edge: These are often smaller installations (typically the size of a container). Edge centres are always located close to the place where the data are being generated. Such centres tend to be owned and operated by telecom companies or large IT operators that sell data processing as a service.

2.3 Data as a resource

Today, nearly all financial transactions in Norway are made electronically via systems that rely on data centres. In the spring of 2021, 97 per cent of all payments in Norway were made electronically.3

In recent years, there has been a growing demand for cloud services to meet data processing and storage needs, both in the private and public sector. This has created added flexibility and the reaping of economies of scale, as well as contributed to growth in the market for storage and data processing.

According to the IT company Cisco, the number of large hyperscale data centres has increased globally from 259 in 2015 to 597 at the end of 2020. The Gartner analytics company estimates that the use of cloud services will increase by 23 per cent in 2021 to USD 332 billion.4 Investment in cloud solutions is expected to rise even further, in pace with the development of cloud services.

Services critical to society need data centres

Stavanger municipality has 150 000 inhabitants, and the local authority provides a range of services that are critical to society in areas such as health, social care, education and infrastructure etc. These services rely on a number of IT systems that handle finances and wages, medication for patients, school examinations, access systems, public information and many others. In 2015, the local authority decided to wind up its own data centre in favour of a colocation with the Green Mountain data centre. This enables the local authority to focus on its core activities. With a back-up solution in a separate location and professional operation of its data centre, the local authority now has a more reliable solution for its critical systems and data.

Zoom in on image

DC1-Stavanger lies deep inside a mountain that previously housed a NATO munition depot. The adjacent fjord is used as coolant.

Source: Green Mountain

Also in Norway, there is a growing demand for cloud services among businesses. According to Statistics Norway, 64 per cent of businesses with at least 10 employees used cloud services in 2020.5 This is an increase from 51 per cent in 2018 and 29 per cent in 2014. In businesses with at least 100 employees, 82 per cent used cloud services in 2020, an increase from 73 per cent in 2018. The general trend is for large businesses to use cloud services more frequently than smaller businesses. As of 2021, 92 per cent of all government enterprises use one or more services delivered via the cloud.6 The need for video conferencing solutions and virtual meeting rooms is assumed to have played an important role in this development.

The emergence of the data economy is expected to be an increasingly important driver of economic growth. A data economy is a system in which value creation occurs when data constitute an important input factor in the production of goods and services, or when data are a catalyst for innovative solutions. The Government wants Norway to exploit the potential that data represent for increased value creation, more new jobs throughout the country and an efficient public sector. In the spring of 2021, the Government presented the Storting with a special report on data as a resource.7

The data economy is set to have a large potential for growth in the years to come. In its data strategy, the European Commission (2020) estimates that the value of the data economy in the EU27 will grow from EUR 301 billion in 2018 to EUR 829 billion by 2025. In 2019, Menon estimated that the Norwegian data economy would create value to the tune of approximately NOK 150 billion and the equivalent of 100 000 jobs in 2020, with a potential for value creation approaching NOK 300 billion by 2030.8

As a whole, this development represents huge economic potential for Norwegian industry, including for data centre operators.

2.3.1 Sharing and using data

Zoom in on image

Source: AdobeStock

New technology is continuously being developed that makes it possible to process and utilise large data volumes using increasingly faster processes, artificial intelligence and machine learning. This type of data utilisation is important for Norway to succeed with its transition to a more sustainable society and green economy. The Government’s ambition is for more data to be shared in industry and between the public and private sectors.

The Government has established a set of principles for data policy intended to support effective sharing and use of data within a secure and accountable framework and to ensure that the data are used to create value for the benefit of industry, the public sector and society:

• Data shall be open when possible and protected when needed.
• Data should be accessible, retrievable and useable, and lend themselves to collation with other data.
• Data shall be shared and used in ways that generate value for industry, the public sector and society.
• Data shall be shared and used in ways that respect fundamental rights and freedoms and protect Norwegian societal values.

These principles should also help ensure trust between those who share and use each other’s data, and ensure public confidence in the data being shared and used in ways that benefit society.

2.3.2 EU regulations that impact on the exchange of data across national borders

The sharing of data is more important than everwith regards to our ability to deliver better digital services to the population, promote industrial development and enhance the efficiency of public administration. However, in order to maintain trust in the administration, we must be certain that the data are shared and used appropriately. The Government wants new technology to be used in ways that protect the privacy of individuals and do not have an adverse impact on them. Access to and use of data must always be weighed against concerns for privacy and legal safeguards.

The General Data Protection Regulation (GDPR)

If data contain personal information,9 they must be shared and processed in compliance with prevailing privacy legislation. One of the objectives of this legislation is to promote the sharing of data within the framework that safeguards privacy. The Data Protection Act incorporates the General Data Protection Regulation (GDPR) in Norwegian law, cf. Section 1 of the Data Protection Act. The GDPR establishes consistent rules for the sharing of personal information, and thereby also a consistent framework for the transfer and processing of personal information, throughout the EEA area. This is important for the ICT industry and the data centre industry, among others, in ensuring a level playing field.

The GDPR defines separate rules for sharing personal information outside the EEA area, cf. Chapter V of the directive. These rules are intended to ensure the same high level of protection for personal information irrespective of what country it is processed in, thus preventing European protection from being undermined. The transfer of personal information to countries outside the EEA area must have a legal basis. There are several alternative legal frameworks for data transfer, including the European Commission’s adequacy decisions, Binding Corporate Rules and Standard Contractual Clauses adopted by the European Commission.

An adequacy decision is a decision on whether a country offers an adequate level of data protection. The decision means that each individual enterprise does not need a special legal framework, thus resulting inthe least resource-intensive solution for the enterprises. In its adequacy decisions, the European Commission has assessed the legislation of recipient countries and found that they provide an adequate level of protection for personal data. Such assessments have been made for Canada, New Zealand, Israel, Uruguay, the Faroe Islands and Japan, for example.

The United States also used to have an adequacy decision – the Privacy Shield. The Privacy Shield was an adequacy decision based on an agreement between the EU and the United States to the effect that personal data could be transferred from the EU to the United States under specified conditions. The decision entailed the United States being treated as a third party with a sufficient level of protection in compliance with Article 45 of the GDPR for those enterprises that had joined the scheme. However, in the Schrems II ruling, the Privacy Shield was deemed invalid. In this ruling, the EU Court of Justice concluded that the United States did not provide a sufficient level of protection to comply with the GDPR, and the adequacy decision was therefore invalidated. The court stated, however, that other legal frameworks could be used, on the precondition that the personal information involved was granted sufficient protection. In the wake of the Schrems II ruling, some uncertainty has arisen regarding the transfer of personal information to countries outside the EEA area.

The ruling has been criticised for hampering Europe’s opportunity to be part of the international market, but also for hindering investment in the internal European market. This issue is especially salient for purchasers and suppliers of cloud services.

As an EEA country, Norway is bound by EU legislation in the area of data protection. This means that Norway, like the EU member states, is dependent on a new decision from the European Commission before personal data can be transferred to the United States in the same way as before. Until this happens, other legal frameworks must be used for the transfer of personal data from Norway to the United States.

Norway wants to see further efforts to find a balanced solution to these challenges, in which the need to transfer this type of data and the concerns for data protection are both satisfactorily addressed. This issue needs to be solved at the European level. The European Commission is currently working on a new adequacy decision for the United States, but this is expected to take some time. Norway plans to implement the new adequacy decision as soon as it becomes available.

Regulations on the free flow of data other than personal data

Insufficient data mobility is one of the main barriers to establishing a digital internal market and a data-driven economy in the EU. In 2018, the EU adopted a regulation that introduced the principle of free flow of non-personal data in the EU; the FFD Regulation. The objective of the regulation is to invalidate national requirements for data to be located in a specific place. In combination with the GDPR, the FFD Regulation constitutes a legal framework intended to ensure free flow of data throughout the EU/EEA area. Data that concern public security are exempt from this. The regulation is currently being considered by the EFTA countries, and the Ministry of Local Administration and Modernisation is working to implement the regulation in Norway.

2.4 Technological drivers for data centres

2.4.1 Cloud services

Cloud services involve external storage and processing of data, most often in large data centres. A characteristic of cloud services is that payment is charged according to the amount of capacity used. Such services are often delivered by large international companies that also offer additional services such as security, statistics and analytics, machine learning etc. Many businesses are dependent on using cloud services and data centres to be able to exploit the potential of computer science and artificial intelligence, because such services give them access to computing power and a framework for machine learning that they would be unable to provide themselves.

In the spring of 2016, the Government launched a strategy for the use of cloud services. The Government believes that increased use of cloud services will provide for:

• more cost-efficient ICT systems;
• increased professionalisation and better security for many actors, especially small businesses and local authorities;
• flexibility for innovation, where an affordable testing and development facility can be set up relatively simply and new services can be tried out.

Since 2016, government enterprises have had a duty under the Digitalisation Circular10 to assess cloud services on a par with other alternatives when procuring new ICT solutions, where no special hindrances are indicated. Increased outsourcing of services in areas where this is appropriate can help ensure more cost-efficient use of ICT in public administration.

2.4.2 Sensor technology, 5G and the Internet of Things

The Internet of Things (IoT) is a network of objects (things) that are embedded with sensors, software and communication technology for the purpose of communicating with other objects that are linked to the internet. As developments in sensor technology have resulted in better, smaller and cheaper sensors, and wireless communication technologies have been updated, this network of objects has grown. Various sources estimate that at the end of 2020, a total of 20–30 billion objects were connected to the internet worldwide. The volume of data from such objects has grown exponentially in recent years, and further strong growth is expected in the years to come.

When these objects are used in services that rely on calculations in real time, for example in autonomous vehicles or sophisticated production processes, the data processing often needs to be undertaken locally or close to the object (edge computing) – i.e. in the vehicle itself or very close to a sensor network in a data centre. Such solutions would lend themselves to upscaling with the use of new technology, such as the latest generation of mobile networks, 5G, for fast and secure communication.

2.4.3 Big data analytics

Big data analytics refers to analyses of large data volumes retrieved from many different sources, and can include structured, unstructured and real-time data. The objective is to find new correlations and insights, for example in medical diagnostics, consumer behaviour or crime prevention, that cannot be drawn from traditional data analysis.

2.4.4 Artificial intelligence

Artificial intelligence is a generic term for information technologies in which machine learning, machine reasoning and robotics are key features. Artificially intelligent systems perform actions, physically or digitally, based on the interpretation and processing of structured and unstructured data. Systems based on artificial intelligence are also able to ‘learn’ and adapt by considering and analysing the outcome of earlier actions. Examples of practical applications of artificial intelligence include pattern recognition, language technology and autonomous vehicles. To exploit the potential of artificial intelligence, access to high-quality data is crucial.

2.4.5 High performance computing (HPC)

Businesses that process extremely large data volumes often require more computing power than they are able to provide themselves or procure through traditional cloud services. High performance computing is growing in importance, both in industry and public administration, for example for analyses of the large data volumes that are generated from genome sequencing, satellite observations or climate models. Norwegian actors have access to European HPC services through the EuroHPC cooperation.