Is the AWS European Sovereign Cloud enough for your digital sovereignty?
How do we balance the desire for the world-class scalability of US hyper-scalers versus the strategic need for digital sovereignty?
Read articleNew Norwegian regulation: Utility providers must authenticate and capture consent digitally
Legal
Posted by Jon-Thor Sigurleifsson
We’ve heard from a lot of our customers in the Norwegian utility sector that the new regulations and requirements are worrying them. Either because they’re not clear on what exactly they need to do or because they don’t feel like they have the tools they need to actually meet the requirements as laid out by the regulators.
Before we go into what these requirements are and how you can make sure you’re taking the right precautions, we want to emphasise that if you need help with any of this, Scrive is here to help and our experts are only a phone call away. So reach out to us if you have questions, concerns or just want help to navigate these new requirements.
So what are these new requirements? From 1 June 2025, Norwegian utility providers need to verify user identity securely and collect electronic, documented consent when customers switch suppliers or transfer facilities.
The regulation comes after growing concern over weak verification in processes like energy and water supply switching. In short: customers must be who they say they are, and their consent must be traceable.
What the regulation means
Utility providers must:
- Authenticate using a secure eID such as BankID.
- Collect electronic consent that’s documented and auditable.
- Meet assurance standards (like eIDAS “High” or using Qualified Electronic Signatures).
- Stay compliant with GDPR and the Norwegian Personal Data Act.
Failure to comply could bring regulatory penalties, customer mistrust and extra costs from manual or inconsistent workflows.
Turning compliance into an advantage
Scrive helps you meet these requirements with tools that make the process faster, safer and more user-friendly:
BankID to authenticate: secure, high-assurance identity verification built for Norway.
- BankID QES to meet assurance standards and ensure legal validity.
- Scrive eSign for traceable consent: legally binding and tied to verified identity.
- Send a bundle to simplify sending multiple documents as part of a single process.
With our help, you can verify identity, collect consent, and stay compliant, without adding friction for customers or for yourself.
What you should do now
- Map your process: how do customers currently switch or give consent?
- Choose your assurance level: BankID will cover your needs.
- Integrate early: choose your vendor quickly to avoid repercussions.
- Keep it smooth: build authentication and consent naturally into your user flow.
Why Scrive
“Scrive’s flexible API was so easy to work with that we were almost done before we even started. We only had to play around with Scrive for a moment, and before we knew it, we had a secure signing solution up and running!”
Marthe Eriksen – Løsningsarkitekt, Ishavskraft
Scrive’s solutions are designed for Nordic regulation and built on over a decade of eID and e-sign experience. We combine legal rigour with simple, fast user journeys, so compliance becomes a natural part of your process, not an extra step.
We can help you set up a compliant, customer-friendly workflow that ticks every box. Whether you’ve started looking into this or are hearing about it for the first time today, we’ve got you covered. So reach out to us today and we’ll make sure our experts guide you towards a smooth, compliant process for you and your customers.
Related articles
EU compliance as a competitive advantage
A compliance-first strategy helps organisations build trust with customers, partners and regulators by ensuring secure digital processes.
Read article
Why control over digital processes matters for European organisations
As digital transformation accelerates in Europe, digital sovereignty has become an increasingly important topic.
Read article