Norway Recording Laws: One-Party Consent Rules and Penalties (2026)

Quick Answer: Is Norway a One-Party Consent State?

Norway is a one-party consent country. Under Straffeloven section 205 (Lov om straff, Act of May 20, 2005, No. 28), the criminal prohibition on secret recording applies only to recording communications between other people. When you personally participate in a conversation, section 205 does not apply to your recording of that conversation. You may record phone calls, video calls, and in-person discussions you take part in without informing the other participants.

Two separate legal frameworks govern recording in Norway. Criminal law (Straffeloven sections 205, 266, 267, 267a) determines who may record and what they may do with recordings. Data protection law (GDPR, applied through Personopplysningsloven 2018) governs how recordings are stored, processed, and shared once made. Norway is a member of the European Economic Area (EEA), not the European Union, but the EEA Agreement incorporates the GDPR in full, placing Norway under the same data protection obligations as EU member states.

The Norwegian Data Protection Authority, Datatilsynet, enforces GDPR compliance and has issued specific guidance on audio recordings. Datatilsynet's guidance confirms that to avoid criminal liability under section 205, the recorder must be present as a party to the conversation. No separate rules exist in Norwegian privacy law specifically for audio recordings; they fall under general personal data rules.

Jurisdiction scope: This article addresses recording law in Norway under Straffeloven (Act of May 20, 2005, No. 28), GDPR as applied through Personopplysningsloven (LOV-2018-06-15-38), and related Norwegian statutes. It does not address the recording laws of other Nordic countries, though a comparison table appears at the end. For global coverage, see the world recording laws hub.

Straffeloven Section 205: The Core Recording Statute

Section 205 of the Straffeloven is titled "Krenkelse av retten til privat kommunikasjon" (Violation of the Right to Private Communication). It is the primary statute governing recording legality in Norway and the foundation of the one-party consent rule.

What Section 205 Prohibits

The statute makes it a criminal offense to use any technical device to secretly listen to or record:

• Telephone conversations or other communications between other persons
• Communications gained by breaching a protective measure or by illicitly accessing electronically transmitted information
• Sealed written messages not addressed to you
• Communications that you obstruct, conceal, modify, distort, destroy, or withhold from the intended recipient

The operative phrase is "between other persons." If you are a participant in the conversation, section 205 does not apply to your recording of that conversation. The section does not require you to notify the other party before recording.

Penalties Under Section 205

Intentional violations carry a penalty of fines or imprisonment for up to 2 years. Negligent violations carry a reduced penalty of fines or imprisonment for up to 6 months. Norwegian courts have discretion over whether to impose fines, imprisonment, or a combination, depending on the severity and circumstances of the violation.

A Common Misconception: Section 206 Does Not Govern Recordings

Some sources incorrectly describe Straffeloven section 206 as covering aggravated recording violations. Section 206 addresses "Risk of operational disruption" for computer systems; it is a cybercrime provision, not a recording statute. Aggravated privacy violations, including those involving recordings or the publication of intimate images, are governed by sections 267, 267a, and 267b in Chapter 24 of the Straffeloven, as described below.

Sections 266 and 267: Peace Violations and Privacy Publication

Chapter 24 of the Straffeloven ("Protection of personal freedom and peace") contains the provisions that apply when a recording is used in a harassing, stalking, or privacy-violating manner, or when intimate images are distributed without consent.

Section 266: Harassing Conduct

Section 266 (Hensynslos atferd) prohibits frightening or bothersome behavior, stalking, or other conduct that seriously violates another person's peace. The penalty is fines or imprisonment for up to 2 years.

Section 266a (Serious stalking) covers repeated threatening, following, watching, or contacting behavior that causes the target to fear for their own or another's safety. The penalty is imprisonment for up to 4 years. A covert recording operation that involves systematically following or monitoring a person could engage section 266a alongside section 205.

Section 267: Violation of Privacy Through Publication

Section 267 (Krenkelse av privatlivets fred) applies when someone publicly discloses information that violates another person's privacy. The penalty is fines or imprisonment for up to 1 year. The section expressly exempts technical assistants and distributors of communications from liability. It also allows courts to waive penalties when the publication was provoked by improper conduct from the aggrieved party.

Publishing a secretly made recording on social media, in a news article, or in any other public forum can constitute a section 267 violation even if the underlying recording was lawful under the one-party consent rule. Recording and publishing are governed by separate legal tests.

Section 267a: Wrongful Distribution of Private Sexual Images (NCII)

Section 267a was enacted by Act 18 June 2021 No. 122 and came into force on July 1, 2022. It specifically criminalizes the wrongful distribution of private sexual images (non-consensual intimate imagery, or NCII). The penalty is fines or imprisonment for up to 6 months.

Section 267b provides for aggravated violations of section 267a, carrying higher penalties where the distribution caused severe harm, involved systematic conduct, or targeted particularly vulnerable persons.

These provisions address a gap in prior Norwegian law. Before July 2022, NCII distribution was typically prosecuted under section 267's general privacy violation provision, which required the disclosure to be "public" and carried the same 1-year maximum. Section 267a creates a specific NCII offense that does not require a public disclosure threshold to be met.

One-Party Consent: Recording Your Own Conversations

Norway's one-party consent rule allows you to record any conversation you personally take part in. The rule applies to telephone calls, video calls, and in-person conversations alike.

Phone Call Recording

You may record any phone call you are a party to without informing the other person. This includes:

• Calls on landline or mobile phones
• VoIP calls, including Skype, Microsoft Teams, Zoom, and similar platforms
• Video calls where audio is captured alongside video

There is no legal requirement under Norwegian criminal law to notify the other party that the call is being recorded, as long as you are an active participant in the conversation. However, if the recording will be processed beyond your personal use, GDPR obligations may apply (see below).

In-Person Conversation Recording

The same one-party consent principle applies to face-to-face conversations. You may use a smartphone, digital recorder, or other device to capture any in-person conversation you participate in.

Placing a recording device in a room to capture conversations that occur when you are not present would violate section 205, because you would not be a participant in those conversations. The question of participation is factual: if you leave a recording device running in a room you then leave, section 205 applies to the resulting recording.

Recording Meetings

If you attend a meeting, you may record the proceedings. If the meeting is designated as closed or confidential, recording may raise separate contractual or employment-related concerns even though criminal law does not prohibit a participant from recording.

Organizations in Norway frequently establish internal policies restricting recording during meetings. Violating such a policy is not itself a criminal offense, but it could result in disciplinary action or civil liability.

Recording Police and Public Officials

You may legally film and record police officers and other public officials performing their duties in public spaces. The Borgarting Court of Appeal ruled on January 10, 2021 that publishing photos and videos of police officers on social media is lawful and does not violate Åndsverkloven (Copyright Act, LOV-2018-06-15-40) section 104. The court held that the threshold for publishing such imagery "must be low" to support public accountability for how officers follow laws and regulations.

Police may not confiscate recording equipment or delete recordings without a court order. Even lawful filming can become unlawful if it physically obstructs police work, such as pushing past barriers or interfering with an active arrest.

GDPR via EEA and Personopplysningsloven

Norway is not an EU member, but it is a full member of the European Economic Area (EEA). The EEA Agreement incorporates the GDPR into Norwegian law. The domestic implementing statute is the Personal Data Act (Personopplysningsloven, LOV-2018-06-15-38), which took effect on July 20, 2018.

Why the EEA-Not-EU Distinction Matters

Norway has no vote in EU legislative processes and was not directly involved in drafting the GDPR. However, once the GDPR was incorporated into the EEA Agreement, Norway became bound by its full text, including enforcement, penalties, and data subject rights, in the same manner as an EU member state. Datatilsynet participates in the European Data Protection Board (EDPB) as an observer and aligns enforcement practice with EDPB guidance.

For practical purposes, individuals and organizations recording in Norway face identical GDPR obligations to those recording in Germany, France, or any other EEA state.

The Household Exemption

GDPR Article 2(2)(c) exempts "purely personal or household" activities from the regulation's scope. Datatilsynet has confirmed that this exemption can apply to personal audio recordings. If you record a conversation for your own personal reference (to document a verbal agreement, recall a discussion, or preserve a memory), the recording may fall entirely outside GDPR requirements.

The exemption is narrow. The moment a recording is shared publicly, used in a professional context, uploaded to social media, or otherwise moved beyond your personal sphere, the household exemption no longer applies and full GDPR compliance is required.

The exemption generally does not apply in workplace settings. Datatilsynet guidance states that employees who record workplace conversations cannot rely on the household exemption and must identify another Article 6 legal basis.

When GDPR Applies to Recordings

When a recording falls outside the household exemption, the recording person or organization becomes a data controller. This triggers several obligations:

• Legal basis: A valid Article 6 legal basis is required. Common bases are consent (Article 6(1)(a)), legitimate interests (Article 6(1)(f)), or, for regulated industries, compliance with a legal obligation (Article 6(1)(c)).
• Transparency: The data controller must inform the recorded person about the recording, its purpose, retention period, and their rights, typically before recording begins.
• Purpose limitation: The recording may only be used for the specific purpose for which it was made.
• Data minimization: Record only what is necessary; do not retain recordings longer than required.
• Security: Store recordings with appropriate technical and organizational security measures.
• Data subject rights: Recorded individuals have the right to access the recording, request erasure, and object to specific uses.

Datatilsynet Enforcement Examples

Datatilsynet has imposed fines for unlawful recording and surveillance:

• An unnamed salon company received a fine of NOK 100,000 (approximately EUR 8,700) for setting up unlawful real-time CCTV monitoring of employees, in violation of GDPR Articles 5(1)(a) and (c), 6, 12(1), and 13. The Personvernnemnda (Privacy Appeals Board) upheld the decision in 2022.
• In March 2025, Datatilsynet fined Telenor ASA NOK 4 million for failing to comply with Data Protection Officer requirements under GDPR Articles 37-39.

Maximum GDPR administrative fines are EUR 20 million or 4% of global annual turnover, whichever is higher.

2025 Electronic Communications Act

The new Electronic Communications Act (Ekomloven, LOV-2024-12-13-76) came into force on January 1, 2025, replacing the 2003 version. The 2025 Act implements the European Electronic Communications Code (EECC). For recording purposes, the key changes are: communications providers must maintain technical capabilities for lawful interception when legally required; Nkom (Norwegian Communications Authority) supervises compliance. The Act also tightened requirements for cookie and tracking consent, aligning Norwegian practice more closely with GDPR. The Ekomloven does not change the individual one-party consent rule under Straffeloven section 205.

Workplace Recording Rules

Workplace recording in Norway involves the intersection of Straffeloven section 205, GDPR, and the Working Environment Act (Arbeidsmiljoloven, LOV-2005-06-17-62).

Employer Recording of Employees

Covert surveillance of employees is illegal under both GDPR and the Working Environment Act. Employers must, before implementing any audio or video recording in the workplace:

• Establish a valid legal basis under GDPR Article 6
• Conduct a data protection impact assessment (DPIA) for systematic monitoring
• Inform employees in advance about the nature and extent of any recording
• Consult with employee representatives or unions
• Limit recording to what is strictly necessary for a legitimate business purpose

Secret employer recordings of employees are never permissible. Camera surveillance in the workplace is separately regulated, and the Ministry of Justice may issue regulations on workplace camera monitoring under the Working Environment Act.

As of July 1, 2025, the Norwegian Labour Inspection Authority (Arbeidstilsynet) received expanded enforcement powers, including enhanced capabilities to enter workplaces, gather evidence, impose immediate fines, and levy personal penalties against company executives for egregious breaches of labour regulations, including privacy violations.

Employee Recording of Workplace Conversations

Employees may record workplace conversations they participate in under the one-party consent rule, but with important limitations.

Datatilsynet guidance states that the GDPR household exemption generally does not apply in workplace settings. An employee who records a work conversation must identify a separate GDPR Article 6 legal basis. In practice, this is often problematic unless the recording is for clearly personal purposes unconnected to the employment relationship.

Norwegian courts and the Norwegian Confederation of Trade Unions (LO) have recognized exceptions where employees have a legitimate personal reason to record. Secret workplace recordings may be defensible when:

• The employee is documenting bullying, harassment, or threats
• The employee needs to preserve evidence of unlawful treatment
• The situation has a strong personal dimension for the employee
• No less intrusive means of documentation is available

Even in these cases, the recording must be proportionate and limited to what is necessary to document the situation.

Electronic Communications Monitoring

Norwegian employers may access employee email and electronic communications only under narrow circumstances set out in regulations under the Working Environment Act: where necessary to maintain business operations, or where there is reasonable suspicion of serious misconduct. General monitoring of employee communications is not permitted.

Recording Police and Public Officials

As noted above, recording police and public officials performing their duties in public spaces is lawful. The Borgarting Court of Appeal confirmed on January 10, 2021 that publishing such footage does not violate the Copyright Act. Police may not confiscate recording equipment without a court order.

If a police officer orders you to stop recording, you are not legally required to comply unless the order is based on a specific lawful instruction (such as a court order, a lawful directive in a secured area, or a safety direction during an active emergency). You may request the legal basis for any such demand.

Filming police is lawful; interfering with police operations is not. Recording from a reasonable distance without obstructing officers is the standard for lawful conduct.

Voyeurism, NCII, and Deepfakes

Section 267a/267b: Image-Based Abuse

Straffeloven section 267a, in force since July 1, 2022, specifically criminalizes the wrongful distribution of private sexual images without the depicted person's consent. The provision:

• Covers photographs, video recordings, and other representations of a sexual or intimate nature
• Does not require the distribution to be "public" (the key distinction from section 267's public-communication requirement)
• Carries a penalty of fines or imprisonment up to 6 months

Section 267b provides for aggravated NCII offenses where the distribution caused significant harm, was systematic, or exploited a particularly vulnerable person.

Deepfakes and AI-Generated Intimate Content

Norway does not have a dedicated deepfake criminal statute as of May 2026. A 2024 Stortinget research report (utredningsnotat 2024/035, April 11, 2024) examined how deepfakes are handled under existing Norwegian law. The investigation concluded that existing provisions can cover various deepfake-related conduct:

• Section 267 covers public disclosure of privacy-violating deepfake content
• Section 267a/267b covers the distribution of deepfake intimate imagery, since the provisions refer to "representations" and are not limited to authentic photographs
• Sexual deepfakes targeting minors engage separate provisions of the sexual offenses chapter of the Straffeloven

The Stortinget report identified gaps: there is no general prohibition on creating (as opposed to distributing) non-consensual deepfake imagery, and prosecutions under existing sections require proof of intent and typically require that distribution has occurred. The report did not result in dedicated deepfake legislation as of May 2026.

EU AI Act Transparency Requirements (EEA-Pending)

The EU AI Act (Regulation (EU) 2024/1968), in force in the EU since August 1, 2024, includes Article 50 transparency requirements for AI-generated synthetic media. Providers of AI systems that generate synthetic audio, video, or images must mark outputs as AI-generated in machine-readable format. This requirement would apply in Norway once the AI Act is incorporated into the EEA Agreement.

As of May 2026, the EU AI Act's EEA incorporation remains pending. Norway participates in EU AI Board meetings as an observer. The Norwegian government proposed a national implementing statute (KI-loven) in June 2025; the public consultation closed September 30, 2025. The KI-loven is targeted to enter into force in mid-2026 to late summer 2026. Until formal incorporation, the AI Act has no binding force in Norway, though Norwegian actors operating in EU markets remain subject to the EU Act directly.

Law Enforcement Wiretapping

Norwegian law enforcement may conduct wiretapping only under strict judicial oversight governed by the Criminal Procedure Act (Straffeprosessloven, LOV-1981-05-22-25).

Section 216a: Communication Interception

Under section 216a, a district court may authorize police to intercept and record telephone calls, electronic communications, and other private communications. Authorization is limited to investigations of serious criminal offenses, including narcotics trafficking, terrorism, and national security threats. Court orders are initially limited to 4 weeks and must specify the communication devices or channels to be monitored. Renewals require fresh court approval.

Section 216b: Metadata Collection

Section 216b permits court-authorized collection of communications metadata (call logs, IP addresses, connection records) without intercepting content. The threshold is lower than for section 216a but still requires a court order.

Police Security Service (PST) Authority

The Norwegian Police Security Service (Politiets Sikkerhetstjeneste, PST) has broader authority for surveillance related to national security under Politiloven (Police Act) section 17d. PST may request court authorization to prevent terrorism, espionage, and threats to state security. In urgent situations involving direct threats to the Royal Family, Parliament, or the government, the PST head may authorize surveillance without prior court approval, subject to prompt judicial review.

Under the 2025 Ekomloven, all communications providers must maintain technical capabilities for lawful interception when required by court order. Nkom supervises provider compliance with these obligations.

Business Compliance Requirements

Call Recording for Businesses

Companies that record customer calls must comply with both Norwegian criminal law and GDPR. Minimum requirements:

• Prior notification: Inform the caller at the start of the call that the conversation will be recorded
• Legal basis: Establish a valid GDPR Article 6 legal basis, typically consent or legitimate interests
• Opt-out option: Provide callers with a reasonable alternative if they do not wish to be recorded
• Retention policy: Define and enforce a maximum retention period
• Access controls: Restrict who within the organization may access recordings
• Data subject requests: Respond to access, correction, or deletion requests within GDPR timeframes

Under Datatilsynet's April 2025 guidance on the 2025 Ekomloven, any online tracking or cookie-based data collection requires explicit, informed, and freely given consent. Consent mechanisms must give reject and accept options equal prominence and must allow easy withdrawal.

Financial Services Recording Obligations

Norwegian financial institutions must record certain telephone conversations and electronic communications under the Securities Trading Act (Verdipapirhandelloven, LOV-2007-06-29-75) to comply with MiFID II requirements. In these cases, recording is a regulatory obligation and the GDPR Article 6 legal basis is compliance with a legal obligation (Article 6(1)(c)), not consent.

Cross-Border Considerations

When a Norwegian organization records calls with individuals in other countries, or when a foreign organization records calls with individuals in Norway, the GDPR's territorial scope under Article 3 applies. Any organization that processes personal data of individuals located in Norway must comply with the GDPR regardless of where the organization is based. Organizations in non-EEA countries must appoint an EU/EEA representative if they regularly process Norwegian residents' personal data.

When a Norwegian participant records a call with a person in a country that requires all-party consent (for example, Germany under certain circumstances), only Norwegian law governs the Norwegian participant's recording of the call. However, the other party's home law may still apply to their own conduct.

Recordings as Evidence in Norwegian Courts

Norwegian courts apply a liberal approach to evidence admissibility. Under the Dispute Act (Tvisteloven, LOV-2005-06-17-90), any medium may potentially serve as evidence in civil proceedings without prior judicial approval.

Admissibility of Lawful Recordings

Recordings made under the one-party consent rule are generally admissible in both civil and criminal proceedings. Courts assess weight and reliability on a case-by-case basis.

Admissibility of Unlawful Recordings

Even recordings made in violation of section 205 may be admitted at the court's discretion. Norwegian courts weigh the interest in discovering truth against the privacy violation involved. Factors include:

• The severity of the offense being proved by the recording
• Whether the recording party had a legitimate personal need to document the situation
• The degree of privacy intrusion involved
• Whether other evidence was available

The person who made an unlawful recording may face criminal prosecution for the recording itself, regardless of whether it is admitted as evidence.

Recordings From Criminal Proceedings

The Norwegian Supreme Court addressed the publication of recordings from criminal proceedings in HR-2022-2106-A (November 2, 2022). The case involved production company Indie Film AS, which sought permission to use covert audio recordings from a closed criminal case in a documentary titled "Direktøren" for broadcast on TV2. The Supreme Court ruled 3-2 that court permission is required to publish any audio recordings from criminal cases (including privately made recordings obtained after the fact) and found insufficient "special reasons" to grant permission in that instance.

The practical consequence: court admissibility of a recording does not grant any right to publish the recording outside of the proceedings. Section 267 and section 267a remain independently applicable to the publication decision.

Penalties Summary

Offense	Statute	Maximum Penalty
Secret recording of others' conversations	Straffeloven § 205 (intentional)	Fine or 2 years imprisonment
Secret recording of others' conversations	Straffeloven § 205 (negligent)	Fine or 6 months imprisonment
Harassing or stalking conduct	Straffeloven § 266	Fine or 2 years imprisonment
Serious stalking	Straffeloven § 266a	4 years imprisonment
Privacy violation through public communication	Straffeloven § 267	Fine or 1 year imprisonment
Wrongful distribution of private sexual images (NCII)	Straffeloven § 267a	Fine or 6 months imprisonment
Aggravated NCII distribution	Straffeloven § 267b	Higher penalty (aggravated)
GDPR violations (enforced by Datatilsynet)	GDPR Art. 83 / Personopplysningsloven	EUR 20 million or 4% of global annual turnover
Unlawful workplace surveillance	GDPR Art. 83; Arbeidsmiljoloven	GDPR penalties + employment law consequences

Comparison With Nordic and EEA Countries

Country	Consent Rule	Key Statute	GDPR
Norway	One-party	Straffeloven § 205	Via EEA
Sweden	One-party	Brottsbalken ch. 4 § 9a	Via EU membership
Denmark	One-party	Straffeloven § 263a	Via EU membership
Finland	One-party	Rikoslaki ch. 24 § 5	Via EU membership
Germany	All-party (in practice)	StGB § 201	Via EU membership
Netherlands	One-party	Wetboek van Strafrecht Art. 139a	Via EU membership

Norway's one-party consent approach aligns with its Nordic neighbors. The Nordic tradition reflects a common legal principle that individual documentation rights require protection alongside privacy interests. GDPR compliance obligations are largely harmonized across the EEA, meaning that data protection requirements for recordings are substantively identical whether the recording occurs in Norway, Sweden, or Germany.

The EU AI Act's EEA incorporation for Norway remains pending as of May 2026. The Norwegian KI-loven is targeted for mid-2026. Once in force, the AI Act will introduce transparency labeling requirements for AI-generated synthetic media and prohibitions on certain AI systems that could affect recording-related AI tools used in Norway.