The Norwegian Transparency Act (åpenhetsloven): who must comply, what the law requires, and how penalties work

What is The Norwegian Transparency Act?

The Norwegian Transparency Act (Lov om virksomheters åpenhet og arbeid med grunnleggende menneskerettigheter og anstendige arbeidsforhold) came into force in July 2022 and received its most recent amendment on 1 November 2024. Its stated purpose is to promote enterprises’ respect for fundamental human rights and decent working conditions in the production of goods and services. It also ensures public access to information about how enterprises address adverse impacts.

Forbrukertilsynet, the Norwegian Consumer Authority, enforces the law. Its primary approach is guidance and dialogue, but it holds binding enforcement powers including the ability to impose financial penalties.

Who does the Transparency Act apply to?

The Transparency Act applies to “larger enterprises” that have accounting obligations under the Norwegian Accounting Act (regnskapsloven). This condition matters: it excludes most municipalities, government bodies, and public agencies even if they are large. Commercial companies, non-profit organisations, and foundations are all potentially in scope.

Transparency Act size thresholds: the criteria explained

A company qualifies as a larger enterprise in one of two ways. The first route applies automatically to listed companies, banks, credit institutions, and insurance companies, which qualify as enterprises of public interest under the Norwegian Accounting Act (§1-6). The second route applies to companies that exceed at least two of the following three criteria on the date of their financial statements: (1) sales revenue exceeding NOK 70 million; (2) a balance sheet total exceeding NOK 35 million; and (3) an average of 50 or more full-time equivalent employees during the financial year.

The threshold test works on a two-year buffer: a company must exceed the criteria for two consecutive financial years before obligations apply. If a company first crosses the thresholds on its year-end financial statements, its obligations begin from the following financial year. This gives companies a meaningful window to prepare.

The parent company rule

Parent companies count as larger enterprises if the parent and its subsidiaries combined meet the criteria (the konsernregelen). This matters for international groups with Norwegian subsidiaries that would not meet the thresholds individually. The rule applies only to Norwegian parent companies. For foreign parent enterprises, only the Norwegian operation counts.

Does the Transparency Act apply to foreign companies?

The law also applies to foreign enterprises that offer goods or services in Norway and are liable to tax in Norway under Norwegian internal law. Tax liability is the key criterion. A foreign enterprise may be liable to Norwegian tax even if it benefits from an exemption under a bilateral tax treaty, because the test is Norwegian domestic law, not treaty position. Due diligence obligations cover only the activities of the part of the enterprise domiciled in Norway, and the threshold test applies only to the Norwegian operation.

Many more companies face indirect pressure because their covered customers require due diligence documentation as part of their own compliance.

💡 For a full breakdown of how the Transparency Act applies to non-Norwegian companies, including the three criteria and how the NUF structure affects exposure, see: Does the Transparency Act apply to foreign companies? The three criteria explained.

The three core obligations under the Transparency Act

§4: Duty to carry out due diligence (aktsomhetsvurderinger)

Covered companies must conduct ongoing due diligence in accordance with the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct. Due diligence must cover the company’s own operations, its direct suppliers, and its broader business relationships. The OECD Guidelines define this broadly: sub-contractors, franchisees, investee companies, and any entity directly linked to operations are all in scope, not just first-tier suppliers.

The OECD framework sets out six steps, from embedding responsibility in policies and management systems through to providing for remediation where required. These steps are iterative, not sequential. Due diligence is an ongoing process, not a one-off exercise.

The Guidelines draw an important distinction between causing, contributing to, and being directly linked to an adverse impact. Where a company causes an adverse impact, it must cease and remedy it. Where a company contributes to an adverse impact, it must stop its contribution and use its leverage to mitigate remaining impacts. For companies only directly linked through a business relationship, the obligation is to use leverage to influence the entity causing the harm. This distinction shapes how deep in the supply chain a company’s active obligations run.

Due diligence under §4 is proportionate and risk-based. A large multinational faces deeper obligations than a mid-cap domestic company. The depth of assessment should reflect the severity and probability of adverse impacts.

Identifying an adverse impact creates an obligation to act on it.

§5: Duty to publish an annual account (redegjørelse)

Each year, covered companies must publish a public account of their due diligence. The account of due diligence must include a general description of the company’s structure, operations, and guidelines; information on actual adverse impacts and significant risks identified through due diligence; and a description of measures implemented or planned, along with their results, and effectiveness or expected effectiveness of the actions.

The account must be signed in accordance with the requirements of the Accounting Act, meaning that the Board and CEO must sign it, written in Norwegian, and made easily accessible on the company’s website. Companies must also update the account of due diligence between annual deadlines if there are significant changes to risk assessments, for example following the outbreak of conflict in a sourcing country or a significant change in supply chain exposure.

Companies within a group that are individually in scope of the law must each publish their own account. Groups may publish a joint account, provided every legal entity’s individual requirements are satisfied.

The Consumer Authority has noted that accounts stating zero identified risks are a red flag. The account of due diligence should document genuine findings and the response to them, not signal perfection.

💡 For a step-by-step guide to conducting due diligence and writing an account of due diligence that meets The Consumer Authority’s requirements, see: How to conduct due diligence and publish your account of due diligence under the Transparency Act.

§6: Right to information

Any person, anywhere in the world, can submit a written request to a covered company for information about how it addresses actual or potential adverse impacts on human rights and decent working conditions. The company must respond in writing, adequately and comprehensibly, within three weeks. In complex cases, companies may extend the deadline to two months.

There are limited grounds for refusal, including trade secrets and information relating to individuals’ personal affairs. One important limitation applies to those exceptions: companies must disclose actual adverse impacts on fundamental human rights they are aware of, regardless. Companies cannot use commercial confidentiality to shield known human rights violations.

Transparency Act penalties: how enforcement works

The Consumer Authority can issue binding decisions, prohibitions, and orders. Enforcement penalties (tvangsmulkt) under §13 apply where a company fails to comply with such a decision.

Infringement penalties (overtredelsesgebyr) under §14 apply specifically to repeated infringements of §§5, 6, and 7, the transparency and information obligations, not §4. The penalty mechanism targets companies that persistently refuse to disclose, not those whose due diligence is imperfect.

The Transparency Act and European human rights due diligence regulation

The Transparency Act sits within a growing international framework of human rights due diligence regulation. Germany’s Lieferkettensorgfaltspflichtengesetz (LkSG) and France’s Duty of Vigilance Law preceded it. The EU’s Corporate Sustainability Due Diligence Directive (CSDDD), which entered into force in July 2024, covers similar ground at a much larger scale, with the rules themselves applying from 26 July 2029 following the omnibus amendments adopted by the European Parliament in February 2026, pending formal Council approval and publication in the Official Journal.

For companies already navigating the Transparency Act, this matters. The OECD-aligned methodology, supplier assessment processes, and documentation infrastructure required for the annual deadline are the same foundations CSDDD will require. Building this capability now means it will already be operational when the broader EU obligation applies.

The Norwegian Ministry of Children and Family Affairs published a formal evaluation of the Transparency Act in June 2025, examining the law’s relationship to CSDDD and CSRD. Changes arising from the EU omnibus package will go through a separate consultation process.

Building the compliance infrastructure

For most covered companies, the practical challenge is not understanding the law but operationalising it at scale. Supplier questionnaires, risk prioritisation, corrective action tracking, and annual account preparation become expensive and unreliable when teams manage them through email threads and spreadsheets.

Position Green’s Supplier Management replaces that with a structured, scalable workflow. Automated risk scoring and corrective action tracking mean teams focus on decisions rather than data collection. The platform timestamps and stores all assessments, action plans, and supplier responses with full audit trails, so when the annual deadline arrives, or when a §6 information request lands, the documentation is already there. It stays current with regulatory developments, meaning compliance infrastructure built for the Transparency Act today is already aligned with what CSDDD will require.

The compliance imperative and the business case point in the same direction. Companies that build this infrastructure now are better placed to absorb further regulation, respond to customer due diligence requests, and demonstrate that their supply chains meet the standards that matter.

Ready to see how Position Green’s Supplier Management handles the Transparency Act compliance in practice? Book a free demo.

Sources:

• The Transparency Act (åpenhetsloven), LOV-2021-06-18-99, as amended 1 November 2024. Available at lovdata.no.
• Forbrukertilsynet, “The Transparency Act” (English guidance), updated 24 February 2026. Available at forbrukertilsynet.no.
• Forbrukertilsynet, Norwegian guidance on åpenhetsloven (full), updated December 2025. Available at forbrukertilsynet.no.
• OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, 2023 edition. Chapter II Commentary, paragraphs 15-25.