Norway is often perceived as a highly connected, digitally advanced country.

In many ways, that is true.

But beneath that perception lies a structural reality that is easy to overlook: our connection to the outside world depends on a limited number of physical links.

Subsea cables.

A small number of critical connections

If you look at a map of Norway’s international connectivity, a pattern emerges.

Detailed map of subsea cables connected to Norway, showing routes and ownership
Routes, ownership and structure — all publicly available. Norway’s subsea cable network in detail.

A handful of cables carry a significant portion of the country’s data traffic — linking Norway to Europe, the UK and beyond. These connections form the backbone of everything from financial systems and public services to cloud infrastructure and everyday communication.

And they are, by nature, vulnerable.

Not necessarily because they are poorly designed.

But because they are few.

Physical risk in a digital world

In recent years, concerns around sabotage and infrastructure disruption have increased across Europe.

Incidents involving damaged subsea cables — including in Norwegian waters and around Svalbard — have demonstrated how exposed these systems can be.

It does not require highly advanced capabilities to cause disruption.

As Norwegian fiber contractor Bjørn Vik noted in 2022, much of this information is publicly accessible (digi.no):

“You can do significant damage by targeting cables. It requires some knowledge, but it’s not difficult to find. Many would be surprised how easily different sources can be combined to get an overview.”

That observation is uncomfortable — but important.

Because it highlights a gap between how critical these systems are, and how protected they actually are.

Geopolitics and dependency

At the same time, digital infrastructure cannot be separated from geopolitics.

Regulatory frameworks, data transfer agreements and jurisdictional control all influence how data moves across borders.

Uncertainty around international data frameworks — particularly between Europe and the United States — has already forced companies to reassess their dependencies on external providers.

Changes in surveillance legislation or legal frameworks can have direct implications for data protection and compliance.

This is not hypothetical.

It is already happening.

The cloud dependency layer

For many organizations, the dependency is not just physical — it is architectural.

Critical systems increasingly rely on cloud platforms that may operate across multiple jurisdictions. This introduces layers of dependency that are often invisible in day-to-day operations, but become critical in times of disruption.

If connectivity is affected — whether by physical damage, political tension or regulatory change — those dependencies surface quickly.

And the impact can be significant.

A question of control

This leads to a more fundamental question:

How much control do we actually have?

Control over infrastructure. Control over data. Control over the systems we depend on.

Because digital resilience is not only about uptime.

It is about understanding where dependencies exist — and whether they are acceptable.

National and regional considerations

For countries like Norway, this raises a strategic question.

To what extent should critical systems rely on infrastructure and providers outside national or regional control?

There is no simple answer.

But there is a growing recognition that:

  • proximity matters
  • jurisdiction matters
  • and control matters

Not as an abstract ideal, but as a practical consideration in system design.

AI and the next layer of dependency

The rapid adoption of generative AI introduces an additional dimension.

AI systems are not only data-intensive — they are often tightly coupled with specific platforms and environments. This further increases dependency on infrastructure that may be located outside national control.

Where data is processed, and under which legal framework, becomes increasingly relevant.

What used to be a backend concern is now a strategic one.

Closing

Norway’s digital infrastructure is robust in many ways.

But it is not immune to structural limitations.

A small number of physical connections, combined with growing dependency on external systems, creates a form of fragility that is easy to overlook in stable conditions.

The question is not whether these dependencies exist.

It is whether we fully understand them — and are prepared to manage them.

Because in a connected world, resilience is not only built on performance.

It is built on awareness. And on control.

This perspective has also been picked up in Norwegian media, pointing to a broader recognition of the risks tied to critical infrastructure (Elektronikknett).

Tags Infrastructure Norway Sovereignty