Norway’s Transparency Act: a practical guide for procurement and sustainability teams
Letizia La Sorte
Solutions Expert
8 Jun 2026
About 8 mins
Norway’s Transparency Act requires certain businesses to carry out human rights due diligence across their operations and supply chains, publish an annual account of that work, and respond to information requests from the public.
For procurement, sustainability, compliance, and legal teams, this makes supply chain visibility, risk-based action, and clear documentation essential. The law is not only about publishing a statement. It is about showing how your business identifies, prioritises, and addresses risks linked to fundamental human rights and decent working conditions.
- The Act applies to larger Norwegian businesses and some foreign businesses with tax obligations in Norway.
- Covered businesses must carry out due diligence, publish an annual report by 30 June each year, and respond to information requests.
- The law follows the OECD risk-based due diligence approach, so businesses need practical evidence of what they assessed, what they found, and what action they took.
- Businesses outside direct scope may still feel the impact through customer requests for supplier data, risk information, and corrective action evidence.
What is Norway’s Transparency Act?
Norway’s Transparency Act, known as åpenhetsloven, came into force on 1 July 2022. Its purpose is to promote respect for fundamental human rights and decent working conditions in connection with the production of goods and the provision of services, while giving the public access to information about how businesses address adverse impacts.
What makes the Act especially important is that it combines due diligence, public reporting, and a right to information. This means businesses need more than policy statements. They need a repeatable process for identifying risks, engaging suppliers, documenting actions, and communicating progress clearly.
For procurement and sustainability professionals, the Act is closely tied to everyday supplier management. It creates a stronger need for supply chain mapping, risk prioritisation, supplier data collection, internal governance, and evidence-based reporting.
Why does the Act matter for businesses?
The Act matters because it makes human rights due diligence an operational requirement. Businesses need to understand where risks sit in their operations and supply chains, decide where to focus first, and explain what action they are taking. It also raises expectations from customers, investors, and other stakeholders for clearer evidence of due diligence.
Who does Norway’s Transparency Act apply to?
The Act applies to larger enterprises that are resident in Norway and to larger foreign enterprises that offer goods or services in Norway and are liable to tax there. In practice, scope depends not only on size thresholds but also on whether the business is covered by the relevant accounting rules.
The three criteria are:
- At least 50 full-time employees, or equivalent annual working hours.
- Annual turnover of at least NOK 70 million.
- A balance sheet total of at least NOK 35 million.
The size test is based on whether a business exceeds at least two of three thresholds at the balance sheet date. Many businesses that are not directly covered may still be affected indirectly because customers need supplier data and evidence to support their own due diligence.
What are the main requirements under the Act?
The Act has three core duties. Businesses in scope must carry out due diligence, publish an annual account of that work, and respond to information requests. Together, these duties create an ongoing cycle of assessment, action, documentation, and communication.
For procurement and sustainability teams, that means due diligence should be built into normal supplier management and governance processes rather than treated as a one-off reporting exercise.
- Carry out due diligence: assess actual and potential impacts on human rights and decent working conditions across operations, supply chains, and business relationships, using a risk-based approach.
- Publish an annual account: report on due diligence work, key risks identified, and measures taken. The report must be published by 30 June and made available on the company website.
- Respond to information requests: provide information about how the business addresses risks under the Act, usually within three weeks.
What are the penalties for non-compliance?
The Norwegian Consumer Authority oversees the Act and can issue orders and financial penalties where businesses fail to meet their obligations. The main risk for most businesses is not only fines, but weak reporting, poor documentation, and reactive handling of information requests.
What has recent enforcement and guidance changed?
Recent guidance and enforcement signals point in the same direction: businesses are expected to produce more specific, evidence-based due diligence and reporting. Generic statements and boilerplate language are less likely to satisfy expectations.
In practice, that means clearly identifying the reporting entity and period, ensuring correct approval and signature, making the report easy to find, and showing how risk prioritisation and follow-up decisions were made.
What should businesses do in practice?
The strongest approach is to treat the Act as a due diligence management process, not just an annual reporting task. Businesses need clear ownership, reliable supplier data, a risk-based method for prioritising issues, and records that show what action was taken. This is where procurement and sustainability teams often play a central role.
Practical steps for businesses
A practical programme usually includes the following steps:
Key actions
- Confirm whether your company is in scope: Review registration, Norwegian tax status, employee numbers, turnover, and balance sheet value.
- Map your suppliers and business partners: Identify direct suppliers, locations, business activities, worker profiles, and key subcontracting risks.
- Prioritise higher-risk areas: Use country, sector, product, workforce, and supplier data to guide deeper assessment.
- Embed responsibility in policies and systems: Assign ownership across procurement, sustainability, legal, compliance, and senior management teams.
- Engage suppliers early: Explain information needs, due diligence expectations, and the importance of accurate data.
- Document due diligence throughout the year: Record risk assessments, decisions, supplier responses, actions taken, and follow-up outcomes.
- Prepare for information requests: Create a process to receive, assess, and answer requests within three weeks.
- Draft a specific annual report: Include the reporting period, covered entities, identified risks, measures, and results.
- Secure approval and publish by 30 June: Obtain board approval, correct signatures, and clear website publication.
- Review and improve each year: Use findings, stakeholder feedback, and performance data to strengthen future work.
These steps help businesses move beyond minimum compliance. They also support stronger risk management and clearer stakeholder communication.
Practical steps for suppliers
Suppliers may not be directly in scope, but they are often asked to support customers that are. If your customers are subject to the Act, they may request information about your sites, workforce, policies, risks, audit findings, and corrective actions.
Suppliers can prepare by keeping core information organised and up to date. That may include site profiles, workforce details, policy documents, grievance channels, audit records, and evidence of follow-up actions. Clear records make it easier to respond to customer requests and demonstrate progress over time.
For smaller suppliers, the goal does not need to be a complex compliance programme. A simple, well-documented process for identifying key risks and responding to customer requests can still make a meaningful difference.
What are common reporting mistakes to avoid?
Many weak reports fall into the same patterns. They describe policies at a high level but say little about the actual risks identified, the choices made, or the outcomes achieved.
Common mistakes include:
- Failing to state which entity or group the report covers.
- Omitting the reporting period.
- Publishing a report without the correct signature or approval.
- Making the report hard to find on the website.
- Relying only on generic supplier questionnaires.
- Reporting policies without explaining action or results.
- Using artificial intelligence without checking accuracy and relevance.
Stronger reports are specific, entity-level where needed, and clearly linked to the reporting period. They explain what the business assessed, what it found, what action it took, and where challenges remain.
How does the Act fit into the wider due diligence landscape?
Norway’s Transparency Act sits within a broader shift towards mandatory due diligence and greater transparency in global supply chains. For multinational businesses, it is rarely the only relevant requirement. It often sits alongside other reporting, modern slavery, responsible sourcing, and human rights due diligence expectations.
Relevant frameworks include:
- The UK Modern Slavery Act
- Germany’s Supply Chain Due Diligence Act
- The French Duty of Vigilance Law
- The Dutch Child Labour Due Diligence Law
- The European Union Corporate Sustainability Due Diligence Directive
That is why many businesses are looking for processes and data structures that can support more than one framework. A risk-based, evidence-led approach can make reporting more efficient and improve consistency across teams and markets.
How Sedex can support due diligence under Norway’s Transparency Act
Sedex can support businesses working to strengthen supply chain due diligence under the Act by helping them collect supplier data, improve visibility, prioritise risk, and track follow-up activity. This can make it easier to build a more informed due diligence process and prepare clearer internal and external reporting. However, businesses remain responsible for their own legal assessment, decisions, and compliance approach.
- Supplier data collection: Sedex helps businesses collect and organise supplier and site information in one place, which can support supply chain mapping and supplier engagement.
- Risk assessment: Sedex risk tools combine country, sector, and site-level insights to help teams prioritise where deeper review and follow-up may be needed.
- SMETA audits: Where used, SMETA can provide additional site-level insight into labour standards, health and safety, environment, and business ethics, alongside corrective action tracking.
- Reporting support: Sedex reporting capabilities can help teams monitor supplier coverage, risk signals, and remediation activity to support due diligence reporting and internal governance updates.
Key takeaways
For procurement and sustainability teams, the core challenge is turning those legal duties into a practical, risk-based process that works across suppliers, sites, and internal teams.
The businesses most likely to succeed are those that build due diligence into everyday operations, maintain stronger supplier data, and report with enough specificity to show real progress. Sedex can support this work by helping businesses improve supply chain visibility, supplier data collection, risk assessment, and reporting support without replacing the business’s own responsibility for compliance.
