Danish government reboots cyber security council amid AI expansion

The Danish government has relaunched the National Cyber ​​Security Council (NCSC) under the umbrella of a new mission to strengthen the country’s digital security capabilities across all critical areas of the economy and society.

The NCSC’s more robust charter aims to enhance the agency’s role as a key adviser to the government on core technology developments and policy. As part of its upgraded role, the NCSC is tasked with identifying new methods to upscale digital security and the sharing of data between public authorities, the research world and Denmark’s business and industry sectors.

The relaunch happens alongside two other recent significant state-led initiatives. These include the government’s €100m updated digitisation strategy for 2024–2025 and the Agency for Digital Government’s (ADG) Artificial Intelligence Guideline (AIG) project that provides local authorities, private sector companies and citizens with expanded opportunities to test and work with generative AI (GenAI).

The NCSC’s 19-member Advisory Group, which is authorised to serve until the end of 2027, will operate under a rejuvenated and greatly expanded terms of reference structure. The NCSC’s assigned pivotal purpose is to utilise its inclusive mandate to support specific initiatives that contribute to increasing digital security in Danish society.

Senior IT and cyber security experts, assembled from Denmark’s leading corporations, universities and municipalities, are represented on the NCSC’s Advisory Group. Member organisations including telecom TDC, the Danish Cloud Community, global pharmaceutical company Novo Nordisk, Aalborg University, Nordea Bank, Deloitte Denmark (Cyber ​​Risk and Resilience Team), Region North Jutland (municipality) and Eurowind Energy.

The first manifestation of the NCSC was in 2019, when the organisation was founded to explore how the Danish state and companies could better collaborate through public-private partnerships to develop digital security. This was in response to the growing challenge of protecting critical national infrastructure against malicious and damaging attacks from the cyber domain.

As part of its enhanced mission, the NCSC wields a stronger mandate to build public-private collaborations and relationships in the digital and cyber defence spheres. The primary focus is on creating collaborations between public organisations tasked with national security roles and small and medium-sized enterprises (SMEs). The NCSC’s work will require the organisation to liaise closely with state-run agencies the ADG and the Danish Center for Cyber ​​Security (CCS).

From a practical stance, the NCSC provides Denmark with an upgraded and state-backed national resource to maximise the unity of purpose in the cyber sphere between public and private sectors, said Marie Bjerre, Denmark’s minister for digitalisation. 

“We live at a time when cyber security is more important than ever,” she said. “The relaunch has given Denmark a reinforced Cyber ​​Security Council that can really make a difference in helping business take advantage of, and benefit from, a heightened level of digital security. We need to ensure digitalisation works for us as a country and make it as secure as we can.”

Volatility drives investment

Denmark’s need to elevate its cyber security capabilities, an ambition shared by Nordic neighbours Finland, Sweden and Norway, is elevated by the increasingly volatile political picture in the Baltic-rim region.

Regional uncertainties and political tensions were raised as a result of Russia’s invasion of Ukraine in February 2022, said Troels Lund Poulsen, Denmark’s defence minister.

“Boosting the level of cyber security at a national level is a fundamental necessity at this moment in time,” he said. “The specialists in the Cyber ​​Security Council bring a new standard of competence. Their expertise and insight span a wide range of skills and knowledge.”

The NCSC reboot follows a parallel initiative by the ADG in June 2024 to produce a roadmap for public authorities, private companies and citizens who might want to test and work with GenAI. Its roadmap comprises a series of three guides offering access to the tools required by enterprises and citizens to adopt and integrate AI into their work practices and everyday lives. 

It targets companies and public authorities, and is customised to serve as a valuable resource toolbox to enable businesses and municipal enterprises to create their own guidelines for using AI tools. The roadmap aimed at private citizens provides guidelines for the safe, legal and functional use of AI tools.

The ADG’s roll-out of the generative AI roadmap was influenced by its collaboration with the Danish Data Protection Agency (DDPA). In March, the two agencies established a regulatory sandbox for AI that offers private sector and government organisations access to the relevant expertise and guidance to develop and use AI services.

The tools provided in the regulatory sandbox will initially focus on General Data Protection Regulations (GDPR), evolving over-time to include guidance on the European Union’s (EU) Artificial Intelligence Act, the first comprehensive legal rulebook covering AI by a major global regulator. In Denmark, the ADG is the assigned competent authority for the EU’s AI Act.

Sandboxes

Regulatory sandboxes form an essential component to ensure that Danish authorities and private companies have the opportunity to test AI technology within a “secure” framework, said Camilla Ley Valentin, a former industry branch director at DI Digital, the central organisation for Danish export enterprises.

“The government’s regulatory initiatives for AI sandboxes are welcomed,” said Ley Valentin. “The sandbox offers certainty regarding what can be undertaken within the boundaries of regulatory guard rails. We hope that the sandbox – in addition to practical guidance – will continue to focus on the actual development and testing of AI products. This will allow Danish companies to benefit from the best conditions and be able to recognise the consequences and possible pitfalls for products.”

The conditions under which GenAI will be developed in Denmark were outlined in the government’s revised National Strategy for Digitalisation (NSD), published in February 2024. The NSD was backed by a cross-party agreement approved following a vote in the Danish parliament (Folketing) on 8 February.

The NSD agreement allocated €100m for direct investment in digitisation in both the public and private sectors during the period of 2024 to 2027. In total, the NSD includes 29 major initiatives within AI, the green transition, digital education in schools, the boosting of digital skills in the labour force, and the digital transformation of small and medium-sized enterprises.

Within the field of AI, the NSD has earmarked €9m over the period between 2024 and 2027 for the implementation of a new framework to develop services to advance the use of AI. Capital spending of €3m is set aside in the NSD’s budget to maintain the regulatory sandbox for companies and public authorities working to develop AI services under the guidance of the EU’s AI Act.