Compliance · Public Sector
EU AI Act compliance
for public sector in Norway
Essential public services and the fundamental-rights duty. The high-risk obligations bind from 2 August 2026, transposed into Norwegian law through KI-loven. Below is the obligation map for your sector, drawn live from the Kernal compliance graph.
High-risk deadline 2 August 2026 · Andes Labs · Oslo, Norway
Public services carry a fundamental-rights duty
Bodies governed by public law, and private operators delivering public services, sit at the centre of the AI Act deployer regime. Where AI is used to decide access to essential public services and benefits, a Fundamental Rights Impact Assessment is required before first use, and transparency to affected persons is sharper than in the private sector. The obligations below are the baseline deployer set that applies whenever a public body operates a high-risk system.
Obligations that apply to public sector
5 obligations from the EU AI Act apply to this sector. Each shows what the duty requires and the evidence you will need to demonstrate it.
Human oversight
Assign human oversight to a competent, resourced, named person with authority to monitor, intervene, and stop the system.
Evidence you will need
- signed oversight assignment naming the owner
- oversight monitoring log
Monitor and suspend on risk
Monitor operation; suspend use and inform the provider or authority if a risk to health, safety or fundamental rights emerges or a serious incident occurs.
Evidence you will need
- monitoring procedure
- incident-escalation runbook
Keep logs
Retain the automatically generated logs under the deployer’s control for the appropriate period.
Evidence you will need
- log-retention policy
- sample retained logs
Fundamental Rights Impact Assessment
Public bodies and providers of public services must perform a fundamental-rights impact assessment before putting a high-risk system into use.
Evidence you will need
- completed FRIA document
- FRIA review/sign-off
Transparency to affected persons
Where a high-risk system makes or assists decisions about a person, inform them.
Evidence you will need
- affected-person notice
- consent records
Source: Regulation (EU) 2024/1689 (EU AI Act). This is general information, not legal advice; the high-risk classification of a specific system is fact-specific and should be confirmed with counsel.
How Kernal helps
Most of these duties are not about whether you comply — they are about whether you can demonstrate it. Human oversight, monitoring, logging, and impact assessments all produce evidence a regulator can ask for at any time. Kernal is the context layer that captures that evidence as the work happens: every interaction logged, the human decision recorded, an oversight chain you can show rather than assert.
The same obligation graph that renders this page is the one the product runs on. The Compliance Cartridge maps your AI systems to the obligations above and assembles the burden-of-proof record continuously, so the answer to "show us" is already structured.
See your public sector obligations
Thirty minutes to map your AI usage against the EU AI Act (KI-loven) obligations for public sector, and to see how the governance layer supports your programme before the 2 August 2026 deadline.
kernal.andes.no · Andes Labs · Oslo, Norway