The Division for Digital Regulation and Supervision endeavors to ensure a more responsible use of data across the digital economy, allowing the possibilities within digital transformation to be harnessed for the benefit of citizens, authorities, businesses and society.
Through regulation, supervision, and guidance our work aims to promote security and accountability in a manner that supports the use of data in the development of services and technologies.
We supervise on various subject matters, including the processing of personal data and protection of privacy in the electronic communications sector, supervision of the law on network and information security for domain name systems and certain digital services, supervision of the domain law, and supervision of digital identities and identity services.
Additionally, our division has a central role in planning the implementation and supervision of several new legislative acts from the European Union regarding digitalization. This includes the Artificial Intelligence Act, the Data Act, and the Data Governance Act.
Furthermore, we strive for a free, open, and secure global internet, as it is a fundamental prerequisite for sustained digital growth.
The Agency for Digital Government supervises the legislation regarding the processing of personal data and the protection of privacy in the electronic communications sector.
The supervision focuses primarily on two subject matters:
We provide guidance on and supervise the use of cookies and similar technologies to ensure compliance with the rules. In Denmark the rules are implemented in the cookie executive order. The Agency’s supervision follows a significance and risk-based approach, which is both subject based as well as based on complaints from citizen.
Furthermore, the Agency supervises that providers of electronic communication services take appropriate technical and organisational measures to safeguard personal data security in relation to the provision of their services.
The Agency for Digital Government supervises network and information security in relation to operators of essential services within domain name systems (toplevel domain name administrators and DNS providers) and certain digital services (providers of online marketplaces, online search engines, and cloud computing services). The supervision focuses on assessing whether operators of essential services have identified and implemented appropriate and proportionate measures to manage risks related to their essential services. Additionally, it ensures that significant incidents are reported to the authorities.
The Agency for Digital Government oversees the administration of the Danish toplevel domain name .dk. This includes ensuring transparency in the administrator's operations, maintaining a secure and stable operation of .dk, and verifying that the administrator has established a database containing registrant information that is accurate, up-to-date, and publicly accessible.
The division has been designated as supervisory body in accordance with both the EU Regulation on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation) and the Danish National Standard for Identity Assurance Levels (National Standard for Identiteters Sikringsniveauer - NSIS).
The division represents Denmark in two EU forums, the Forum of European Supervisory Authorities for trust service providers (FESA) and the ENISA European Competent Authorities for Trust Services (ECATS).
Furthermore, the division is responsible for the managing the trusted lists for both eIDAS and NSIS:
The division for Digital Regulation and Supervision is responsible for developing a supervisory model and facilitating the supervision of selected suppliers of IT systems critical to the Danish society and function of the Agency for Digital Government specifically.
Additionally, the division for Digital Regulation and Supervision is also responsible for carrying out official inspections of the processing by the Danish Agency for Digital Government of personally identifiable data – in respect to the law and decrees enacted on Digital Post. The purpose of the supervision efforts is to fulfillment of requirements and obligations according to the Danish legislation, standards, IT contracts, data processing agreements, state security requirements and EU regulation.