Building a connected and resilient Nordic region: A call to action

Ultimately, telecom resilience is about the continuity of society itself. It ensures that when one link in the chain is stressed or broken, others compensate without hesitation. It is the quiet, often invisible assurance that our power stays on, our emergency calls go through, our savings remain secure, and our institutions speak with a clear and trusted voice. Without it, the Nordics’ security, prosperity, and democratic stability are all at risk. In short, it is about safeguarding the continuity of the modern Nordic way of life.

Resilience cannot, however, be treated as a national endeavour alone. The Nordic region’s tightly interwoven economies, shared geography, and deep cross-border interdependencies mean that a disruption in one country can cascade rapidly across the region. In 2025, the imperative is clear: Nordic resilience must be designed, implemented, and maintained as a collective regional asset.

Telecommunications networks in the Nordics already operate with significant cross-border dependencies. Fibre cables traverse national borders and undersea routes, data centres serve customers across jurisdictions, and roaming agreements ensure continuity of service for citizens and businesses. However, the regulatory, operational, and legal frameworks governing these assets remain largely national in scope. The result is fragmentation.

Legal intercept and security clearance requirements differ between jurisdictions, delaying coordinated responses in a crisis. Authorisation and licensing frameworks for cross-border operations remain inconsistent, increasing compliance burdens. Cyber security and resilience obligations are implemented unevenly, limiting the effectiveness of shared situational awareness.

These inconsistencies are manageable in normal operations but become critical in high-stress situations. In a large-scale incident, operators may face delays in moving personnel or equipment across borders, uncertainty about reporting obligations, or conflicting instructions from different authorities. In practice, this could mean that capacity is available but cannot be deployed quickly where it is most needed.

These gaps undermine the very resilience we seek to build. In a high-impact incident, be it a cyberattack, a submarine cable cut [see Chapter 5], or a hybrid campaign targeting multiple infrastructures, Nordic operators must be able to act in sync with public authorities, unimpeded by legal barriers.

Here, NATO’s civil preparedness agenda [see box in Chapter 8] offers a valuable reference point. NATO has defined seven baseline requirements for national resilience, covering continuity of government, energy, food and water, health, civil communications, transportation, and the ability to manage population movements. These provide a standardised framework against which national efforts can be benchmarked.

Aligning Nordic telecom resilience more closely with these NATO objectives would not only strengthen interoperability but also reduce the risk that divergent national rules delay crisis response. NATO’s Resilience Committee (RC), the Euro-Atlantic Disaster Response Coordination Centre (EADRCC), and specialist bodies such as the Civil Communications Planning Group (CCPG) are established forums where Nordic authorities and operators could draw guidance, exchange lessons, and build trusted procedures.

Even if telecom resilience remains a national legal obligation, embedding it in a sustained collective Nordic commitment to harmonise frameworks and responses would ensure that capacity is available where it is most needed, when it is most needed. In practice, this means that during a regional crisis, Nordic operators and authorities would act not as separate jurisdictions but as one resilient ecosystem.

Strengthening cross-border resilience in the Nordic region requires more than national preparedness plans, it calls for a coherent regional approach that integrates telecommunications, cloud infrastructure, and other critical digital services into a single, interoperable framework.

A natural first step could be to explore greater alignment of national security and resilience requirements. Today, divergent security clearance regimes and incident reporting rules risk slowing or complicating the deployment of staff, equipment, or cloud workloads across borders in times of need. Areas such as mutual recognition of security vetting, more consistent incident classification, and interoperable protocols for lawful intercept, cyber incident response, and crisis communication could help reduce friction. For cloud and data infrastructure, similar alignment around sovereign control levels and compliance auditing would support the secure failover of regulated workloads between Nordic jurisdictions, minimising legal or operational delays.

Resilience cannot rely on infrastructure and technology alone. It also depends on the way public authorities, the private sector, and voluntary organisations work together under stress. In the Nordic context, this means moving beyond ad-hoc collaboration and ensuring that the most critical private actors are systematically integrated into formal crisis management and security structures. Only governments can extend such invitations, but without them the full capacity of Nordic resilience cannot be mobilised.

A key gap today is the lack of clarity about what private operators can expect from civil and military authorities during high-end crises. Areas such as logistical support, reserve power capacity, or even force protection for telecom engineers working in risk zones remain undefined. Establishing clear protocols, ideally harmonised across the Nordic region, would give operators and authorities a shared baseline for planning.

Preparedness is also about mindset. Plans, training, and exercises must reflect realistic cross-border scenarios that combine physical, cyber, and informational disruptions. Building on national best practices, the Nordics should establish regular joint exercises that bring together civilian authorities, defence actors, and private operators, ensuring that roles, responsibilities, and support functions are tested under conditions that mirror real-world stress.

Such measures would anchor Nordic resilience not just in technical redundancy or legal alignment, but in the lived practice of civil–military and public–private cooperation.

The Nordic region already has strong building blocks for resilience. Sweden’s PTS-led multi-operator exercises test operational readiness across telecom providers and public authorities, building familiarity with joint decision-making under pressure. Finland’s Pool System, coordinated by the National Emergency Supply Agency (NESA), embeds private companies in national security planning, ensuring that critical service providers can be mobilised rapidly in emergencies. Denmark’s recent investments in climate resilience and cyber security are enhancing municipal and national preparedness, particularly for infrastructure protection against flooding, storms, and cyberattacks. Norway’s total preparedness framework sets a comprehensive standard for integrating civilian and military capabilities under a single national resilience approach.

These mechanisms demonstrate the maturity of Nordic crisis planning and the value of strong public–private partnerships. However, they remain largely bounded by national jurisdictions, legal frameworks, and sector-specific mandates. Cross-border coordination still depends heavily on ad-hoc arrangements and informal networks, which may not hold under the stress of a major, multi-country incident.

The challenge is to weave these national strengths into a shared Nordic approach - one that anticipates disruption, enables swift joint action, and speaks with a coherent voice to citizens and partners in times of crisis. This means rehearsing not only national incident response, but also scenarios where assets, personnel, and decision-making must flow freely across borders. It means aligning technical standards, governance processes, and communication protocols so that, when a disruption occurs, the Nordic region responds as one.

The Nordic countries have the trust, the shared values, and the operational experience to make cross-border telecom resilience a reality. What is needed now is political commitment at the highest level, supported by sustained investment and regulatory alignment. The essential first step is mutual recognition of security clearances and authorisations, without which collective resilience cannot move from principle to practice.

We cannot afford to wait for the next major disruption to reveal the cost of inaction. By acting now, through harmonised frameworks, shared capabilities, and coordinated investments, the Nordics can set a global standard for how interconnected nations secure their digital lifelines.

Resilience is not static; it requires continuous investment, alignment, and vigilance. 2026 must be the year when these efforts move from planning to implementation, ensuring that resilience spans the entire Nordic region and protects our societies, our economies, and our people.