Sage Journals: Discover world-class research

Abstract

In 2019, Norwegian society was shocked to learn about grave and systemic errors in the social security system. A practice prevailing for 25 years of disregarding EU law when applying a requirement that recipients of social security benefits should have stayed in Norway at all times had caused several incorrect court judgments and thousands of erroneous administrative decisions, with grave consequences for those concerned. Around 70 individuals were subject to wrongful criminal convictions, in addition to around 7000 incorrect decisions concerning denial and reduction of benefits, as well as demands for repayment of benefits already received. We suggest that in order to learn lessons from this complex of cases, attention must be paid to the structural conditions that allowed the errors to arise and to continue for more than two decades. The landscape surrounding the scandal was characterised by three major contextual shifts over the last three decades: changes in welfare policy, an emphasis on digitalisation, and increased normative complexity. Arguing that the relevant ministry and the Norwegian welfare administration formed the centre of the scandal, we focus more closely on the specific legal architecture of administrative practice. The regulatory techniques confined complex interpretative tasks to a closed administrative space. In this space, several missed opportunities for stopping the scandal demonstrate systemic weaknesses in internal processes of the welfare administration. Moreover, there was limited external control. Overall, the pre-existing structures in Norway's welfare administration shaped its vulnerability to failure. This can provide lessons on how to reduce the risk of future welfare dystopias.

Keywords

Social security law digitalisation of public administration EU social security law rule of law public administrative law digital welfare state

The scandal

On Monday 28 October 2019, an unusual press conference was called by the Norwegian Ministry of Work and Welfare. Three high-ranking officials met the press: the Minister, the Director of the Norwegian Labour and Welfare Administration (Nav) and the Director of public prosecutions. They broke the news that a wrongful practice had been identified within the national social security administration. Over a period of years, implementation of this practice had resulted in a high number of wrongful decisions resulting in denial and reduction of benefits, wrongful demands for repayment and possibly also wrongful criminal convictions for welfare fraud.

The press conference set in motion a long process of clarification regarding the duration and scale of the wrongful practice and the causes of this failure. As the Grand Chamber of the Norwegian Supreme Court would acknowledge in 2021, after having received an advisory opinion from the EFTA Court (C-8/20), Norway's social security legislation (The National Insurance Act, 1997) had been applied in a way that violated the right of individuals to receive services in the EU's internal market and infringed the EU's social security coordination regulations (SSC Regulations) (HR-2021-1453-S). Although Norway is not a member of the EU, Norwegian authorities are obliged to respect the rules of the internal market, including those related to the right to receive services and the SSC Regulations, under the terms of the European Economic Area Agreement (EEA Agreement), to which Norway is a party.

In its 2021 ruling, the Norwegian Supreme Court found that making entitlement to certain sickness benefits contingent upon remaining within Norway under the country's social security legislation constituted an unlawful restriction on the right to receive services specified under Article 36 of the EEA Agreement, which is similar to Article 56 of the Treaty on the Functioning of the European Union. In addition, the Court found that the requirement was also contrary to Articles 7 and 21 of Regulation (EC) No. 883/2004 on the coordination of social security systems. While the Supreme Court issued its ruling in the context of a specific case, its interpretation of the law in that case clarified the extent to which a wider administrative practice had been in error.

The way in which the Supreme Court interpreted EU law, as incorporated into the EEA Agreement and thus Norwegian law, clarified the scope of the wrongful practice that the authorities had revealed in the 2019 press conference. It was now evident that not merely Nav, but also the public prosecutor and the Norwegian courts, including the Supreme Court itself, had made numerous wrongful decisions in the preceding decades. In many cases since the entry into force of the EEA Agreement in 1994, the above-mentioned instances had denied or reduced benefits, or demanded their repayment, sometimes going as far as convicting individuals for welfare fraud on a legal basis that, it now transpired, violated EU rules on free movement and the SSC Regulations. According to internal investigations conducted by Nav, at least 7510 persons had received wrongful decisions concerning the denial or reduction of benefits, demands for the repayment of benefits already received, or both, while implementation of the wrongful practice had given rise to criminal convictions in at least 64 cases, which would eventually be reversed through full or partial acquittals. The events surrounding the Norwegian authorities’ erroneous application of EU rules incorporated into the EEA Agreement have since come to be known as the ‘Norwegian social security scandal’.

The scandal shook Norwegian society. The media abounded with stories of the severe consequences experienced by those affected: disturbance of family life, sale of homes, psychological distress and time in prison. The government established a commission of inquiry into the causes of the scandal (NOU, 2020a), and later a law commission to propose legislative means to reduce the risk of future failures (NOU, 2021). The Parliament's Standing Committee on Scrutiny and Constitutional Affairs held hearings on the matter, and the Parliament strongly criticised the executive branch.

The Norwegian social security scandal illustrates the potential risks of welfare dystopia in the sense that the scandal was a product not merely of conditionality in social security legislation, along with strict sanctions and recovery practices, but also of lack of judicial protection for citizens and the effects of digitalisation, automation and datafication (Vonk and Ranchordás, 2025). The scandal revolved around the interpretation of a particular condition for the entitlement to certain welfare benefits – namely, the requirement to stay in Norway – and the strict sanctions and recovery practices applied in cases of failure to fulfil this condition – namely, criminal convictions for welfare fraud and demands for repayment. It also concerned the lack of judicial protection for citizens, as internal review processes and judicial control systems that should have prevented the scandal were more attuned to the goal of reducing welfare fraud than to ensuring the rights of those receiving benefits. Finally, the scandal is also an example of the effects of digitalisation, automation and datafication: from the early 2000s, a control unit within the Norwegian welfare administration had systematically used new digital tools to target people subject to the requirement to stay in Norway. These tools were employed to identify cases of welfare fraud and included systematic searches in currency registers and bank accounts and registration and analysis of IP addresses. Efforts intensified around 2012, when the majority of the wrongful decisions in the social security scandal were made. As digitalisation enabled surveillance of citizens on a new scale, it contributed significantly to the extent of the scandal.

Accordingly, this article argues that the Norwegian case can provide insights whose ramifications go far beyond the intersection of EU/EEA law and national social security law. Presenting the case in the context of a broader legal, administrative and political landscape, it seeks to shed light on the implications of digitalisation in administrative systems. Public administrations do not approach processes of digitalisation from a blank slate. Existing structures, with their strengths, weaknesses and vulnerabilities, shape responses and practices as new tools and systems are put in place. Exploring the context in which the specific case of the Norwegian social security scandal played out, we argue that if we are to grasp the risk of digital dystopia – and to learn lessons on how to reduce such a risk – we need to pay close attention to the broader context and characteristics of public administration.

While the Norwegian scandal has triggered sustained public and academic debate within Norway, it has not been comprehensively analysed in the international literature (see, however, Bekkedal, 2020, 2022; Eriksen and Ikdahl, 2025; Pavone and Stiansen, 2022). In this article, we seek to identify what we refer to as the particular architecture of the Norwegian case, meaning the structural conditions that allowed the events of the scandal both to arise and to continue for 25 years. We look at political, technological, institutional and legal elements of those structural conditions. The article builds on research we have conducted since the initial revelations about the scandal, which has been presented in greater detail in articles published in Norwegian for the domestic audience (Eriksen and Ikdahl, 2024; Ikdahl and Eriksen, 2023).

The article proceeds via the following steps. It begins, in the next section, by describing the landscape surrounding the scandal. Here, we outline three dimensions of a major contextual shift that has taken place in relation to the Norwegian welfare state over the last three decades: the changing policy discourse on threats to the welfare state, the growing quest for digitalisation and the increasing normative complexity of the institutional context within which the welfare state administration operates.

In the third section, the article focuses more closely on the specific structures of the Norwegian scandal that allowed it to continue from 1994 until 2019. Arguing that the Norwegian welfare administration formed the centre of the scandal, we interrogate three interlinked themes related to the legal architecture of administrative practice: how regulatory techniques confined complex interpretative tasks to a closed administrative space; the acts and omissions of the welfare administration within this space; and the limited external control of administrative interpretations and practices.

A fourth and final section sums up some lessons that can be learnt from the case. Rather than suggesting legal remedies such as new rights or principles, we argue that attention must be paid to how pre-existing structures in Norway's welfare administration shaped its vulnerability to failure – or dystopia – in the context of processes of rapid and extensive digitalisation. In short, our lesson is that public administration faces particular challenges in contexts where specific topics receive increased attention as problems that the political system is seeking to solve, at the same time as new technological developments enable administrative bodies to employ new and hyper-effective digital tools as part of their activities. In such contexts, it is essential that bodies remain aware of the need to conduct thorough and solid legal assessments, even when the legal questions are complex and there are political expectations regarding how cases should be handled. If administrative bodies do not pay sufficient attention to this task, they may end up facilitating a system where the rule of law is ignored and individuals are sacrificed on the altar of efficiency.

The landscape: Welfare policy, digitalisation and legal complexity

The changing policy landscape of the Norwegian welfare state

The existence of a comprehensive welfare state is a key tenet of Norwegian society. However, political, economic and legal trends have shifted basic approaches and priorities, resulting, over the last three decades, in a series of partially linked developments.

While concerns about the sustainability of the welfare state have been voiced repeatedly since the early 1980s (Kuhnle and Solheim, 1985), exponents of such concerns became more vocal during the late 1990s (Ministry of Social Affairs and Health, 1995). Among the results of this trend was an increased focus on the ‘work line’ – the Scandinavian version of workfare – and a highlighting of the welfare administration's role in nudging people (back) towards employment. Greater attention was also given to ensuring compliance with existing regulations, including requirements to stay in Norway and duties to take part in rehabilitation and work training. In addition, new conditions for receiving benefits were adopted, alongside stricter time limits on some benefits (Sand, 2024).

Efforts to combat welfare fraud increased in parallel (Ikdahl and Eriksen, 2023). Beginning with unemployment benefits in the late 1990s, systematic efforts were initiated to identify and address potential fraud (Gundhus, 1999). From around 2001, a cross-party consensus led to the establishment of ‘Nav Kontroll’, a control unit within the Norwegian welfare authority (Nav), which grew in size from an initial two caseworkers to 130 caseworkers in 2015. A series of legislative amendments extended the powers of the welfare administration to collect and manage ‘necessary information’ about individuals for purposes of control of previous, current and future receipt of benefits. Information could be demanded from a range of public and private entities, including financial institutions, health service providers, kindergartens, schools and prisons – without regard to duties of confidence. Control and surveillance measures were put in place, both for individual cases where fraud was suspected and for routine control activities. The emerging control provisions of the National Insurance Act were formulated in broad and general terms. However, they were to be practised within the boundaries established in existing legislation on, inter alia, data protection, human rights and the Constitution, including the principle of proportionality, the need for a clear legal basis and the right to privacy.

A separate trend involved increased attention to possibilities for limiting export of welfare benefits. This theme was perceived as increasingly urgent following the expansion of the EU in 2004, which entailed growing numbers of workers from Eastern European countries arriving in Norway (Interministerial Working Group, 2003, 2004; Ministry of Work and Welfare, 2017; NOU, 2011). The most explicit political statement placing this issue on the agenda can be found in the political platform of the incoming Conservative government in 2013, which stated that the government would ‘consider measures that will limit and bring to a halt the export of social security benefits, but that remain within the framework of Norway's binding international agreements’ (Conservative Party and Progress Party, 2013: 6). Clearly, the EEA Agreement was and continues to be the most important international agreement in terms of imposing limitations on possibilities for Norwegian authorities to implement measures to stop the export of social security benefits, as the Agreement obliges Norway to accept most of the single market acquis, including a market without restrictions on the free movement of goods, services, persons and capital.

Digitalisation and the quest for more efficient public administration

Over the last two decades, the Norwegian state – like other European states – has given increased attention to the possibilities of digitalisation (Ministry of Digitalisation and Administration, 2024; Ministry of Municipal Affairs and Modernisation, 2016, 2019). For a welfare administration struggling to keep up with an increasing workload, growing numbers of applications for benefits and higher expectations regarding follow-up of recipients, the possibilities presented by digitalisation have been viewed as important tools for increasing efficiency.

A range of changes have ensued from the focus on digitalisation, and new tools are underway. The Norwegian welfare administration's engagement with users has shifted from paper to digital documentation, communication through chats and online portals, submission of documentation through online forms, and the provision of assistance through fully automated chatbots. Internally, various aspects of case handling have been streamlined and automated to varying degrees, while machine learning offers new possibilities for decision-making. The result is that, today, the Norwegian welfare state is permeated by digital tools, data and processes (Broomfield and Reutter, 2022; Hofmann et al., 2024; Nordrum and Ikdahl, 2022; Reutter, 2022).

Control of recipients is one field where digital tools have significantly reshaped earlier procedures. The increasing datafication of citizens means that more personal data exist in formats that are readable by computers, and new technical tools have provided new possibilities for analysing and juxtaposing data from different sources (Andreassen et al., 2021; Dencik and Kaun, 2020).

The paradigm shift that has occurred in terms of the possibilities for surveillance and control of citizens is interwoven with the Norwegian social security scandal. As efforts to combat welfare fraud increased, some parts of the administrative work involved in those efforts continued to be of the more traditional kind – following up on suspicions and tips in individual cases. However, digitalisation also meant that routine controls on a mass scale became part of the bureaucratic surveillance of whether recipients of benefits were complying with the conditions for receipt of these benefits (Ikdahl and Eriksen, 2023).

One such digital control practice was particularly important in relation to the requirement of stay in Norway. In 2013, a new provision was adopted to facilitate bulk collection of data – as opposed to information about specific cases. The provision allowed Nav Kontroll (the previously mentioned control unit of the Norwegian welfare administration) to collect such bulk data regarding, among other things, income and other financial circumstances, residence, and currency transactions from a range of sources, which could then be analysed and juxtaposed with other registries and sources of data. The digitalisation of communication with recipients of benefits had also led to the establishment of registers of IP addresses, which provided an indication of the country in which a recipient was located. Juxtaposing these IP addresses against registries of persons receiving benefits that required them to stay in Norway gave the control unit a new tool for identifying violations of such requirements.

The importance of such tools was pointed out by the government inquiry commission established in the wake of the social security scandal:

‘Foreign travel has been relatively easy to detect, especially since Nav acquired technological tools that enabled tracking of IP addresses’ (NOU 2020a: 23, authors’ translation).

One committee member further elaborated on this point:

‘From the interviews and from the documentation in the investigation, the committee has been informed about an aggressive practice for the recovery of welfare benefits during stays abroad, which commenced towards the end of 2012, with effect for decisions particularly after 2014. A particularly intense phase for this type of case was the period during which the administrative investigation began to use more advanced technological tools to uncover “welfare benefit abuse”. It has been described to the committee that, through the use of such tools, the administration could easily identify members who were residing outside of Norway and crack down on this as a violation of the conditions for the welfare benefit’ (NOU, 2020a: 70, authors’ translation).

While the legality of the registration of IP addresses and their use in such a type of control has subsequently been questioned,¹ there is no doubt that such bulk collection of personal data for purposes of control has greatly increased the welfare administration's ability to monitor citizens. However, this also implies far more consequences when mistakes are made.

Increased legal complexity: Integration of European law into the welfare administration

Like other modern legal systems, Norwegian law is ‘fragmented’, in the sense that the terms of all legislation must be read with an understanding that other norms may establish limits or boundaries on how such legislation is to be understood. For example, when sectoral laws such as the National Insurance Act are applied, the welfare administration must remain within rule-of-law boundaries established by, inter alia, the procedural requirements of the Public Administration Act and the rule-of-law guarantees of the Constitution.

During the 1990s, however, two important developments introduced additional sources of such limitations or boundaries to the welfare administration's operational environment. Norway has a dualist legal tradition, meaning that, in principle, international law cannot be directly applied in the country. The incorporation of EEA law, via the signing of the EEA Agreement in 1994, and the incorporation of important parts of international human rights law, through the passing of the 1999 Human Rights Act, were thus significant developments. From then on, these norms were also domestic law, to be applied by public authorities. New sources of interpretation therefore needed to be consulted, new principles of interpretation applied, and new principles integrated into legal thinking.

Coming to grips with this has turned out to be a long process. The role of human rights law for the welfare state, broadly understood, can be seen in subsequent developments in the field of child welfare services. A long series of cases related to care orders and visitation rights have been brought before the European Court of Human Rights, which in several instances has found violations of Article 8 of the European Convention on Human Rights (ECHR) on the right to privacy and family life (Netland, 2023). The systematic work to review practices of Norway's child welfare services that has ensued as a result of these decisions illustrates the need to realign practice to ensure compliance with human rights requirements.

The integration of EEA law is at least as complex as the case of human rights, both in principle and in practice, as Norway is obliged to accept substantial parts of both primary and secondary EU law. The incorporation of EEA law is thus also multifaceted. The EEA Agreement itself was incorporated through a specific act that established not only that the EEA Agreement is a domestic source of law on an equal basis with other acts, but also that it shall prevail over other acts in cases of conflict.² The freedom to receive services in other EEA countries, which played a central role in the Norwegian social security scandal, is embodied in this Agreement.

The regulatory techniques applied at the national level to implement the various provisions of EU law incorporated into the EEA Agreement vary, depending on whether the provisions are directives or regulations, and whether they seek to bring about full harmonisation within a particular legal field or set a minimum standard that allows for additional national requirements. In some fields, EEA law has shaped the content and structure of national law significantly. A pertinent example is the 2017 Norwegian Equality and Anti-Discrimination Act, which draws heavily on terms, concepts and structures from EU anti-discrimination law (Hellum et al., 2023).

In the field of social security law, the integration of EEA law has been far less visible. When a new National Insurance Act was adopted in 1997, there were hardly any traces of the role and requirements of EEA law. Instead, a general provision in what was initially § 1–3 allowed the government to enter into mutual agreements with other countries, including when this required exemptions from the provisions contained in the Act. On this legal basis, a government regulation was adopted that made the EU Social Security Coordination Regulations³ part of domestic law, stating that these should prevail over the National Insurance Act in cases of conflict. However, the Act itself was not amended to reflect instances where such conflict arose. Nor did the Act's preparatory works analyse possible tensions.

A case in point is the requirement that recipients of benefits remain present in Norway. Even though both the EEA Agreement and the SSC Regulations established limits regarding the imposition of a requirement of stay, the provisions of the National Insurance Act presented this as a clear condition for receiving certain benefits.⁴ In a conflict such as this, the Norwegian legislation should have been interpreted narrowly or even fully set aside. However, as is now known, this was not done in practice.

While the Norwegian social security scandal was unprecedented in terms of the numbers of people seriously affected, it is neither the first nor the last example of wrongful application of EEA law in the field of Norwegian social security law.⁵ The scandal thus also forms part of a larger story in which increased legal complexity, embedded in a trajectory towards increasing elements of multi-level regulation in a formerly nationally oriented administration, creates tensions and risks of mistakes.

The regulatory techniques adopted in relation to social security established a hierarchy between the applicable norms but did not address the plethora of unresolved interpretative questions. This was consequential for the architecture in which the Norwegian welfare administration was to operate. We turn now to the key elements of this architecture.

The administrative architecture: Grey areas and limited external control

Regulatory techniques: Confining the administration in grey areas

As noted above, two sets of regulations lay at the core of the scandal: The National Insurance Act required recipients of benefits to stay in Norway, while EEA law formed the basis for rights to move within the EEA area. The relationship between these two sets of regulations is governed by general provisions that give EEA law precedence in cases of conflict. However, while these provisions are able to provide answers once conflicts have been identified, there remains the task of identifying precisely when conflict occurs.

In some cases, the precise content of law – including EEA law – is fairly clear. However, it is not always straightforward to know with certainty how legal questions should be answered. This is a well-known issue in legal philosophy and has been illustrated by, among other things, the American jurist Ronald Dworkin's (1986: 239) imaginary judicial figure Hercules, who has superhuman intellectual capacity and unlimited time at his disposal. Thorough analyses of all relevant sources can provide a basis for identifying one and only one correct answer to legal questions. In practice, however, there will remain uncertainty about how to resolve many legal questions – at least until they are eventually handled by the highest courts in the relevant legal systems. This is also the case for EEA law. Even with ample time and the foremost expertise available, it will be challenging to analyse all relevant legal questions so thoroughly that all doubt about what is the correct solution can be excluded. Domains characterised by high levels of uncertainty and unresolved questions can be termed ‘grey areas’. Such areas require thorough and solid legal assessments – and, even when these are carried out, doubts may remain.

Until the EFTA Court gave its advisory opinion in Case C-8/20, the relationship between requirements of stay and EEA law was an example of such a grey area. As the 37 pages of the advisory opinion demonstrate, a range of questions and sub-questions needed clarification. These included whether the requirement of stay constituted a ‘restriction’ on the freedoms of movement acknowledged under EEA law and whether it could be justified by ‘overriding reasons in the public interest’ that were ‘appropriate to securing the attainment of the legitimate objective pursued’ and ‘proportionate having regard to that objective’. Each sub-theme required examination of both sources of EU law and the relevant Norwegian law and context. The question of precisely when there was a conflict between EEA law and the National Insurance Act thus constituted an area that required particularly close engagement with complex questions of interpretation. As a consequence of the use of the regulatory techniques outlined above, which established hierarchies of norms rather than clarification of their specific content, the task of handling this grey area was left to the welfare administration alone.

Admittedly, it is not unusual that administrative agencies are entrusted with responsibility for interpreting and clarifying the law in Norway. Norwegian legislative technique is frequently based on short acts, with extensive delegation and the use of vague and broad terms. However, such an approach is usually coupled with interpretative guidelines in the preparatory works. Thus, as Nordrum (2023: 218) describes, ‘the preparatory works fill the gaps in legislation and often give restatements of unwritten law’. In this case, however, the preparatory works to the National Insurance Act hardly mentioned EEA law – much less provided any in-depth analysis. The welfare administration was thus given a Herculean task: to determine, in each case, precisely to what extent the EEA law required exceptions to the requirements found in national legislation. Any mistakes, whether too strict or too lenient in interpretation, would result in illegal decisions – either violating the duty to apply the requirement of stay or denying citizens their rights stemming from EEA law (Eriksen and Ikdahl, 2024: 377–379).

A similar challenge of interpreting and applying the limits established by higher-order norms can be observed in the field of control activities. As noted above, the National Insurance Act established broad competences for the welfare administration to collect and manage personal data, for example through bulk collection and routine analysis of such data. However, boundaries to this competence exist in other sets of regulations: the right to privacy found in Article 8 of the ECHR and in the Norwegian Constitution, along with limitations on the processing of personal data established by the EU General Data Protection Regulation. Again, considerations regarding purpose, necessity and proportionality call for complex and context-sensitive considerations in individual cases. Again, the lack of systematic analysis by and guidelines from the legislator meant that the welfare administration was tasked with manoeuvring in a grey area (Data Protection Authority, 2012: 8–9; Ikdahl and Eriksen, 2023). Here, however, the administration retained the possibility of making safer decisions: through the adoption of a cautious approach to control activities, it could reduce the risk of crossing the relevant boundaries. However, the use of such an approach would go against clear political signals and expectations regarding the need to combat welfare fraud in the most efficient ways available.

Regulatory techniques that confine administrative bodies in grey areas, with few guidelines, are no oddity in modern welfare states. Rather, the use of such techniques may appear an endemic characteristic when digital government is developing within multi-level frameworks in which rule-of-law guarantees are found in higher-order norms, whether these are related to human rights, data protection law or constitutional norms. However, regulation that merely addresses potentially conflicting norms through statements on hierarchies in the event of conflict delegates vast responsibilities to the administrative bodies tasked with implementation of the regulation. When combined with political pressure for efficiency and control, such a situation may cause vulnerability to failure.

Managing the grey areas inside administrative space

When important and challenging questions of interpretation are left to administrative bodies, the possibilities for clarification through legislative processes are reduced. Arguably, this increases the importance of paying attention to how unclear or contested issues are handled internally in the administrative bodies.

The title of the report of the commission of inquiry appointed by the Norwegian government in response to the social security scandal, The Blind Spot, may suggest that the legal problem at the core of the scandal was merely overlooked (NOU, 2020a). Yet both that report and other materials from the case have documented how questions about the legality of the requirement of stay in Norway had been raised on several occasions. However, the handling of such questions when they arose was problematic.

A first example concerns questions raised inside the welfare administration itself. After the scandal became public, an internal audit report found that caseworkers had sought to raise questions about whether the strict practice regarding requirements of stay was in compliance with EEA law, on several occasions in the time period from 2012 to 2017. However, these efforts did not result in comprehensive legal analyses or clarifications (Directorate of Work and Welfare, 2019: 26–38).

Second, external events also gave rise to opportunities for identifying the wrongful practice. In 2013, the EFTA Court found that Norwegian requirements of stay in the context of other benefits, namely unemployment benefits, violated EEA law.⁶ An internal note from the then director of the welfare administration to the Ministry raised the question of wider implications for other benefits, including the work assessment allowance. However, it appears that no comprehensive analysis of the ripple effects of the Court's reasoning was conducted (Eriksen and Ikdahl, 2024: 373–375). The same year, a case before the High Court regarding sickness benefits and the requirement of stay was settled correctly in line with EEA law, but the out-of-court settlement was not made public and did not result in any changes of practice (NOU, 2020a: 146–147, 210–211). A complaint to the EFTA Surveillance Authority (ESA) in 2015, from a person who wished to retain the work assessment benefit while moving to Sweden, led to correspondence between ESA and the Norwegian authorities, but was eventually laid aside (Directorate of Work and Welfare, 2019: 35–37).

A third example concerns the normative analyses that were indeed conducted at the ministerial level. As noted above, the government platform of 2013 declared an intention to reduce export of welfare benefits. As a follow-up, an interministerial working group was established and submitted its report in August 2014 (Interministerial Working Group, 2014). The mandate of the working group concerned what ‘wiggle room’ the Norwegian state had to make legal changes to limit the export of social security benefits. The working group had members with considerable expertise in EEA law, and the focus of its report was EEA law, not existing Norwegian practices. Accordingly, the report did not explicitly discuss whether the existing practices were lawful. However, the analyses of the 100-page report shed significant light on the grey areas of what EEA law prohibits (and allows). One example touched upon the core of the social security scandal: when discussing the legality of requiring recipients to remain in Norway, the report identified the high risk that such requirements of stay could be found to violate EEA law (specifically its prohibition of residence requirements). The report could thus have provided useful guidance to those who were shaping the welfare administration's practice in this field (Eriksen and Ikdahl, 2025). However, it appears that the report was not distributed. Its existence was unknown to the public until 2020, and even today only parts of it are publicly available.⁷

Weaknesses in the internal processes for clarifying legal boundaries can also be observed in relation to digital control activities. After the adoption of the provision on bulk collection of data in 2013, the Norwegian welfare administration was uncertain whether this provision allowed for the collection of IP addresses. Internal guidelines and strategic documents repeatedly highlighted the need for clarification on this matter – whether from the Ministry or through legal amendments. There are also references to letters between the welfare administration and the Ministry about this question (Ikdahl and Eriksen, 2023: 220–222). However, more than 10 years later, the internal guidelines remain unclear, and while the National Insurance Act allows the government to issue regulations to clarify the scope of the provision, this has still not been done. Instead, a series of new questions about the collection and use of personal data for control purposes have arisen since the social security scandal.⁸

When regulatory techniques construct administrative spaces that are tasked with handling complex legal questions, internal processes within the relevant bodies are crucial for avoiding systemic failure. In the context of the Norwegian social security scandal, important questions about legality were raised internally in the welfare administration but did not lead to in-depth analysis and clarification. When external events created incentives for reviewing the legality of practice, these were not followed up. Simultaneously, analysis of key questions was conducted by the Ministry but not shared widely. Overall, the welfare administration's operation in grey areas allowed the wrongful practice to continue.

There were thus many missed opportunities for stopping the scandal before October 2019, yet the malpractice went on for 25 years. Each of these missed opportunities offers lessons regarding how to prevent legal scandals from unfolding and persisting for years. From our studies of the missed opportunities, we have identified two key lessons. First, in cases where legislative provisions confine administrative bodies to a grey area, characterised by uncertainties and unresolved interpretive questions, it is imperative that those bodies themselves engage in thorough analyses of the current legal situation and avoid one-sided analysis of the law that focuses only on whether the state may maintain its initial legal position in court proceedings. Rather, in their analysis of the law, government bodies should include the risks that malpractice may have for individuals. Second, they should strive to make their legal assessments public and transparent, even when those assessments do not involve or lead to proposals for new or amended legislation.

Peeping through the window? External control of the administration

The National Insurance Court, an independent, quasi-judicial tribunal tasked with cases concerning social security, was instrumental in bringing the Norwegian social security scandal to light. From June 2017, an increasingly sceptical tribunal wrote ever stricter rulings demanding that the welfare administration re-evaluate cases that concerned denying, stopping or demanding repayment of benefits in cases where the recipient had been outside Norway but had stayed in other EEA countries. In the face of the administration's failure to change its practice, which resulted in a continuing stream of cases, the tribunal informed Nav in November 2018 that it would submit a request for an advisory opinion to the EFTA Court. This triggered a process within the Ministry – and ultimately the press conference in October 2019 (Pavone and Stiansen, 2022). However, while in this case the judicial system thus contributed to the identification of the unlawful practice, as well as subsequent efforts to address it, the scandal is also a story of limited and failing external control of the welfare administration.

Overall, the courts play a limited role in oversight of administrative decisions in Norway (NOU, 2020b: 64–68; Nylund, 2021). Despite the very high number of cases concerning social security, and the high importance of such decisions for the life situation of individuals, only a very limited number of such cases reach the courts – and only two or three reach the Supreme Court annually. The familiar obstacles to bringing cases before the courts – processes are complex and time-consuming, lawyers are expensive, etc. – are no less significant for people who are already in vulnerable life situations. While the National Insurance Court is more easily accessible, its written procedures and the time pressures on judges do not facilitate in-depth analysis of complex EEA law. In cases involving criminal charges, individuals have a right to a lawyer – but the report of the commission of inquiry set up in response to the social security scandal suggests that, in the majority of court cases, neither defence lawyers, nor the police, nor the public prosecutor nor judges identified the potential conflict between the requirement of stay and EEA law.

It remains a hypothetical question whether private parties, lawyers, prosecutors and judges would have acted differently had the analysis of EEA law contained in the 2014 interministerial report been made known to them. However, it seems beyond question that the report's thorough analyses would have assisted in the identification of themes, case law and argumentation that were relevant for ensuring that cases were decided correctly.

Moreover, the courts have largely avoided discussing the administrative practices of control. Norwegian law does not strictly prohibit the use of evidence that has been obtained through procedures that violate, for example, privacy rights.⁹ Thus, the courts have a very limited role in ensuring that administrative control is carried out through procedures that respect rule-of-law guarantees.

In addition, other mechanisms that could have potentially provided a check on the activities of the welfare administration largely failed to do so in the context of the social security scandal (Ikdahl and Eriksen, 2023: 213–215). Following an inspection of the Nav Kontroll unit in 2012, the Data Protection Authority (2012) did identify how the broad competences granted to the welfare administration did not ensure efficient guarantees that rights to privacy were considered and upheld in practice. However, no follow-up of these findings seems to have occurred. When the Office of the Auditor General (2015: 31–32) reviewed the efforts to combat welfare fraud, the focus was on the limited efficiency of such efforts rather than any potential overstepping of the rule of law. And while the Norwegian Parliamentary Ombud is tasked with investigating complaints from citizens who believe they have suffered an injustice or an error on the part of the public administration, and can also raise matters on its own initiative, until recently it has not carried out any systematic work to investigate matters pertaining to EEA law or the digitalisation of public administration.

Overall, then, a picture emerges of an administrative agency given vast responsibilities of interpretation in a grey legal area, and which used technology to exercise significant monitoring and control of citizens, without itself being sufficiently and systematically monitored.

Observations

The complex factors that allowed the Norwegian social security scandal to arise and to continue for such a long period of time, with damaging effects on the lives of so many people, illustrate a key point: digitalisation processes in public administration are not implemented in a vacuum – they take place within pre-existing legal, political and administrative structures. Close attention therefore needs to be paid to the broader political and institutional landscape within which such processes take place, as well as the more specific architecture of administrative practices, to identify factors that may impede – or facilitate – the risk of welfare dystopias.

From the late 1990s, a set of specific topics received increased political attention in Norway: the sustainability of the welfare state, the risk of welfare fraud and the export of welfare benefits. In parallel, technological development and increased access to data on citizens provided new tools for hyper-effective governance and monitoring of citizens. At the same time, the integration of international norms, in particular EEA law, into domestic law created increased legal complexity.¹⁰

In contexts like this, it is essential that administrative bodies remain aware of the need to conduct thorough and solid legal assessments, even if the legal questions are complex and there are political expectations regarding how they should handle their cases with new and more efficient digital tools.

However, the administrative architecture and practice of the Norwegian welfare administration was not suited to this end. The regulatory techniques applied created tensions between the specific domestic legislation that formed the basis for distribution and administration of social security and the overarching regulation implementing EEA law, human rights and constitutional rule-of-law guarantees. The administration was assigned the task of manoeuvring in this tense and complex space, with little oversight from the judiciary or other mechanisms. On numerous occasions, opportunities for correcting its illegal practice arose – but those opportunities were missed.

Today, discourse on the welfare state is suffused with high hopes regarding digitalisation as a tool for efficiency and consistency of administrative practice. While there are reasons for such expectations in the ongoing quest to digitalise the public administration, it is crucial to also be cognisant of the risks embedded in structures such as those made visible by earlier scandals. In processes aimed at increasing automation of case-handling and development and uptake of AI tools, new legal questions and tensions may end up being confined to administrative spaces. Without accompanying attention to the need for the relevant administrative agencies to conduct comprehensive analyses of legal questions, and to share openly the analyses that are carried out, there is a high risk of new systemic mistakes. In the absence of mechanisms and institutions equipped to conduct control of digital administration, the end costs may be high – both for individual citizens and for trust in the welfare state.

Footnotes

Declaration of conflicting interests

The authors declared no potential conflicts of interest with respect to the research, authorship and/or publication of this article.

Funding

The authors disclosed receipt of the following financial support for the research, authorship and/or publication of this article: The authors received partial financial support from the research project “Digital velferdsstat” [The digital welfare state] at the Faculty of Law, University of Oslo.

ORCID iD

Ingunn Ikdahl

Notes

References

Andreassen

Kaun

Nikunen

(2021) Fostering the data welfare state: A Nordic perspective on datafication. Nordicom Review 42(2): 207–223.

Baudenbacher

(2019) ‘Room for manoeuvre’ is the real reason for Norway’s EEA scandal. In: Verfassungsblog. Available at: https://verfassungsblog.de/room-for-manoeuvre-is-the-real-reason-for-norways-eea-scandal (accessed 1 March 2025).

Bekkedal

(2020) The internal, systemic and constitutional integrity of EU Regulation 883/2004 on the coordination of social security systems: Lessons from a scandal. Oslo Law Review 7(3): 145–167.

Bekkedal

(2022) On an equal footing: The EFTA Court’s ruling in the Norwegian social security scandal: Criminal proceedings against N. Common Market Law Review 59(1): 223–238.

Broomfield

Reutter

(2022) In search of the citizen in the datafication of public administration. Big Data & Society 9(1).

Conservative Party and Progress Party (2013) Political platform for a government formed by the Conservative Party and the Progress Party [English version]. Sundvolden, 7 October 2013. Available at: https://www.regjeringen.no/en/historical-archive/solbergs-government/andre-dokumenter/smk/2013/political-platform/id743014/ (accessed 9 January 2025).

Data Protection Authority (2012) Endelig kontrollrapport, saksnr. 12/00116 [Final report from inspection of the Control Unit in Nav]. Oslo: Data Protection Authority.

Dencik

Kaun

(2020) Datafication and the welfare state: An introduction. Global Perspectives 1(1): 12912.

Directorate of Work and Welfare (2019) Kartlegging av fakta i EØS-saken [Mapping of facts in the EEA case]. Report from the internal audit of Nav, 11 December. Oslo: Directorate of Work and Welfare.

10.

Dworkin

(1986) Law's empire. Cambridge, MA: Harvard University Press.

11.

Eriksen

Ikdahl

(2024) God forvaltning i EØS-rettens grenseland. Lærdommer fra trygdeskandalen [Good governance in the borderlands of EU law – lessons from the Norwegian social security scandal.]. Lov og Rett 63(6): 369–397.

12.

Eriksen

Ikdahl

(2025) On the edge: Good governance in the borderlands of EU law—lessons from the Norwegian social security scandal. Nordic Journal of European Law 8(2): 1–30.

13.

Fredriksen

(2019) The rule of law in a European Economic Area with national ‘room for manoeuvre’. In: Verfassungsblog. Available at: https://verfassungsblog.de/the-rule-of-law-in-a-european-economic-area-with-national-room-for-manoeuvre/ (accessed 1 March 2025).

14.

Graver

(2019) The impossibility of upholding the rule of law when you don’t know the rules of the law: The Norwegian social insurance scandal. In: Verfassungsblog. Available at: https://verfassungsblog.de/the-impossibility-of-upholding-the-rule-of-law-when-you-dont-know-the-rules-of-the-law/ (accessed 1 March 2025).

15.

Gundhus

(1999) Automatisert kontroll av tillit. Forskyvninger i Arbeidsmarkedsetatens kontrollbilde [Automated control of trust. Shifts in the labour market agency’s control framework]. Master’s degree thesis, University of Oslo. Available at: http://urn.nb.no/URN:NBN:no-36384 (accessed 1 March 2025).

16.

Hellum

Ikdahl

Strand

(2023) Between norms and institutions: Unlocking the transformative potential of Norwegian equality and anti-discrimination law. In: Hellum

A et al.

(eds) Nordic equality and anti-discrimination laws in the throes of change: Legal developments in Sweden, Finland, Norway, and Iceland. London: Routledge, 130–189.

17.

Hofmann

Sæbø

Rydén

(2024) Implications of digitalised welfare services from a vulnerable citizens' perspective. Nordic Welfare Research 9(2): 127–141.

18.

Ikdahl

Eriksen

(2023) Navs kontrollsystem og trygdeskandalen [The welfare administration’s systems for control and the social security scandal]. Tidsskrift for Erstatningsrett, Forsikringsrett og Trygderett 19(4): 186–230.

19.

Interministerial Working Group (2003) EU-utvidelsen, arbeidstakere og velferdsordninger [EU expansion, workers and welfare]. Report commissioned by the Ministry of Municipal and Regional Affairs.

20.

Interministerial Working Group (2004) EØS-utvidelsen og velferdsordninger. Oppfølgingsrapport [EEA expansion and welfare]. Report commissioned by the Ministry of Municipal and Regional Affairs.

21.

Interministerial Working Group (2014) Eksport av velferdsytelser. En gjennomgang av problemstillinger knyttet til eksport av velferdsytelser. [Export of welfare benefits: A review of questions associated with export of welfare benefits].

22.

Kuhnle

Solheim

(1985) Velferdsstaten – vekst og omstilling [The welfare state – growth and adaption]. Oslo: Tano.

23.

Ministry of Digitalisation and Administration (2024) Fremtidens digitale Norge. Nasjonal digitaliseringsstrategi 2024–2030 [The digital Norway of the future: National strategy for digitalisation 2024–2030]. Oslo: Ministry of Digitalisation and Administration.

24.

Ministry of Municipal Affairs and Modernisation (2016) Meld. St. 27 (2015–2016) Digital agenda for Norge — IKT for en enklere hverdag og økt produktivitet [Digital agenda for Norway – ICT for a simpler everyday life and increased productivity]. Ministerial report to the Parliament. Oslo: Ministry of Municipal Affairs and Modernisation.

25.

Ministry of Municipal Affairs and Modernisation (2019) Én digital offentlig sektor. Digitaliseringsstrategi for offentlig sektor 2019–2025 [One digital public sector: Strategy for the digitalisation of the public sector 2019–2025]. Oslo: Ministry of Municipal Affairs and Modernisation.

26.

Ministry of Social Affairs and Health (1995) St. mld. nr 35 (1994–1995) Velferdsmeldingen [The welfare report]. Ministerial report to the Parliament. Oslo: Ministry of Social Affairs and Health.

27.

Ministry of Work and Welfare (2017) Meld. St. 40 (2016–2017) Eksport av norske velferdsytelser [Export of Norwegian welfare benefits]. Ministerial report to the Parliament. Oslo: Ministry of Work and Welfare.

28.

Netland

(2023) Norwegian child welfare cases in the European Court of Human Rights: An ethical perspective on the judgments. In: Nordby

Netland

Halsa

(eds) Child welfare and the significance of family. Oslo: Cappelen Damm Akademisk, 203–223.

29.

Nordrum

JCF

(2023) Codification of Norwegian administrative law. In: Uhlmann

(ed) Codification of administrative law: A comparative study on the sources of administrative law. London: Hart Publishing, 215–240.

30.

Nordrum

JCF

Ikdahl

(2022) En vidunderlig ny velferdsstat? Rettsstaten møter den digitale velferdsforvaltningen [A brave new welfare state?: Rule of law in the digital welfare administration]. Tidsskrift for Velferdsforskning 25(3): 1–19.

31.

NOU (2011) Velferd og migrasjon – Den norske modellens framtid [Welfare and migration: The future of the Norwegian model]. NOU 2011: 7. Report from a governmental commission.

32.

NOU (2020a) Blindsonen — Gransking av feilpraktiseringen av folketrygdlovens oppholdskrav ved reiser i EØS-området [The blind spot: Inquiry into the wrongful practice of the National Insurance Act’s requirements of stay in Norway on travel within the EEA area]. NOU 2020: 9. Report from a governmental inquiry commission.

33.

NOU (2020b) Den tredje statsmakt – Domstolene i endring [The third branch of government: Dynamics of change in the courts]. NOU 2020: 11. Report from a governmental commission mandated to consider the organisation of courts.

34.

NOU (2021) Trygd over landegrensene – Gjennomføring og synliggjøring av Norges trygdekoordineringsforpliktelser [Social security crossing borders: Implementation and visibility of Norway’s obligations to ensure coordination of social security]. NOU 2021: 8. Report from a governmental law commission.

35.

Nylund

(2021) Institutional aspects of the Nordic justice systems: Striving for consolidation and settlements. In: Ervo

Letto-Vanamo

Nylund

(eds) Rethinking Nordic courts. Cham: Springer, 187–211.

36.

Office of the Auditor General (2015) Riksrevisjonens rapport om den årlige revisjon og kontroll for budsjettåret 2014. Dokument 1 (2015–2016) [Annual audit report of the Office of the Auditor General for the year 2014].

37.

Pavone

Stiansen

(2022) The shadow effect of courts: Judicial review and the politics of preemptive reform. American Political Science Review 116(1): 322–336.

38.

Reutter

(2022) Constraining context: Situating datafication in public administration. New Media & Society 24(4): 903–921.

39.

Sand

(2024) What is the function of welfare law today? Consequences of the work-line policy. In: Nielsen

SPP

Hammerslev

(eds) Transformations of European welfare states and social rights: Regulations, professionals, and citizens. Cham: Palgrave Macmillan, 41–59.

40.

The National Insurance Act (1997) Folketrygdloven, adopted 1 May 1997.

41.

Vonk

Ranchordás

(2025) Welfare state dystopia and the response of the law: An agenda for the 21st century. European Journal of Social Security 27(2).

The administrative architecture of a Norwegian social security scandal

Abstract

Keywords

The scandal

The landscape: Welfare policy, digitalisation and legal complexity

The changing policy landscape of the Norwegian welfare state

Digitalisation and the quest for more efficient public administration

Increased legal complexity: Integration of European law into the welfare administration

The administrative architecture: Grey areas and limited external control

Regulatory techniques: Confining the administration in grey areas

Managing the grey areas inside administrative space

Peeping through the window? External control of the administration

Observations

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

Notes

References