News

Nordic IT organisations are being hit simultaneously by the AI Act, NIS2, DORA, cloud sovereignty requirements, and a board that wants AI yesterday. The people being asked to make sense of all of it are infrastructure architects and security engineers. This is not what they signed up for.

Oslo, June 2026

There's a meeting happening in organisations across Norway right now. It's usually called something like "AI governance working group" or "digital sovereignty task force." In the room: someone from legal, someone from IT, someone from the business, and one increasingly anxious infrastructure architect who has just realised that the policies being discussed will land on their plate to implement.

Welcome to 2026.

‍

The convergence no one planned for

The Nordic compliance picture this year is unlike anything that came before it — not because any single regulation is new, but because of what's arriving at the same time.

"The Nordics face a unique situation, with major compliance requirements such as the AI Act, NIS2, GDPR, and ISO 42001 all taking effect simultaneously. Yet many organisations still approach these frameworks as separate systems, which only adds to costs and complexity." - Twoday, Nordic AI Governance in 2026, February 2026

NIS2 is no longer coming — it's here. Denmark reached full compliance in July 2025. Finland has seven sector-specific authorities enforcing it. Sweden's Cybersäkerhetslagen entered force on 15 January 2026, and is widely regarded as one of the most comprehensive NIS2 implementations in Europe. Norway is targeting AI Act implementation for summer 2026.

At the same time, the broader wave of EU digital regulation is breaking. DORA applies to the financial sector from January 2025. The bulk of the EU AI Act obligations for high-risk systems land on 2 August 2026. The Cyber Resilience Act starts reporting requirements in September 2026. Seven overlapping frameworks, all live within roughly the same eighteen months.

The fines for getting it wrong are not abstract. Under NIS2, essential entities face penalties of up to €10 million or 2% of global annual turnover — and in serious cases, management can face personal liability and temporary bans from holding leadership functions.

‍

The analysts have been watching

Deloitte's State of AI in the Nordics 2026 report — drawn from interviews with 170 senior executives across Denmark, Finland, Norway, and Sweden — paints a specific picture of where organisations stand:

55% feel prepared on infrastructure. Strategic preparedness: down to 43%. Talent preparedness: just 14%. - Deloitte, State of AI in the Nordics 2026

Read that again. Technical readiness is relatively strong. Strategic and talent readiness has collapsed.

That gap — between the capability to build things and the organisational capacity to govern them — is where the real risk lives right now. And it's not a leadership problem or a legal problem in isolation. It's an infrastructure problem. Because governance only has teeth when it's implemented, and implementation is infrastructure.

‍

The sovereignty question is no longer abstract

Data sovereignty was a policy discussion two years ago. Today it's an architecture decision.

Where does this AI workload run? Which jurisdictions does that data touch? Who has legal access to it under what circumstances? If the model is hosted by a hyperscaler, what does that mean for NIS2 obligations? If the pipeline processes data under GDPR, what happens when it passes through a model you don't fully control?

These aren't questions a CTO can answer alone. They require someone who understands the architecture deeply enough to trace the data flows, the dependencies, the points of exposure.

Norway is better positioned than most to build answers to these questions. Significant data centre investment is underway — Statnett and regional grid provider Fagne are both building new substations to support expansion.

"The Nordics are proving increasingly well-positioned. The appeal is becoming increasingly practical rather than aspirational." - Techerati, Nordic Data Centres Move From Ambition to Execution, May 2026

But infrastructure advantage only translates into compliance advantage if the organisations consuming that infrastructure know how to leverage it. Right now, many don't.

‍

The AI layer makes everything harder

Before AI, compliance had a relatively bounded scope. Data sat somewhere. It moved through defined systems. You could map it, audit it, demonstrate control over it.

AI breaks that model.

Netsecurity, who works directly with Norwegian critical infrastructure clients, was direct about the threat landscape shift:

"The upcoming NIS2 directive will extend requirements to more sectors and introduce significant sanctions for non-compliance. But the legislation describes minimum requirements, not sufficient protection. Businesses that only aim for compliance are already lagging behind in the face of a threat landscape that is evolving faster than the regulations." - Netsecurity, AI-driven cyberthreats to critical infrastructure, 2026

When an AI model processes queries about your systems, makes decisions inside your infrastructure, or interacts with your identity stack, the compliance surface area expands in ways that are genuinely new. The question of whether an AI-assisted incident response process satisfies NIS2's 24-hour early warning requirement, for instance, isn't a question that most legal teams or most infrastructure teams can answer alone. It requires both.

The organisations navigating this well are the ones treating AI governance as an infrastructure problem, not a policy problem — because that's ultimately where it lands.

‍

The governance gap has a name now

The World Economic Forum put a frame on it earlier this year that cuts through a lot of noise:

"When AI becomes embodied, governance becomes infrastructure. AI governance — rather than raw technical capability — has become the decisive factor." - World Economic Forum, February 2026

That's the shift. Governance isn't a layer you add on top of infrastructure. In 2026, it is infrastructure. The people who design, build, and run these systems are the people being asked to make governance real — whether they were trained for it or not.

Jeffrey Snover — who spent thirty years building the infrastructure the industry runs on, and who now works on AI governance at Harvard's Berkman Klein Center — framed the operational challenge directly ahead of NIC 2026:

"AI is changing both what's possible and the effort required to reach what's possible — and those goalposts move every quarter. We need to be honest about that, hold our beliefs loosely, and share best practices for the balance that matters most: delivering results today while continually figuring out how AI can help us deliver them better." - Jeffrey Snover, NIC 2026 Keynote Speaker

‍

The conversation that needs to happen

There is good thinking happening across the Nordic IT community right now, on both sides of this problem: people who have worked through what the regulations demand in practice, and people who have built infrastructure to support those demands. The problem is that those two groups aren't always in the same room.

That's the conversation NIC 2026 is designed to enable. Not sessions walking you through regulatory text you can read yourself. Practical, honest exchanges between people who have had to figure out what NIS2 actually means for their monitoring architecture, what cloud sovereignty requirements mean when you're making a hybrid architecture decision under budget pressure, and where AI governance policy meets the production system.

The frameworks are here. The questions are real. The people with the answers are, mostly, practitioners who've been working through it themselves.

October is the best time to find them all in one room.

The infrastructure professional of 2026 is being asked to do something they were never hired to do: supervise machines that are starting to do their job for them. That shift is happening now, faster than any org chart has caught up with.

Oslo, June 2026

There's a conversation happening in IT departments across Norway and the Nordics right now. It usually starts quietly — someone notices that a vendor has embedded an AI agent into the monitoring stack, or that an automation tool has started making decisions it used to ask a human about. Then someone asks the obvious question: who owns this?

No one raises their hand.

That's not a staffing failure. It's a structural one. The role of the infrastructure professional is changing in real time, but the job descriptions, the org charts, and the training programmes are still catching up to a world that moved on without them.

What's actually shifting

For the last decade, automation in IT has largely meant taking things a human used to do manually and making them faster and more repeatable. Scripts, runbooks, pipelines. The human was still in the loop — designing the automation, reviewing the output, making the call.

What's different now is the nature of the agent.

AI agents in 2026 aren't just running pre-defined playbooks. They're detecting anomalies, correlating root causes, suggesting and in some environments autonomously executing remediation — without a human in the loop at all. The numbers back it up.

"By 2029, 70% of enterprises will deploy agentic AI as part of IT infrastructure operations — up from less than 5% in 2025." - Gartner, Predicts 2026: AI Agents Will Transform IT Infrastructure and Operations

That isn't a distant horizon. It's four years. And the early movement is already visible in production environments today.

The infrastructure engineer who spends their days configuring, monitoring, and responding is becoming the professional who defines what the agent should do, what it should never do — and who takes accountability when the agent gets it wrong. That's a fundamentally different job. And it requires a fundamentally different set of skills.

The gap between the demo and the production environment

If you've sat through a vendor briefing in the last twelve months, you've seen the demo. The AI catches the incident before the pager fires. The agent patches the vulnerability while the engineer is still drinking their morning coffee. The remediation loop closes in seconds instead of hours.

Some of that is real. But the gap between the demo environment and a production system — with its legacy dependencies, political constraints, security requirements, and blast radius considerations — is where the real work happens.

The industry is feeling that gap acutely. A recent KPMG pulse survey found that 65% of organisations cite agentic system complexity as their top barrier to deployment, for two consecutive quarters. In the same period, the share reporting a lack of organisational infrastructure as a blocker more than tripled.

"AI agents are beginning to be deployed in today's I&O organisations. It is crucial for heads of I&O to assess not only their benefits, but to also remain aware of their continuing challenges to ensure safe and successful production implementations." - Gartner, December 2025

The honest questions that get asked in production, not in demos: What does this agent have access to? How do you audit what it did and why? If it remediates the wrong thing, who carries that? Where does the agent stop and the human start — and who decided that?

These aren't questions a vendor whitepaper answers. They're questions practitioners work out in production, over time, often the hard way.

The skills gap is real — and it's landing on infrastructure teams

Here's a number that should land hard:

94% of engineering leaders now report critical gaps in agentic AI expertise in their organisations. (Industry survey, Interview Kickstart, 2026)

Around a third say those shortages are affecting between 40 and 60 percent of the roles they need filled. This isn't a future problem. Organisations are hiring for it now — and struggling.

"86% of organisations expect significant changes to job roles and responsibilities within the next year. 75% are expanding hiring for AI-focused positions even as they reduce headcount in traditional technical roles." - Interview Kickstart industry survey, 2026

That last sentence deserves a pause. The reduction isn't because the work is disappearing - it's because the shape of the work is changing. The infrastructure engineers who will thrive are the ones who can answer the new questions:

• What governance model makes sense for an AI agent operating in our environment?
• How do we define acceptable autonomy — and what requires human sign-off?
• How does an AI agent in the ops stack interact with our identity infrastructure? Our security posture?
• Who trains it, who monitors it, and who pulls the plug?

These aren't theoretical questions. They're operational ones. And the people best positioned to answer them aren't consultants or AI researchers — they're the practitioners who've been running this infrastructure for years and understand what's at stake when it breaks.

‍

The role that's emerging

"AI agents will proliferate in 2026 and play a bigger role in daily work, acting more like teammates than tools. Building trust in them will be essential — starting with security." - Vasu Jakkal, VP Security, Microsoft

That framing — trust, starting with security — is exactly the lens an infrastructure team brings. Not blind adoption. Not refusal. Informed, sceptical, responsible integration.

"These digital agents will enable IT professionals to focus on defining service expectations, policy, and business intent — delivering a more seamless and efficient experience for their organisations." - Cisco, How AI Will Transform the Workplace in 2026

Defining expectations. Setting policy. That's not a diminished role — it's an expanded one. But it asks for different muscles than most people in infrastructure have had to develop until now.

‍

Why this conversation belongs at NIC

NIC has always been built around one premise: the people in the room know things that the slides don't say. Practitioners who've made the calls, lived with the consequences, and learned things you can't read in a vendor report.

This October in Oslo, that conversation has a new edge to it.

We're not gathering to discuss whether AI is changing infrastructure work. It is. We're gathering to work out how — what the transition actually looks like in practice, what mistakes have already been made, and what the people who've navigated it well did differently.

The session that tells you what an AI agent did in their environment and why it went wrong is worth more than ten sessions explaining what AI agents theoretically can do.

That's the kind of content NIC is built for. And in a year when everyone has an opinion about AI in IT, the most useful place to be in October is Oslo.

Jeffrey Snover is confirmed as keynote speaker at the Nordic Infrastructure Conference, 13–15 October at Oslo Spektrum. This is news that matters – not just because Snover is one of the most influential figures in the history of modern IT, but because he now sits at the centre of the industry’s most important conversation.

Oslo, June 2026

‍

It’s easy to list what Jeffrey Snover has done. Creator of PowerShell. Chief Architect of Windows Server and Azure Stack. Senior technical roles at Microsoft, Google, IBM and DEC across a career spanning more than 30 years. Over 30 patents.

But what makes him an extraordinary keynote speaker in 2026 isn’t the past – it’s the present.

Having stepped down from Google in January 2026, Snover is now a fellow at the Berkman Klein Center at Harvard, where he works on the governance of artificial intelligence. He helped build the infrastructure the IT world runs on. Now he’s helping define what rules it should follow.

Very few people in this industry can say the same.

He was here in 2013 and he hasn’t forgotten it

Snover gave the keynote at NIC as far back as 2013, the conference’s second year. He isn’t coming back because it’s convenient or expected. He’s coming back because NIC is one of the places he actually wants to be.

“I gave the keynote at the second NIC, in 2013, and the room felt like home – pragmatic, deeply technical, and allergic to marketing. These were my people, my tribe. Coming back wasn’t a decision I needed to think about.” — Jeffrey Snover

That’s not a courtesy phrase. It’s a description of what NIC has been from the start: a conference built on substance over spectacle, where less slides, more demos isn’t a tagline – it’s an actual principle.

What he thinks about the Nordic tech community

Snover is candid about why he values this particular audience. In an industry defined by hype and overpromising, he sees the Nordic technology community as a corrective force – a place where value is measured by what works in production, not what sounds good in a deck.

“Amid widespread AI hype, the Nordic tech community is a crucial touchstone to reality. They build for the long term, question assumptions, and measure value by what functions in production. They provide the needle to the Silicon Valley bullshit bubble.” — Jeffrey Snover

That perspective lands hard in 2026, as AI investment and AI promises pour in from every direction – and IT leaders everywhere are trying to separate signal from noise.

Why this keynote matters right now

NIC 2026 is built around the themes that will determine who succeeds in the years ahead: automation in a world where AI is reshaping what people do, identity and security under a rapidly shifting threat landscape, cloud infrastructure evolving faster than most organisations can absorb – and leadership when the pace of change outstrips the pace of the organisation.

Snover’s keynote sits at the heart of all of it. He isn’t an analyst commenting from the sidelines. He’s one of the people who built the systems we’re talking about – and who is now actively working on the question of what governs what replaces them.

What does that mean in practice for IT professionals and decision-makers? Snover is direct:

“AI is changing both what’s possible and the effort required to reach what’s possible – and those goalposts move every quarter. We need to be honest about that, hold our beliefs loosely, and share best practices for the balance that matters most: delivering results today while continually figuring out how AI can help us deliver them better.” — Jeffrey Snover

This isn’t a philosophical question about the future. It’s an operational reality that is hitting budgets and architecture decisions right now.

‍

Somewhere in your organisation right now, someone is building something with AI. Maybe it's sanctioned. Maybe it isn't. Maybe it's genuinely useful. Maybe it's a six-week project that's quietly on fire. The honest truth is: most of us are making this up as we go – and the ones who tell you otherwise are probably trying to sell you something.

We are living through one of those rare moments where the rules of the game are being rewritten faster than anyone can read them. AI isn't coming. It's here, it's uneven, and it's landing differently in every organisation depending on who's in the room, what they've tried, and how badly the first attempts went.

That's not a criticism. That's just where we are.

The question isn't whether AI will change how your infrastructure is built, how your team works, or how decisions get made. It will. The question is whether you're navigating that change with good information and real experience behind you – or whether you're mostly reading vendor whitepapers and hoping for the best.

The gap between the pitch and the production environment

There is a version of the AI story that sounds very clean. Efficiency gains. Transformed workflows. Competitive advantage. Lower costs. And sure – some of that is real. But the gap between the demo and the production environment is where careers are made and budgets go to die.

The organisations moving well right now aren't the ones who said yes to everything. They're the ones who asked the right questions early: What does this actually cost to run? Who owns it when it breaks? How does this interact with our identity infrastructure? What happens to our security posture when we hand more surface area to a model we don't fully understand?

These aren't philosophical questions. They're Monday morning questions. And right now, a lot of people are answering them alone – or not at all.

The loneliness of making hard calls in a fast-moving field

Here's something that doesn't get said enough: being responsible for IT infrastructure and security in 2026 is genuinely difficult. The threat landscape has shifted. The tooling is changing. The expectations from leadership are rising. And the margin for error is shrinking.

You can read all the reports you want. You can follow the right people on LinkedIn. But there's a kind of knowledge that only comes from sitting in a room with someone who has actually done the thing – who has made the call, lived with the consequences, and come out the other side with something useful to say.

That's the knowledge that's hard to find. And that's exactly what NIC is built around.

What NIC 2026 is actually about

Nordic Infrastructure Conference has been doing this since 2011. Not trends. Not keynote theatre. Practical, technical, honest conversation between people who build and run things for a living.

NIC 2026 is organised around four areas that we think define the next few years for anyone working in IT:

Automation – not automation as a cost-cutting exercise, but automation in a world where AI is actively changing what humans need to do, what they're good at, and where the handoff between person and system actually belongs.

Identity and security – the threat landscape isn't just more dangerous, it's structurally different. AI-assisted attacks, shifting perimeters, increasingly complex access environments. Getting this right isn't optional.

Cloud infrastructure – the platforms are maturing, but the decisions are getting harder. Build vs. buy, on-prem vs. cloud, cost visibility, operational complexity. The easy answers ran out a while ago.

Leadership and AI governance – perhaps the hardest one. How do you lead a team through this? How do you make good decisions when the ground keeps moving? How do you set policy for tools that are evolving faster than your policy cycle?

These aren't separate tracks. In practice, they bleed into each other constantly – which is why the most valuable conversations at NIC tend to happen between sessions, not during them.

The people in that room

What makes NIC different isn't the agenda. It's who shows up.

NIC attracts people who care more about what works in production than what looks good in a presentation. Practitioners, architects, engineers, and leaders who have been around long enough to be sceptical – and experienced enough to know when something is genuinely worth paying attention to.

This year, one of those people is Jeffrey Snover. Creator of PowerShell. Chief Architect of Windows Server and Azure Stack. Now a fellow at the Berkman Klein Center at Harvard, working on AI governance. A man, in other words, who helped build the infrastructure we all run on – and who is now asking hard questions about what should govern what comes next.

He's one of many. But he's a good example of the kind of voice you'll find at NIC: people who have earned the right to have an opinion, and who are generous enough to share it.

You don't have to have it figured out

If you're coming to NIC 2026 with all the answers, you might be at the wrong conference.

But if you're coming because the questions are getting harder, because the pressure is real, and because you'd rather work through it with a room full of sharp, honest people than keep reading the same recycled takes – you're exactly who this is for.

Nobody has the full picture right now. The best any of us can do is stay curious, stay connected, and make sure we're learning from the right people.

That's what October is for.