Logo and page links

Main menu

How to apply to join the sandbox?

Do you have an innovation project with privacy challenges? Could your project benefit from close communication with the Data Protection Authority to find good solutions that protect user privacy? If so, you could apply to join our regulatory sandbox. The application deadline for the fifth sandbox round was 1st of November 2023. The next application deadline is not yet set, but is expected to be in the Spring of 2024.

New and extended mandate

In connection with the regulatory sandbox going from being a test project to becoming a permanent guidance offer at the Norwegian Data Protection Authority, the mandate was extended from exclusively helping AI projects to also apply to other privacy-friendly innovation and digitalisation. It is therefore no longer a criterion that the project must involve artificial intelligence. But it is also not disqualifying if it does.

The most important thing is that it is a project where not only the participant benefits from the sandbox process, but that the knowledge generated together with the Data Protection Authority can help many more on the way to privacy-enhancing solutions.


The next application deadline is not yet set, but is expected to be in the Spring of 2024.

You can apply at any time, and your application will be considered together with applications received by the next deadline.

Applicants must use the form below, and send it to . The application will be registered in the Norwegian Data Protection Authority’s archive system.


As applications are submitted via e-mail, we encourage you to protect the contents of your application if you believe all or some of the content is sensitive information. If you want to protect the content of your document before sending it, take the opportunity to password-protect the Word document (File, Save as, Tools, General options, Password to open). The password may be shared with us via telephone. Alternatively, you may use PGP encryption.

What happens next?

The Data Protection Authority will invite applicants to a short interview during the first weeks following the application deadline. Projects that meet the criteria will be asked to submit supplementary information. On this basis, the Data Protection Authority will select a handful of projects, which will receive an invitation to join the sandbox. Project initiation dates should be within December.

Applications are assessed and selected by an internal Data Protection Authority committee. Toward the end of the selection process, the Data Protection Authority will invite an external reference group to provide recommendations for the selection process. The objective of this reference group is to provide an external perspective, to make sure that the projects we select have the best possible potential for social relevance and benefit.

When projects are completed, we will accept applications for a new round of projects.

Practical information about submitting, receiving and archiving applications

The Data Protection Authority is subject to the Freedom of Information Act, which means that anyone may demand access to documents sent to and from us. We do not grant access to confidential information. This includes technical devices and procedures or operational or business matters, which, for reasons of competition, it is important for the organization to keep secret, see Section 13 of the Public Administration Act.

If any party requests access to the applications, we will first contact the applicants to find out what their position is.