Section 8

Nordic energy security cooperation roadmap

Image: iStock

The Nordic energy system is often seen as a model of regional integration. That description is in part accurate but incomplete. The Nordic region benefits from low-carbon power generation, mature market institutions, and decades of TSO cooperation in electricity markets. What it does not yet have is a regional framework adequate to the current threat environment.

Three developments have exposed the gap between reputation and reality. Russia’s full-scale invasion of Ukraine in 2022 demonstrated that energy market integration transmits geopolitical shocks regardless of a country’s own fuel mix: Nordic electricity prices tracked continental European gas prices despite the region’s low gas dependence. A sequence of sabotage incidents on Baltic Sea subsea infrastructure between 2022 and 2024 established that energy assets previously assumed safe from deliberate attack are now targets. And the 2026 Strait of Hormuz crisis showed, within days of the strait’s closure, that even a region structurally buffered from Middle Eastern oil flows is exposed through price transmission.

The cooperation architecture has not kept pace. It is strong where it has had decades to develop: electricity market operations, TSO coordination, and technical emergency preparedness protocols. It is largely absent in the areas where the current threat environment now calls for closer cooperation: joint strategic assessment, live information sharing with operational teeth, physical infrastructure protection, and gas and future hydrogen governance.

The nine cooperation domains in this roadmap address these gaps directly. Recommendations are sequenced over two time horizons: short-term actions achievable within existing structures in zero to three years, and medium-term measures requiring new arrangements or investment over three to ten years. Throughout, the principle is to build on what already exists rather than build parallel tracks, and to focus on issue areas where Nordic cooperation adds value over national approaches. Complementary to the regional cooperation roadmap, Annex 1 includes country-specific energy profiles and recommendations.

8.1 Strengthening system-level Nordic energy security cooperation

8.1.1 Regional energy security strategy

The implementation of effective regional energy security approaches depend on sufficient governance arrangements to facilitate them. Without a formally adopted Nordic Energy Security Strategy and the institutional anchor it provides, the following recommendations remain unallocated to any responsible Nordic body with the mandate to drive them. The recommendations here are therefore the connective tissue of the entire roadmap.

Short-term (0–3 years)

Recommendation 1: Nordic Energy Security Strategy. The Nordic Council of Ministers leads the development of a Nordic Energy Security Strategy that synthesises the key cross-border vulnerabilities identified in this report and the cooperation steps set out in this roadmap. The strategy should rest on two foundations. First, a clear public statement of what Nordic energy security cooperation is intended to achieve. Second, a continuous review and update process, for example a three-yearly cycle aligned with national energy and security planning.

Recommendation 2: Cooperation Architecture Mapping. The Nordic energy cooperation should publish and maintain a regularly updated public registry of Nordic energy security cooperation mechanisms (what exists, what is being developed, and where gaps remain). The registry would directly address one of the observations of this project: many actors across the Nordic states who are deeply involved in national energy security policies and implementation are not aware of either formal or informal cooperation mechanisms in their area.

Medium-term (3–10 years)

Recommendation 3: Dedicated Nordic Energy Security Working Group. Establish a dedicated Nordic Energy Security Working Group on energy security with a mandate covering the full cross-sectoral cooperation agenda mapped in this report. Membership should include representatives of TSOs (both electricity and gas) national energy regulators; energy ministries; national cybersecurity agencies. The purpose of the group would be to set priorities for cooperation in areas with cross-border relevance.

8.1.2 Cross-border situational awareness and information sharing

Section 3’s analysis identified the absence of a joint Nordic energy security threat assessment as one of the most consequential strategic-planning gaps. The survey evidence is consistent with this: information sharing and situational awareness was the cooperation domain most frequently identified by respondents as the priority area for deepening Nordic cooperation.

Short-term (0–3 years)

Recommendation 4: Annual Nordic Energy Security Threat Assessment. Nordic Energy Research commissions and publishes an annual joint Nordic energy security threat assessment, drawing on national risk assessments, TSO operational data, and inputs from national cybersecurity agencies. The assessment takes a two-format structure: a public summary suitable for policy-facing audiences, and a classified annex shared with national authorities for operational and asset-specific detail.

Recommendation 5: Nordic Energy Security Information Sharing Protocol. Establish a standing protocol for trusted cross-border information sharing among Nordic national energy authorities, TSOs, and cybersecurity agencies. The protocol defines four parameters: scope (incident reporting, threat intelligence, infrastructure vulnerability data); classification levels (what can be shared at Nordic level versus what requires bilateral arrangements); access arrangements (who is authorised to receive what); and escalation procedures during a live incident. The EU's NIS2 cybersecurity incident-reporting obligations are the institutional foundation on which this protocol is built, not a parallel structure.

Medium-term (3–10 years)

Recommendation 6: Nordic Energy Security Operations Centre Feasibility Assessment. Commission a feasibility study into a Nordic energy security operations centre that provides 24/7 cross-border situational awareness, modelled on the operational logic of the Nordic Regional Coordination Centre but with an explicit security mandate and coverage of all energy carriers and critical infrastructure. The study examines institutional location, staffing, classification handling, and the interface with national security and intelligence agencies. No structural decision is pre-committed before the assessment is complete.

8.1.3 Subsea and on-land infrastructure protection

Section 4 set out the case that subsea infrastructure protection has moved from theoretical concern to operational necessity, with Estlink 2 the clearest single example of a problem with a known solution. The recommendations below convert that diagnosis into actionable Nordic measures, framed as complements to the emerging EU framework rather than parallel structures.

The EU framework has advanced substantially since 2025: the EU Action Plan on Cable Security, the Cable Security Toolbox with its €347 million budget allocation in February 2026, a €20 million Baltic Sea pilot for pre-positioned modular repair equipment, and the proposed multi-purpose EU Cable Vessels Reserve Fleet with icebreaker capability for northern latitudes.

Nordic cooperation in this area is not a substitute for the EU framework but addresses three structural gaps within it. First, the security-restricted CEF Digital cable repair capacity calls exclude non-EU participants, including EEA members. Norwegian public entities are not eligible for the Baltic Sea pilot or subsequent follow up projects, despite Norway's general association with the CEF programme. Norwegian North Sea infrastructure, including gas pipelines, NordLink, North Sea Link, and the planned North Sea offshore grid, therefore falls outside the funded EU repair capacity programme.

Second, the EU mechanism covers submarine telecom and data cables specifically. Currently, HVDC power cables and subsea gas pipelines fall outside the scope entirely. Power cables require heavier cable handling and different jointing techniques. The EU acknowledges the need for combined efforts between member states, cable owners, and producers to standardise electricity cable spare parts and repair crew training, but no funded mechanism yet exists. Subsea gas pipelines are governed by a separate framework altogether (the EU Gas Security of Supply Regulation and bilateral arrangements) and have no equivalent repair vessel or equipment programme at EU level despite the demonstrated vulnerability following the Balticconnector rupture in October 2023.

Short-term (0–3 years)

Recommendation 7: Priority Cable Repair Vessel Access Agreements. Negotiate Nordic priority-access agreements with specialist cable repair vessel operators, addressing three gaps in the emerging EU undersea cable protection architecture. First, extend repair capacity coverage to Norwegian subsea infrastructure: gas pipelines and HVDC interconnectors, which fall outside the EU CEF Digital framework because Norway is not an EU member state. Second, focus specifically on HVDC power cable repair capability, including specialised jointing equipment, heavy cable handling, and converter-specific components, which the EU's modular repair equipment calls do not yet cover. Third, establish standing contractual arrangements with identified vessel operators (pre-agreed activation triggers, response times, and cost-sharing). The agreement scope covers vessel operators with Baltic Sea and North Sea operating capability, bilateral and multilateral coverage of specific cable assets, and integration with the existing bilateral Finland-Estonia repair capacity work led by Finland's National Emergency Supply Agency. These Nordic arrangements should be designed from the outset to be compatible with the EU Cable Vessels Reserve as it becomes operational, so that Nordic contracts can be folded into the broader European framework rather than creating a parallel structure.

Recommendation 8: Harmonised Physical Protection Standards for Critical On-Land Infrastructure. Agree minimum Nordic standards for the physical protection of critical on-land energy infrastructure (electricity substations, oil and gas storage facilities, interconnector landing points). Common standards help to create a shared investment floor and enable joint procurement of protective equipment and mutual audit between Nordic operators.

Medium-term (3–10 years)

Recommendation 9: Nordic Joint Emergency Repair Capacity Framework. Establish a Nordic mutual assistance framework for energy infrastructure emergency repair, comprising five components. First, a pre-positioned strategic spare parts reserve covering large power transformers and HVDC cable joining materials. Second, a shared register of specialist repair crews with pre-agreed cross-border access and liability arrangements. Third, joint procurement protocols for long-lead-time components (large power transformers carry 12–18 month lead times and HVDC cable and converter equipment longer still, manufactured by a small number of global suppliers). Fourth, the priority cable repair vessel access agreements scaled up from Recommendation 7. Fifth, a biennial Nordic energy infrastructure repair exercise to test the framework end-to-end. Cost-benefit analysis should determine whether stockpiling is centralised or distributed across national sites with mutual access.

Recommendation 10: Nordic Offshore Infrastructure Security Framework. Develop Nordic security-by-design standards for offshore wind substations and export cables in Nordic waters, covering the North Sea and Baltic. Standards address three areas: siting decisions that incorporate explicit security risk assessments; redundant cable routing requirements proportionate to system criticality; and incident response protocols that integrate civilian operators with NATO maritime surveillance assets. Bornholm Energy Island, with commissioning currently targeted for the early 2030s, is the first major implementation case. Its design choices have the potential to set precedents for subsequent offshore projects across the region.

8.1.4 Cyber and hybrid threat cooperation

Cyber and hybrid threats are the standout priority in practitioner assessment: in the survey of Nordic officials carried out for this project, hybrid and cyber threats were identified among the most pressing regional energy security challenges. The gap between the threat level and the current depth of Nordic cyber cooperation is one of the largest vulnerability-to-cooperation mismatches in the region. Nordic energy operators have developed an informal practitioner-level CISO network through monthly calls and biannual in-person meetings, which is the most concrete functioning cyber mechanism at Nordic level. The network plays an important role in building people-to-people connections and trust but it is not a substitute for a timely information sharing system and protocol.

The new NordSec Group, established by the four mainland TSOs in October 2024, adds a CEO-level layer above this. Both currently function as discussion forums rather than operational information-sharing networks. The recommendations below convert these forums into operational mechanisms, building on EU’s NIS2 cybersecurity reporting obligations.

Short-term (0–3 years)

Recommendation 11: Formalise and Develop Nordic Energy Sector CISO Cooperation. The existing informal practitioner-level CISO cooperation among Nordic TSOs and major energy operators provides a working foundation that should be formalised and extended into a trusted operational information-sharing network. Four components are required: secure communication infrastructure enabling encrypted real-time information exchange; incident notification protocols with defined timescales (T+4 hours for significant incidents, T+24 hours for full assessment); a shared threat intelligence feed for energy-sector cyber risks, building on NIS2 obligations; and a defined classification framework for what can be shared at Nordic level. Formalisation should preserve the community character that makes the current arrangement effective while providing the legal and institutional basis for operational sharing.

Medium-term (3–10 years)

Recommendation 12: Nordic Energy Security Cyber Exercise Programme. Establish an annual or biennial Nordic energy security exercise programme testing cross-border response to coordinated cyberattacks on interconnected energy infrastructure. Three design features are essential. First, exercises must include maritime energy infrastructure scenarios. Second, participants span TSOs, national cybersecurity agencies, and energy regulators, not just one type of actor. Third, a mixed participation by civilian energy sector and the military and intelligence community participants is ensured to prepare for realistic hybrid scenarios.

Recommendation 13: Nordic TSO Hybrid Threat Operational Protocol. Nordic TSOs in coordination with national cybersecurity agencies should develop a joint operational protocol for coordinated response to hybrid and state-sponsored threats against energy infrastructure. The protocol should address four gaps that the current Nordic System Operation Agreement Annex on Operational Planning does not cover. First, classification and escalation procedures for incidents where hostile intent is suspected but not confirmed, covering the period between initial anomaly detection and formal attribution. Second, cross-border notification obligations with defined timescales when a hybrid incident affecting one TSO's infrastructure may have consequences for neighbouring systems. Third, operational coordination procedures for simultaneous or cascading multi-asset disruption scenarios, including defined lines of communication between TSO operational centres, national cybersecurity agencies, and relevant military and intelligence contacts.

8.1.5 Integration of self-governed and autonomous regions in regional cooperation

Section 4 highlighted the two-tier participation by Nordic governments in regional cooperation mechanisms. Mainland (Denmark, Finland, Norway and Sweden) TSOs and ministries cooperate closely with each other, while self-governed regions are less engaged. On one hand, selective participation and flexibility are a strength in Nordic cooperation. Countries with very different needs and capacities are able to come together and selectively focus on the issues that matter to them most. At the same time, the special needs of the self-governed regions are not fully accounted for in current cooperation formats.

Short-term (0–3 years)

Recommendation 14: Dedicated Nordic Islands Energy Security Assessment. Commission a dedicated assessment of energy security in Island Energy Systems: the Faroe Islands, Greenland, Gotland, Iceland and Åland. The assessment should pay special focus on five dimensions: supply chain vulnerabilities including maritime logistics; repair capacity constraints for isolated systems; governance gaps in current cooperation arrangements; local renewable energy pathways as a security measure; and options for differentiated participation in Nordic cooperation frameworks.

8.2. Strengthening Nordic electricity security cooperation

8.2.1 Market design for flexibility and adequacy

The February crunch is the most specific near-term adequacy vulnerability identified in Section 2 and Section 5. It is a governance problem as much as a technical one. The Nordic electricity system is not five national systems that happen to be connected; it is one integrated system that operates as a whole, and national actions create externalities for neighbours.

Recommendation 15: Nordic TSO Demand Pipeline Protocol. Establish a formal protocol for cross-border sharing of major new electricity demand project pipelines. When a project above a defined threshold (e.g. 50 MW) receives grid connection approval in any Nordic country, the relevant TSO notifies all other Nordic TSOs and the Nordic RCC. This enables regional adequacy calculations to account for simultaneous demand surges. The protocol is achievable within existing Nordic RCC structures and existing TSO bilateral relationships. This is one of the most achievable and highest-value near-term measures in this roadmap to address challenges related to electrification dynamics. The scale of the problem is visible in Norway's data centre connection queue alone, which had reached 5.4 GW of reserved capacity by early 2026.

Recommendation 16: Nordic Adequacy Framework Alignment. Agree a common Nordic methodology for adequacy assessment. The methodology covers three components: a shared approach to electrification scenario development across the four mainland Nordic countries, accounting for both data centre demand growth and the trajectory of new capacity additions; a common value-of-lost-load (VoLL) methodology enabling cross-border cost comparison, in line with the ACER Security of Supply 2024 recommendations; and agreed criteria for what counts as an adequate reserve margin in a weather-dependent system with growing dependence on variable renewable generation. This is the prerequisite for coordinated investment in flexibility resources, and it builds directly on the precedent set by NER’s 2025 Toolbox for a Secure Energy Supply.

Medium-term (3–10 years)

Recommendation 17: Coordinated Capacity and Flexibility Mechanisms. Explore the introduction of new national capacity remuneration mechanisms or flexibility market designs, coordinate the design to avoid cross-border distortions and market fragmentation. Joint procurement is explored for pan-Nordic flexibility resources, particularly for cross-border demand response and shared strategic reserve arrangements, drawing on the Nordic Energy Research (NER) Toolbox finding that dispatchable flexible reserve mechanisms benefit from cross-border participation when transmission constraints are accounted for.

Recommendation 18: Data Centre Energy Security Integration. Develop Nordic guidelines for data centre siting, grid connection, backup power requirements, and demand response participation. The guidelines treat data centres as critical energy loads that require security classification distinct from other industrial loads in their concentration and inelasticity. Three components are essential. First, data centres above a defined size threshold must participate in demand response programmes during system stress events. Second, backup generation capacity (typically 72-hour diesel reserves at hyperscale facilities) is given credit in national resilience assessments. Third, the integration between data centre waste heat and district heating security is addressed in regulatory frameworks for both sectors, given the operational link Finnish data centres already create between the two.

8.2.2 Critical equipment storage, buffering, and component stockpiling

The energy system's ability to withstand and recover from disruption depends not only on operational cooperation but on the physical reserves and components available when something fails. Section 5 identified three dimensions of this problem. Large power transformers and HVDC cable components carry extremely long replacement lead times of twelve to eighteen months and are sourced from a small number of global manufacturers. In case of traditional fuel reserves for the self-governed regions, fuel stocks are often measured in weeks, not months, with maritime logistics the single point of failure. The Finland-Sweden bilateral work on joint emergency stockpiles is the only functioning Nordic mechanism addressing any of these dimensions. Scaling Nordic cooperation to a regional level would significantly strengthen preparedness in a system that is closely integrated.

Short-term (0–3 years):

Recommendation 19: Nordic Critical Component Inventory and Stockpile Scoping Study. Commission a joint inventory of critical energy system components across the Nordic region, covering large power transformers, HVDC cable and converter equipment, and key wind turbine subsystems. Map existing national stockpiles, lead times, and manufacturer dependencies. The study would identify which components are most exposed to single-supplier concentration, longest lead times, and highest consequence of unavailability, and produces options for a coordinated Nordic stockpiling arrangement, including centralised versus distributed storage and opt-in procurement protocols.

Medium-term (3–10 years)

Recommendation 20: Nordic Strategic Component Reserve. On the basis of the inventory findings, establish a coordinated Nordic strategic reserve for the highest-risk component categories. The reserve model builds on the Finland-Sweden pilot and extends it regionally on three principles. First, distributed storage: components are held at nationally designated sites with pre-agreed mutual access agreements, avoiding the political and logistical complexity of a single centralised facility. Second, joint procurement: Nordic countries negotiate collectively with manufacturers for priority production slots and pre-positioned delivery commitments, targeting the large power transformer and HVDC converter categories where lead times are longest and supplier alternatives fewest.

8.3 Strengthening Nordic natural gas cooperation

8.3.1 Gas resilience and energy transition

Gas occupies a paradoxical position in Nordic energy security: the region’s most significant structural cooperation gap lies in the sector that is being phased out. The 10–15 year transition period during which gas retains material importance for industry, peak generation backup, and winter heating in Denmark and Finland coincides with a structural asymmetry. Norway is Europe’s largest pipeline supplier with approximately 130 bcm of production in 2024 and 95 per cent exported to the EU and UK by pipeline, but Norway sits outside the EU framework that governs its main customers. Section 6.1.2 documented that no pan-Nordic gas TSO coordination forum exists; Norway’s Gassco participates in ENTSOG only as an observer; and the structural relationship between Norwegian production and EU consumption is governed by the Norway–EU bilateral gas partnership of 2022 rather than by any Nordic regional framework. The recommendations here address both the transition period and the framework that will govern hydrogen as gas’s successor.

Short-term (0–3 years)

Recommendation 21: Nordic Gas Emergency Sharing Framework: Norway Integration.

Integrate Norway into Nordic emergency gas coordination. Norway holds no bilateral gas emergency agreement with any Nordic country. This is a structural governance outcome: the EU solidarity mechanism under Regulation 2017/1938 applies to EU member states only, and Norway's position as a large-scale producer rather than a gas-dependent consumer means it has never had reason to construct such agreements from its own security-of-supply perspective. The Norway–EU bilateral gas partnership of 2022 and the subsequent Energy Dialogue of 2023 establish supply cooperation and volume commitments but contain no crisis activation procedures, no notification thresholds, and no emergency coordination mechanism. In a crisis scenario involving disrupted Norwegian output, whether from infrastructure failure, industrial action, or hostile action against offshore assets, no agreed procedure currently governs how Norway communicates with Nordic gas authorities, what information is shared, and on what timeline.

First, bilateral emergency agreements should be negotiated between Norway and Denmark, and between Norway and Finland. Second, a pan-Nordic gas TSO forum should be established and include Norway’s Gassco. Currently, Gassco participates in ENTSOG only as an observer and has no standing engagement with Nordic gas TSOs as a group.

Medium-term (3–10 years)

Recommendation 22: Nordic Hydrogen Security-of-Supply Framework. Energy security considerations should be embedded in the development of hydrogen infrastructure from the outset.

First, and immediately: Nordic countries should collectively ensure that the security-of-supply dimension is embedded in hydrogen production projects in the region from the feasibility study phase onward.

Second, as the hydrogen market develops: Once cross-border hydrogen flows are material, develop Nordic-level emergency sharing arrangements drawing on the structural lesson from gas: the gas solidarity mechanism took until 2017 to legislate, bilateral agreements are still incomplete in 2025, and the LNG shift rendered much of the original framework obsolete before it was operational. For hydrogen, the framework should be designed before it is needed, not in response to the first crisis. The EU Regulation 2024/1789 does not establish hydrogen solidarity obligations. Nordic countries can move ahead of the EU baseline here, as they have done on electricity. A Nordic hydrogen emergency consultation protocol should cover notification obligations, reserve capacity commitments, and cross-border disruption procedures.

8.4. Strengthening Nordic fuel supply cooperation

8.4.1 Affordability and demand-side resilience under geopolitical shock

The 2026 Iran war began with US and Israeli strikes on 28 February and was followed by the Iranian closure of the Strait of Hormuz in early March. It exposed a vulnerability that the Nordic region is not yet structured to manage cooperatively. The IEA’s 11 March collective action, with 400 million barrels released, was the largest coordinated release from strategic oil reserves in the agency’s history. The joint action demonstrated both the value of the existing framework and its limits: stockholding obligations are met nationally, but without special provisions for remote and self-governed Island Energy Systems with structurally elevated baseline costs. There is no Nordic mechanism to coordinate demand-restraint or to channel collective protection to those regions.

Short-term (0–3 years)

Recommendation 23: Nordic Emergency Demand Management Protocol. Develop a harmonised Nordic emergency demand restraint and fuel rationing protocol covering electricity, oil, and gas, aligned with IEA collective action procedures. The protocol defines four parameters: activation thresholds for each carrier; the sequence and scale of demand restraint measures; explicit provisions for protecting remote and self-governed regions; and a Nordic coordination mechanism that operates within IEA collective action processes rather than parallel to them.

Recommendation 24: Nordic Private Sector Fuel Security Guidelines. Issue Nordic guidelines for private sector energy security planning in energy-intensive and logistics-critical sectors. The guidelines should cover three key areas: minimum on-site fuel storage requirements for sectors where supply continuity is operationally critical; price-shock absorption mechanisms (hedging requirements, emergency contracts) for exposed sectors; and sector-specific contingency protocols for aviation, maritime freight, the fishing industry, and cold-chain logistics. The guidelines would be voluntary but promote a regionally cohesive approach in responding to supply shocks.

Recommendation 25: Nordic Jet Fuel Cooperation Mechanism. Establish a Nordic-level coordination mechanism for jet fuel security that addresses the carrier's distinct exposure profile and the institutional gap that no current framework fills. The mechanism should comprise four components. First, a standing Nordic coordination forum bringing together national emergency supply agencies, civil aviation authorities and major airline and airport operators, meeting at minimum twice annually and on demand during supply shocks. Second, a joint assessment of the case for sector-specific jet fuel reserve arrangements over and above general oil stockholding, including options for distributed storage at major Nordic airports and bilateral or multilateral surge-supply arrangements between Nordic refiners and the most exposed Nordic markets.