HOME/All Jurisdictions/FI

FI — Country Profile

Finland

29TOTAL
18OFFICIAL SOURCES
8TOPIC AREAS
Law / Act8
Policy / Guidance2
National Strategy3
Standard / Framework1
International Agreement1
Other14
15 APR 2026 · Policy / Guidance

Global AI Regulatory Update - April 2026 (Eversheds Sutherland)

Eversheds Sutherland's April 2026 global bulletin covers Portugal, Czech Republic, and Finland, tracking ongoing national implementation of the EU AI Act. All three countries are developing national frameworks aligned with the EU-level risk-based approach, with emphasis on harmonization with EU rules.

National Implementationeversheds-sutherland.com ↗
07 JAN 2026 · Law / Act

New powers for Finnish data watchdog as EU’s AI Act takes effect

EU:n tekoälyasetuksen tavoitteena on varmistaa, että tekoälyjärjestelmät eivät vaaranna ihmisten terveyttä, turvallisuutta tai perusoikeuksia. Suomessa asetuksen toimeenpanoa valvovien viranomaisten toimivaltuudet astuivat voimaan 1. tammikuuta 2026. Tekoälyasetuksen valvonta on hajautettu 15 eri viranomaiselle. Myös tietosuojavaltuutetulle on säädetty uusia valvontavastuita.

Data Privacy & Protectiontietosuoja.fi ↗
02 OCT 2025 · Law / Act

Amendments to Cybersecurity Act to supplement and implement Critical Entity Resilience Directive (CER) and Cybersecurity Directive (NIS 2)

On 10 February 2025, the Ministry of Transport and Communications closes the consultation on proposed amendments to the Cybersecurity Act. The proposed amendments would result in the expansion of the Cybersecurity Act to include entities identified as critical for societal functions under the critical infrastructure protection law, aligning with the Critical Entity Resilience Directive (CER) and the Cybersecurity Directive (NIS 2). Entities designated as critical would be subject to risk mana...

National Strategylvm.fi ↗
17 SEP 2025 · Standard / Framework

Data protection authorities adopted joint statement on building trustworthy data governance frameworks to encourage development of innovative and privacy-protecting AI

Primary source (pcpd.org.hk) dated 17 September 2025 in FI. See linked source for full text.

Data Privacy & Protection ·Sandbox ·Generative AIpcpd.org.hk ↗
09 AUG 2025 · Other

Data Protection Ombudsman's investigation into S-Banken over alleged information security negligence in online banking

On 8 September 2025, the Data Protection Ombudsman's Office imposed a penalty of EUR 1.8 million against S-Banken over information security negligence in online banking. The negligence stemmed from a programming error in the S-mobil login function, implemented in April 2022, which created a vulnerability allowing login with other customers' codes for over three months until August 2022. The investigation found that S-Banken did not use sufficient safeguards, failed to adequately test the new ...

✓ OfficialNational Strategyfinlex.fi ↗
18 JUN 2025 · National Strategy

Nordic Council of Ministers approve funding for a Nordic-Baltic AI Center

Primary source (norden.org) dated 18 June 2025 in FI. See linked source for full text.

National Strategynorden.org ↗
27 MAY 2025 · Other

Office of the Data Protection Ombudsman investigation into Yliopiston Apteekki over alleged unlawful disclosure of medicine-related data to tracking services (TSV/108/2022)

On 27 May 2025, the Office of the Data Protection Ombudsman imposed an administrative fine of EUR 1.1 million on Yliopiston Apteekki (TSV/108/2022) following a complaint-based investigation into the pharmacy’s online shop. The decision concerned breaches of the General Data Protection Regulation (GDPR). In particular, the Ombudsman found that the company had disclosed personal data, including information about browsing behaviour and specific medicine purchases, to third-party tracking service...

✓ OfficialNational Strategyfinlex.fi ↗
20 MAY 2025 · Policy / Guidance

Finland DPO releases guidance on privacy and AI

Tekoälyjärjestelmissä käsitellään usein henkilötietoja erilaisiin tarkoituksiin. Olemme koonneet verkkosivuillemme tietoa siitä, miten organisaation on otettava tietosuojavaatimukset huomioon, kun se kehittää tai ottaa käyttöön tekoälyjärjestelmää.

Data Privacy & Protection ·Cybersecuritytietosuoja.fi ↗
10 MAR 2025 · Other

Office of the Data Protection Ombudsman investigation into State Information and Communication Technology Centre over personal data transfers to United States (TSV/7/2022)

On 3 October 2025, the Office of the Data Protection Ombudsman concluded its investigation into the State Information and Communication Technology Centre Valtori over personal data transfers to the United States through Amazon Web Services and Microsoft cloud services in February to April 2022 and issued a warning. The Office found that data processed in the cloud environments could be accessed from the United States irrespective of server location and that onward transfer risks to sub-proces...

✓ OfficialNational Strategyfinlex.fi ↗
11 FEB 2025 · Law / Act

Paris Charter on AI signed

To achieve the potential benefits and preventing and mitigating the risks of emerging technologies for people and the planet, AI development, deployment and governance must be in the public interest. Public interest manifests differently for different communities, countries, and contexts, it requires opportunities for public participation, and it must serve equity and equality. We acknowledge that the mission and vision of artificial intelligence in the public interest builds on and is strengthened by existing definitions and academic research, public sector approaches, and civil society effor

✓ OfficialData Privacy & Protectionelysee.fr ↗
03 JUL 2024 · Other

Public Lawsuit Involving Oral Transfer of Personal Data (Endemol Shine Finland Oy v Finland/Case C-740/22)

On 7 March 2024, the European Court of Justice (CJEU) issued an interim ruling in a public lawsuit involving the oral transfer of personal data (Endemol Shine Finland Oy v Finland). The interim ruling followed the request from the Court of Appeal of Eastern Finland submitted on 30 November 2022. Endemol Shine Finland sought to verify the criminal record of an individual involved in one of their competitions by making an oral request to a district court in Finland for information on any ongoin...

National Strategycuria.europa.eu ↗
03 JUN 2024 · Other

Finnish Supervisory Authority investigation into Verkkokauppa retention of personal data compliance with GDPR

On 6 March 2024, the Finnish Supervisory Authority (SA) issued a decision against the online retailer Verkkokauppa, imposing an administrative fine of EUR 856'000. The fine was imposed due to the retailer's failure to define a storage period for the data collected through customer accounts on its e-commerce platform. The investigation, initiated by a customer complaint, determined that the retailer required customers to create an account to make purchases, a practice found to be in violation ...

✓ OfficialNational Strategyedpb.europa.eu ↗
31 MAY 2024 · International Agreement

Nordic data protection authorities issue declaration on children's data protection in gaming, AI, and administrative fines

Primary source (datatilsynet.no) dated 31 May 2024 in FI. See linked source for full text.

Data Privacy & Protection ·Online Safety & Child Protectiondatatilsynet.no ↗
20 MAR 2024 · Other

Data Protection Commissioner investigation into Google regarding compliance with the right to be forgotten

On 20 March 2024, the Supreme Administrative Court in Finland issued a ruling in the investigation into Google’s search result link in connection with the right to be forgotten granted under the General Data Protection Regulation (GDPR). The ruling enforced the decision of the Deputy Data Protection Commissioner and obliged Google to remove search result links leading to news media articles. The Court considered the public’s right to receive information and an individual's right to privacy an...

✓ OfficialNational Strategytietosuoja.fi ↗
17 FEB 2024 · Law / Act

Act on the Supervision of Intermediary Services (Government Bill HE 70/2023) to implement Digital Services Act in Finland designating competent authorities and digital services coordinator

On 17 February 2024, the Act on the Supervision of Network Intermediary Services and Certain Other Acts (HE 70/2023) to implement Digital Services Act (DSA) in Finland designating competent authorities and digital services coordinator entered into force in Finland. The Act designates the Finnish Transport and Communications Agency (Traficom) as the Digital Services Coordinator and the national supervisory authority for compliance with the DSA. The Act supplements the DSA, which establishes a ...

✓ OfficialContent Moderationeduskunta.fi ↗
01 JAN 2024 · Law / Act

Amendments to Data Protection Act and Criminal Data Protection Act

On 1 January 2024, the amendments to the Data Protection Act and the Criminal Data Protection Act came into force. The amendments align with the EU data protection legislation, requiring the Data Protection Ombudsman's office to resolve complaints or provide an estimated resolution timeline within three months of case initiation. Individuals can appeal to the administrative court if this is not observed. The amendments also introduce a provision for the Data Protection Ombudsman to delegate d...

✓ OfficialNational Strategytietosuoja.fi ↗
01 NOV 2023 · Other

Investigation into Alektum Oy for alleged customers' rights violations

On 11 January 2023, the sanctioning committee of the Office of the Data Protection Commissioner of Finland fined EUR 750'000 the company Alektum Oy for violating individuals right to access their personal data. The charges relate to the company's failure to respond to individuals' requests to access their personal data. According to the Finnish Sanctions Board, the company failed to explain its operations and did not adequately cooperate with the data protection authority.

✓ OfficialNational Strategytietosuoja.fi ↗
01 NOV 2023 · Other

Data Protection Ombudsman investigation in unnamed company alleged violation of GDPR in processing of health data

On 11 January 2023, the Finnish Office of the Data Protection Ombudsman imposed an administrative fine of EUR 122'000 on an unnamed company for the alleged violation of the EU General Data Protection Regulation (GDPR) for not asking data subjects for their specific consent to the processing of health-related personal data. Investigations by the Office were prompted by complaints from data subjects in 2018 and 2019, and they revealed that the company did not obtain the required level of specif...

National Strategytietosuoja.fi ↗
26 SEP 2023 · Other

Data Protection Authority investigation into Yandex LLC and Ridetech International compliance with GDPR

On 26 September 2023, the Office of the Data Protection Ombudsman of Finland (DPA) announced that it removed the temporary ban on personal data transfers to Russia and continues with further monitoring within the European Economic Area (EEA). Based on new findings, the Russian taxi legislation does not apply to Yango's operations and taxi brokerage. Therefore, the DPA removed the postponed ban. On 8 August 2023, the DPA issued an order banning Yandex LLC and Ridetech International from transf...

National Strategytietosuoja.fi ↗
27 APR 2023 · Other

Public lawsuit concerning violations of data transfer requirements by the Finnish Meteorological Institute

On 27 April 2023, the Finnish DPA filed a decision in the public lawsuit concerning violations of data transfer requirements by the Finnish Meteorological Institute. The public lawsuit was prompted by a notification from the institute regarding a data security breach. The Finnish Meteorological Institute had utilized Google Analytics and reCAPTCHA services, including cookies, on its website. As Google is a service provider based in the United States, personal data of visitors to the controlle...

✓ OfficialNational Strategyfinlex.fi ↗
03 FEB 2023 · Other

Office of the Data Protection Ombudsman investigation into Suomen Asiakastieto Oy regarding the processing of payment default information

On 2 March 2023, the Office of the Data Protection Ombudsman imposed a EUR 440'000 fine on Suomen Asiakastieto Oy for failing to erase inaccurate payment default entries in their credit information register. The inaccurate entries may have a negative impact on individuals' rights, whereby a payment default entry can trigger the credit card issuer to request the return of the card. In 2021, the Office of the Data Protection Ombudsman issued a directive to the company, instructing them to cor...

✓ OfficialNational Strategytietosuoja.fi ↗
30 SEP 2022 · Other

Guide on the Processing of Social Welfare Customer Data

On 30 September 2022, the Office of Data Protection Commissioner in Finland published the "Guide on the Processing of Social Welfare Customer Data". The guide contains instructions on how to implement and follow personal data protection laws. The guide expands on the rights of customers, how to keep social welfare information confidential, and the standards in place for the retention, deletion, and processing of customer data. The guide is not only meant for organisations that keep and proces...

✓ OfficialNational Strategytietosuoja.fi ↗
07 APR 2022 · Other

Memorandum of Understanding (MoU) on digital technology between Thailand and Finland

On 4 July 2022, the Memorandum of Understanding (MoU) on digital technology between Thailand and Finland, which was signed in 2018, was further extended. The scope of the renewed MoU was expanded to include policies and regulations on digital technology and the development of digital industries including hardware, software, digital content, and technology for services. The MoU contains provisions for cooperation in digital innovation such as big data, the Internet of things, and artificial in...

✓ OfficialNational Strategymdes.go.th ↗
05 JAN 2022 · Law / Act

Data portability regulation in Finland Act on the Secondary Use of Health and Social Data

The Act on the Secondary Use of Health and Social Data is implemented on 1 May 2022. The Act would enable the processing of personal health data in a more secure way. In particular, the Act establishes general security requirements and a legal basis to use healthcare data for scientific research, statistics, innovation, policy analysis, teaching and information management. Moreover, the Social and Health Information Permit Authority (Findata) is established. Its task is to issue data licences...

✓ OfficialNational Strategystm.fi ↗
30 SEP 2021 · Law / Act

Designation of National Cyber Security Center as National Coordination Center in the EU for cyber security matters

On 30 September 2021, the Finnish Government submitted a legislative proposal that outlines how the National Cyber Security Center (NCSC) is to become the designated National Coordination Center for cyber security matters in Finland. The NCSC makes part of the Ministry of Transport and Communications and would cooperate with the EU European Cybersecurity Competence Center. The NCSC would be tasked with establishing a network of national stakeholders, improving research and expertise on cyber...

National Strategyvaltioneuvosto.fi ↗
17 SEP 2021 · Other

National Cyber Security Centre guidance on cookie storage

On 17 September 2021, the National Cyber Security Centre Finland (NCSC) updated its guidance on the storage of cookies and other data. In particular, the guidance provides a guide for end users, to help them to understand the nature and purposes of cookies, and a guide for service providers, to help them with legal compliance.

✓ OfficialNational Strategytraficom.fi ↗
29 JUL 2020 · National Strategy

Harnessing Artificial Intelligence for Development

Governments can help balance opportunities and risks linked to AI.

✓ OfficialNational Strategy
National Strategy

AI Business Programme (Business Finland)

AI law in Finland: The AI Business Programme was a national Business Finland strategy-level funding and support programme launched as a campaign in 2017 and expanded into a full programme in 2018 to accelerate commercialisation and internationalisation of Finnish AI and platform economy solutions. It provided a portfolio of grants, Proof-of-Concept funding, computing access and ecosystem-building services to companies, research organisations and public actors until its close in December 2021....

✓ OfficialNational Strategyai-watch.ec.europa.eu ↗
Law / Act

Hallituksen esitys eduskunnalle EU:n tekoälyasetusta täydentäväksi lainsäädännöksi (Government Proposal HE 46/2025) — Proposal for national implementing legislation for the EU Artificial Intelligence Act

AI law in Finland: Government Proposal HE 46/2025 (Hallituksen esitys) is a Finnish government draft law to implement and complement the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) at....

✓ OfficialNational Strategyeur-lex.europa.eu ↗