In Denmark, the crisis management practice has evolved significantly over the past 12 months, driven by factors such as the change in the geopolitical situation, natural disasters and floods, and cybersecurity threats.

The geopolitical situation has demanded an increased focus on defence preparedness. The focus is illustrated by the recent political decisions on acquisitions for the Danish defence. Furthermore, in August 2024, the Danish Ministry for Resilience and Preparedness was established. Together with relevant sectorial authorities, the ministry is responsible for the prevention, resistance, and handling of major accidents, crises, disasters, and other incidents that challenge the basic functions of society. The establishment of the ministry has led to discussions on the principle of sectorial responsibility. See 2.6 Sectorial Requirements.

The COVID-19 pandemic led to the establishment of the Danish Critical Supply Agency in 2020. The agency advises government authorities on conducting analyses of supply chain vulnerabilities in the supply of critical resources, and works systematically to address them. In the event of a supply crisis, the agency contributes to efficient crisis management. Furthermore, the agency shares knowledge and facilitates dialogue between national authorities and the private sector.

Key trends in crisis management include the integration of technology in crisis management, emphasis on sustainability, and the preparedness for crises. These trends have influenced practices by encouraging companies to adopt more flexible and resilient strategies. Furthermore, the authorities have encouraged individuals to prepare for emergencies.

The healthcare, finance, and technology sectors have been most vulnerable to crises in Denmark. Past crises have highlighted the need for robust cybersecurity measures and healthcare preparedness. Denmark has implemented measures such as enhanced cybersecurity protocols and healthcare reforms to protect these sectors from future crises.

Notable examples of business acquisitions during past crises include mergers in the healthcare sector aimed at consolidating resources and expertise to better handle future challenges. In the public sector, Denmark has also focused on establishing security of supply, ensuring the necessary equipment for potential crises. This work is co-ordinated by the Danish Critical Supply Agency.

The primary laws governing crisis management in Denmark will depend on the type of the crisis. Some notable laws include, inter alia:

• The Danish Act on the Rescue Service (beredskabsloven). The Act sets the legal framework for the Danish Rescue Service’s response to crises, including which actions can be undertaken by the rescue service.
• The Danish Act on Epidemics (epidemiloven). The Act was the primary law in the handling of the COVID-19 pandemic in Denmark. The Act empowers the competent authorities to carry out measures that restrain the rights of individuals in order to mitigate the risk of an epidemic, including instructing individuals to isolate.
• The Danish Act on Certain Natural Disasters (naturskadeloven). The Act regulates the civil liability for storm surges, floods, and droughts. The Danish Natural Hazards Council rules on the applicability of the rules to a specific crisis. In recent times, the Act has been activated during storm surges, eg, storm Pia in December 2023.
• The Danish Act on Environmental Protection (miljøbeskyttelsesloven). The Act includes rules for measures to be taken in order to mitigate the risk of environmental damage. Furthermore, the Act includes rules on both civil and criminal liability.

In October 2024, the Danish government published a programme for bills to be introduced until summer 2025. In the preface, the government states an intention to strengthen cybersecurity. Accordingly, the government announced that amendments were to be made to the laws governing cybersecurity and the resilience of critical units. During the beginning of 2025, the Danish Ministry for Resilience and Preparedness introduced bills regarding implementation of the CER Directive and the NIS 2 Directive. At the time of writing, the bills are being processed by the Danish Parliament.

The Danish Act on Epidemics has been amended multiple times, during and after the COVID-19 pandemic.

Historically, a principle of sectorial responsibility has applied for crisis management in Denmark. The competent authorities have been responsible for crisis management in their specific areas. The competent authorities have co-ordinated the crisis management through different forums, but the responsibility has remained with the sectorial authority.

Following the establishment of the Danish Ministry of Resilience and Preparedness in 2024, a debate on the principle of sectorial responsibility has surfaced. The Ministry is responsible for the Danish Agency on Resilience and the Danish Emergency Management Agency. Accordingly, the Ministry has a central role in the co-ordination of crisis management.

During a crisis, the Danish National Operational Staff can be activated. The Staff secures the co-ordination between the competent authorities. The Staff is chaired by the Danish National Police. Other members of the Staff include the Danish Emergency Management Agency and the Danish Security and Intelligence Service, as well as the Danish Health Authority.

Denmark has independent bodies, such as the Danish Data Protection Agency, that focus on oversight of crisis management preparedness, particularly in relation to data security and privacy. Furthermore, the Danish Parliament performs some oversight of the decisions made by the government during crises as part of the parliament’s ordinary oversight of the government.

Mandatory mechanisms for public reporting and transparency include regular updates from government agencies and public access to crisis management plans.

Specific regulatory requirements exist for sectors like healthcare and finance, including mandatory risk assessments and crisis response protocols. See 2.3 Government Role regarding the principle of sectorial responsibility.

In general, the Danish authorities co-operate with the private sector to strengthen crisis management and prevention. This is mainly done through forums in the different sectors. In Denmark, there is a formalised procedure for the involvement of the private sector – companies, business organisations, and non-governmental organisations – when the authorities are going to update the legal framework.

During the COVID-19 pandemic, the public sector and the private sector co-operated to secure the supply of critical equipment, including face masks, hand sanitiser, and vaccines. There was no detailed, pre-structured framework for this public-private co-operation.

See 2.8 National Crisis Management Plan for the involvement of the private sector in the development of the guidelines for the handling of crises.

In 2019, the Danish Emergency Management Agency published guidelines for the handling of crises. The purpose of the guidelines is to give the public insight into the authorities’ crisis management. The guidelines describe the involved authorities and the established co-ordinating forums as well as their roles and tasks during a crisis. It is expected that the guidelines will be updated following the recent developments.

In 2024, the Danish Emergency Management Agency published a booklet, “Be prepared for a crisis”. The booklet contains the authorities’ recommendation for crisis preparation to be done by the Danish people. According to the booklet, the Danish people should be able to manage for three days if a crisis struck. Accordingly, private individuals should maintain the reserves of drinking water, food, medicine, etc, needed to manage for three days. This will allow the authorities to focus their efforts where the need is greatest and work to stabilise the situation.

See 2.3 Government Role.

Danish companies structure their crisis management plans to include risk assessment, communication strategies, and recovery protocols. Key components include leadership roles, resource allocation, and stakeholder communication.

Companies in Denmark typically organise their internal governance with dedicated crisis committees and clear roles for crisis response. It is common to have specific committees focused on crisis management.

Some companies describe their work with risk and crisis management in their annual reports. This includes the risk and potential damages of cybersecurity attacks or interruptions of supply chains, as well as the work undertaken to mitigate the risks and potential damages.

Crisis committees are formed regularly, often including independent members to ensure unbiased decision-making. These committees maintain a level of independence from senior management.

Typical members include senior executives, legal advisers, and communication specialists. The leader is often a senior executive with crisis management experience. Teams meet regularly to assess situations and co-ordinate responses.

Danish companies commonly engage external experts for crisis management, selecting them based on expertise and past success in similar situations.

Both the Danish Chamber of Commerce and Danish Industry have published guidelines on crisis management. The guidelines include analysis of risks, development of a crisis management plan, distribution of roles and responsibilities during a crisis, and internal and external communication.

Companies use metrics such as response time, stakeholder satisfaction, and financial impact to assess success. Continuous improvements are made through regular reviews and updates to strategies.

Companies in Denmark use digital tools and real-time monitoring systems to quickly identify crises and assess legal implications. Immediate steps include situational assessment and stakeholder management.

Common frameworks include risk management models and business continuity plans. Crisis response plans typically include communication strategies, resource allocation, and recovery protocols. The type and extent of the framework depend on the company’s nature, size, and field of operation.

Companies identify risks through regular assessments and scenario planning. Preventive measures include cybersecurity enhancements and employee training.

Most companies conduct simulation exercises regularly, including scenarios like cyber-attacks and supply chain disruptions to prepare for potential crises.

Companies promote training programmes focused on crisis prevention and response, ensuring all employees are aware of protocols. Training is usually conducted by internal experts or external consultants.

Specific policies related to crisis management are adopted, with effective implementation ensured through regular audits and updates.

The legal challenges faced by companies in Denmark during crises depend on the nature of the crisis. In a cybersecurity attack or other crises where personal data may be leaked, the legal challenges may especially include compliance with data protection laws. In an environmental crisis, the legal challenges relate to environmental regulations, both in terms of whether the necessary mitigating steps have been taken, and in terms of the aftermath.

For all crises, the liability of the company and its executive management and board of directors is a key focus point.

The enforcement authorities include the competent authorities on the given area. These include the Danish Environmental Protection Agency and the Danish Data Protection Agency. Even though these authorities cannot impose a legal liability – neither criminal nor civil – on the company and its management, the authorities’ supervision and statements are of importance when ruling on a civil liability. In terms of criminal liability, the competent authorities co-operate with the police. Depending on the specific area, the police authority is the National Special Crime Unit or the local police.

Companies co-operate with authorities regularly, implementing measures to address legal breaches through compliance programmes and corrective actions.

Companies assess legal risks by evaluating potential liabilities and regulatory compliance. Key factors include financial impact and reputational damage.

Internal legal teams are involved early in the crisis management process. Depending on the gravity of the crisis, external counsel is usually involved. External counsel is selected based on expertise and past performance.

On a general level, most companies have processes in place for documentation and evidence preservation. In some legal areas, the relevant laws include requirements of preservation of documentation and regular (internal) audits.

In civil liability cases, settlements can be reached through negotiation and, in some cases, mediation within the courts.

In criminal cases, settlements with the police can be reached through a fixed penalty after which the company acknowledges criminal liability and accepts a fine of a certain amount.

Common insurance policies cover litigation and crisis-related costs, with companies working closely with insurers to manage claims.

Companies may measure the impact of crises on reputation through stakeholder surveys and media analysis. Steps to rebuild reputation include public relations campaigns and stakeholder engagement. Companies may engage an external public affairs agency.

Mandatory reporting requirements include timely updates to regulatory bodies, ensured through established communication protocols.

The co-ordination of communication – both externally and internally – is usually done by the crisis management team in co-operation with the company’s public affairs team. It is common to have a unified communication channel, including a spokesperson. Depending on the company, the spokesperson may be a member of the management, a public affairs employee, or the leader of the crisis management team. Companies may engage an external public affairs agency to provide input on media strategy and stakeholder management. Likewise, companies may also reach out to business organisations, such as the Danish Chamber of Commerce and Danish Industry, to receive guidance. Communication towards authorities may also be part of the advice given by external legal counsel.

For most areas, the company is obliged to answer inquiries by the competent authorities as part of the authorities’ supervision.

See 6.1 Co-Ordination of Communications.

The key stakeholders include senior management and department heads. Depending on the media coverage of the crisis, the company may also want to communicate the company’s handling and view of the crisis to all employees. Communication can be important to comfort employees, eg, by dealing with potential rumours concerning the crisis.

Effective strategies for external communication include press releases, social media updates and other written communication, ensuring consistency and accuracy through centralised communication teams.

This depends on the type of company. For companies listed on the stock exchange, the companies communicate with investors through regular updates and financial reports, maintaining confidence through transparency and engagement. Listed companies are covered by the rules in the Market Abuse Regulation (MAR).

Companies address customer concerns through dedicated communication channels like customer service hotlines, email updates and a dedicated website for the specific crisis. A dedicated website may include information on the nature of the crisis together with the handling, the involvement of relevant authorities, and the impact on the customers.

See 6.2 Internal Communication.

Companies create specific communication channels for affected parties, using methods like dedicated websites and hotlines for direct communication. If the crisis involves a leak of personal data, companies are required to notify the affected persons.

Companies conduct post-crisis reviews involving key stakeholders to analyse responses and identify improvements. Lessons learned are documented and shared through internal reports and training sessions.

Companies update policies based on lessons learned by incorporating feedback into crisis management plans and procedures.

Companies measure effectiveness through performance metrics and benchmarking against industry standards. Companies may also conduct simulated crises to assess the effectiveness of their crisis management. Sources for best practices include knowledge-sharing forums, industry reports, government guidelines, and guidelines from business organisations.