Denmark’s Road Directorate tightens control after discovering Russian mapping software used by suppliers. The move follows growing cybersecurity concerns amid fears of data misuse and foreign espionage risks.
Russian Software Found in Danish Infrastructure Projects
For years, suppliers working for Denmark’s Road Directorate have used the Russian-made software Agisoft Metashape to complete mapping and surveying tasks. The program, which originates from St. Petersburg, Russia, has been blacklisted in several European countries, including Germany and Switzerland, due to security concerns.
The Directorate has now tightened its rules, barring the use of all software that originates in Russia across future contracts. This change came after Danish media revealed the extent of the program’s use in mapping roads, bridges, and other critical infrastructure over the past decade.
Officials emphasized that the problematic software was only employed by external suppliers, not by the Directorate itself.
New Rules to Protect Sensitive Data
The Directorate’s updated policy aims to ensure that no data connected to the Danish road network ends up in the hands of potentially hostile actors. According to the agency, this action was prompted by assessments from the Danish Civil Protection Agency, which warned about significant risks of cyber espionage involving foreign powers.
The concern centers on so-called “backdoors” that could exist in the Russian software. These features might allow unauthorized access by state agencies or hackers, giving them insight into Denmark’s infrastructure or operations. Such breaches could compromise sensitive maps, bridge data, and digital elevation models that are vital for national security.
Interestingly, similar measures have been seen elsewhere in Europe. Authorities in Germany and Switzerland already prohibit the use of this software in public-sector projects. The Danish government’s move shows how seriously the country now takes software supply chain security.
Broader Cybersecurity Context
Denmark has experienced a rise in cyber threats targeting public institutions and infrastructure in recent years. Several experts link these to the broader pattern of cyberattacks on hospitals and cities that have hit northern Europe. Because of that, Danish authorities are paying closer attention to how contractors handle government data, especially when using foreign software.
The Directorate said it will strengthen monitoring and require stricter declarations from vendors regarding the tools they use. This policy aims not just to prevent direct data leaks but also to reassure the public that the country’s key datasets remain under national control.
For a small but highly digitalized nation like Denmark, protecting infrastructure data is about more than administrative caution—it is national defense. Even though the data collected seem harmless, in the wrong hands they could reveal structural vulnerabilities or logistics routes.
Future Outlook
From now on, all suppliers must guarantee that their work will not involve any Russian-developed or Russian-owned digital tools. The Directorate expects full compliance and has clarified that violations could lead to contract termination.
At the same time, Danish security agencies continue to update their threat assessments, warning that interest in critical infrastructure remains high from both criminal groups and foreign governments.
In the end, this case has highlighted how deeply software provenance can affect national security. What began as a technical mapping issue now underscores how cybersecurity and public procurement are closely connected in Denmark’s increasingly tense digital environment.
Sources and References
The Danish Dream: Denmark Under Siege: Cyberattacks Hit Hospitals and Cities
The Danish Dream: Security in Denmark for Foreigners
DR: Russisk software er blevet fodret med data om danske veje og broer
