SWEDEN Law and Practice Contributed by: Robert Karlsson, Helena Rönqvist, Caroline Landerfors and Vilma Slättegård, Magnusson Law
Intellectual Property Rights Financial service providers, particularly fintech software developers, shall always consider vari - ous regulations on intellectual property rights as well as marketing practices regulations. The AI Act The EU AI Act will apply to technologies utilising AI. The regulation categorises AI systems into different levels, namely unacceptable, high-risk and low-risk systems. AI with unacceptable risk will be prohibited, while high-risk systems will be permissible under strict obligations. AI systems employed in applications designed to make decisions regarding access to specific services, such as creditworthiness, have been proposed to be classified as high-risk AI. There is currently an implementation period, with parts of the Act coming into force at different times. As of February 2025, the prohibition on AI with unacceptable risk will apply. 2.12 Review of Industry Participants by Parties Other than Regulators The supervision of regulated financial compa - nies, including fintech companies, is mainly car - ried out by public regulators. There are several industry associations on the financial market, such as the Swedish Securi - ties Markets Association, the Swedish Banker’s Association, Insurance Sweden and the Swed - ish Investment Fund Association. Most industry associations do not supervise their members but rather represent them and strive to contribute to a sound and efficient financial market, and to promote sound and proportional regulations. In 2017, a specific industry association for fin - tech companies, the Swedish FinTech Associa - tion, was founded. The mission of the Swedish FinTech Association is to increase the under -
authorisations, warnings and summons for the company in question to cease their business activities. The Swedish Consumer Agency (the “Agency” ) is also active in its supervision, initiating cases both on its own initiative and after receiving com - plaints. Supervision by the Agency may result in fines, but in other cases the Agency encourages the company in question to address the defi - ciencies themselves and report which changes have been made. If the Agency is satisfied with the changes, the case will be closed. 2.11 Implications of Additional, Non- Financial Services Regulations The General Data Protection Regulation The General Data Protection Regulation (GDPR) applies to all industries, including financial ser - vices. Hence, financial service providers shall always comply with the provisions on privacy regulation in accordance with the GDPR. Cybersecurity Some financial services providers are subject to regulations on cybersecurity. In October 2024, the revised Network and Information Systems Directive (EU) 2016/1148 (NIS2) replaced the previous version of the Directive (NIS), applying to an expanded scope of providers. In addition, Directive (EU) 2022/2557 on the Resilience of Critical Entities (CER) has entered into force. The NIS2 and CER will be implemented in Sweden through the new Swedish Cybersecurity Act, which is expected to enter into force in 2025. Additionally, on 17 January 2025, DORA became applicable. DORA regulates operational resil - ience in the financial sector.
790 CHAMBERS.COM
Powered by FlippingBook