SWEDEN Trends and Developments Contributed by: John Neway Herrman, Erik Ålander, Dahae Roland and Agne Lindberg, Advokatfirman Delphi AB
both development and adoption. Failure to do so could make it difficult for Swedish companies to compete on the global market, potentially lead - ing to reduced national prosperity.
ties and private companies from threats such as espionage, sabotage and criminal activities that could undermine their functions. These security- sensitive operations include activities critical to Sweden’s national security or those tied to inter - national protective security commitments bind - ing on Sweden. They also encompass the pro - tection of classified and sensitive information. The scope of the Swedish Protective Security Act (2018:585) ( Säkerhetsskyddslagen ), how - ever, is not entirely clear. Determining whether an organisation is subject to the Act depends on whether its activities are deemed essential to Sweden’s internal or external security. This likely applies to sectors like defence, energy, water supply, banking, healthcare, digital infrastruc - ture, artificial intelligence, and the automotive industry. Organisations must individually assess whether their operations qualify as security-sen - sitive, making the determination on a case-by- case basis. Under the Act, public authorities and compa - nies involved in security-sensitive operations are required to implement adequate protec - tive measures. Key obligations include entering into protective security agreements, conduct - ing security vetting of personnel, and screening contracts. The Act also imposes restrictions on how suppliers and subcontractors are selected, to ensure compliance with security standards. Outsourcing in the public sector: new rules and key challenges An authority considering outsourcing is often faced with a number of different questions: what business needs exist, security considerations and, not least, what the legal conditions are. The complexity of the requirements for outsourcing has increased significantly over the years. How - ever, in 2023, a new confidentiality-breaking
Cybersecurity and National Security: Safeguarding Digital Infrastructure
In Sweden, cybersecurity has become a signifi - cant issue due to a series of prominent cyber- attacks and IT disruptions. In early 2024, the prominent Nordic IT services provider Tietoevry experienced a major cybersecurity incident which disrupted critical operations, prompting an investigation into potential breaches of data protection regulations, and underscoring the importance of robust cyber-resilience in regulat - ed industries. While such disruptions to essential systems pose serious cybersecurity challenges, they are just one facet of the problem. Other major threats include data breaches, exposure of sensitive information, substantial administra- tive penalties, and potential harm to public trust. The regulatory landscape for cybersecurity in Sweden is still developing, heavily influenced by EU directives such as NIS1 and NIS2, DORA, the EU Cybersecurity Act, and the GDPR. These regulations not only have a direct impact but also indirectly affect contractual obligations. A key regulatory focus will be the introduction of supply chain control as a fundamental aspect of cybersecurity requirements. These regulatory measures often require organisations to negoti - ate with their suppliers to ensure compliance. Some of the most critical areas of cybersecurity requirements are discussed below. Protection of national security interests A topic closely linked to cybersecurity is pro - tective security. In Sweden, protective security involves measures designed to safeguard the security-sensitive operations of public authori -
449 CHAMBERS.COM
Powered by FlippingBook