SWEDEN Law and Practice Contributed by: Anders Bergsten and Victoria Nordenberg, Mannheimer Swartling
• Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on arti - ficial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (“AI Act”) establishes rules for artificial intelligence, including security requirements for AI sys - tems, to ensure they are safe and trustworthy. See 6.2 Cybersecurity and AI . • Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (“eIDAS Regulation”) governs electronic iden - tification and trust services, ensuring secure electronic transactions across the EU and setting the standards for secure electronic signatures and transactions. 1.3 Cybersecurity Regulators • The Electronic Communications Act and the Electronic Communications Regulation: The Swedish Post and Telecom Authority (PTS) is the supervisory authority of these laws. PTS ensures that communication providers maintain the security and integrity of their networks and services. Its scope includes supervision of communication providers. • The Accounting Act: The Swedish Account - ing Standards Board (BFN) is the supervisory authority, focusing on the secure handling and storage of financial data. Although pri - marily concerned with accounting practices, BFN’s role includes ensuring that financial data is protected against unauthorised access. • The Camera Surveillance Act: The Swedish Authority for Privacy Protection (IMY) is the
supervisory authority under this act, balanc - ing security needs with privacy rights. The supervision shall ensure that surveillance sys - tems are secure against unauthorised access, protecting individuals’ privacy while allowing for necessary security measures. • The Protective Security Act and the Protective Security Regulation: The supervisory mandate is divided up according to the sector in which the supervised entity (referred to as “the operator”) is active, and the following authori - ties are sharing the mandate: the Swedish Security Service, the Swedish Armed Forces, the Authority for Swedish Transmission System, the Swedish Transport Agency, PTS, the Swedish Defence Materiel Administration, the Swedish Financial Supervisory Author - ity, the Swedish Energy Agency, the Swedish Radiation Safety Authority, and the County Administrative Boards in Stockholm, Skåne, Västra Götaland and Norrbotten. The supervi - sion shall ensure that the operators fulfil the obligations imposed and focus on protec - tion of security sensitive activities from cyber threats. Their role is critical in safeguarding national security and ensuring the protection of critical infrastructure. • The Information Security for Essential and Digital Services Act and the Information Security for Essential and Digital Services Regulation: The Swedish Civil Contingencies Agency (MSB) is the primary regulator, act - ing as a co-ordinator among sector-specific regulators and a national contact point in the EU co-operation regarding NIS. See 2 Critical Infrastructure Cybersecurity . • GDPR and the Data Protection Act: The Swedish Authority for Privacy Protection has the supervision mandate in Sweden. The Swedish Authority for Privacy Protection ensures that organisations implement robust security measures to protect personal data.
256 CHAMBERS.COM
Powered by FlippingBook