SWEDEN Law and Practice Contributed by: Anders Bergsten and Victoria Nordenberg, Mannheimer Swartling
Its primary objectives are to: • improve the cybersecurity of digital products, from the design and development phase and throughout the whole life cycle; • protect consumers and businesses against the risks posed by inadequate cybersecurity measures; • encourage manufacturers to incorporate security by design throughout the digital product life cycle; and • supplement existing cybersecurity regula - tions, including the NIS2 and DORA. 5. Security Certification for ICT Products, Services and Processes 5.1 Key Cybersecurity Certification Legislation The Cybersecurity Act The Cybersecurity Act entered into force on 27 June 2019. The primary goal of the Cybersecuri - ty Act is to enhance protection against cyberse - curity threats across the EU. The Cybersecurity Act also enables manufacturers and service pro - viders to use one mutually recognised certificate throughout the EU. Main Elements The regulation has two main functions and pur - poses: • to give the EU Agency for Network and Infor - mation Security a permanent mandate, more resources and new tasks; and • to create a framework for certifying cyberse - curity products and services; this framework sets up a system to govern the issuance of European cybersecurity certificates and dec - larations of conformity with security stand - ards for ICT products, services, and pro -
cesses, and the purpose of the certification is to guarantee that users are provided with adequate information regarding the relevant cybersecurity features. National Cybersecurity Certification Authority In Sweden, the Swedish Defence Materiel Administration acts as the national cybersecurity certification authority. It is the cybersecurity and certification department at the Swedish Defence Materiel Administration that is responsible for matters related to cybersecurity certification, supervision, collaboration, and external moni - toring. The department consists of the Swedish Certification Body for IT Security and the Swed - ish Cyber Security Certification Authority. Furthermore, the Swedish Defence Materiel Administration is tasked with overseeing and co- ordinating certification activities at the national level and collaborating with EU entities such as the EU Agency for Network and Information Security and the European Commission. It also serves as Sweden’s representative in the Euro - pean Cybersecurity Certification Group. Additionally, the Swedish Defence Materiel Administration is responsible for notifying the EU about accredited bodies and those authorised under the Cybersecurity Act. 6. Cybersecurity in Other Regulations 6.1 Cybersecurity and Data Protection GDPR and Swedish Supplementation The GDPR aims to protect natural persons when processing personal data. In Sweden, the GDPR is supplemented by the Data Protection Act, which contains supplementary provisions to the GDPR.
263 CHAMBERS.COM
Powered by FlippingBook