SWEDEN Trends and Developments Contributed by: Anders Bergsten and Victoria Nordenberg, Mannheimer Swartling
National Cybersecurity Centre Due to the increased focus on cybersecurity in Sweden, the Swedish Armed Forces, the National Defence Radio Establishment, the Swedish Civil Contingencies Agency and the Swedish Security Service, launched the National Cybersecurity Centre in December 2020 with the mission to strengthen Sweden’s overall ability to prevent, detect and manage cyber threats. From November 2024, the National Cybersecu - rity Centre is part of the National Defence Radio Establishment, which coincides with the govern - ment raising its ambitions for the centre. The NCSC is responsible for strengthening Sweden’s cybersecurity and is now expected to expand its responsibilities. These new respon - sibilities include acting as a central body to co-ordinate and support national cybersecurity efforts. This involves monitoring and analysing cyber threats, providing advice and support to both public and private organisations, and pro - moting information sharing and collaboration among various cybersecurity stakeholders. The NCSC will also improve the ability to analyse and assess cyberthreats, vulnerabilities and other risks regarding information- and cybersecurity. Common Level of Security Measures Within the Union Sweden is not the only EU member state that has an increased focus on cybersecurity. The EU is adopting several robust regulatory frameworks that require comprehensive security measures, some of which are expected to be transposed to binding Swedish law during 2025 and some of which Swedish entities should monitor during the year. NIS2 The NIS2 directive was adopted by the EU in December 2022, repealing and replacing Direc -
rity Act ( Säkerhetsskyddslagen (2018:585) ) was extended from public entities to all types of entities whose operations are of importance to Sweden’s security. Similarly, Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on meas - ures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS2) and Directive (EU) 2022/2557 of the European Parlia - ment and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (CER), which will be transposed into Swedish law later this year, will apply to both private and public entities and will require extensive cybersecurity measures to be taken. Increased Sanctions With the increased focus on cybersecurity and security measures, one of the tools that legis - lators are using to enforce the importance of cybersecurity is to increase sanctions. This tool has been used in relation to both NIS2 and CER, where an operator that fails to comply with NIS2 or CER can be fined up to the higher of 2% of its total worldwide annual turnover in the preceding financial year or EUR10,000,000. In order to create a common basis and applica - bility, the Swedish government’s official report on the transposition of CER into Swedish law, SOU 2024:64, proposes that a failure to comply with the Protective Security Act is prohibited in a similar manner, and the proposal is to increase the sanction to the greater of SEK120,000,000 (approximately EUR12,000,000) or 2% of the operator’s total annual global turnover from the previous financial year.
268 CHAMBERS.COM
Powered by FlippingBook