The Government proposes a new Cybersecurity Act to implement the NIS2 Directive

The government bill on new cybersecurity rules has been published today, aiming to implement the NIS2 Directive into Swedish law.

The Network and Information Systems 2 (NIS2) Directive is expected to be implemented primarily through a new Cybersecurity Act. Compared to current rules, the proposed legislation has a broader scope – expanding the number of covered sectors from seven to eighteen – and applies to entire organisations, not only the areas providing essential or digital services. Entities falling under the Swedish Cybersecurity Act would also be required to register with the relevant supervisory authority.

The Swedish Cybersecurity Act is expected to enter into force on 15 January 2026. Entities will then be required to register with the relevant supervisory authority as soon as possible.

Read the government bill here (in Swedish).

For queries, please contact Anders Bergsten, Victoria Nordenberg or Jockum Hildén.