Stricter cybersecurity requirements ahead - how companies can prepare for the new rules

July 02, 2024

Against the backdrop of the current geopolitical climate and the increasing digitalisation, the EU is implementing the NIS 2 directive with the aim to strengthen the level of cyber resilience throughout the EU. The new rules are proposed to be introduced in Sweden through a new law, the Cybersecurity Act, which is proposed to enter into force on 1 January 2025. The law imposes increased requirements in relation to information and cyber security and non-compliance can have serious financial consequences.

"As proposed, the Cybersecurity Act will affect organisations in a wide range of sectors, such as energy, digital services, healthcare and public administration. Many companies will therefore be affected by the increased requirements, and awareness of what’s coming is vital to be able to start the necessary preparations in time", says Sofie Nordgren, partner at Vinge

The proposed law imposes an obligation for relevant operators to register with a supervisory authority, as well as a requirement to take measures to protect network and information systems against incidents. Incidents must in certain cases be reported to the authorities within 24 hours, which places high demands on the organisation's internal processes. The proposal also clearly places the utlimate responsibility for compliance with the board members and the CEO for compliance.

"We expect significant updates from the legislative process in the autumn that will clarify the requirements and the reporting process. Organisations already need to consider whether they expect to be affected by the rules and if so put processes and structures in place to be able to meet the upcoming requirements. Failure to comply can result in sanctions of up to EUR 10 million or a ban on persons exercising a management function", says Lisa Bourghardt, counsel at Vinge

In this article, Vinge summarises the most important aspects of the proposed Cyber Security Act and how the actors expected to be affected by the regime can prepare.

Vinge continuously monitors the developments in this area, feel free to contact us if you want to know more.