Network and information security (NIS)
All operators of an essential service within the energy sector in Sweden are required to register with the Swedish Energy Agency.
If an incident occurs within your network or information system that affects the continuity of your essential service, you are also required to report it.
The Swedish Energy Agency's supervisory mandate
The Swedish Energy Agency is the regulatory authority for organisations that have identified themselves as operators of essential services (OES) within the energy sector.
In Sweden, operators within the designated societal sectors are responsible for determining whether they fall under the scope of the legislation. The law applies to both the private and public sector.
It is the legal person who delivers the service who must register. If you have identified several areas in the company or business where you are OES, you must send in a application per area.
Please note that you cannot register for NIS2 as of yet.
How to register as a operator of essential services within the energy sector (in Swedish)
The NIS Directive
In 2016, the European Parliament and the Council adopted a directive on measures to achieve a high common level of security in network and information systems across the EU, this is known as the NIS Directive.
The NIS Directive is an EU-wide framework for information security, which has been transposed into Swedish law through Lag om informationssäkerhet för samhällsviktiga och digitala tjänster (the law on information security for essential and digital services). The directive itself does not apply directly in Sweden, instead the Swedish law governs actors operating within the Swedish market.
