Responsabilities within information security

The energy sector has been identified as a risk area where deficiencies and acts of sabotage may have serious consequences. The Swedish Energy Agency is the supervisory authority within NIS for the energy sector.

Security incidents pose a serious threat. Systems may become targets of deliberate sabotage intended to cause harm or disrupt operations. Such incidents can obstruct economic activity, result in significant financial losses, and undermine user trust.

Recognising the need to strengthen the security of networks and information systems across the European Union, the European Parliament adopted the NIS Directive in July 2016 which since then has been replaced by NIS2. NIS stands for Network and Information Security.

NIS2 Directive (digital-strategy.ec.europa.eu)

Our role as regulatory authority

The Swedish Government has appointed the Swedish Energy Agency as the regulatory authority for the energy sector in Sweden. We are responsible for supervising compliance with the relevant legislation and associated regulations. We are also in charge of providing information and training in information security, risk management and continuity planning.

As regulatory authority, the Swedish Energy Agency is empowered to:

  • issue injunctions to operators who fail to meet the requirements

  • impose administrative fines on operators who neglect to comply with the legislation

Further details regarding enforcement and sanctions can be found in applicable laws, regulations and instructions.