Responsibilities within information security

The energy sector has been identified as a risk area where deficiencies and acts of sabotage may have serious consequences. The Swedish Energy Agency is the regulatory authority within the energy sector for the NIS2 directive, which is implemented in Sweden through the Cybersecurity Act.

Security incidents pose a serious threat. Systems may become targets of deliberate sabotage intended to cause harm or disrupt operations. Such incidents can obstruct economic activity, result in significant financial losses and undermine user trust.

Recognising the need to strengthen the security of networks and information systems across the European Union, the European Parliament adopted the NIS (Network and Information Security) Directive in July 2016. To respond to the increased exposure of Europe to cyber threats, the NIS Directive was replaced by the NIS2 Directive in December 2022. The aim of the NIS2 Directive is to create a higher and harmonised level of cybersecurity across EU member states.

NIS2 Directive (digital-strategy.ec.europa.eu)

Our role as regulatory authority

The Swedish Government has appointed the Swedish Energy Agency as the regulatory authority for the energy sector in Sweden. We are responsible for supervising compliance with the relevant legislation and associated regulations. We are also in charge of providing information and training in information security, risk management and continuity planning.

As regulatory authority, the Swedish Energy Agency is empowered to:

issue injunctions to operators who fail to meet the requirements
impose administrative fines on operators who neglect to comply with the legislation.

Further details regarding enforcement and sanctions can be found in applicable laws, regulations and instructions.