New Cybersecurity Act enters into force in Sweden

The Cybersecurity Act (2025:1506) and the Cybersecurity Ordinance (2025:1507) enter into force today, 15 January 2026. This means that the NIS2 Directive, which aims to raise the overall level of cybersecurity across the EU, is implemented into Swedish law. At the same time, the NIS Act (2018:1174) on Information Security for Essential and Digital Services is repealed. 

The Cybersecurity Act requires entities within its scope to: 

• register with the regulatory authority 
• implement appropriate security measures 
• provide management training
• report significant incidents. 

“With the Cybersecurity Act and the new Ordinance entering into force today, Sweden is taking an important step towards strengthening the overall level of cybersecurity within the EU,” says Titti Norlin, Head of Unit at the Swedish Energy Agency.