The NIS2 Directive was adopted by the EU in December 2022 and aims to achieve a high common level of cybersecurity across the union. NIS2 replaces the previous NIS Directive from 2016. NIS stands for “The Directive on Security of Network and Information Systems.”
NIS2 was introduced because it was felt within the union that the first NIS Directive did not have sufficient impact. NIS2 imposes even clearer and stricter requirements, including on supplier security, management responsibility, and incident reporting. High sanctions and extensive supervision are used as means to achieve effect. The requirements of the NIS2 Directive already apply today, although adaptation to Swedish law is not yet fully complete.
NIS2 in Swedish Legislation
In March 2024, the government presented the investigation tasked with adapting the NIS2 regulation to Swedish law. The investigation proposes that NIS2 be incorporated through a new law – the Cybersecurity Act – which will come into effect in 2025.
The investigation states that the new regulation affects 18 sectors and virtually all public activities in Sweden. The purpose of the law is to achieve a high level of cybersecurity by implementing measures in nine specified areas. The requirements in these areas will take effect at the same time as the law.
The proposed legislation aims to truly bring about a cultural change in attitudes toward cybersecurity.
NIS2 sets requirements in nine areas:
- Incident management
- Continuity management
- Supply chain security
- Security in the acquisition, development, and maintenance of network and information systems
- Strategies and procedures for the use of cryptography and encryption
- Personnel security
- Strategies for access control and asset management
- Secured communication solutions
- Authentication solutions
Seadot Cybersecurity offers
We see a significant increase in requirements within the cybersecurity area. It is easy to feel lost in all the regulations that need to be followed, and the time to actually work on the measures is often lacking.
Seadot can help you use the new legislation and the tightened requirements in NIS2 to work effectively and raise the level of security. By mapping requirements against what has already been done, time can be spent on the right things instead of reinventing the wheel.
Perhaps you already have a systematic approach to, for example, information security, security protection, or risk and vulnerability analysis? Or maybe cybersecurity requirements in the organization are entirely new. Regardless, our knowledgeable consultants can guide you to achieve a tailored implementation of the NIS2 requirements, at your level, to be ready for 2025.
We can, for example, assist you with:
- Analysis, inventory, and mapping
- Implementation plans and advice
- Project management and implementation
- Training for management teams and boards
- Review and internal audit