The EU’s NIS2 Directive, implemented in Sweden via the Cybersecurity Act (Sv. Cybersäkerhetslag (2025:1506), introduces a mandatory obligation for covered organisations to register with the supervisory authority. In this context, the Swedish Civil Defence and Resilience Agency (Sv. Myndigheten för civilt försvar) has issued guidance and launched a registration platform to facilitate compliance.
From 2 February, all entities covered by the Cybersecurity Act must submit a notification as soon as possible. If the information is not received within 14 days, supervisory authorities may take regulatory actions.
The registration form includes information such as organisational details, sector and subsector classification, activities within the EU/EEA, justification for NIS2 applicability, whether the entity is considered essential or important, internet-facing identifiers (such as IP addresses and domain names), and contact details.
According to the main rule, an operator is covered by the Cybersecurity Act if it conducts activities specified in the annexes to the NIS2 Directive, operates in Sweden and meets the applicable size requirements.
The Guidance on the notification as well as the registration form can be found here (in Swedish).