Sweden’s updated NIS2 draft regulation on training and security measures: broader flexibility, targeted tightening on supply chain security
The Swedish Civil Defence and Resilience Agency (MCF, formerly MSB) has recently published an updated draft regulation on training and security measures under Sweden’s NIS2 framework. Although the regulation has not yet been finalised, it gives a clearer indication of the security and training measures that in-scope entities are expected to implement. The draft regulation is currently subject […]
EU launches ICT Supply Chain Security Toolbox to address cybersecurity risks
On 30 January 2026, the NIS Cooperation Group, comprising representatives of EU Member States, the European Commission and the EU Agency for Cybersecurity (ENISA), adopted the EU ICT Supply Chain Security Toolbox, establishing a common EU approach to identifying, assessing and mitigating cybersecurity risks across ICT supply chains. The toolbox provides a structured, non-binding framework […]
EDPB–EDPS Joint Opinion on the Digital Omnibus proposal
On 19 November 2025, the European Commission issued a Digital Omnibus proposal with the aim to simplify compliance with the digital rulebook, hereby amending several EU digital legislation, such as GDPR, Data Act and ePrivacy Directive. The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a Joint Opinion on the proposed […]
NIS2 Entities Registration in Sweden – Guidance
The EU’s NIS2 Directive, implemented in Sweden via the Cybersecurity Act (Sv. Cybersäkerhetslag (2025:1506), introduces a mandatory obligation for covered organisations to register with the supervisory authority. In this context, the Swedish Civil Defence and Resilience Agency (Sv. Myndigheten för civilt försvar) has issued guidance and launched a registration platform to facilitate compliance. From 2 […]
The Digital Omnibus: Targeted Amendments to the EU Digital Rulebook
The European Commission has unveiled a new digital package designed to cut administrative burdens for companies across the EU and streamline the Union’s fragmented digital rulebook. The package centres on, amongst other things, amending existing requirements relating to GDPR, AI Act, Data Act, e-privacy directive and other data legislation such as the Data Governance Act. […]
Swedish Government Submits Bill on New Cybersecurity Act to Implement NIS 2
The Swedish Government has published the bill to implement the NIS 2 directive (2022/2555) into Swedish law. The proposal includes amongst other things the introduction of a new law, the Swedish Cybersecurity Act – which will replace the current Swedish Act (2018:1174) that implemented the previous NIS directive. The Cybersecurity Act largely aligns with the […]
The Swedish Government submits draft Cyber Security Act (implementation of NIS2) to the Council on Legislation
On 12 June 2025, the Swedish Government decided on a legislative council referral with proposals for a new Cyber Security Act (the “Act“) and other legislative amendments. The package implements Directive (EU) 2022/2555 (NIS 2). The referral shows a number of amendments in the proposal for the new Cyber Security Act compared to the proposal […]