Sweden has published its long-awaited government inquiry concerning the AI Act (SOU 2025:101). The inquiry essentially recommends that a new Swedish AI law and ordinance should supplement the AI Act, along with certain adjustments relating to national rules on secrecy and confidentiality.
The proposed Swedish AI law and ordinance are relatively straightforward as they primarily address the division of responsibilities among Swedish authorities, sanction provisions and other administrative elements necessary for supervising compliance with the AI Act.
Of particular note is that the Swedish Post and Telecom Authority (PTS), and not the Swedish Authority for Privacy Protection (IMY), will assume primary responsibility for the supervision of the AI Act. This includes serving as the coordinating authority and single contact point, holding the main responsibility for issuing regulations and providing guidance and overseeing areas likely to have the broadest impact on organisations (e.g., high-risk AI in the workplace, AI literacy and main responsibility for transparency obligations). Other relevant authorities are not hindered from assisting with preparing guidance or to some extent drafting their own specialised guidance (at least for their own supervisory areas under the proposal) but it is nevertheless surprising considering IMY has thus far been the most active in issuing national guidance on the AI Act.
Another noteworthy point is that the inquiry proposes that administrative fines should only be imposed for breaches of those provisions in the AI Act listed in Articles 99(3)–(5). Although the European Commission has previously stated that these should not be interpreted as “exhaustive” and that Member States should also establish sanction mechanisms (of some kind) for breaches of other provisions of the AI Act, the inquiry finds it “questionable” to expand the list in light of the principles of legality and proportionality under Swedish law.
Consequently, the inquiry proposes that breaches relating to for example AI literacy (Article 4), impact assessments (Article 27) and the right to an explanation of individual decision-making (Article 86) should not give rise to administrative fines (or formal reprimands) under the Swedish supplementary AI legislation. Instead, such breaches would be primarily addressed through injunctions (Sw. föreläggande) or injunctions combined with fines as supervisory tools. This also indicates Sweden’s position on what types of breaches are viewed as more serious.
The right to an explanation is however in principle already subject to sanction mechanisms under the GDPR and a failure to address AI literacy may in the long run lead an organisation to breach more ‘serious’ obligations.
Click here to read the full inquiry report (in Swedish only).