İçeriğe geç
NISDESK

NISDESK · SE

NIS2 Compliance in Sweden

Swedish essential and important entities face NIS2 obligations through sector-specific supervisors within the NCSC-SE framework; CERT-SE coordinates incidents.

Transposition status: Transposed via the Swedish Cybersecurity Act (Lag om cybersäkerhet, 2024); MSB, FRA, SÄPO and FMV jointly form the NCSC-SE.

Are you in scope?

NIS2 covers medium and large organisations in 18 sectors. Fines reach €10M or 2% of global turnover. Check your scope, obligations and a readiness score for free.

National authority & CSIRT

In Sweden, NIS2 supervision is handled by NCSC-SE (Swedish National Cyber Security Centre) / CERT-SE. The national CSIRT is CERT-SE. Significant incidents must be reported within 24 h (early warning), 72 h (notification) and one month (final report) per NIS2 Article 23.

NIS2 sectors in Sweden

Each sector has specific obligations. Explore them for Sweden:

Frequently asked questions

Which sectors are covered by NIS2 in Sweden?

NIS2 covers 18 sectors: Annex I (highly critical — energy, transport, banking, financial markets, health, water, digital infrastructure, ICT service management, public administration, space) and Annex II (other critical — postal services, waste management, chemicals, food, manufacturing, digital providers, research). Transposed via the Swedish Cybersecurity Act (Lag om cybersäkerhet, 2024); MSB, FRA, SÄPO and FMV jointly form the NCSC-SE.

Who supervises NIS2 compliance in Sweden?

In Sweden, the primary competent authority is NCSC-SE (Swedish National Cyber Security Centre) / CERT-SE. The national CSIRT is CERT-SE, which handles significant incident notifications and cybersecurity coordination.

What are the NIS2 incident reporting deadlines in Sweden?

Organisations must submit an early warning to CERT-SE within 24 hours of a significant incident, a formal notification within 72 hours, and a final report within one month — per NIS2 Article 23.

What are the NIS2 fines in Sweden?

Essential entities face fines up to €10 million or 2% of global annual turnover. Important entities face up to €7 million or 1.4% of global annual turnover. Exact enforcement varies by national transposition.

For decision-support purposes only. Exact scope depends on national transposition — use our free scope checker for a personalised assessment.