Sweden

Law/Regulation Supervisory authority Legal instruments/rights
Law on information security for social and digital services
Regulation on
information
security for social and digital services Authority: Sector(s): Audit/investigation rights: All supervisory authorities are, to the extent required by the supervision, entitled to gain access to areas, premises and other spaces, but not housing, used in activities covered by the law on information security for social and digital services.
Fines: The supervisory authority may order the supervised supplier to provide information and provide access or otherwise as necessary for the suppliers to fulfil the requirements set out in the law. Such injunctions may be combined with fines.
Administrative sanctions: Administrative sanctions shall be imposed if (i) an operator of a social service does not fulfil the notification requirement, (ii) security measures are not taken in accordance with the law or regulations communicated in connection with the law, or (iii) incidents are not reported in accordance with the law or regulations communicated in connection with the law.
Swedish
Energy Agency Energy
Swedish Transport Agency Transport
Sweden’s
financial
supervisory authority Banking
Financial market
infra-
structure
Health and Social Care Inspectorate Healthcare
National Food Agency Supply and distribution of drinking water
Swedish Post and Telecom Authority Digital
infra-
structure
Digital
service
providers
Freedom of Press Act
Public Access and Secrecy Act Chancellor of Justice

Swedish Prosecution
Authority Officials breaching secrecy under the Public Access and Secrecy Act may be sanctioned for misconduct (Sw. tjänstefel).
Security Protection Act
Regulation on
security protection
Authority: Supervised
Entity: Injunctions: As regards procurement (see more information above), the supervisory authority may instruct the supervised authority to take action. If an injunction is not followed or if the supervisory authority assesses that the requirements of the Security Protection Act cannot be met despite taking further measures, the supervisory authority may decide that the authority may not complete the procurement.

Swedish
Armed
Forces Swedish Fortifications Agency
Swedish Defence University
Authorities related to the
Ministry of Defence
Swedish
Security
Service All other authorities but the chancellor of justice
Authority: Sector(s):
Swedish
Energy Agency Energy
Swedish Transport Agency Air transport
Swedish Post and Telecom Authority Electronic Communications
The county council in the county where the business
operates Other
businesses
Electronic
Communications Act Swedish Post and Telecom Authority
Audit/investigation rights: The supervisory authority is, to the extent required by the supervision, entitled to gain access to areas, premises and other spaces, but not housing, used for activities covered by the Electronic Communications Act and EU regulation no. 531/2012, 2015/2120, 2015/2120 and 531/2012 (“the EU regulations”).
Fines: The supervisory authority may order the supervised supplier to provide information and documentation necessary to demonstrate compliance with the requirements set out in the Electronic Communications Act and the EU regulations. Such injunctions may be combined with fines.
Revocation of permits: Permits granted under the Electronic Communications Act may be revoked under certain circumstances, e.g. if the holder of the permit seriously violates the act, has left incorrect or false information or fails to pay permit fees.
Penalties: Individuals that, by intent or negligence, breaches certain provisions in the Electronic Communications Act, e.g. certain secrecy provisions, can become subject to criminal penalties (fines or imprisonment).
Patient Data Act
Patient Security Act Swedish Health and Social Care Inspectorate Audit/investigation rights
The Inspectorate is entitled to conduct audits and to gain access to areas, premises and other spaces, but not housing, used in the relevant activities.
Injunctions and fines:
If any anomalies are identified, the Inspectorate may issue injunctions with or without fines.
The Swedish Financial Supervisory Authority’s Regulations and General Guidelines (Regarding Information Security, IT Operations and Deposit Systems
The Swedish Financial Supervisory Authority’s Regulations and General Guidelines The Swedish Financial Supervisory Authority If a company is in breach of the regulations the Swedish Financial Supervisory Authority can impose orders to cease with the regulated activities, fines, and in the most serious cases withdraw the authorization for the company.
Ship Security Act Swedish Transport Agency Audit/investigation rights: Organs enforcing supervision under EU Regulation (EC) No 725/2004), to the extent required by the supervision, is entitled to gain access to ships and port facilities and take part of documentation and other information related to the ship or port facility.
Injunctions and fines: The supervisory authority may in case there is a reason to assume that a Swedish ship has flaws in the ship security protection order; (i) a ban on the voyage of the vessel (ii) a ban on a certain operation or use of certain equipment, (iii) a ban or injunction to enter or departure from a certain station.
Injunctions issued under the provisions in Appendix 1 section 9 and 9 a in the EU Regulation (EC) No 725/2004), may be combined with fines.
Penalties: Individuals that, by intent or negligence breach certain injunctions issued under EU Regulation (EC) No 725/2004), may become subject to criminal penalties (fines or imprisonment).
Nuclear Activity Act Swedish Radiation Safety Authority Audit/investigation rights: The supervisory authority is, to the extent required by the supervision, entitled to gain access to areas, premises, documentation, test results etc. necessary for the supervision. Further, the public has certain rights to insights in the operations and to information related to the security of the nuclear facilities.
Injunctions and fines: The supervisory authority may issue the injunctions and prohibitions necessary to fulfil the requirements in the act, conditions or regulations based on the provisions in the act. Such injunctions or prohibitions may be combined with fines.
Revocation of permits: Permits granted under the Nuclear Activity Act may be revoked under certain circumstances, e.g. if the holder of the permit seriously violates the act, conditions or regulations based the provisions in the act or if there is a special reason from a security perspective to revoke the permit.
Penalties: Individuals that, by intent or negligence, breach certain provisions in the Nuclear Activity Act, may become subject to criminal penalties (fines or imprisonment).