Sweden

No, the Swedish approach to regulating IT security takes focus on critical sectors/qualified situations. This has resulted in a rather fragmented regulatory landscape, where the material obligations are often set out and interpreted in different sets of official documents by different authorities. This approach and method is however rather similar across different sectors (please see the examples we have given in our answers below).
In addition, awareness concerning IT security has been raised at a more general level along with the increased attention to data protection matters and the General Data Protection Regulation (“GDPR”). For example, the GDPR covers an obligation to discover, analyze and report personal data breaches as well as an obligation to implement appropriate technical and organizational security measures (the latter was also an obligation under the EU directive).