Sweden

Yes. Some of the material requirements on IT security may be illustrated by the sector specific supervisory authorities’ guidelines:
• Banks, other credit institutions, investment firms and undertakings with authorization to conduct clearing operations are for instance subject to the Swedish Financial Supervisory Authority’s (Sw. Finansinspektionens) guidelines. To give an example, (FFFS 2014:5) regarding information security, IT operations and deposit systems. The said guidelines include requirements concerning governance and procedures for sound IT operations (including for example the implementation of security measures and routines for managing risks and following up on incidents).
• Suppliers of publicly available electronic communications services in public communications networks are subject to the Swedish Post and Telecom Authority’s (Sw. Post- och telestyrelsens) guidelines. For instance (PTSFS 2014:1) which covers inter alia appropriate technical and organizational security measures, in particular regarding access control, incident reports and encryption. There are also more detailed guidelines in other publications of the Swedish Post and Telecom Authority, such as PTSFS 2015:2 concerning continuity and availability.
Due to the recent implementation of the Security of Network and Information Systems Act (2018:1176), new regulations and guidelines are expected.