Information security for essential services and digital services (NIS)
Companies that supply certain types of digital infrastructure and certain digital services are now subject to new information security requirements following the transposition of the NIS Directive in Swedish law on 1 August 2018.
Today’s digitised society is dependent on functioning network and information systems. A fundamental requirement is that such services are reliable and secure. The EU has decided that the requirements relating to information security are to apply to companies supplying these services within the EU.
In accordance with the regulations, these companies are to work with information security systematically and based on risk, and are to report any incidents to the Swedish Civil Contingencies Agency (MSB). The Swedish Post and Telecom Authority (PTS) is the supervisory authority for digital infrastructure and digital services.
MSB has a coordinating role when it comes to NIS in Sweden. This means, among other things, that MSB issues regulations for all sectors subject to the legislation.
Who is subject to the legislation?
Services subject to the NIS Directive are categorised as essential services and digital services.
Several sectors are supplying essential services, such as energy, transport as well as health and medical care. The sector that PTS supervises is digital infrastructure, which includes operators such as DNS service providers and TLD registry for top level domains.
Digital service providers include cloud service providers, online marketplaces and online search engines.
More information on which organisations are concerned can be found on MSB’s website (in Swedish).
PTS is one of the supervisory authorities for the NIS Directive in Sweden. We are responsible for the supervision of essential services within the digital infrastructure and for digital services. Our supervision involves monitoring the companies’ compliance with the law and with MSB’s regulations. The primary aim is to assess whether the providers meet the requirements for security measures and incident reporting.
PTS is also responsible for providing information and guidance to companies that are subject to the NIS Directive.
PTS is entitled to issue more sector-specific regulations regarding security measures in addition to those set out in MSB’s regulations.
Questions about NIS
If you have general questions about the Swedish implementation of the NIS Directive, please contact MSB via e-mail: email@example.com.
If you are an operator of essential services or a digital service provider affected by the NIS Directive, contact PTS via e-mail at firstname.lastname@example.org, or via telephone at +46 (0)8-678 55 00 (operator) for any specific questions.