• About us
    • About Lindahl
    • How we work
    • Said about Lindahl
    • Press
    • Find us
    • Privacy
  • Areas
    • Commercial dispute resolution
    • IT/Tech
    • Intellectual property
    • Life Sciences
    • M&A
    • All areas
  • Our people
    • Stockholm
    • Göteborg
    • Malmö
    • Uppsala
    • Helsingborg
    • Örebro
  • Latest news
    • Cases and transactions
    • News
    • Events
    • Knowledge
    • Portraits
  • Offices
    • Stockholm
    • Göteborg
    • Malmö
    • Uppsala
    • Örebro
    • Helsingborg

Greater risks mean more stringent requirements – how to assess whether your business is security sensitive

  • Home
  • Latest news
  • Knowledge
  • 2022
  • Greater risks mean more stringent requirements – how to assess whether your business is security sensitive

For many people, 2022 began with the hope that there were better times ahead. That hope didn’t last long. The economic and political security situation in Europe has deteriorated over the course of the year. Everyone is therefore required to be more aware of risks and to adopt security measures to prevent threats. That means, in turn, greater focus on laws aimed at protecting Sweden’s security. One such law is the Protective Security Act (2018:585).

The Protective Security Act had been updated a number of times in previous years, most recently in December 2021. The Act imposes specific obligations on those engaged in security sensitive business activities. Among other things, the Act requires such operators to report on their business activities, draw up a security protection analysis, adopt security measures and observe specific requirements in the case of transfers of business or shares in a security sensitive business.

A specific security protection assessment and suitability test must also be carried out before an operator can transfer a security sensitive business or part thereof. There must also be prior consultation with the supervisory authority. Shareholders of private limited companies must also consult before they transfer shares in a security sensitive business. The consultation authority may order those sellers to adopt measures to fulfil their obligations under the Act and may ultimately prohibit the transfer. A transfer in breach of a prohibition becomes invalid.

 

Operators which are subject to the Protective Security Act but which have failed to adopt measures to comply with its provisions risk administrative fines that may amount to 50,000,000 SEK.

 

The updated Protective Security Act and the prevailing circumstances lead to stricter supervision which means that more and more businesses can be subject to the obligations under the Act, while many remain unclear as to whether they are running a security sensitive business. The person running a business is responsible him or herself for investigating and assessing whether the business is security sensitive.

In view of the greater importance of security protection, it is important for operators to investigate their responsibility. At the same time, it remains difficult to assess which businesses or parts thereof are considered to be security sensitive. It is therefore useful to carry out a security protection analysis in order to investigate the need to adopt measures in your own business.

 


HOW TO KNOW IF YOUR BUSINESS IS SECURITY SENSITIVE

“Security-sensitive business” is a broad concept and there are no concrete frameworks to identify who is carrying on security sensitive business. Each operator is therefore individually responsible for carrying out the assessment, particularly taking into account the fact that what constitutes a security sensitive business may vary over time, depending on the threat to Sweden. Security-sensitive businesses are common in sectors such as telecoms, banking and finance, energy and water supply, transport, financial services and information systems for electronic communications. Businesses that process large quantities of information or personal data, which are not themselves subject to security classification but which may be considered to be security sensitive for other reasons, may also be included.

The basis for the assessment is whether a security sensitive business is important for Sweden’s security. One way to assess whether your business is important for Sweden’s security is to investigate whether an enemy attack on your business could cause damage to Sweden’s external or internal security, economy or national activities of key public importance. This can often be the case in businesses such as financial payment systems, airports or communications network providers.

Businesses that process data that are not in themselves classified as security sensitive but that are used in a security sensitive activity can be considered to be security sensitive. For example, a supplier of products with associated technical solutions to Sweden’s healthcare and medical services can constitute a security sensitive business because an IT attack on such a supplier may entail great difficulties for necessary tasks in Swedish healthcare and medical services. One relatively recent example of a similar incident is the cyberattack on Coop in 2021 in which 800 stores’ payment systems were closed down. A similar attack on a supplier in the medical industry could lead to major consequences.

 


CARRY OUT A SECURITY ANALYSIS

A security protection analysis can be started by answering the following questions in order to gain a clearer picture of your need to carry out security protection in accordance with the Act:

  • What is the goal of the business?
  • Are there any parts of the business that are considered worthy of protection with regard to Sweden’s security?
  • What threats exist? For example, what types of attackers exist?
  • What consequences could an attack or interference have?
  • What threats and vulnerabilities are associated with the business?
     

Do you want help with carrying out a business analysis? Do you have any questions about what the requirements relating to security sensitive businesses mean for you or are you about to undergo a transfer of a business? At Lindahl we will guide you to a successful result!

 

M&A

Mergers and acquisitions make a significant part of Lindahl's business. Our experience as advisors and our expertise in the field is well known. The lawyers in our M&A group have extensive experience and knowledge, and are commonly also experts in other fields of law.

Visit page

Related

  • 5/17/2022 11:31:13 AM The County Administrative Board decides on a penalty fee for breach of the Protective Security Act
  • 3/11/2022 10:52:01 AM New sanctions against Russia – what does this mean for your business?
  • 2/15/2022 2:59:43 PM Changes to safety legislation affect many operators in the energy sector
  • 1/14/2022 6:05:47 PM New year, new anti-corruption measures – read the check list for a robust anti-corruption programme

Contact

  • Fredrik Steen

    Uppsala

    fredrik.steen@lindahl.se +46 708 238 774
Pages
  • Start
  • About us
  • Areas
  • Our people
  • Latest news
  • Privacy
Our offices
  • Stockholm reception.stockholm@lindahl.se +46 8 527 70 800
  • Göteborg reception.goteborg@lindahl.se +46 31 799 10 00
  • Malmö reception.malmo@lindahl.se +46 40 664 66 50
  • Uppsala reception.uppsala@lindahl.se +46 18 16 18 50
  • Örebro reception.orebro@lindahl.se +46 19 20 89 00
  • Helsingborg reception.helsingborg@lindahl.se +46 42 17 53 00
Social media
  • Connect with us on social networks: Instagram, Linkedin, Youtube, Facebook,

Disclaimer

The material and information on this site is intended for general informational purposes only and does not constitute legal advice on any specific matter. Please note that all images on Lindahl's website, www.lindahl.se, are subject to intellectual property protection and downloading, publication, copying and/or other use of the images requires the written consent of the rights holder. You'll find Advokatfirman Lindahl KB's general terms and conditions here.

Some cookies are essential, others help us improve your experience by providing insights into how the site is used. For more information, please visit our Cookie Policy.

Essential Cookies

These cookies are necessary for the functionality of the site and cannot be disabled.

Analytics Cookies>

We use Analytics cookies to collect information that gives us insight into how our website is being used. We anonymize IP addresses in Google Analytics. By clicking on Decline we won't save theese cookies.

Decline
We use cookies to get insights on how our site is used and give our visitors the best possible experience