På Svenska
Hero image

Protective Security Act

Protective Security Act

From physical to digital protection

Much has happened since the Protective Security Act (1996:627) was introduced in Sweden more than 20 years ago. Physical assets have largely become digital, which has created a whole new set of threats. In order to strengthen Swedish protection and adapt it to today's challenges, the new Protective Security Act was introduced in April 2019.

Both public authorities and companies can be covered

The new security protection legislation applies if the activity is of importance to national security or has a special protection requirement related to terrorism. In addition to public authorities, which in many cases handle sensitive information, the rules may also apply to limited liability companies, commercial companies, foundations and associations over which the state, municipalities or county councils have a statutory controlling influence. The same applies to individuals who carry out activities that may be important for national security.

penetration test pentest


What does the new Protective Security Act refer to?

Protection against crimes that may threaten national security

Protection of classified information affecting national security

Protection against terrorism


How has the security legislation changed?


More actors are covered by the new Protective Security Act. For example, IT systems that are are key importance for our society, such as healthcare, energy supply and transport systems, are affected.

Information classification

Begreppet “hemliga uppgifter” ersätts med säkerhets­klassificerade uppgifter i de fyra informations­klasserna; “kvalificerat hemlig”, “hemlig”, “konfidentiell” samt “begränsat hemlig” inom ramen för Offentlighets- och sekretesslagen.


Clearer guidelines on the inventory and classification of IT systems and information.Affected businesses shall also clarify whether they are also subject to other legislation, such as the NIS Directive.

Security protection analysis

I de fall organisationen har IT-system eller informIn cases where the organisation has IT systems or information assets that are security-sensitive, the organisation needs to conduct a security protection analysis, and then develop a plan for the future of security protection.

Contact us

We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.