What is Säkerhetsskyddslagen? 🇸🇪 Introduction to requirements

Säkerhetsskyddslagen (Protective Security Act, SFS 2018:585) is Sweden’s national security law for organizations that run security-sensitive activities or handle security-classified information.

It applies in Sweden across both public and private sectors whose operations are important to Sweden’s security. The goal is to protect against espionage, sabotage, terrorism, and other threats by requiring structured protective security work.

What does Säkerhetsskyddslagen stand for?

“Säkerhetsskydd” means protective security. The Act sets the ground rules for how operators must identify what needs protection, against which threats, and with what measures, starting from a documented protective security analysis. It is complemented by the Protective Security Ordinance (SFS 2021:955) and guidance from the Swedish Security Service (Säkerhetspolisen) and the Swedish Armed Forces.

What does Säkerhetsskyddslagen require?

At a high level, organisations in scope must:

• Do a protective security analysis (säkerhetsskyddsanalys). Document what must be protected, from what, and how. Review it regularly, at least every two years.
• Implement proportional measures in three areas: information security, physical security, and personnel security, based on the analysis.
• Appoint a security protection manager (säkerhetsskyddschef) with a clear mandate near top management.
• Vet personnel when needed, including record checks for roles with access to security-sensitive activities or classified information.
• Control suppliers. Use security protection agreements (säkerhetsskyddsavtal) in procurements, collaborations, or outsourcing that involve security-sensitive activities.
• Approve information systems before putting them into use in security-sensitive activities.
• Report security-threatening incidents and consult the competent authority before exposing or transferring security-sensitive activities.

Read more: What does Säkerhetsskyddslagen require?

How does Säkerhetsskyddslagen provide security?

It forces a systematic, risk-based approach: analyze threats, classify assets and information, and apply targeted controls in tech, people, and physical domains. Mandatory supplier controls and system approvals reduce supply-chain and IT-system risk. Supervision sits with Säkerhetspolisen and Försvarsmakten, with sector authorities involved, and there are administrative fines for breaches.

What are benefits of Säkerhetsskyddslagen?

Following Säkerhetsskyddslagen helps organizations lower the risk of espionage, sabotage, and insider incidents by requiring that only vetted and trusted personnel can access sensitive areas and information. By enforcing structured personnel checks and clear access control processes, it reduces the chance of malicious insiders or unauthorized individuals gaining entry to critical systems or premises.

The law also strengthens resilience against supply chain threats by making security protection agreements mandatory for suppliers involved in security-sensitive activities. These agreements set clear security obligations for vendors and subcontractors, helping organizations maintain consistent protective measures even when working with external partners. This significantly reduces vulnerabilities introduced through outsourcing or collaborative projects.

Finally, Säkerhetsskyddslagen improves governance and accountability by requiring the appointment of a dedicated security protection manager. This role ensures that protective security work is not a side task but a clearly managed responsibility within the organization. With a defined leader in charge, security measures are more likely to be implemented effectively, regularly reviewed, and kept up to date with evolving threats.

FAQs

Is Säkerhetsskyddslagen mandatory?

Yes, Säkerhetsskyddslagen is mandatory for applicable entities involved in national security in Sweden.

Why is Säkerhetsskyddslagen important?

It is crucial for protecting Sweden’s national security interests. By enforcing strict security measures, it prevents espionage, sabotage, and other threats, ensuring the safety and integrity of critical operations.

Who needs to comply with Säkerhetsskyddslagen?

It applies to public and private entities involved in security-sensitive operations in Sweden.

Read more: Who does Säkerhetsskydslagen apply to?

When is Säkerhetsskyddslagen in effect?

The framework is currently in effect and governs all relevant security operations.

Is Säkerhetsskyddslagen supported in Cyberday?

Yes. Cyberday provides full support for Säkerhetsskyddslagen compliance.