NIS2 – stricter cybersecurity requirements

The NIS directive went into effect in August 2016 with the aim to create an overall higher level of cybersecurity in the EU. The political agreement of NIS2 was formally adopted by the Parliament and then the Council in November 2022. The directive includes a new set of cybersecurity obligations for organizations across many sectors.

On March 10, Swedsoft invites you to a digital seminar with Tommy Forsell, Ministry of Defense on the theme NIS2.

The original NIS directive applied to organizations in seven sectors, the new NIS2 directive adds eight extra: providers of public electronic communications networks or services, Wastewater and waste management, manufacturing of certain critical products, food, digital services, space, postal and courier services as well as public administration.

Big differences

The NIS2 require that more organizations comply with stricter cybersecurity requirements. Compared to its predecessor, NIS2 places high demands on the governing bodies such as the company boards. According to Article 20, “members of the management bodies of essential and important entities” must undergo training and member states must encourage significant entities to regularly offer similar training to their employees, so that they acquire sufficient knowledge and skills to be able to identify cybersecurity risks.

The measures shall include “at least” the following:

  • policies on risk analysis and information system security;
  • incident handling;
  • business continuity, such as backup management and disaster recovery, and crisis management;
  • supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers;
  • security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure;
  • policies and procedures to assess the effectiveness of cybersecurity risk-management measures;
  • basic cyber hygiene practices and cybersecurity training;
  • policies and procedures regarding the use of cryptography and, where appropriate, encryption;
  • human resources security, access control policies and asset management;
  • the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate.

Read about NIS2 here.


Report on lifelong learning

Prior to the workshop, the agency presented a series of questions that were discussed during the workshop. In the report

Summer greetings

At the annual meeting, two new members were elected to the board; Linda Örtlund, SKF and Patrik Sandgren, Teknikföretagen. We continue to work

Webinar on Cyber Resilience Act

Since 2022, Rikard has been globally responsible for digital product security at SKF and involved in their digital products. SKF

Swedsoft about standardization of AI

Swedsoft has reviewed the proposal, and our overall strong recommendation is not to standardize AI as a technology, as it