Investigation into the implementation of the NIS Directive submitted to Minister of the Interior Anders Ygeman

The inquiry into the implementation of the NIS Directive submitted the report "Information security for socially important and digital services" (SOU 2017:36) to Minister of the Interior Anders Ygeman this week.

The inquiry proposes a new law and a new regulation on information security for certain providers of essential and digital services. The proposals apply to certain public and private businesses that provide essential services in seven sectors that deserve protection: energy, transport, banking, financial market infrastructure, healthcare, supply and distribution of drinking water and digital infrastructure. Providers of digital services are also covered by the proposals. To be covered by the provisions, it is required that the service is dependent on networks or information systems and that an incident would cause a significant disruption to the provision of the service.

Among other things, it is proposed that suppliers be required to take technical and organizational security measures and report serious IT incidents to the Swedish Agency for Civil Protection and Emergency Preparedness (MSB). It is proposed that a supervisory authority for each sector be given responsibility for monitoring that the regulations are followed and that the requirements in the legislation have had an effect on security. The supervisory authority will be given the authority to decide on sanctions.

– I view the proposals positively, which mean that both public and private actors in sectors of particular societal importance must tighten their work with information security. This is entirely in line with the government's other initiatives in the area, says Minister of the Interior Anders Ygeman.

The new law is proposed to enter into force on May 10, 2018.

The news can also be read here.

Uncategorized