HiQ Insights

As of today, 15 January, Sweden’s new Cybersecurity Act enters into force. The Act is the national implementation of the EU’s NIS2 Directive and introduces stricter requirements for how essential and important entities must work with cybersecurity, risk management, and incident reporting. For many organisations, this marks the starting point of a more structured and more business-critical approach to security. In this article, we explain what the Act means in practice, which organisations are affected, what actually changes for executive management and boards — and what organisations should prioritise now that the Act is in place.

Today, software shapes how companies operate and create value, far beyond the boundaries of the IT department. When business logic and ways of working are built into code, the demands on leadership and collaboration change – something HiQ’s CEO, Peter Arrhenius, reflects on in a conversation on the Agilpodden podcast.

The digital development of Sweden’s public sector has taken clear steps forward. The year 2025 is characterised by a broad wave of modernisation where data, cloud and AI converge with growing demands for collaboration. The goal is to create simpler, faster and smarter services for both citizens and employees. While much is still evolving, the direction is stable, ambitious and nationally coordinated — as confirmed by Digg (2025), the Government (2025) and several leading industry reports.

The threat landscape facing the Swedish public sector continues to grow — in both scale and complexity. Ransomware, phishing, exploitation of known vulnerabilities and rapid zero-day abuse have become everyday challenges. According to analyses from Check Point, LexisNexis Risk Solutions and Google Cloud, attackers now exploit newly disclosed vulnerabilities within hours of their publication.