NIS2 Directive and its Implementation in Sweden for the Finance Sector

The NIS2 Directive is a comprehensive update of the EU's cybersecurity strategy and is intended to strengthen the protection of critical infrastructure and organizations from cyber threats.

This new legislation, which must be implemented by the member states by 2024 at the latest, introduces stricter security standards, more extensive reporting requirements, and tougher enforcement measures. Banking and finance is one of the areas specifically identified as a risk sector and is directly affected by the new directive.

In Sweden, the implementation of NIS2 is still in an early stage. The government is investigating what changes are required in national legislation to implement the directive.

This investigation is expected to be completed by February 23, 2024, after which a legislative proposal will be drafted.

The banking and financial sector will be significantly affected by NIS2, with new requirements aimed at strengthening cybersecurity and reducing the risk of cyber attacks. This includes, among other things:

  • Enhanced Security Requirements: Banks and financial institutions will need to implement more robust risk management processes and incident response plans than before.
  • Stricter Reporting Requirements: Financial institutions must report security incidents to relevant authorities.
  • Management Responsibility: Management bodies within the sector must approve and monitor cybersecurity risk management measures.

It is predicted that many small and medium-sized financial companies will find it challenging to meet the new requirements as they often lack resources for these issues in current organizations.

Keeros believes that the NIS2 Directive represents an important milestone in the pursuit of strengthening cybersecurity within the banking and finance sector. Keeros and other service providers will play a key role in facilitating the introduction of NIS2, ensuring that the sector is not only compliant with the new rules but also better equipped to meet future cyber challenges.

Keeros is closely following the developments around NIS2 to proactively prepare and adapt our services to meet new laws and guidelines.

For more information on NIS2, we recommend visiting Enisa (European Agency For Cyber Security) at https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new.