Government needs to listen to businesses in its regulatory work

Safety and security

TechSverige's business policy expert Fredrik Sand comments on the complex regulatory framework of the Security Protection Act and the lack of accessibility of the supervisory authorities.

Security work is a team sport, and Sweden and the tech sector have a long tradition of close and constructive cooperation between authorities and companies. For example, the cooperation within the National Telecommunications Security Group (NTSG) between the Swedish Post and Telecom Authority and telecom operators is highlighted. Cooperation has grown and trust has increased. When the legislator made membership compulsory, there was little questioning of the substance, although TechSverige believes that the government should work with voluntary agreements on security and preparedness issues.

However, in the work on the Security Protection Act, it is clear that a partly new culture has been established that does not favor the development of a resilient digital Sweden. Despite the complexity of the regulations, there is a reluctance among the responsible authorities to guide and advise companies on how to interpret the new law. Therefore, TechSverige has petitioned and written to the government to include what the companies subject to supervision actually think.

The advice does not provide actual support to operators. The advice currently provided by the authorities is of a general nature and provides no actual support to private operators. The activity-specific assessments of protection values and consequences for Sweden's security must instead be carried out entirely by the operator, without the possibility of discussing the many issues with experts who have considerably more experience of the subject and working methods.

The regulatory framework for security protection is complex and relatively new for the private sector and places the entire responsibility on individual companies to assess the importance of their activities for Sweden's security. Available guidance is not sufficiently concrete and supervisory authorities are perceived as inaccessible and dismissive when they receive concrete business-specific questions. This is in contrast to how the corresponding regulatory framework works in our neighboring countries or at EU level, where it is often clear which activities are covered and what measures should be taken to protect national security. It should be easy to get it right, especially given the importance of this area. 

At present, the private sector is discouraged by complex and difficult to understand interpretations instead of an open and inclusive discussion of the legal situation.

Given this situation, TechSverige has been positive about the government assignment to follow up the supervision of security protection. It is important to have a comprehensive evaluation. It was therefore a shortcoming that the assignment did not include hearing what those subject to supervision think about the supervision work. TechSverige has therefore written to the Government requesting that companies be given a voice in the continued work. This is urgent. The authorities can, and have already decided, on heavy fines. The penalty fees will now also be increased according to an investigation proposal. 

The government needs to promote trusting cooperation between companies and regulators. There will be more questions as total defense work is stepped up. 

It is possible to make it easy to do the right thing, also for Sweden's security.

Fredrik Sand
Business policy expert, TechSverige