Netnod responds to the Swedish implementation of the CER Directive

Netnod has provided feedback on the Swedish implementation of the CER Directive (SOU 2024:64), following the opportunity given by the Ministry of Defence on 8 October 2024. In particular, Netnod sees two issues of note:

• Unclear interaction of legal acts: The interplay between the Security Protection Act, the Swedish implementation of NIS2, and this act regarding availability, especially for digital services, lacks clarity. Netnod believes this interaction needs to be clarified, particularly for the availability aspects of operations important to national security (säkerhetskänslig verksamhet).
• All-hazards approach without the relevant tools: The utilization of an all-hazards approach without supplementary tools is insufficient. Netnod suggests that, if an all-hazards approach is adopted, it must be complemented with tools that enable organizations to manage previously unidentified risks.

The proposed legislation is part of a series of legislative proposals aimed at enhancing the resilience of actors within the EU. However, the intended effect of these proposals, including the implementation of the CER Directive, remains unclear. Furthermore, the methods for measuring and evaluating the effectiveness and efficiency of the legal frameworks have not been defined.