Expanded scope of the Swedish FDI Act

On 1 August 2024, the Swedish Civil Contingencies Agency (Sw. Myndigheten för samhällsskydd och beredskap) published its revised guidelines (MSBFS 2024:8) listing types of essential services that fall under the scope of the Swedish Act on Foreign Direct Investments (the “FDI Act”). The revised guidelines expand the scope of the FDI Act and defines several new types of activities as essential services under the FDI Act. The revised guidelines enter into force on 1 September 2024 and will on that date replace the current guidelines (MSBFS 2023:560).

Following adoption of the revised guidelines, the following types of services will now fall under the scope of the FDI Act:

• Surveillance or remote monitoring of electronic alarm systems or fire alarms, or maintenance of these, for authorities or companies.
• Travel agency services for emergency response authorities or entities carrying out security-sensitive activities.
• Invoicing services for emergency response authorities or entities carrying out security-sensitive activities.
• Activities under the scope of the Swedish Healthcare and Medical Services Act (2017:30) (Sw. Hälso- och sjukvårdslagen) (2017:30) providing healthcare information and medical advice over the internet or by telephone.

In addition, the revised guidelines significantly expand the scope of the FDI Act within the information and communications technology sector. Under the revised guidelines, the following activities will fall under the scope the FDI Act:

• Operations, maintenance, and provision of public electronic communications if the activities are subject to notification under Chapter 2 of the Swedish Electronic Communications Act (Sw. Lag om elektronisk kommunikation) (2022:482), or electronic communication networks in fibre or broadband associations.
• Operations, maintenance, or provision of publicly available electronic communications services, if the activities are subject to notification under Chapter 2 of the Swedish Electronic Communications Act, and the provision of number-independent interpersonal communication services.
• Provision of systems, support services or support of telecommunication or videoconferencing services to emergency response authorities or organisations carrying out security-sensitive activities.
• Activities in IT operation services relating to the operation, maintenance or provision of cloud services, data server services, or outsourced web or server services for emergency response authorities, regions, municipalities or activities covered by Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (“NIS2”).
• Activities in IT operation services relating to control, operation or support of alarm or digital alert systems, alarm systems, for public or security-sensitive activities.
• Programming services for emergency response authorities or organisations engaged in security-sensitive activities involving the development, installation, operation or support of customised systems, licence provision, or access control.
• Activities relating to electronic identification or trust services for electronic transactions as defined in Article 3 of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.
• IT consultancy services for emergency response authorities or organisations engaged in security-sensitive activities involving communication or transmission services.
• IT consultancy services for emergency response authorities or organisations engaged in security-sensitive activities involving data or system security.
• Operators specialising in IT or computer services that perform data recovery or data destruction, or IT auditing or security auditing.
• Data processing services:
• provision of databases, or management of data, for national registers auditing, or
• automated scanning of data for authorities or companies.
• Development, operation, maintenance or provision of school administration platforms, learning platforms or digital tools for education under the Education Act (Sw. Skollagen) (2010:800).
• Publication of digital or printed teaching materials.
• Collection, processing or storage of genetic or biometric data.
• Suppliers, and support services or support, of space systems or space services to emergency response authorities or organisations conducting security-sensitive activities.

The expanded scope of the Swedish FDI Act brings new sectors under scrutiny. In transactions involving these sectors, parties will need to take the FDI implications into account and allow time for regulatory approval when setting the timetable for the transaction.

For a comprehensive overview of the Swedish FDI Act, including timelines, sanctions, grounds for prohibitions and conditions, etc., please see Delphi’s article on the Swedish FDI screening regime, here.