Skip navigation
Close navigation
Search

29.09.2025

Stronger Cybersecurity Rules Are Coming. Is Your Company Ready?

Across Europe, the new EU cybersecurity directive (NIS2) is being implemented into national law, but not everywhere at the same pace. Denmark and Finland have already completed the process, while Sweden and Ireland are in the final phase of preparing their legislation. Iceland and Norway, though not EU member states, will also implement the directive through the EEA. The UK is likewise updating its national cybersecurity framework to align with the core purpose of NIS2.

For companies in these markets, all of them home to Advania, the message is the same: now is the time to prepare. Organizations that have not yet started risk running out of time as national laws come into force.

“If you haven’t already started adapting your operations, you need to do so now. This is a change journey that takes time,” says Klas Bergwall, Chief Security Officer at Advania Sweden, in a recent interview with Vd-tidningen, a leading executive and leadership magazine in Sweden.

What the Directive Means

The directive, adopted by the EU in 2022, is designed to raise the level of network and information security across member states. It applies to organizations in critical sectors such as energy, healthcare, digital infrastructure, public administration, and water supply.

Compared to earlier rules, the directive sets a much higher bar. It requires stricter incident reporting with a warning within 24 hours, a notification within 72 hours, and a final report within one month. It demands stronger supplier oversight, with documentation to prove that vendors also comply. It also broadens the scope of requirements, covering several areas including risk management, access control, and incident handling.

How Advania Helps Companies Prepare

For many organizations, the biggest challenge is knowing where to begin. The requirements extend beyond IT into governance, documentation, and cross-functional involvement.

Advania supports companies by conducting gap analyses to assess readiness. We design and implement processes for risk management, incident reporting, and supplier follow-up. We also provide cybersecurity solutions and services that strengthen resilience and help organizations meet the directive’s requirements.

“This isn’t something that security teams can solve alone. It affects the entire organization. That’s why many companies choose to partner with us – to get both the expertise and the structure they need to succeed,” says Bergwall.

Time to Prepare Is Now

Even in countries where national legislation is still being finalized, the preparation work takes time. In markets such as Denmark and Finland, the law is already in force. Acting early reduces pressure, builds resilience, and lowers the risk of disruption.

“Time is short,” Bergwall concludes. “Organizations need to start their journey now. The good news is that they do not need to do it alone. Advania is here to help.”

Want to know how Advania can support your cybersecurity journey across the Nordics and the UK? Contact your local supplier in Denmark, Finland, Iceland, Ireland, Norway, Sweden or UK.