Foreign direct investment reviews 2021: Sweden

New rules require transactions involving Swedish security-sensitive activities or assets to undergo a security screening

9 min read

A proposal for a more general FDI screening framework was presented by the Direct Investment Inquiry in November 2021

Sweden remains a country that recognizes the beneficial effects of foreign direct investment (FDI) and ownership on the Swedish economy and on consumers. However, concerns over an increase in foreign investors in Sweden following the economic situation caused by the global pandemic, prompted the Swedish Government to take actions in 2020 and introduce screening rules for foreign investments by amending the Swedish Security Protection Act ("Security Act," Säkerhetsskyddslagen).

Although a proposal for a more general FDI screening framework was presented by the Direct Investment Inquiry (Sw. Granskning av utländska direktinvesteringar) in November 2021, the beefed up Security Act has already had notable impacts on deals involving Swedish entities.

As of January 1, 2021, the Security Act requires that any transaction involving a Swedish entity operating security-sensitive activities or assets must be notified and receive approval from one of the Reviewing Authorities before completion. Although Sweden still does not have a general FDI screening mechanism, the new security screening obligation enables the Swedish Government via the Reviewing Authorities to supervise and ultimately block investments that may pose a threat to national security. The Swedish Security Service ("SÄPO," Säkerhetspolisen) and the Swedish Armed Forces ("SAF," Försvarsmakten) are designated as the central coordinating authorities. As of 1 December, the Security Act is supervised by a total of 13 authorities, each of them responsible for monitoring compliance with the Security Act and reviewing screening notifications within their own specific jurisdiction.

The Security Act is a general national security law that aims to protect information and activities of importance to Sweden's security against for example espionage, sabotage, terrorist offences and other threats. The Security Act imposes a number of obligations on companies, public agencies or authorities with security-sensitive operations. Companies are required to self-assess whether their operations are considered security sensitive, and thus fall under the scope of the Security Act.

If the assessment results in the conclusion that the Security Act is applicable, the company is required to notify the relevant reviewing authority and comply with the obligations set out in the Security Act, including the preparation of a security protection analysis and the adoption of measures within information security, personnel security, physical protection, security-protected procurements and transactions.



The notification must be submitted by the seller. Moreover, the seller is responsible for the assessment of the applicability, as well as compliance with the obligations, of the Security Act. The notification shall be submitted to the relevant reviewing authority, which is defined depending on the target company's activities or in case of a public entity, the geographic location of its activities.

The new security screening obligation enables the Swedish government to supervise and ultimately block investments that may pose a threat to national security



A transaction must be notified if it involves a Swedish entity that carries out security-sensitive activities or has assets that are considered security sensitive or has access to security-sensitive information, so called classified information.

The obligation to notify applies to both foreign (EEA and non-EEA) and non-foreign investors. Moreover, there are no specific thresholds with respect to acquired shareholding or control. The Security Act refers to the transfer of the whole or a part of the target entity. Only the transfer of shares in public limited companies are explicitly exempted from notification.

The concept of security-sensitive activities, assets or information ("security-sensitive activities" unless specified) is vaguely defined by the Security Act as activities that are of importance to Sweden's security, or are covered by an international protective security commitment that is binding for Sweden. Further guidance, although non-exhaustive, can be found in the preparatory works that mention sectors such as defense, law enforcement, energy and water supplies, vital infrastructure, telecommunications and transport.

It falls upon the target company and/or its seller, to assess whether it falls under the concept of security-sensitive activities. If the outcome of the assessment is that it falls under the notification obligation, the seller must follow the steps of the notification procedure set out in the Security Act.

  • Security assessment: First, a security assessment must be carried out to identify the specific activities, assets or information which the investor may get access to following the transaction. The security assessment shall be documented.
  • Assessment of appropriateness: Based on the security assessment the seller shall assess if the transaction is appropriate from a security protection point of view. The assessment of appropriateness shall be documented.
  • Consultation: If the assessment of appropriateness concludes that the transaction is appropriate, the seller shall consult with the relevant authority by submitting a notification including the underlying assessments and general information about the parties and the transaction.



If the assessment of appropriateness leads to the conclusion that the transaction is not appropriate from a protective security point of view, the transaction may not be completed.

The reviewing authorities have the powers to block a transaction or approve it subject to commitments. Moreover, if the seller fails to notify a transaction that falls under the scope of the Security Act, a consultation procedure may be initiated ex officio and the transaction can be prohibited and held null and void, even post-closing.

According to limited guidance issued by SÄPO, a transaction is considered inappropriate if the acquirer's access to the target's assets or operations may cause risks to national security. The target's operations or assets may also be of such a nature or such a significance for national security that a transfer of these to the acquirer is in itself inappropriate. Moreover, a transaction may be inappropriate if the acquirer represents foreign interests. The test is linked to a central question; what would the effects of a hostile action, such as an attack, espionage or an interruption of the target's business, products or services, have on Sweden's national security?

In order for the hostile action to trigger the need for security protection, the effects on national security must be material and measurable. For example, given that Sweden's population is largely geographically diverse and mainly concentrated to the Stockholm region, an attack against certain activities located in Stockholm will likely have a greater impact on national security compared to an attack against similar activities located in scarcely populated areas.



There is no official timing for the review process. However, the Reviewing Authorities have an obligation to comply with Swedish administrative rules requiring a swift procedure. A decision should normally be issued within one to two months.



Although the Security Act has been in force since the 1990s, it has mainly been a concern for a limited group of companies and government entities. The recent amendments, requiring certain investments to be notified, have thrown protective security issues into the spotlight of Swedish transactions. As the applicability of the Security Act is based on a self-assessment, target companies are now expected to be aware of the Security Act and whether it applies to their operations.

In view of the novelty of the notification obligation, there is limited guidance on the sectors and industries covered by the Security Act as well as the review process. A case-by-case assessment of the target is therefore recommended in every deal.

An investor who aims to invest in any of the highlighted industries (defense, law enforcement, energy and water supplies, vital infrastructure, telecommunications and transport) should anticipate an assessment of the target company's services or products, assets, information accessed or stored and customers in order to conclude on the applicability of the Security Act. As pointed out above, the responsibility for the assessment of the applicability of the Security Act as well as the notification lies on the seller and prior clearance should be a condition of the deal.


On November 1, 2021, the Direct Investment Inquiry handed over its report to the Swedish Government where it puts forward a proposal for a system for the review of FDI activities in Sweden

The proposal has a wide scope and would enable the Inspectorate of Strategic Products (Inspektionen för Strategiska Produkter, "ISP") to review and block foreign investments by non-EU, EU and Swedish investors in activities "worthy of protection." Such activities include security-sensitive businesses and functions that are fundamental to the society, which is similar to the scope of the current security screening mechanism, dual use products, critical metal and minerals and the development of new technologies.

According to the proposal, the current security screening regime and the FDI regime would apply in parallel with no framework superseding the other. In practice, this means that a deal involving security-sensitive activities could be subject to two parallel notifications, one submitted by the seller under the Security Act, and one submitted by the acquirer under the FDI regime. It remains to see if this potentially burdensome mechanism is maintained in the final proposal presented by the Government.

Compared to the current security screening, the proposed FDI screening would:

  • Widen the scope of activities that would be subject to mandatory notification
  • Apply a higher threshold for when transactions may be prohibited
  • Introduce a threshold for when investments must be notified of 10 percent or more of the total number of votes
  • Provide a more structured notification procedure with a Phase 1 (25 days) and a Phase 2 (3-6 months) which would give the investing party increased foreseeability.

The proposal has been referred to stakeholders for consultation. Following the consultation the Government will put forward its official bill that will be voted on in the Swedish Parliament. The Proposal suggests that the new act enters into force on January 1, 2023.


A pragmatic approach is necessary when discussing the applicability of the Security Act in the context of a transaction for two reasons:

  • Target companies may not always be familiar with the Security Act and the concept of security-sensitive activities. While it may be fairly easy for a company to provide information required for a merger filing analysis, questions related to security aspects may require more time and guidance.
  • The consequences of classifying as an entity operating security-sensitive activities are considerable and go beyond the transaction. A company that falls under the Security Act must comply with a number of obligations which may require internal restructuring and costs.

An informal dialogue with the reviewing authority may be helpful in order to clarify filing requirements or ensure a smooth notification process.



White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2021 White & Case LLP