Help to comply with the Cybersecurity Act
The Cybersecurity Act sets new requirements for the organization's information and cyber security. But for many, it remains unclear whether one is covered, what is actually required and what the work should look like in everyday life. We will help you all the way — from initial assessment to an ongoing and working way of working with the support of the DirSys platform.
.webp)
What does the Cybersecurity Act require — really?
In short: a systematic and risk-based approach. Among other things, it is about keeping an eye on:
risks and vulnerabilities
technical and organisational protection measures
Incident management and reporting
responsibility of management
security at the supplier level
How the requirements are applied depends on your business, your IT dependencies and your suppliers. Therefore, both legal and technical guidance is often needed.
Is your organization covered by the Cybersecurity Act?
Public sector
Authorities, municipalities, regions and municipal corporations
Community critical services
Energy, healthcare, water, transport, finance and digital infrastructure
Key companies and suppliers
Cloud services, data centers, manufacturing, food and vendors in critical value chains
Here's how we help you — step by step
Verdict: does the law apply to you?
We are investigating whether and how the Cybersecurity Act covers you. You are given a clear answer and a legal judgement to lean on.
Gap analysis: where do you stand today?
We compare your current situation with the requirements of the law. In workshop form, we go through the requirements together and work out what they mean in practice.
After the workshop, you will have a clear picture of what is already working and what is missing.
A priority action plan
Not all demands are equally urgent.
You get a concrete and prioritized plan, based on risk and impact. In addition, we help you assign responsibilities, so that the right person does the right thing.
Support in implementation
That's when most of the questions come up. Our advisors support you on an ongoing basis in law, technology and project management. So that the work actually lands in the business.
A unified place for compliance
Doing the work is important, but you also need to be able to demonstrate your compliance.
a clear overview of the current situation and compliance
follow-up of actions
responsibility delegated to the right people
It gives you an organization that works together and is ready for oversight.
Mölndal City – enhancing information security quality
Mölndal City's Health and Social Care Administration is responsible for decisions and follow-up in areas including home healthcare, elderly care, and social psychiatry. Following a review of its information security efforts, a collaboration with DirSys was initiated to strengthen the quality and systematic follow-up of information security.
“In our collaboration with DirSys, it became very clear what steps an administration must take regarding information security. It's not just about risk analyses and classifications; you have to break it down further. It's a big job that requires a lot of commitment and involvement from each department. It's not something you can do alone.”
Frequently asked questions and answers about the Cybersecurity Act
What does the Cybersecurity Act mean in practice?
To work in a structured and risk-based way with information and cyber security, be able to manage incidents and demonstrate compliance with requirements over time.
How to determine whether an organization is covered by the Cybersecurity Act?
The assessment is based on a combination of sector, size, possible exemptions and the organisation's role in vital supply chains, not just industry.
When does the law come into force?
15 January 2026, and many requirements require preparation well in advance — especially around governance, risk analysis and supplier management.
What are the main requirements of the Cybersecurity Act?
The key requirements concern:
- risk analysis and safety management
- technical and organisational protection measures
- Incident management and reporting
- responsibility of management
- security in the supply chain
Does the Cybersecurity Act also apply to suppliers?
Yes, often indirectly through requirements for security in the supply chain. This is especially true if the supplier supplies IT services or systems to socially important activities.
What happens in the case of supervision under the Cybersecurity Act?
Organisations need to be able to demonstrate compliance, for example through documentation, risk assessments and follow-up. Deficiencies can lead to injunctions or penalty fees.
Is a one-time intervention enough?
The No. The law requires ongoing work, follow-up and improvement. Risks, threats and supplier relationships change over time and must be monitored continuously.
How does a system support help us comply with the Cybersecurity Act?
A system support provides overview, structure and traceability, makes it easier to follow up on actions, and clearly shows how the organization works with compliance over time.
Need help complying with the Cybersecurity Act?
Contact us for an initial consultation — or book a demo of our platform.