On 13 September 2023, the Swedish Parliament adopted a foreign direct investment review mechanism for Sweden (the “FDI Act”). The new FDI Act allows foreign direct investments to be screened for security risks and, if necessary, restricted or prohibited. The Inspectorate for Strategic Products (“ISP”) was designated on 2 November as the competent review authority. On the same day, the Government issued a complementing ordinance (2023:624) on the review of foreign direct investments (the “FDI Ordinance”), which appoints the Swedish Armed Forces, the Swedish Defence Materiel Administration, the Swedish National Board of Trade, the Swedish Civil Contingencies Agency (“MSB”) and the Swedish Security Service as the authorities that will cooperate with the ISP.

The FDI Act, and the complementing ordinance, will enter into force on 1 December 2023 and will apply to investments completed after this date (even if contracts are signed before 1 December 2023). It will not be possible to file an FDI notification before 1 December 2023. In practice, parties will need to treat FDI approval as a condition to completion, in the same way as for competition or financial regulatory approvals.

MANNHEIMER SWARTLING, Rozanna Sternad Fackel and Carolina Dackö

MANNHEIMER SWARTLING, Rozanna Sternad Fackel and Carolina Dackö

Scope of the FDI Act

What types of activities are covered?

The purpose of the FDI Act is to prevent foreign direct investment in Swedish “protected activities” where such investment could have a detrimental effect on Sweden’s national security, or on public order or public safety in Sweden. “Protected activities” are divided into the following categories:

  • Essential services (MSB has prepared a draft list)
  • Security-sensitive activities (as defined in the Protective Security Act)
  • Critical raw materials and other metals and minerals (listed in the FDI Ordinance)
  • Large-scale processing of sensitive personal data or location data
  • Military equipment (according to the Military Equipment Act)
  • Dual-use items (as defined in the EU Dual-Use Regulation)
  • Emerging technologies and other strategically important technologies (listed in the FDI Ordinance)

All investors must notify – regardless of nationality

The obligation to notify the ISP is triggered where an investment involves an investor gaining an influence over, or acquiring, protected activities. The party responsible for filing the notification is the investor. The obligation applies to all investors – whether established outside of the EU, within the EU, or in Sweden itself. The reason for including domestic and EU investors is to prevent circumvention of the FDI Act, for instance, where a third country actor uses a Swedish company, which is under its control, to acquire a protected Swedish entity. However, although investments by Swedish and EU investors must be notified (even where there is no ultimate foreign ownership), it is presumed that the ISP will leave such cases without action and not initiate a review. However, the transaction documents of such investments will still need to provide for completion to be conditional on FDI authorisation. 

It is worth noting that the Court of Justice of the European Union (CJEU) handed down a judgement earlier this year holding that the prohibition of an acquisition by an EU investor, even when its ultimate owner is non-EU could, in certain circumstances, breach the EU principle of freedom of establishment. The CJEU case has generated considerable debate. It remains to be seen whether it will lead to any amendments to the regulatory framework. 

Which types of investments trigger a notification?

The FDI Act applies to investments in limited liability companies, European companies (Societas Europaea), partnerships, economic associations, foundations, unincorporated partnerships or sole trader undertakings. The notification thresholds, discussed below, relate to limited liability companies. Investments include both ordinary acquisitions and other forms of investment, such as venture capital. An obligation to notify arises if:

  1. the investor would hold, directly or indirectly, voting rights equal to or exceeding 10, 20, 30, 50, 65 or 90 % in the target company (whereby notification must be made whenever such threshold is exceeded, regardless of whether a lower percentage has previously been authorised); or
  2. the investor would otherwise obtain direct or indirect influence over the target’s management (e.g. through board representation or extensive veto rights). 

The FDI Act applies to investments in both private and listed companies, as well as asset transfers and so-called “greenfield” investments, i.e. where the future operations of the target company are to comprise protected activities. Investments by way of private placements are also covered, although rights issues are excluded. 

In relation to corporate groups of investors, ownership and control are to be viewed on a group-wide basis. For instance, an investor proposing to acquire two per cent in a protected company will need to notify the investment if another company in its corporate group already owns or controls nine per cent of the protected company. A notification threshold is triggered since the investment would result in the group’s ultimate parent company indirectly controlling over 10% of the voting rights.

Intra-group transactions are also covered by the FDI Act – again, to prevent the risk of circumvention.

Essential services

MSB’s draft regulation, containing a list of what activities shall define as essential services, supplements the FDI Act and has a broad scope. Essential services, according to MSB’s proposal, covers companies that conduct activities that fall under any of the sub-categories listed in the regulation and have an annual turnover of SEK 5 million or more (unless otherwise stated). 

The draft regulation covers essential services in the following sub-categories: 

  • Extraction of minerals
  • Manufacturing
  • Supply of electricity, gas, heating and cooling
  • Water supply, wastewater treatment, waste management and sanitation
  • Construction, installation and maintenance
  • Trade
  • Transport and storage
  • The hotel and restaurant sector
  • The information and communication sector
  • Finance and insurance
  • Property management
  • Law, economics, science and technology
  • Rental, property services, travel services and other support services
  • Education
  • Health care

The MSB regulation has undergone consultation that ended on 3 November and the final version is expected to be published in connection with, or just before, the FDI Act enters into force, i.e. 1 December. 

The FDI Ordinance

The FDI Ordinance contains supplementary provisions to the FDI Act that define the critical raw materials, metals and minerals (Annex 1) and emerging technologies and other strategically important technologies (Annex 2) covered by the FDI Act. 

  • Critical raw materials and other metals and minerals (Annex 1 of the FDI Ordinance)
    The list in Annex 1 covers 43 raw materials, metals and minerals. The list needs to be read in conjunction with section 3(3) of the FDI Act, which states that the exploration, extraction, enrichment or sale of the substances listed in Annex 1 of the FDI Ordinance falls within the definition of a protected activity. 
  • Emerging technologies and other strategically important technologies (Annex 2 of the FDI Ordinance)
    The list in Annex 2 includes the emerging technologies and other strategically important technologies covered by the FDI Act. The list needs to be read in conjunction with Section 3(7) of the FDI Act, which covers research on, or provision of, products or technologies defining as emerging technologies or other strategically important technologies, or having the capacity to produce or develop such products or technologies. 

ISP review on its own initiative

Even if an investment does not fall within the scope of the FDI Act, the ISP will be able to commence a review on its own initiative if there is reason to believe that the investment constitutes a security risk for Sweden. The intention here is to prevent circumvention, for example, by several investors with problematic links to third countries each making an investment which, when viewed individually, would not trigger a notification.

Overlap with the Protective Security Act

A company whose activities fall within the scope of the Protective Security Act will automatically also be covered by the FDI Act. The Protective Security Act requires a seller to consult with the relevant supervisory authority when transferring any such activities. Since the Protective Security Act and the FDI Act serve different purposes and areas of protection, the laws will apply in parallel.

What can the ISP decide?

The FDI Act is deliberately broad in scope. Ultimately, however, only investments by a non-EU investor that could have a detrimental effect on Sweden’s security, or on public order or public safety in Sweden, can be prohibited or subject to conditional approval. 


The obligation to file a notification lies with the investor. However, the target company has an obligation to provide the investor with information as to the applicability of the FDI Act. In addition, the target company must provide the ISP with information when required to do so for the purposes of the ISP’s assessment.

The ISP has 25 working days, from receipt of a complete notification, to decide whether to leave the notification without action, or to initiate a review. If the ISP initiates a review, this must be completed within three months (or six months if there are special reasons), after which the ISP must announce its decision to either approve, approve with conditions, or prohibit, the investment. The only way for an investor to appeal the ISP’s decision is to the government. 

The investment must not be completed before the ISP has announced its decision, even if the ISP is expected to leave the notification without action. If the investment is completed before a decision is announced, a penalty fee may be imposed (see below), although the investment will not automatically be void.  

The format and content requirements of the notification are not yet available and are still being drawn up by the ISP. But they are expected to reflect the information that Sweden collects for its consultation under the EU FDI cooperation mechanism (Regulation (EU) 2019/452) (the “EU FDI Regulation”). In particular, it is expected that ownership structures (mainly those of the investor) will be specifically requested, as well as information on the target company’s activities, and the timing and size of the investment.

It will not be possible to make voluntary notifications to the ISP. According to the preparatory works, this can partly be remedied by the applicable principles of administrative law, according to which the ISP has a general service obligation. Such obligation includes answering questions and providing certain guidance. 

Consequences of infringement

The ISP is authorised to impose a penalty on an investor for, inter alia, failing to notify an investment when required to do so under the FDI Act. The ISP may also impose a penalty on the target company for failing to respond to an information request from the ISP, or for providing incorrect information. Penalties may vary between SEK 25,000 and up to SEK 100 million.

Cooperation mechanism with other EU Member States 

In order for the ISP to commence a review on its own initiative, the investment must first be brought to its attention. The EU FDI Regulation’s cooperation mechanism may provide a method for this – requiring Member States to notify the European Commission and other Member States of foreign direct investments subject to review in their territory. In Sweden, the ISP is the responsible contact authority under the EU FDI Regulation. In practice, therefore, the ISP will be informed of investments notified in other Member States, when they could have an effect on Sweden’s security, and will have the opportunity to submit comments. Similarly, other Member States will be able to comment on investments in Swedish companies which the ISP has decided to review in accordance with the FDI Act. 

How will the FDI Act affect transactions and investments?

The FDI Act will have a significant impact on transactions going forward – both traditional M&A as well as venture capital. While it is not expected that many transactions will ultimately be blocked or subject to conditions, there are other aspects to consider. For example: 

  • Initial analysis: All transactions will need to be analysed from an FDI perspective (and, in addition to the Swedish FDI Act, equivalent FDI laws in other countries may apply). A seller will therefore want to understand the FDI-related transaction risks of any potential buyer. 
  • Transaction planning: If the FDI Act is applicable, parties will need to allocate time to prepare the notification and await the ISP’s decision (and, if necessary, the decisions of any other FDI authorities that have been notified). 
  • Conditions precedent in SPAs and investment agreements: If the FDI Act is applicable, the transaction will need to be conditional on ISP authorisation. The parties will also need to allocate the risk of the transaction not being approved, or being approved subject to conditions. 
  • Shareholders’ agreements, incentive schemes etc.: Since the FDI Act even applies to existing shareholders who increase their shareholding above a certain threshold, many shareholders’ agreements will need to account for the FDI Act. 

What happens next?

Although the FDI Act has now been adopted, there are still several items that need to be in place before 1 December 2023. Given the short period of time remaining, we expect some ambiguity may remain over the autumn and that certain information may be published at the eleventh hour. For example, MSB will produce a final list of essential services. 

The ISP will publish the notification form and instructions, and its review procedure. The notification form and instructions, that will answer certain questions and facilitate filling in the notification form, are expected to be published in November. The ISP will open the digital notification process on 1 December. 


GET TO KNOW THE AUTHORS:  Carolina Dackö and Rozanna Sternad Fackel