M&A
Sweden’s New Foreign Investment Rules: What Businesses and Investors Need to Know
Why care about the FDI-act
If you’re thinking of investing in Sweden, regardless of whether it is through buying secondary shares or by subscribing for new shares —or your a Swedish company that is about to take on new capital—there’s a new piece of legislation you can’t afford to ignore. Sweden’s Foreign Direct Investment Act, in force since 1 December 2023, reshapes the landscape for cross-border deals. Even national investments are affected given that they may fall under the scope and therefore they must comply and file before any investment can take place. It’s part of a global trend where governments are scrutinising foreign ownership of sensitive businesses more closely.
Background to the FDI-Act
Why the sudden caution? Global supply chain tensions, cyber-security risks, and geopolitical uncertainty have made countries nervous about who controls critical services and technologies. Sweden, with its advanced tech sector and vital infrastructure, is no exception. The Act gives the Inspectorate of Strategic Products (ISP) the power to screen, review, condition, or even block certain investments that could threaten national security, public order, or public safety.
For investors, that means a routine share purchase could now involve a mandatory, regulatory checkpoint.
For Swedish companies, it means new responsibilities: even if your business desperately needs capital, failing to follow the notification rules can put the entire transaction—and your reputation—at risk.
But don’t panic—most investments will still go through and the timeline for the process is clear and limited. The Act isn’t meant to scare away capital; it’s designed to ensure that strategic sectors remain secure. Understanding when and how to notify the ISP will keep your deal on track and your business in the clear.
When does the law apply?
What is a "Foreign Direct Investment"
A foreign direct investment under the Act includes:
Acquiring or exceeding 10%, 20%, 30%, 50%, 65%, or 90% of the voting rights in a Swedish company.
Gaining control or significant influence—for example, through board seats or veto rights—even if thresholds aren’t crossed.
Transactions involving non-EU individuals or entities, or entities controlled by non-EU states.
The scope is deliberately broad to catch not just obvious acquisitions but also indirect ownership or complex corporate structures.
Who should apply?
A common misunderstanding is that the rules only apply if the investor/buyer or shares, is a non-Swede. That is however incorrect. All "direct investments" in protection worthy businesses - even if its a Swede buying shares representing e.g. 15 % of the shares in a Swedish company - need to file and go through the screening process in relation to "foreign" investments. And any transaction that entails gaining control will be covered - secondary transfers, investments in a TopCo etc, so any investor/buyer in such transactions needs to apply.
Sectors and Activities Under Scrutiny
The law applies to businesses engaged in so-called “protection-worthy activities”, which include:
Activity categories (any one is enough)
Essential services (samhällsviktig verksamhet) – delimited by MSB regulation.
Security-sensitive activities (per the Security Protection Act).
Critical raw materials/metals/minerals.
Large-scale processing of sensitive personal data or location data.
Military equipment (war material).
Dual-use items.
Emerging/other strategically protection-worthy technologies.
Also, note that purely foreign projects (outside of the EU) that aren’t deemed as protection-worthy for Sweden are typically outside scope.
The Standstill Obligation
Investors must notify the ISP before completing any covered transaction. The investment cannot be closed until the ISP either clears it, decides not to investigate further, or imposes conditions. Implementing a deal without approval risks administrative fines or even the transaction being declared null and void.
However, and just as important, the investment must be sufficiently plausable before you are allowed to file. That means you can´t file "too early". Hence in M&A, the filing is often a condition to closing that is activated after signing of the SPA.
The ISP then has 25 days to give their initial response after screening the transactions, so most non-complex transactions with a EU based investor can move forward and close after this time period.
Companies’ Duty to Inform
A critical but sometimes overlooked part of the Act is the company’s duty to inform. A Swedish business should assess if it is engaged in a protection-worthy activity, and it must inform potential investors that the transaction could be subject to FDI screening.
Failing to inform can have the following consequences:
Administrative penalties from the ISP.
Potential delays or cancellation of the deal if the authority later intervenes.
Reputational damage—appearing non-compliant can discourage future investors.
In extreme cases, legal action or orders to unwind the investment.
For directors, not informing can also raise questions about fiduciary duties and corporate governance, especially if shareholders or stakeholders suffer losses due to a blocked deal.
What Investors Should Expect
Once notified, the ISP reviews the investment for security or public-order risks. The authority can:
Approve the transaction outright.
Approve it subject to conditions (e.g., restrictions on data handling or board representation).
Prohibit the investment if risks cannot be mitigated.
The review period can affect deal timelines, so parties should factor in the extra time when drafting agreements or setting completion dates.
Compliance Checklist for Businesses and Investors
Assess early: Before signing, check whether your business or target is protection-worthy.
Map ownership: Investors should understand their ownership chains and influence rights.
Build in clearance time: Include FDI screening conditions in transaction documents.
Keep records: The business should document that it has informed investors or assessed the risk and investors should request such confirmation if the target has not shared it on its own intiative.
Consult professionals: Complex cases benefit from legal or regulatory advice.
Final Thoughts
The Swedish FDI Act is not a barrier to investment—it’s a - serious - gatekeeper. By understanding your obligations, notifying the ISP when required, and openly communicating with counterparties, you can avoid costly surprises. For investors, this means peace of mind that your deal won’t be derailed at the last minute. For Swedish companies, it’s an opportunity to show transparency and diligence—qualities that ultimately make you more attractive to responsible capital.
This is not legal advice only general knowledge sharing, you should always consult a lawyer when assessing the implications of the FDI Act on your business and your transactions.
Stockholm, 2025-09-19
Why care about the FDI-act
If you’re thinking of investing in Sweden, regardless of whether it is through buying secondary shares or by subscribing for new shares —or your a Swedish company that is about to take on new capital—there’s a new piece of legislation you can’t afford to ignore. Sweden’s Foreign Direct Investment Act, in force since 1 December 2023, reshapes the landscape for cross-border deals. Even national investments are affected given that they may fall under the scope and therefore they must comply and file before any investment can take place. It’s part of a global trend where governments are scrutinising foreign ownership of sensitive businesses more closely.
Background to the FDI-Act
Why the sudden caution? Global supply chain tensions, cyber-security risks, and geopolitical uncertainty have made countries nervous about who controls critical services and technologies. Sweden, with its advanced tech sector and vital infrastructure, is no exception. The Act gives the Inspectorate of Strategic Products (ISP) the power to screen, review, condition, or even block certain investments that could threaten national security, public order, or public safety.
For investors, that means a routine share purchase could now involve a mandatory, regulatory checkpoint.
For Swedish companies, it means new responsibilities: even if your business desperately needs capital, failing to follow the notification rules can put the entire transaction—and your reputation—at risk.
But don’t panic—most investments will still go through and the timeline for the process is clear and limited. The Act isn’t meant to scare away capital; it’s designed to ensure that strategic sectors remain secure. Understanding when and how to notify the ISP will keep your deal on track and your business in the clear.
When does the law apply?
What is a "Foreign Direct Investment"
A foreign direct investment under the Act includes:
Acquiring or exceeding 10%, 20%, 30%, 50%, 65%, or 90% of the voting rights in a Swedish company.
Gaining control or significant influence—for example, through board seats or veto rights—even if thresholds aren’t crossed.
Transactions involving non-EU individuals or entities, or entities controlled by non-EU states.
The scope is deliberately broad to catch not just obvious acquisitions but also indirect ownership or complex corporate structures.
Who should apply?
A common misunderstanding is that the rules only apply if the investor/buyer or shares, is a non-Swede. That is however incorrect. All "direct investments" in protection worthy businesses - even if its a Swede buying shares representing e.g. 15 % of the shares in a Swedish company - need to file and go through the screening process in relation to "foreign" investments. And any transaction that entails gaining control will be covered - secondary transfers, investments in a TopCo etc, so any investor/buyer in such transactions needs to apply.
Sectors and Activities Under Scrutiny
The law applies to businesses engaged in so-called “protection-worthy activities”, which include:
Activity categories (any one is enough)
Essential services (samhällsviktig verksamhet) – delimited by MSB regulation.
Security-sensitive activities (per the Security Protection Act).
Critical raw materials/metals/minerals.
Large-scale processing of sensitive personal data or location data.
Military equipment (war material).
Dual-use items.
Emerging/other strategically protection-worthy technologies.
Also, note that purely foreign projects (outside of the EU) that aren’t deemed as protection-worthy for Sweden are typically outside scope.
The Standstill Obligation
Investors must notify the ISP before completing any covered transaction. The investment cannot be closed until the ISP either clears it, decides not to investigate further, or imposes conditions. Implementing a deal without approval risks administrative fines or even the transaction being declared null and void.
However, and just as important, the investment must be sufficiently plausable before you are allowed to file. That means you can´t file "too early". Hence in M&A, the filing is often a condition to closing that is activated after signing of the SPA.
The ISP then has 25 days to give their initial response after screening the transactions, so most non-complex transactions with a EU based investor can move forward and close after this time period.
Companies’ Duty to Inform
A critical but sometimes overlooked part of the Act is the company’s duty to inform. A Swedish business should assess if it is engaged in a protection-worthy activity, and it must inform potential investors that the transaction could be subject to FDI screening.
Failing to inform can have the following consequences:
Administrative penalties from the ISP.
Potential delays or cancellation of the deal if the authority later intervenes.
Reputational damage—appearing non-compliant can discourage future investors.
In extreme cases, legal action or orders to unwind the investment.
For directors, not informing can also raise questions about fiduciary duties and corporate governance, especially if shareholders or stakeholders suffer losses due to a blocked deal.
What Investors Should Expect
Once notified, the ISP reviews the investment for security or public-order risks. The authority can:
Approve the transaction outright.
Approve it subject to conditions (e.g., restrictions on data handling or board representation).
Prohibit the investment if risks cannot be mitigated.
The review period can affect deal timelines, so parties should factor in the extra time when drafting agreements or setting completion dates.
Compliance Checklist for Businesses and Investors
Assess early: Before signing, check whether your business or target is protection-worthy.
Map ownership: Investors should understand their ownership chains and influence rights.
Build in clearance time: Include FDI screening conditions in transaction documents.
Keep records: The business should document that it has informed investors or assessed the risk and investors should request such confirmation if the target has not shared it on its own intiative.
Consult professionals: Complex cases benefit from legal or regulatory advice.
Final Thoughts
The Swedish FDI Act is not a barrier to investment—it’s a - serious - gatekeeper. By understanding your obligations, notifying the ISP when required, and openly communicating with counterparties, you can avoid costly surprises. For investors, this means peace of mind that your deal won’t be derailed at the last minute. For Swedish companies, it’s an opportunity to show transparency and diligence—qualities that ultimately make you more attractive to responsible capital.
This is not legal advice only general knowledge sharing, you should always consult a lawyer when assessing the implications of the FDI Act on your business and your transactions.
Stockholm, 2025-09-19