SWEDEN: An Introduction to Information Technology

SWEDEN - Information Technology – An Overview 

Even though Sweden has taken a less restrictive approach than many other countries in response to the COVID-19 pandemic, the recent year has still been unusual in many ways. On a general level though, the Swedish economy seems to have been relatively resilient, and business activity has generally been high.

Most employers in Sweden have recommended or instructed employees to work from home as much as possible. This has fuelled the already fast pace of the general digitalisation of society and created an even higher demand for technology that enables organisations to stay productive and creative, independent of physical conditions such as office space, hard copies and in-person meetings.

A Changing and Maturing Cloud Market 

The landmark Schrems II judgment from the ECJ has had a major impact on the use of cloud services provided by US hyperscalers such as Microsoft, AWS and Google. Most Swedish businesses have adopted some level of public cloud services, but the level and pace of migration to the public cloud have definitely decreased in response to the Schrems II judgment. It is clear that the draft recommendation on ‘supplementary measures’ published by the European Data Protection Board has seen Swedish businesses take an even more cautious approach to public cloud services and transfer of personal data to third countries.

Although US hyperscalers have a significant market share for cloud services, there is a major development towards adoption of Swedish- or European-based cloud providers. A similar trend is that Swedish and European SaaS providers are moving their applications away from US hyperscalers to Swedish- or European-based cloud providers, seemingly in response to Schrems II as well as customer pushback and unwillingness to expose data to US jurisdiction and the data protection risks that would follow.

Banks and insurance companies are also putting great effort into complying with the updated regulatory requirements on outsourcing arrangements from the European Banking Authority (EBA) and European Insurance and Occupational Pensions Authority (EIOPA) as well as the European Securities and Markets Authority (ESMA). An interesting topic that has emerged is how statutory Swedish banking secrecy and insurance secrecy can be upheld in relation to foreign public authorities, if customer data is processed in a public cloud service.

Lastly, it should be noted that the public cloud providers have become increasingly willing to negotiate their standard contracts. From our perspective, it is clear that this trend is driven by many factors including increased competition, compliance focus and risk awareness on the customer side.

The Industrial Internet of Things is Booming 

Swedish industrial companies are accelerating their transformation towards more data-driven and digital operations and production models. There is an ever-intensifying focus on investments in new technology related to the industrial internet of things (IIoT). These new investments focus on the support for a broader and more accurate data acquisition, equipment and process monitoring as well as remote diagnostics and analytics. These efforts are not limited to greenfield projects. Many large industrial companies are seeking to increase productivity and reduce operating expenses by rebuilding and retrofitting older production facilities with advanced sensors and similar connectivity-related hardware and software. Other notable trends include substantial investments into autonomous on-site logistics solutions as well as into cloud and edge computing, intended to establish the infrastructure required for more expansive digitalisation projects. It is also notable that industrial players are putting more effort into securing a fair and balanced approach to parties’ use of data (including business data) compiled by suppliers, when monitoring industrial equipment.

In addition to the digital transformation of Swedish industry, we note a fast development in the field of real estate technology, so-called PropTech. This is a broad area where data analytics and technology is employed to improve and streamline functions and processes within everything from construction to tenant management. However, the establishment of co-working spaces has also put pressure on property owners to develop their services. As a consequence, many property owners have entered into cooperations with third-party digital service providers to meet their tenants’ (and their employees’) demands for improved digital capability. In this context, we note a general lack of appreciation of the commercial value of non-personal data (and how to contractually protect such data), and we expect the focus on data management and data protection in the PropTech industry to increase significantly in the near future.

Public Sector Challenges 

Swedish public authorities’ use of cloud services is another hot legal issue. In addition to the data protection issues raised in Schrems II, for governments this also raises issues of national security and digital sovereignty. In addition, there is a constitutional aspect to use of public cloud services in the public sector, since data about Swedish citizens which is processed by Swedish authorities could be exposed to foreign jurisdictions without prior assessment of confidentiality in accordance with Swedish law.

The Swedish government is currently performing a public inquiry into whether a state-owned and state-controlled IT infrastructure should be set up to provide secure and legal ‘cloud’ services to Swedish public authorities. The findings from this inquiry are expected to be presented later in 2021. In parallel, Swedish authorities are showing a keen interest in the creation of a European cloud market by virtue of the EU-sponsored project ‘Gaia-X’.

Increased Customer Involvement and Control in Software Development

Nearshoring, offshoring, agile methodology, cloud services and adoption of open-source software are the new normal for IT development in most industries in Sweden. We generally note that the traditional supplier-customer relationship is changing in favour of a more dynamic relationship and collaborative approach. Even though there are still ‘traditional’ IT deals being made (e.g. outsourcing, ADM services, managed services, etc.), it is clear that major customers are more hesitant to hand over control and decision rights for core IT functions to external suppliers. Specifically, we note a preference to select industry-agnostic standardised platforms (where customers create and maintain their own business-critical software and applications) over industry-specific ‘off the shelf’ software suites. Similarly, having access to scalable external IT consultants for programming/coding is becoming critical, while – at the same time – many businesses will employ an increased number of architects and software strategists. This is an example of a larger trend whereby technology is moving from being an IT-focused matter towards being considered as a strategic matter crucial for overall business success, profitability and competitiveness.

In the upcoming year, we anticipate a continued focus on finding the balance between, on the one side, security and compliance and, on the other side, scalability, access to new technology and cost control. IT vendors who are able to satisfy both sides will be the winners in this scenario.

Either way, it is an interesting time to be a lawyer specialised in digital transformation and IT sourcing!