NIS2 audit Sweden (Cybersäkerhetslagen 2025:1506): which evidence and documents MCF asks for
Sweden's Cybersecurity Act (SFS 2025:1506) has been in force since January 15, 2026. When MCF or PTS comes knocking, they don't audit your policy — they audit your evidence. The audit playbook: which documents and evidence they ask for, what you can test yourself today, and where documentation takes over.