In an increasingly digital and competitive global environment, Swedish companies and research bodies face growing threats from industrial espionage and insider misuse of sensitive information. The current legal framework, primarily governed by the Trade Secrets Act (2018:558), does not sufficiently address situations where individuals with legitimate access, such as employees, consultants, or business partners, misuse technical trade secrets.
The Swedish government has emphasized that inadequate legal protection undermines innovation, economic competitiveness and national security. In response, on June 10, 2025, the government submitted a legislative proposal titled “Ett mer heltäckande straffansvar vid angrepp på företagshemligheter”, which aims to strengthen the criminal protection of trade secrets. The proposed legislation introduces new offences related to the unauthorized use or disclosure of a trade secret by individuals with lawful access and is set to enter into force on January 1, 2026.
In this article, we will explore the key changes introduced by the proposal, the implications for individuals and organizations and the practical compliance steps companies should consider before the law takes effect.
Key changes introduced by the law
The new legislative proposal brings four main changes to the Trade Secrets Act (2018:558). To begin with, the scope of protected information is clarified. The new rules specifically target technical trade secrets, including confidential information used in the production, provision, or development of goods or services. This distinguishes such information from general commercial or administrative data, which remains outside the scope of criminal liability.
Secondly, the previous law primarily targeted external threats and unauthorized acquisition, whereas the proposal introduces new criminal offences for insiders who misuse information they were entrusted with. These offences apply to individuals who, through employment or business relationships, have gained access to technical trade secrets and then misuse or disclose them without authorization. The objective is to address the reality that serious trade secret breaches often originate from within organizations rather than from external actors.
Furthermore, the scope of the new law includes a broader range of individuals beyond permanent employees. The proposed legislation will apply not only to permanent employees, but also to agency workers, consultants, interns and commercial partners who gain access to technical trade secrets in the context of their roles. However, board members and auditors are explicitly excluded, as their obligations are governed by other legal frameworks.
In fourth, penalties under the new law are substantial. A basic offence can result in a fine or imprisonment for up to two years. Gross violations, such as those causing significant harm or involving intentional abuse, can lead to prison sentences ranging from six months to six years. The amount of any fine will be determined by the court, taking into account the severity of the offence and the offender’s financial circumstances.
In addition to criminal penalties, civil liability will remain in force. Offenders may be required to pay damages for any financial losses suffered by the company as a result of the misuse. In cases involving foreign state-sponsored espionage, law enforcement will be granted broader authority to use covert surveillance and biometric data matching.
Implications for individuals and organizations
The proposed legislation will affect a broad range of individuals and organizations. Employees who handle technical trade secrets must exercise increased caution, as lawful access does not confer the right to use or disclose such information outside the scope of their professional duties.
Consultants, freelancers and agency workers are similarly affected, especially when they operate in technical roles or gain access to sensitive development data. The law acknowledges that trade secrets are frequently shared across organizational boundaries, thereby holding non-employed collaborators to the same standards as employees.
Academic institutions and research organizations are also within the scope of the law. Professors, researchers, doctoral students and other individuals involved in industry-funded or collaborative research projects must comply with the same confidentiality obligations as their commercial counterparts.
While companies and employers are not directly criminally liable under the new law, they are expected to take proactive internal measures to ensure compliance and reduce the risk of insider breaches. Failure to protect technical trade secrets effectively could lead to reputational harm, financial loss, and operational disruption.
Compliance steps for organizations
To prepare for the new law, companies should begin by identifying and classifying their technical trade secrets. These may include proprietary formulas, engineering designs, technical specifications, source code, and other confidential information relevant to production or innovation. These assets should be clearly labeled and protected using appropriate digital and physical security protocols.
Furthermore, organizations must also review and update their employment contracts, consultancy agreements, and non-disclosure agreements to reflect the heightened legal requirements. These documents should explicitly prohibit unauthorized use or disclosure of technical information and clearly outline the potential legal consequences.
In parallel, access to sensitive information should be limited through internal control systems, with permissions revoked promptly when individuals leave the organization or change roles. Companies should conduct regular reviews and audits to monitor access patterns and detect any anomalies.
Moreover, employees, contractors, consultants and business partners must be trained to understand the nature of trade secrets, the limits of their access and the legal risks associated with improper use. Updated internal policies, including codes of conduct and information security guidelines, should reinforce these obligations.
Finally, companies should implement structured procedures for reporting and responding to suspected breaches. This includes defined escalation channels, coordination with legal counsel and, where necessary, notification to authorities. Preventative measures, corrective actions and regular compliance assessments should be part of a broader information security strategy.
Final Remarks
The amendments to the Trade Secrets Act mark a significant development in Sweden’s legal landscape. By introducing criminal liability for insiders who exploit or disclose technical trade secrets, the legislation fills a crucial gap in the existing protection framework. While it empowers organizations to defend their intellectual property more effectively, it also imposes new obligations that require timely and strategic action.
Companies and individuals who act now to understand and comply with the new requirements will be best positioned to mitigate legal risks, protect their innovations and maintain trust with partners and stakeholders.
Eris Law Advokatbyrå AB stands ready to assist clients in navigating these regulatory changes. Our team can support you in reviewing and updating contractual arrangements, designing internal policies and implementing trade secret protection strategies aligned with the forthcoming legal requirements.
References:
Justitiedepartementet. (2025, June 10). Ett mer heltäckande straffansvar vid angrepp på företagshemligheter [Lagrådsremiss]. Regeringskansliet. https://www.regeringen.se/rattsliga-dokument/lagradsremiss/2025/06/ett-mer-heltackande-straffansvar-vid-angrepp-pa-foretagshemligheter/
SFS 2018:558. Lag om företagshemligheter [Act on the Protection of Trade Secrets]. https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/lag-2018558-om-foretagshemligheter_sfs-2018-558
SFS 1962:700. Brottsbalk [Swedish Penal Code]. https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/brottsbalk-1962700_sfs-1962-700