Deep Lex
Back to Regulation Tracker

Sweden AI Regulation

Law(s) enactedTreaty

CoE Framework Convention signatory

Overview

EU AI ACT
  • The EU AI Act (Regulation 2024/1689) applies directly across all member states. Prohibitions on unacceptable-risk AI systems have been in force since 2 February 2025; GPAI model rules since 2 August 2025. High-risk AI obligations are due from 2 August 2026, subject to the Digital Omnibus proposal which may defer enforcement. For the full implementation timeline, governance structure, and current status, see the European Union overview.
  • The Swedish Post and Telecom Authority (PTS) has been proposed as market surveillance authority. The Swedish Data Protection Authority (IMY) is active on AI governance. A national AI strategy is in place.

Key Sources

EU AI Act (Regulation 2024/1689)View
Swedish Post and Telecom Authority (PTS) — proposed MSAView
EU AI Act National Implementation TrackerView
IMY (Swedish Data Protection Authority) — active on AI governanceView
Council of Europe Framework Convention on AI (CETS 225)View

This content is for informational and educational purposes only and does not constitute legal advice.

AI Regulation Timeline

  1. 09/12/2025
    closure

    Data Protection Authority released report on personal data processing for training artificial intelligence models in custody matters

    On 9 December 2025, the Data Protection Authority (IMY) released a report on personal data processing for training artificial intelligence models in custody matters. The project, conducted with the law firm Familjens Jurist within the IMY regulatory sandbox, evaluated the use of custody case data to predict high-conflict scenarios. The inquiry focused on whether further processing for AI training complies with General Data Protection Regulation (GDPR) principles, specifically purpose limitation. The report states that synthesising personal data constitutes further processing and is generally compatible with original purposes, provided it adheres to GDPR requirements. Given the sensitive nature of custody information, the IMY noted that additional safeguards, such as opt-out mechanisms for data subjects, are necessary. With safeguards, the IMY concluded that training models with synthetic data could be considered permissible.

    View on Digital Policy Alert ↗
  2. 16/10/2025
    inquiry

    Competition Authority released report on contractual conditions between food delivery platforms and restaurants

    On 16 October 2025, the Swedish Competition Authority released a report examining contract terms used by food delivery platforms, including Foodora, Uber Eats and Wolt with restaurants. The report found that exclusive agreements are rare. The report found that in 2020, 51% of restaurants used only one platform and by 2024, that dropped to 18%. It also found that most restaurants use multiple platforms, and exclusive contracts no longer pose a major competitive concern. However, price parity clauses are widespread. It also found that about 31-34% of Foodora's restaurants report that these clauses prevent them from offering lower prices on competing platforms. The Authority viewed horizontal price parity as potentially anti-competitive.

    View on Digital Policy Alert ↗
  3. 10/10/2025
    order

    Government designated Post and Telecom Authority as competent authority under EU Data Act

    On 10 October 2025, the Swedish Government appointed the Post and Telecom Authority (PTS) as the competent authority for the European Union's (EU) Data Regulation on fair access to and use of data. The Regulation aims to create a uniform EU framework for secure and fair data sharing. It gives individuals and companies stronger rights to move and use their data. It covers data generated by smart devices, machines, and services.

    View on Digital Policy Alert ↗

Last updated: 09/12/2025