Security policy

Strategic digital technologies

The emergence of new strategic digital technologies such as artificial intelligence, quantum technology, advanced semiconductors and next-generation communication networks (6G) will be a key driver in global politics and influence international cooperation and global power dynamics. Control over technology and data, as well as the requisite raw materials, components and know-how, is used more frequently as an instrument in geopolitics. This has consequences for production, world trade and global value chains. 

In particular, the developments in AI needs to be understood from a geopolitical perspective. From a security policy point of view, the extensive investments now being made in AI research and relevant applications will affect the future balance of power between states. A kind of AI race has begun, not unlike that in other areas of technology with security and defence policy applications. While the use of AI has great potential to contribute to solutions to global challenges, there are also risks that require both regulation and international cooperation. 

Sweden is a prominent country in research and development of new technologies and is well placed to be in the forefront in many areas, and influence the development of regulations, norms and standards for new technologies. International cooperation and partnerships are central in research and innovation, and necessary to ensure access to skills, technologies, capital, raw materials and components. Sweden must be regarded as a competent and dependable partner in the management, use and control of critical technology, and in the development of global standards, norms and regulatory frameworks.

There is significant foreign interest in Swedish technology development. This interest is positive and leads to commercial joint ventures and foreign direct investment. But there are also challenges in terms of acquisition of Swedish companies (in particular research-intensive small companies) and, to a greater extent than previously, industrial espionage. It is therefore necessary to protect national security interests.

At the same time, the rapid development of dual-use technologies gives rise to new challenges from an export control perspective in managing emerging critical technologies. In many cases, such technologies are not yet listed in the international export control regimes (e.g. the Wassenaar Arrangement) which requires states, including Sweden, to protect their technology at the national level to prevent its proliferation to undesirable recipients. 

The ongoing development of the internet is closely tied to the emergence of new digital technologies and itself constitutes a strategic interest. Sweden will continue to work for an open, global and interoperable internet that is governed through multi-stakeholder cooperation. Authoritarian countries’ ambition for increased state control, including at a global level, must be countered.

Foreign and security policy management of cyber threats and cyber attacks

A number of countries carry out cyber attacks on Sweden. The capacity to manage cyber threats and cyber attacks is fundamental to Sweden’s security. Cyber attacks can entail intelligence gathering of various kinds, but also activities that aim to affect or manipulate access to various services and systems or even to destroy them. These attacks are carried out as one of several different instruments in hybrid operations to manipulate Sweden and harm Swedish interests. In addition, Sweden must assume that more powerful offensive cyber attacks may be directed at targets in Sweden in the event of further deterioration in the international security situation.

Sweden will pursue a policy based on solidarity within the EU and NATO. The rules-based world order and respect for the Charter of the United Nations and international law are continually fundamental to our foreign policy. In view of the heightened geopolitical tensions and the cross-border nature of cyber threats, as well as the continued rapid digitalisation of Swedish society, the cyber and digitalisation area must be fully integrated into Sweden’s foreign and security policy. These issues are dealt with bilaterally, within the EU, NATO and the Organization for Security and Co-operation in Europe (OSCE), as well as in the broader context of the UN. 

Sweden’s foreign missions play an important role in contributing to Sweden’s overall situational awareness. Sweden will remain a driving force in the development of foreign policy and diplomatic toolboxes to respond to threats and attacks – against Sweden, the EU and NATO. Sweden will also continue to participate actively in the development of international regulatory frameworks, recommendations and policies with the aim of enhancing our common cyber security and strengthening resilience in the cyber area. Effective law enforcement at EU level and internationally is also essential. It is important to strengthen skills in the Swedish Foreign Service, and to further develop cooperation between the Swedish Foreign Service, the responsible ministries and the relevant government agencies concerning cyber and digital issues.

These attacks are used/employed as one of several instruments in hybrid operations to manipulate Sweden and harm Swedish interests. It is crucial  to strengthen the Foreign Service's expertise, and to develop cooperation between the Swedish Foreign Service, the responsible ministries and relevant government agencies, concering cyber and digital issues. 

Work to directly and indirectly address malicious state actors includes:

Countering cyber threats and cyber attacks 

International cooperation is fundamentally important to counteracting threats to peace and our security, including in the cyber area. For Sweden, the main avenues for this cooperation should be within the framework of the EU and NATO in collaboration with other like-minded states. It includes cooperation and information-sharing concerning situational awareness, principles and procedures for public naming and attribution, and various types of foreign policy responses such as public statements and targeted sanctions. 

Cooperation within the EU and NATO and with strategic partners contributes to deterrence and resilience. Like NATO, Sweden has concluded that, under certain conditions, cyber attacks can be equated with an armed military attack.

Strengthening resilience and improving capacity in the cyber area through international cooperation

International cyber security cooperation within the framework of the EU and NATO, for example, is also an important part of the efforts to strengthen resilience and improve capacity in the cyber area internationally and nationally. International regulatory frameworks, as well as recommendations and policies, support measures to create a high level of common cyber security. In international cooperation, Sweden will advocate for measures that strengthen and streamline cooperation in the area of cyber security, with the aim of enhancing our common cyber security. 

Strengthening the application of international law and human rights law in the cyber area

Sweden strives for global compliance with a rules-based world order. International law, including the entirety of the Charter of the United Nations, international humanitarian law and human rights also apply to the cyber area. However, there is a need to closer analyse how the rules of international law should be interpreted and applied in a cyber context. Sweden will act to ensure that international law is respected and applied in cyberspace. Sweden will be a driving force in international discussions on the application of international law in the cyber area. 

Acting to support norms of responsible state behaviour

Besides binding rules of international law, a number of non-binding norms and principles have been developed. This discussion has progressed furthest within the UN, where eleven non-binding norms and principles of responsible state behaviour in cyberspace have been agreed upon. These concern fundamental issues such as the protection of critical infrastructure, individual privacy, countering terrorism and criminal or harmful information and communication technology (ICT) activities, and international cooperation. These norms now constitute an important starting point for how states should behave in relation to each other in cyberspace. This framework also provides the foundations for better dialogue and supports accountability. Sweden will work to ensure that existing norms are respected and applied, and in relevant cases further developed for example based on, the global development and new technologies.  

Strengthening measures to build confidence and trust

The risk of misunderstandings about the underlying causes of incidents or failures in network and information systems is high. System errors, operator errors and incidents in interoperating systems very often have the same kinds of outcomes as those of a cyber attack. The technical analysis then required is often complex and time-consuming. The lack of international transparency and understanding of different uses of terms and concepts around cyber security increases the risk of conflicts. Both the UN and the OSCE have therefore adopted a number of measures to build confidence and trust in the cyber area. Sweden is working to ensure that these will be solidified, implemented and developed. Cooperation between incident management and law enforcement activities in the investigation of disruptions and incidents within the framework of international security partnerships or cross-border cooperation between government agencies often leads to increased transparency. This contributes to increased trust and confidence between parties and the ability to identify the actual causes of disruptions more rapidly. Sweden wants to contribute to intensifying international partnerships on practical measures to build confidence and trust.

Safeguarding the flow of digital information

The free flow of information on the internet is used more frequently for malicious purposes. One central issue is how democracy and its institutions and processes should be defended against information influence by malign actors while countering repressive demands for restrictions on free information flows. State actors, such as China and Russia, as well as violent extremist groups, networks and individuals, use the internet and social media to spread propaganda and disinformation. AI that is used to filter and generate content risks reinforcing polarisation and having a negative impact on conflict situations within and between states. The EU has taken important steps to become a global normative actor in this area. But there are also actors who want to use the growing debate about the influence and power of these platforms to push through more repressive norms. Sweden will act to ensure that emerging norms and rules are based on international law, include a rights perspective and are based on democratic principles, and contributes to favourable conditions for innovation and increased competitiveness. Sweden will prioritise the increased protection of democratic institutions and processes from malign and harmful information influence to a greater extent. It is particularly important to pay attention to the impact on electoral processes, with a view to the entire electoral cycle – nationally as well as at global level.

Promoting international cooperation to combat system threatening cyber crime

International cyber security discussions in foreign policy focus mainly on threats from state actors. A large proportion of cyber crime is cross-border and often involves multiple actors. There are many examples of organised crime actors with close, but concealed, ties to malicious state actors. By deliberately failing to intervene against organised cyber crime conducted from their own territories, states may also use such groups as a security policy instrument. There are also examples of state actors using methods and tools from the cyber crime area to conceal their activities. The boundary between non-state and state actors is thus often blurred.

Cyber crime is a cross-border problem, often with security policy dimensions, that requires increased international cooperation to prevent and combat effectively. Effective law enforcement, within the framework of rule of law, is a prerequisite for upholding fundamental rights and ensuring that the cyber area is not a refuge for criminals. Sweden will continue to take an active role in international cooperation to counter cyber crime, particularly on the basis of joint action within the EU and including in foreign policy cooperation. But it is also important that new instruments respect the rules of international law, including human rights, and are not used to increase states’ control over central internet infrastructure, or to legitimise and facilitate repression. 

Focus areas – Security policy 

• Develop Sweden’s international cooperation around AI and other strategic new technologies, including security aspects, with prioritised partner countries, organisations and actors. 
  
  
• Promote cooperation and interoperability regarding rules and standards between the United States and EU and in multilateral forums. Defend the internet governance model based on multi-stakeholder participation.  
  
  
• Within the framework of the EU and NATO, develop Sweden’s capacity to deter and respond to external cyber threats and cyber attacks using foreign and security policy instruments. This includes further national coordination on situational awareness, attribution and response measures. 
  
  
• Support the implementation and ongoing development of measures to build confidence and trust, multilaterally within the UN and the OSCE, and through partnerships with other countries. 
  
  
• Work to ensure that international law and existing norms are respected and applied in cyberspace.
  
  
• Develop dialogue and cooperation with the private sector on global norms for new technologies and international cooperation on cross-border threats and attacks. 
  
  
• Support international cooperation on export control and investment screening within strategic technologies.  
  
  
• Develop skills within the Swedish Foreign Service on cyber and digital issues.