FDI Screening in Sweden: Broad Ambitions, Burdensome Reality

by Helene Andersson (Advokatfirman Delphi) and Elisabeth Eklund (Advokatfirman Delphi)

On 1 December 2023, Sweden introduced a new foreign direct investment (FDI) screening regime, a landmark reform aligning Sweden with the broader EU framework for investment control. The system empowers the Swedish screening authority to block or impose conditions on acquisitions by non-EU actors seeking ownership or control over strategic assets, such as ports, battery factories, or other operations deemed sensitive to national security.

However, the legislation also extends to a range of sectors and activities that are not always intuitively linked to national security, as discussed further below. While the purpose of the regime is well-intentioned, particularly in today’s complex geopolitical and security landscape, its design has proven overly broad in practice. This has created an unnecessary administrative burden, generating costs for companies and affecting the timelines for completing investments and transactions.

A Sweeping Scope

Under the Swedish FDI Act, a notification must be submitted before an investor acquires 10 percent or more of the voting rights in a company engaged in activities deemed “worthy of protection”. Subsequent acquisitions that increase the investor’s holding to or beyond 20, 30, 50, 65, or 90 percent of the voting rights must also be notified. The same applies where the investor otherwise gains direct or indirect control over such an entity, for example, through shareholder agreements, the right to appoint board members, or other governance arrangements that confer decisive influence.

While the Swedish screening authority, the Inspectorate of Strategic Products (ISP), may intervene only when the investor is established outside the EU or is ultimately owned or controlled by a non-EU entity, the filing obligation itself applies to all investors, regardless of nationality.

The rationale behind this broad approach is to prevent non-EU actors from circumventing the rules by using Swedish or EU-based subsidiaries as acquisition vehicles. However, in practice, the breadth of the filing obligation has led to a cumbersome and often disproportionate process. Even purely domestic transactions, including internal restructurings within entirely Swedish corporate groups. must be notified if they involve activities covered by the FDI Act.

For example, a Swedish parent company that transfers shares in a subsidiary active in energy distribution or data processing to another group entity as part of a reorganisation would still need to file a notification with the ISP, which means that it is subject to a stand-still during the ISP’s handling. The ISP has 25 working days in phase 1 and often uses the full time. Similarly, a Swedish venture capital fund acquiring a 10 percent minority stake in a domestic tech start-up operating cloud infrastructure could trigger the same filing requirement, this even if both parties are entirely Swedish and no foreign control is involved. And the same goes for pure EU investments.

The result is a system where procedural compliance often outweighs substantive risk assessment, diverting both companies and the ISP from the regime’s original security-focused purpose.

Seven Sectors, Hundreds of Activities

Article 3 of the FDI Act defines seven categories of activities subject to screening, ranging from defence and dual-use goods to the provision of “essential services.” The Swedish Civil Contingencies Agency (MSB) is responsible for specifying which activities fall under this latter category.

The resulting regulations are extensive, spanning 16 chapters and covering hundreds of activities. These include everything from the production of pharmaceuticals, medical devices, and food to real estate management, logistics, and the operation of data centres. They also extend to seemingly less critical activities, such as school bus services and the manufacturing of food labels. The outcome is a patchwork of sectors so broad that even companies with little apparent connection to national security may fall within the scope of the rules.

Importantly, investments must generally be notified even when the target business is very small. Only if the target company has fewer than five employees and an annual turnover below SEK 5 million (approximately EUR 450,000) can an investment in a company providing essential services escape the filing obligation. These thresholds apply to the target company as a whole, not to the portion of the business providing essential services. As a result, an investment in a company with six employees that primarily offers non-essential services but includes a small element of essential services would still need to be notified.

Numbers that Speak for Themselves

In 2024, 1,267 investments were notified to the ISP. Strikingly, about half of these involved entirely Swedish investors, while roughly 300 came from other EU countries, all being transactions that, under the FDI Act, cannot be prohibited. The remainder involved non-EU investors, the group the regime was primarily designed to scrutinize.

According to ISP statistics for Q1–Q3 2025, notifications have already surpassed the previous year, reaching 1,335, with a record 499 notifications in Q3 alone. During these three quarters, only 11 decisions were made to initiate a phase 2 review, highlighting the very low proportion of cases requiring deeper scrutiny.

To date, only two investments have been prohibited, illustrating the mismatch between the system’s broad reach and its actual security relevance. In addition, two filings were withdrawn in 2025 after the ISP indicated an intent to prohibit the investment. Moreover, five decisions have resulted in clearance subject to conditions.

This imbalance has attracted attention also in Brussels. In its 5th annual report on investment screening, the European Commission highlighted Sweden as an outlier. Of the 3,136 FDI cases handled across all EU Member States that year, Sweden alone accounted for over 40% of the total. The Commission noted that Sweden’s figures “strongly influence” the EU average and that, without Sweden’s data, the overall proportion of screened cases across the European Union would be significantly lower.

A System Under Strain

The ISP, a relatively small authority, has been overwhelmed by the volume of notifications, leading to long processing times, uncertainty around procedural deadlines, and frustration among investors. In many cases where a Phase 2 investigation has been initiated, the standard three-month review period has been extended to six months. There is no option for a short-form notification, and in most cases, the ISP uses the full 25 working-day handling period. It also sometimes asserts that the clock has not yet started due to allegedly missing information. While efficiency has improved somewhat, the number of filings continues to rise, despite an overall slowdown in Sweden’s M&A market.

Under the FDI Act, an investment cannot be completed until the ISP grants approval. Premature closings or failure to notify are subject to significant financial penalties, ranging from SEK 25,000 to SEK 20,000,000 (approximately EUR 2,200 to EUR 1.8 million). In severe cases, where transactions threaten Sweden’s security or public order, the ISP may order a transaction to be reversed. It may also approve investments subject to conditions.

To date, only one fine has been issued. This concerned a late notification for an investment in the defence sector. Although the deal had been signed before the FDI Act came into force, it was completed shortly afterward. Once the parties realized their obligation, they submitted a belated filing; however, the ISP still imposed a penalty of SEK 200,000 (approximately EUR 18,000). The company appealed, but the administrative court upheld the fine.

Regarding the two prohibitions that have been issued—both allegedly involving Chinese investments in greenfield battery production according to media reports—at least one has been appealed. In Sweden, prohibition decisions are not appealed to the courts but directly to the government. The appeal is currently under review by the Government, which is the sole authority responsible for deciding such cases. The high level of confidentiality, due to the national security considerations involved, makes it difficult for counsel and companies to draw meaningful conclusions from previous decisions and case law.

The Problem of “Activities Worthy of Protection”

Another key challenge lies in the vague scope of what constitutes an “activity worthy of protection”, and thus subject to mandatory notification. The MSB’s extensive list offers breadth but little clarity. Many businesses struggle to determine whether their operations are covered, while others unknowingly fall within the rules.

As a result, many investors file precautionary notifications simply to avoid the risk of sanctions. This over-compliance creates unnecessary workload for both companies and the ISP, diverting attention from genuinely sensitive cases.

An Overly Burdensome Framework

The Swedish legislator’s ambition, to build a robust, loophole-free screening system, is understandable and even laudable. Yet the practical outcome is a mechanism that is too expansive, too uncertain, and too slow.

It is difficult to explain to an EU-based investor why a transaction freely permissible elsewhere in the Union must undergo formal review in Sweden. It is even harder to justify why an all-Swedish company must seek approval for an internal restructuring. Such requirements risk undermining business confidence, deterring investment, and eroding the legitimacy of the screening system itself.

The Way Forward

As Sweden gains experience with the regime, a calibration of scope and process is urgently needed. Narrowing the list of activities requiring notification, clarifying definitions, and introducing fast-track procedures for low-risk cases would go a long way toward restoring balance.

One way to address the current challenges, at least partially, would be to replace the full notification requirement with an information requirement for EU investors. Under this approach, EU investors would inform the ISP of any investments in activities covered by the FDI Act without undergoing a full screening process. This would ensure the ISP remains aware of all investments in protection-worthy activities and could call in a transaction if there are concerns about the nationality of the owners. At the same time, investors could close transactions more quickly and avoid the costs and delays associated with unnecessary filings.

Ultimately, a credible FDI framework must achieve two goals simultaneously: protecting national security and facilitating legitimate investment. Sweden’s current model meets the first goal in principle but does so at the expense of the second. The coming years will determine whether this balance can be restored. Hopefully the upcoming EU rules will mean that e.g. internal restructurings will no longer be within scope in Sweden. We are still awaiting to see the upcoming amended version of the ordinance which defines what constitutes an “activity worthy of protection”, which is said to be circulated for public consultation in December 2025. According to various sources the definition will be even wider than today so make sure to have the FDI rules in mind when investing in Sweden.