Finland is bolstering its cybersecurity defenses with new amendments to the Kyberturvallisuuslaki (Cybersecurity Act), set to take effect on July 1, 2025. These changes will expand the law’s scope to include businesses previously not designated as critical infrastructure operators.
The legislation, driven by directives from the European Union – specifically the CER and NIS 2 directives – aims to enhance the resilience of businesses like small and medium-sized enterprises (SMEs) and transportation or healthcare providers. These businesses will be subject to cybersecurity requirements if deemed critical by the government.
The amendments also align with a new law focusing on protecting critical infrastructure and strengthening societal resilience. The amendments will be enforced concurrently with the implementation of the new critical infrastructure protection law. The government will begin defining critical infrastructure operators in July 2026.
This expanded coverage reflects Finland’s commitment to safeguarding its digital assets and bolstering its ability to respond to cyber threats.
https://valtioneuvosto.fi/-/1410829/kyberturvallisuuslain-taydennykset-voimaan-heinakuun-alusta