Background image of the Lantero team

Compliance - Digital tools and personal support

Lantero simplifies work regarding regulations and laws. Through clear and efficient digital tools, it becomes easy to work professionally with complex issues. Additionally, you gain access to personal support or advice from specialist when it is truly needed.

Lantero has been operating since 2014 and today offers leading solutions for, among other things, AI-driven document redaction, whistleblowing services, and the management of cybersecurity.

Read more

Customer references

Attendo logo
Barncancerfonden logo
Cabonline logo
Cancerfonden logo
Eletrikerna logo
Finansinspektionen logo
Gävle Kommun logo
Kjell & Company logo
Kommunal logo
Ljung & Sjöberg logo
Luleå Energi logo
Luleå Kommun logo
Nordic Wellness logo
Region Norrbotten logo
Sigtuna Kommun logo
Soltech logo
Trafikverket logo
Vesper Group logo
Attendo logo
Barncancerfonden logo
Cabonline logo
Cancerfonden logo
Eletrikerna logo
Finansinspektionen logo
Gävle Kommun logo
Kjell & Company logo
Kommunal logo
Ljung & Sjöberg logo
Luleå Energi logo
Luleå Kommun logo
Nordic Wellness logo
Region Norrbotten logo
Sigtuna Kommun logo
Soltech logo
Trafikverket logo
Vesper Group logo

Blog

blog image

July 13, 2026

The Cybersecurity Act: What Smaller Companies Need to Know About Supply Chains and Cyber Hygiene

The new Cybersecurity Act (based on EU legislation) has become a hot topic of conversation in the business world. The main purpose of the law is clear: to raise cybersecurity and incident readiness across society, while giving corporate management clearer ownership of security issues. The focus lies on socially critical operations, such as government agencies, municipalities, energy companies, and food supply. So why is a law specifically targeting critical societal functions being discussed so broadly? The answer is the supply chain. ### Requirements Inherited Down the Line The legislation includes a strict requirement for covered organizations to ensure that their entire supply chain is secure. When a government agency or an energy company procures goods and services, they must vet their suppliers. In practice, this means that regardless of whether you run a large or small company, you will face tough security questions in future procurements. The requirements are simply inherited down the line. A vulnerability in a sub-contractor several tiers down ultimately becomes a vulnerability for the socially critical organization. ### Compliance Burden or Real Benefit? It is easy to view new laws as mostly unnecessary administration. However, much of the work provides a tangible benefit, and if approached wisely, it does not have to be overly burdensome. Information security is fundamentally about structure, and once you have those structures in place, it translates into security improvements that protect your business every single day. In an era of frequent cyberattacks and phishing attempts, good "cyber hygiene" is absolutely vital for any company. ### Three Steps to Tackle the Project For smaller organizations lacking a large IT budget or a dedicated compliance department, it is all about being concrete and narrowing the scope. The work can be boiled down to three central steps: 1. Get the technology right: Start with the low-hanging fruit. Implement two-factor authentication on all systems, ensure firewalls are enabled, and perform continuous security updates. Also, train your staff regularly so they recognize threats such as phishing (fraudulent emails) and vishing (phone scams). 2. Document: Conduct a simple inventory of your assets—what software, hardware, and networks do you use? Identify the risks associated with these and establish clear policies. For example, how do you manage "Shadow IT" (when employees use private phones or computers for work)? By documenting your processes, you will have ready-made answers when clients ask questions during a procurement. 3. Follow up: Cybersecurity is a moving target. At regular intervals, you must evaluate whether your routines align with reality, perform new risk assessments when purchasing new technology, and stay updated on emerging threats. ### Do You Need ISO 27001 Certification? Larger organizations often run heavy projects to get certified according to ISO 27001. For a smaller company—perhaps around 50 employees with a less complex operation—a formal certification is rarely necessary, unless explicitly required by your clients. It is far more important that you actually do the right things and have them documented in a well-functioning information security management system that mirrors the structure of ISO 27001, rather than having the actual certificate on the wall. Here at Lantero, we have developed ready-made, easy-to-understand templates and pre-filled examples to help you inventory your resources, conduct risk assessments, and establish the right structure from the start—without making the process heavier than it needs to be.
blog image

July 6, 2026

Whistleblowing in municipalities – trends and challenges

Lantero currently partners with around 80 of Sweden’s municipalities. Through this unique insight, we see a clear development: activity within municipal whistleblowing channels is increasing. But what is actually driving this development, how are the incoming cases best managed, and what new administrative challenges are waiting around the corner? We summarize some of the key insights based on a conversation with whistleblowing expert Andreas Wahlström. ### Increased Awareness and Turbulent Periods The fact that more reports are being submitted is primarily due to two things: increased trust and better information. Employees are becoming increasingly aware that these channels exist and trust that they are secure. However, this is not an entirely universal trend; activity varies greatly from one municipality to another. We see a clear link to two specific factors: 1. Focus on Welfare Crime: In municipalities that actively combat corruption and welfare crime, the propensity to report increases. 2. Turbulence and Change: Organizations undergoing a phase of restructuring or turbulence often experience higher pressure in their channels. Experience also shows that municipalities that are engaged and skilled at continuously training their staff receive more—and more relevant—reports. ### Screening and the Need for Investigative Expertise One of the greatest challenges for a municipality is managing the breadth of what is reported. Less than half of the incoming cases actually fall under the strict definition of the Whistleblowing Act. Much of it instead concerns general complaints or personnel matters. Despite this, a large portion of the reports carry significant value for the employer to be made aware of and to follow up on. Once a complex case has been identified, the next challenge arises: the investigation. Conducting an investigation internally can be legally and operationally complicated. A clear trend is therefore that more and more municipalities choose to bring in external expertise to quality-assure the investigative work and guarantee an independent review. ### The New Administrative Challenge: "War of the AI:s” Once a case has been handled, it does not always end there. Awareness among journalists and the public regarding the existence of these channels has increased, which has led to a significant spike in requests to extract documents from the systems. This is largely driven by AI technology. Since reviewers can now use AI to read and summarize vast amounts of text, they do not hesitate to request extensive logs and all available cases. For the already heavily burdened municipal case officers, this creates immense administrative pressure, as confidentiality and harm assessments (skadeprövning) must be carried out promptly and meticulously, since accidental disclosure of sensitive information can have severe consequences. To meet this AI-driven wave of requests, the municipalities themselves have begun implementing AI support in their processes. By allowing an AI to handle the groundwork and flag potential confidentiality risks, administrative time can often be cut by around 80%. This frees up time so that case officers can focus on what only a human can do: the final, qualified harm assessment.
blog image

June 29, 2026

Four Years with the Whistleblowing Act: The Market Matures as Municipal Contracts Are Renewed

Approximately four years have now passed since the Swedish Whistleblowing Act entered into force for the country's municipalities. This means that the first generation of procured contracts and system solutions is now expiring, which has triggered an intensive wave of contract renewals and direct procurements. Looking back at the past four years, it is clear that much has changed. From being a completely new and untested legal requirement, the field has matured significantly. Here, we summarize the three clearest trends and challenges shaping municipal whistleblowing solutions right now. 1. Higher Quality and the Decline of Clusters When the legislation was first introduced, uncertainty was high. Many municipalities pooled their resources into large clusters for joint procurements, and several attempted to build their own internal solutions. Today, we see a completely different level of confidence in the market. Clearer Specifications: Municipalities have gathered valuable experience. They know exactly what they want, and the procurement specifications are of a significantly higher quality. There is a demand for system solutions with specific functionality, such as integrated login (Single Sign-on) and advanced AI support for masking sensitive information when responding to public records requests. More External Sourcing: Organizations that previously attempted to manage channels entirely internally are now increasingly choosing to seek external assistance, both with the reporting solution and with parts of the case management. Independent Sourcing Replaces Coordination: The tendency to join large clusters has decreased. Because the process has proven to be smooth and uncomplicated, most municipalities now choose to handle their procurements independently. Furthermore, contracts are being signed for significantly longer periods than before (often up to 6 or 7 years), as the cost structure has stabilized and trust in suppliers has grown. 2. Large vs. Small Municipality: Independence in Focus The need for support in the process naturally varies depending on the size of the organization, but interestingly, resources are not the primary deciding factor. The very large municipalities often have the capacity to handle a large part of the case management internally. For other municipalities, it instead comes down to two critical factors: independence and competence. In a smaller municipality, where a case officer might only handle a handful of cases per year, the learning curve is steep and the challenges are completely new each time. Additionally, it is operationally difficult to guarantee a completely independent and impartial internal process. Therefore, external parties are increasingly in demand to step in more actively in the workflow, perform initial assessments, and act as a sounding board or investigator in more complex cases. 3. The Swedish Work Environment Authority Steps Up Inspections After maintaining a relatively passive profile during the initial years, the Swedish Work Environment Authority (Arbetsmiljöverket), as the supervisory authority, has now sharply increased its audits. They conduct regular inspections to review how channels actually function—and there is a clear common thread in what they look for. Right now, the authority’s focus is primarily on the written word. They compare the literal text of the law with the organization's internal policy documents and documented routines. They simply assume that what is written in the organization's guidelines reflects their practice. Sooner or later, the authority will knock on the door of most public actors, and when that happens, the documentation must hold up to scrutiny. How are you preparing? The market has shifted from uncertainty toward standardization and stability. This is highly visible among municipally owned companies—even those with well under 50 employees that are not formally covered by the legal mandate. Many of them still proactively choose to implement external whistleblowing channels, both for the purely business value of capturing useful information and as an important part of their employer branding. Should you receive an inquiry from the Swedish Work Environment Authority, or are you about to renew your current contracts? As a Lantero client, we are always available to provide direct support. We help you prepare accurate responses for the authority and continuously update our documentation and texts based on current practice and experiences from previous supervisory cases.
Image describing Simplicity

Simplicity

Simplicity is the guiding principle in all of Lantero's solutions. The regulations and requirements we work with are often complex, which makes it especially important that processes, forms and templates are clear and understandable.

The functionality is tailored to the customer's needs, to create a purposeful solution without unnecessary complexity.

Image describing Personal commitment

Personal commitment

Lantero's philosophy is that complex regulations should be managed with a combination of simple digital tools and personal support when needed.

We are here to support everything from questions about the specific regulation to questions about the process or practices in a certain area.

Image describing Network of experts

Network of experts

We know from experience that expertise from specialist often is necessary. Therefore, to provide comprehensive support, Lantero offers a network of lawyers and other experts.

We ensure that the customer receives the right advisors based on current needs and that the assignment is clearly defined to create predictability in delivery and cost.

What do our customer think?

Lantero is always easy to get hold of when you have questions about a case and I like that we can always get support.

Gabriella Demirci

Coordinator of the whistleblower function, Botkyrka municipality
We are very happy with the service that Lantero has given us from the very beginning, all the way from support regarding the whistleblowing process to detailed questions regarding individual cases. Lantero is always available and respond quickly, relevantly, and educationally, even at non-working hours, with great customer-focused commitment. It makes it both safe and convenient for us to have this support from Lantero.

Jakob Söderbaum

Data Protection Officer, Huddinge municipality
Lantero's whole approach feels serious and well thought out, it suits us.

Monika Sundesson

Head of HR, Barncancerfonden
Even before the new law, we were looking for different possibilities of integrating whistleblowing into our code of conduct. We found Lantero to be simple, clear and it was especially good with an independent party that was not connected to other governance functions or collaborators within the company. Everything has worked smoothly, and the tool is simple to handle if cases come.

Josefin Sollander

Chief Communications Officer, Soltech Energy Sweden AB
I appreciate Lantero's care and pragmatism.

Niklas Nordh

General Counsel, Cabonline
Lantero's service is the most thorough in the industry with consistently high quality at all levels. It was also very easy to implement the process. We work with recruitment and consultants in finance, such as CFOs, controllers, and accounting economists, and the trust that an independent whistleblowing channel creates becomes an advantage in the relationship with customers as well as candidates.

Peter Bergmark

VD, Vindex AB

Read more about our services

Book a demo for a service!

Book demo

Questions? Contact us