Cybersecurity has become a growing priority in Sweden, particularly due to several high-profile cyberattacks. For instance, Kalix municipality suffered a ransomware attack in 2021, resulting in over two million Swedish crowns in losses. Similarly, Kalmar municipality faced a cyberattack in February 2024, allegedly linked to a Russian hacker group. These incidents highlight both the economic motives behind cyberattacks and the ideological factors driving state-sponsored attacks on critical services.This thesis examines the legal requirements concerning cybersecurity that apply to Swedish municipalities, with a particular focus on the implementation of the NIS2-directive through the new cybersecurity law. As digitalization continues to transform public administration, the need for robust cybersecurity measures has become increasingly critical. The study aims to map and analyse the implica-tions of the new legislation for municipalities, which are often resource-con-strained compared to larger governmental bodies and private entities. All municipalities will be required to comply with the new cybersecurity law, which may pose challenges, especially for smaller municipalities that lack the re-sources and expertise of larger entities. The law will also expand the oversight responsibilities of various authorities, requiring regular reporting from munici-palities to ensure adequate cybersecurity measures are in place. That means the new cybersecurity law poses an infringement to the municipalities right to selfgovernance. In conclusion, while Sweden is undertaking significant reforms to enhance its civil defence and cybersecurity framework, there is considerable doubt regarding the necessity of including all municipalities in these new regulations. The require-ment for every municipality to comply with the standards set by the upcoming cybersecurity law raises concerns about the potential strain on their limited re-sources. These mandates could also threaten municipal selfgovernance by adding significant responsibilities for risk management and incident reporting, po-tentially increasing costs for taxpayers. Striking a balance between stronger cybersecurity and local autonomy is essential, prompting consideration on whether a more tailored approach for smaller municipalities might achieve these goals without undermining their independence.