Information security now!
This week, we talk about the implementation of the national Cybersecurity Act and how you can recognise new phishing messages currently in circulation.
Topics covered in this week’s review

Implementation of the national Cybersecurity Act has begun
The entry into force of the national Cybersecurity Act has been reflected in the activities of the NCSC-FI, and the reception of notifications has started off well. The reporting obligation concerning significant incidents, which applies to NIS 2 and critical sector organisations, entered into force in early April. The centre has received many questions about practical matters, such as how to register in the list of operators and how the new notification application works. The Cybersecurity Act implements the obligations of the NIS 2 Directive in Finland.
The NCSC-FI reminds companies and organisations to register in the list of operators by 8 May so that supervisory and guidance measures can be correctly dimensioned. The Finnish Transport and Communications Agency Traficom coordinates cooperation between the national supervisory authorities under the NIS 2 Directive and acts as Finland’s national point of contact for information exchange with the EU and other Member States.
You can find general information about the obligations and their entry into force here (External link).
The supervisory authorities under the NIS 2 Directive also include the Energy Authority, the Finnish Safety and Chemicals Agency (Tukes), the National Supervisory Authority for Welfare and Health (Valvira), the Centre for Economic Development, Transport and the Environment for South Savo, the Finnish Food Authority, the Finnish Medicines Agency (Fimea), and the Financial Supervisory Authority (FIN-FSA).
The Finnish Transport and Communications Agency Traficom will host a Teams webinar on 12 May from 9.00 to 11.40, where Traficom’s experts will provide information on the implementation and supervision of the Cybersecurity Act. Participants will have the opportunity to ask the experts questions.
Register for the webinar here (External link) (registration deadline 9 May).
Read more on our NIS 2 web page (External link).
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
WHAT TO DO IF YOU GET SCAMMED
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI.
- Instructions for victims of data leaks (External link)
Recognise online scams and protect yourself from them
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 25–30 April 2025). The purpose of the weekly review is to share information about current cyber phenomena. The review is intended for everyone from cyber security professionals to ordinary people