The PTS stated that Telenor, according to its own security protection analysis, was an SSO and that it had identified a need for some of its staff positions to be placed in a security class. Security clearance for these security classes required, inter alia, information to be obtained from a records check. However, Telenor had not actually filed an application for these positions to be placed in a security class. As a result, Telenor had not taken into account the required information when performing its security clearance. Therefore, PTS found that Telenor had breached the security clearance rules and that these Telenor staff were not authorised to access the SPCI which they, in fact, had access to.
While considering the imposition of an administrative fine, ranging from the minimum amount of 25,000 SEK to the maximum amount of 50,000,000 SEK, the PTS found that Telenor had unintentionally – although negligently – let 24 of its executives, including its head of security, participate in its SSO for at least eight months without authorisation, causing a serious vulnerability to Swedish national security. In Telenor's favour, the PTS took into account that Telenor had taken steps to remedy the breaches and that there was no evidence that Telenor had made any profits as a result.
Against this background, and as mentioned above, the PTS ultimately decided to impose an administrative fine of 12,500,000 SEK on Telenor Sverige AB.