Managing legal and compliance risks in the defence sector

The European defence sector is undergoing rapid growth as governments expand budgets and accelerate modernization programmes. For companies, this expansion creates exciting opportunities but also exposes them to heightened legal, regulatory, and reputational risks. The regulatory landscape is complex and fragmented, with rules varying significantly across jurisdictions. For businesses active in or entering the sector, navigating this patchwork is critical.

At Delphi, we work with both Swedish and foreign clients to identify risks early and implement strategies to operate responsibly and with confidence in this challenging environment. In matters with cross-border dimensions, we collaborate closely with trusted firms in our international network to ensure seamless and coordinated advice across jurisdictions. We also cooperate with other kinds of specialists within e.g. information security and public affairs when needed.

Below is a brief overview of some of the areas where key legal and compliance touchpoints arise.

Licensing and authorisations

Defence activities are subject to strict licensing regimes. Depending on the jurisdiction, companies may need separate approvals to manufacture, export, or invest in defence-related businesses. Failure to secure the correct authorisations can halt projects or lead to substantial penalties. We help clients assess whether their activities fall under defence licensing requirements and manage the process of obtaining approvals across multiple jurisdictions.

Security and cyber compliance

Beyond licensing, companies must comply with stringent security obligations. At EU level, the NIS2 Directive imposes wide-ranging cybersecurity requirements on entities across critical sectors, including risk management, incident reporting, and oversight mechanisms.

While entities active in defence, national security, public security, and related areas are generally excluded from the scope of NIS2, companies operating in related sectors may still fall under the directive.

Additionally, many EU Member States have protective security laws at national level. These can impose obligations to:

• conduct security risk analyses,
• vet personnel for security clearances,
• conclude security protection agreements, and
• implement physical as well as IT and communications security measures.

We advise clients on how to assess the applicability of these rules, build compliance programmes, and ensure security measures are embedded across their operations.

Export controls and sanctions

Defence exports are subject to extensive controls and sanctions regimes, which evolve quickly with geopolitical circumstances. Dual-use products, that is items with both civilian and military applications, can generally circulate freely within the EU. However, certain sensitive items still require authorisation for intra-EU transfers and exports outside the Union are always governed by strict licensing requirements. Determining whether a product falls within the regime can be highly complex, and mistakes can be costly. We assist clients in classifying their products, interpreting applicable rules, and securing the necessary licences to ensure compliance. Export control for military equipment is regulated on a national level in Sweden as well as many other jurisdictions, why awareness of and compliance with local rules are key.

Beyond classification, we also help clients design robust compliance frameworks, including screening tools, due diligence processes, training, and monitoring systems. This proactive approach helps companies remain compliant even as rules and sanctions shift rapidly.

EU sanctions regimes and national enforcement mechanisms for sanctions violations continue to evolve rapidly. For a detailed analysis of recent sanctions developments and Swedish legislation addressing sanctions breaches, please refer to our previous blog posts.

Contractual risk management

Operating in the defence sector often means contracting with governments, directly or indirectly. These contracts typically impose strict liability provisions, far-reaching termination rights for the buyer, and limited flexibility for suppliers. Risks may also cascade down the supply chain, affecting subcontractors and partners. We help clients anticipate and mitigate these risks by reviewing procurement procedures, advising on contract structuring, and negotiating protective clauses to balance obligations with commercial viability.

Anti-corruption and competition law compliance

Awareness of and compliance with anti-corruption rules are also crucial in this context, and we regularly assist clients in ensuring adherence to these requirements. It is not uncommon for companies in this sector to need to cooperate with one another, which is why compliance with competition rules is essential. This is another area where we provide comprehensive support to our clients

ESG and reputation

Beyond compliance, defence companies face heightened scrutiny on Environmental, Social, and Governance (ESG) issues. Investors, regulators, and the public expect transparency, ethical standards, and accountability. We advise on integrating ESG principles into governance frameworks, conducting human rights and end-use due diligence, and ensuring robust and transparent reporting. A well-defined ESG strategy not only mitigates reputational risk but also strengthens credibility with stakeholders.

Mergers & Acquisitions and investments

When structuring and negotiating mergers, acquisitions, joint ventures, IPOs, or other investments in defence and security-related industries, it is essential to take all the aforementioned aspects into consideration and ensure that foreign direct investments are properly notified, as is often required by regulatory authorities. We are well-positioned to assist clients in structuring deals and investments in the most effective and compliant manner.

How we can help

The defence sector presents significant compliance challenges, but these can be managed with the right expertise and preparation. At Delphi, we combine legal, regulatory, and strategic insight to help clients identify risks, implement compliance systems, and operate successfully in a sensitive and highly regulated environment. In cases with cross-border dimensions, we work hand in hand with our international network to provide coordinated and effective support wherever our clients operate. Whether advising on licensing, cybersecurity, export controls, dual-use classification, contracts, or ESG, we work alongside clients to safeguard their operations and position them for sustainable growth.