In 2012, the Swedish Defence Research Agency (FOI) carried out a study, on behalf of the Swedish Civil Contingencies Agency (MSB), to investigate how regulations and requirements govern security work within industrial information and control systems. The study covered the sectors: electricity production and electricity distribution, drinking water, district heating and cooling, chemical process industry, rail traffic and electronic communications. In 2015, FOI conducted a study to follow up on changes since 2012. Regulations and requirements that govern security work within industrial information and control systems have since changed through extensive reforms. This applies in particular to the adoption of the NIS Directive, the EU Cybersecurity Act and the Protective Security Act. This report presents a follow-up study with the aim of describing, at an overall level, current regulations and requirements, by including changes implemented after 1 December 2015. In addition to previously mapped sectors, this report includes the healthcare sector. The report describes both relevant regulations and requirements for each designated sector and central sector-wide regulations and requirements. It also provides examples of laws and regulations in other areas that may affect both requirements that are generally placed on information security, as well as on information and control systems.