(emphasis all mine)
Of course, they say that in the intro. Read the fine print:
For users (of computers and other electronic devices), the new Covert Surveillance of Data Act grants law enforcement agencies the authority, upon a special permit (in each specific case) from a competent Swedish court, to
secretly install software or hardware on suspect users' devices or devices which the suspect in special cases have or will most likely contact. This implies that law enforcement agencies may access a suspect user’s information before it is encrypted by VPN-services …
Pretty much states that the FRA can pwn their servers if they deem the suspect is most likely to contact it.
They also wash their hands off of their own assertions.
Note that
the summary is not exhaustiveand itssole purpose is to provide you, as a user, with a certain overall, general understandingof the new law and an understanding of why Mullvad VPN is not subject to the new law. Thesummary is not intended to constitute, and must not be used as, professional legal advicein any respect. All use of the content is at theuser's own risk.
In other words, do your own research.
Yeah, I know. You expect them to say otherwise? (: My point is, the law grants FRA an astonishingly wide-berth.