Yes. Per refs, it doesn’t say what you seem to be thinking.
Secrecy is the weakest link. If everything around this law is covert (including the safeguards), then I’d rather rely on 3p opinion, which makes it clear what is (“installing hardware/software” in third-party services like “websites” or equipments such as “computers”) and isn’t possible (“notifying” those that were pwned).
As I read it (from 3p reports), PG’s minimum criteria for VPNs is a high bar for Swedish providers to meet. I’m interested in what others here have to say, too.
(I wouldn’t be even discussing this, but a team member reached a different conclusion that Tor is probably what one should use instead of a ¿Swedish? VPN: Cheaper VPN service recommendations? - #75 by Niek-de-Wilde)