Skip to content

Datacenter Decommissioning Services in Sweden

By Reboot Monkey Team

Reboot Monkey manages the full physical decommissioning lifecycle across Sweden's colocation hubs: asset audit, NIST 800-88 data destruction, hardware removal, WEEE-compliant disposal, and certified cage handback at Equinix SK1-SK4, Digital Realty STO1, Conapto, GleSYS, and Bahnhof.

Datacenter Decommissioning Services in Sweden

Last updated: April 9, 2026

What Datacenter Decommissioning Actually Means

Datacenter decommissioning is the complete, structured retirement of physical IT infrastructure from a colocation facility. It is not cloud service retirement, not application migration, and not a simple server move. It is the hands-on process of auditing every asset in a cage or suite, destroying data on every storage device, removing every rack unit of hardware, cleaning the space to operator specification, and returning the cage to the facility with a paper trail that satisfies your regulators, your auditors, and your lease terms. For Swedish enterprises, that paper trail carries legal weight. Integritetsskyddsmyndigheten (IMY), Sweden's data protection authority, expects organisations to demonstrate that personal data no longer exists on decommissioned hardware. Naturvårdsverket requires that electronic waste reaches a certified WEEE handler. Sweden's Cybersecurity Act implementing the EU NIS2 Directive demands that critical infrastructure operators maintain security continuity throughout system retirement. Doing this correctly requires physical presence, technical expertise, and regulatory knowledge working together in the same operation. Reboot Monkey is a vendor-neutral third-party datacenter services provider operating across 250+ cities in 190 countries. In Sweden, our field engineers cover Stockholm, Gothenburg, and Malmö, working inside Equinix, Digital Realty, Conapto, GleSYS, Bahnhof, and partner facilities. We do not own datacenters. We do not sell hosting. We provide the physical labour, technical oversight, and compliance documentation to close out your facility presence cleanly.
  • Full asset audit with serial numbers, make/model, and photographic evidence before any hardware moves
  • NIST SP 800-88 data destruction at the Clear, Purge, or Destroy level based on data classification
  • Per-asset data destruction certificates with media serial number, sanitisation method, timestamp, and chain-of-custody trail
  • Physical removal of servers, networking equipment, storage arrays, cables, patch panels, and PDUs
  • Cage and rack cleanup to operator specification: cable management removed, blanking panels cleared, labelling stripped
  • Facility handback coordination with Equinix, Digital Realty, Conapto, GleSYS, and Bahnhof operations teams
  • WEEE manifest (Avfallsdeklaration) documentation and certified e-waste logistics coordination
  • GDPR Data Processor Termination documentation and IMY-aligned chain-of-custody records

The Eight-Stage Decommissioning Process

A datacenter decommissioning project in Sweden typically runs two to eight weeks depending on scope. A single rack decommission at Equinix SK2 may take two days. A full cage closure at Digital Realty STO1 across 40 racks runs three to five weeks. An enterprise-scale project spanning 100+ racks across multiple Stockholm facilities requires phased execution over six to eight weeks. Understanding the stages helps you plan the project and communicate realistic timelines to facility operators, who need advance notice before accepting a cage handback. Stage one is the pre-decommissioning audit. Reboot Monkey engineers arrive on-site, document every asset in scope, photograph rack layouts, confirm power circuit assignments, and verify which cross-connects and network ports are still active. This audit output becomes the master asset register that drives every subsequent activity and eventually forms part of your compliance documentation. Stage two is planning and sequencing. Not everything can come down at once. Active systems must be migrated or powered down in the right order. Cross-connects at SwedenIX (AS2315, primarily at Equinix SK1) or Netnod (distributed across Stockholm and Gothenburg facilities) must be formally terminated before cage decommission can close. We map dependencies, confirm termination timelines with the relevant internet exchange operations teams, and build a project schedule that prevents unexpected service interruptions. Stage three is data destruction. For each storage device, we select the appropriate NIST SP 800-88 method based on the data classification you specify. For most operational enterprise data, Purge-level methods including ATA Secure Erase, NVMe Sanitize, or cryptographic erasure are appropriate and leave the hardware intact for potential reuse or resale. Where the data classification or device type requires Destroy-level treatment, we coordinate physical shredding or incineration with a SWEDAC-accredited data destruction partner, returning photo evidence and a signed destruction certificate for every device. Stage four is hardware removal. Engineers extract every rack unit systematically, working top to bottom to preserve structural stability. Cables come out first, labelled by destination. Networking equipment follows, then storage, then servers. Heavy equipment including high-density GPU nodes, large UPS units, and cooling in-row units may require additional rigging or mechanical assistance. Our 230V/50Hz electrical environment awareness ensures safe power disconnection at every step. Stage five is cage cleanup. The space must return to the condition the facility operator requires. Every cable tie, blanking panel, label, and piece of cable management debris comes out. The cage floor is cleared. Power strips and PDUs are removed unless they belong to the facility. Cage doors and locks are returned to facility defaults. Stage six is documentation preparation. Before the facility walkthrough, we compile the complete decommissioning package: asset disposition records, data destruction certificates, WEEE manifest (Avfallsdeklaration) with certified handler information, photographic evidence of the cleared space, and the GDPR Data Processor Termination documentation for IMY compliance purposes. Stage seven is the facility handback. For Equinix SK1, SK2, SK3, and SK4, the process runs through the Equinix Customer Portal. The formal cage decommission request is submitted, Equinix operations conducts an inspection, and a handback confirmation letter is issued. The timeline from removal completion to confirmed handback runs five to fifteen business days depending on facility workload. At Digital Realty STO1 in Älvsjö, the process follows a move-out notification, detailed asset removal manifest, final walk-through with Digital Realty operations, and a handback report typically issued within five business days of the walk-through. Stage eight is closeout. All compliance documents are compiled into a final decommissioning pack: destruction certificates, WEEE manifests, facility handback confirmation, GDPR termination notices, and the signed chain-of-custody record. IMY guidance suggests retaining this documentation for at least three years post-completion.
  • Stage 1: On-site asset audit and rack photography
  • Stage 2: Dependency mapping and cross-connect termination scheduling (SwedenIX / Netnod)
  • Stage 3: NIST SP 800-88 data destruction at Clear, Purge, or Destroy level with per-asset certificates
  • Stage 4: Systematic hardware removal (servers, networking, storage, cabling, PDUs)
  • Stage 5: Cage cleanup to operator specification
  • Stage 6: Compliance documentation preparation (WEEE manifests, GDPR notices, chain-of-custody)
  • Stage 7: Facility handback coordination (Equinix portal, Digital Realty walk-through, or operator-specific process)
  • Stage 8: Final decommissioning pack delivery with all certificates and regulatory documentation

NIST SP 800-88 Data Destruction: What Each Method Means

NIST Special Publication 800-88 Revision 1 (December 2014) is the international reference standard for media sanitisation. Swedish enterprises apply it as best practice because it is the most widely recognised framework for demonstrating that data destruction meets the technical and organisational safeguards required by GDPR Article 32. IMY does not mandate NIST specifically, but a destruction certificate referencing NIST 800-88 methods gives compliance teams a defensible, auditable answer when asked how personal data was eliminated. The standard defines three sanitisation categories. Clear applies logical techniques using standard read and write commands to overwrite data in all user-addressable storage locations. It protects against straightforward non-invasive recovery attempts. For most operational enterprise data on HDDs and SSDs where the device will be reused or resold, Clear-level treatment executed correctly is a reasonable choice. Purge renders target data recovery infeasible against state-of-the-art laboratory techniques. Methods include ATA Secure Erase and NVMe Sanitize commands (which invoke the drive's own secure erase function), cryptographic erasure of self-encrypting drives (destroying the encryption key rather than overwriting data blocks), and degaussing for magnetic media. Purge is the right choice for storage devices that held personal data subject to GDPR, financial records, or any information your organisation classifies as confidential. It leaves most devices in usable condition and is the most common method on Swedish decommissioning projects. Destroy renders both the data and the device irrecoverable. Methods include mechanical shredding to fragments below six millimetres per NIST guidelines, high-temperature incineration, and for specific industrial contexts, smelting. Destroy-level treatment is required when a device cannot be reliably purged (certain NAND flash configurations, damaged drives), when data classification prohibits any chance of residual recovery, or when regulatory obligations specifically mandate physical destruction. One distinction matters for your compliance records: the standard uses Clear, Purge, and Destroy. It does not use Grade 1, Grade 2, Grade 3, or any pass-count designation such as 'three-pass minimum'. If a vendor describes their process using those terms, they are not describing NIST 800-88 accurately. Your data destruction certificates should reference Clear, Purge, or Destroy, with the specific method used (for example, ATA Secure Erase per NIST SP 800-88 Rev. 1, Section 2.3).
  • Clear: logical overwrite of all user-addressable storage locations. Appropriate for non-sensitive data and devices intended for reuse.
  • Purge: state-of-the-art techniques (ATA Secure Erase, NVMe Sanitize, cryptographic erasure, degaussing) rendering data infeasible to recover. Required for personal data under GDPR.
  • Destroy: physical shredding (sub-6mm fragments), incineration, or smelting. Required for highest-sensitivity environments or devices that cannot be reliably purged.
  • Every sanitised device receives a certificate stating media serial number, sanitisation method, date, and technician credentials
  • The standard is NIST SP 800-88 Revision 1. It uses Clear/Purge/Destroy. It does not use Grade designations or pass-count minimums.
  • Purge-level destruction satisfies GDPR Article 17 (Right to Erasure) and Article 32 (technical safeguards) requirements for personal data

GDPR, IMY, and the Documentation Your Organisation Needs

When a colocation lease ends and IT infrastructure is decommissioned, the tenant organisation operates as a Data Controller under GDPR. The facility operator, if it ever processed personal data on your behalf or held systems that did, is a Data Processor. Article 28, paragraph 3(g) of GDPR requires that Data Processors delete or return all personal data to the Controller at the end of the contract, and that they delete existing copies unless Union or Member State law requires storage. In practice, this means your decommissioning project needs a formal GDPR Data Processor Termination Notice exchanged with the facility operator, confirming that no residual data persists post-handback. Equinix Sweden issues written confirmations in this regard. Digital Realty operates similarly. For smaller operators such as Conapto or GleSYS, the process may require more direct engagement with their compliance or operations teams to obtain written confirmation. IMY, established in 2019 as Sweden's data protection authority under the Dataskyddslagen (Data Protection Act, SFS 2018:218), has increased enforcement activity since 2022. IMY does not prescribe a specific data destruction method, but it expects that when personal data is destroyed, the organisation can demonstrate how and when it was done, by whom, and with what verification. A per-asset data destruction certificate from a NIST 800-88 Purge or Destroy operation provides exactly that evidence. Beyond the destruction certificates, your compliance documentation should include: a record of all data storage devices processed (by serial number), the GDPR Data Processor Termination Notice from the facility, the cage handback confirmation from the facility operator, and a summary record referencing the decommissioning project, the scope of equipment, and the dates of destruction. IMY guidance suggests keeping these records for at least three years. For organisations operating as critical infrastructure providers under Sweden's Cybersecurity Act implementing the NIS2 Directive, additional obligations apply. If your organisation is classified as an essential or important entity subject to the Act, the decommissioning must not introduce security gaps: access controls must remain active until final handback, and the process must be documented as part of your information security management records. Incidents that come to light during decommissioning and meet the NIS2 threshold require notification to PTS (Post- och telestyrelsen) within 72 hours.
  • GDPR Article 28.3(g): Data Processors must delete all personal data at contract end and confirm in writing
  • IMY (Integritetsskyddsmyndigheten) enforcement has intensified since 2022. Per-asset destruction certificates are your primary evidence of compliance.
  • Required documentation: data destruction certificates, GDPR Data Processor Termination Notice, cage handback confirmation, asset disposition records
  • Retention: IMY guidance recommends keeping decommissioning records for at least three years post-completion
  • NIS2 (Sweden's Cybersecurity Act): critical infrastructure operators must maintain security continuity throughout decommissioning and report qualifying incidents to PTS within 72 hours
  • Reboot Monkey delivers the complete documentation pack as a standard decommissioning deliverable

WEEE Compliance and E-Waste Logistics in Sweden

The EU WEEE Directive (2012/19/EU) is transposed into Swedish law through the Elskrotförordningen (Electrical and Electronic Waste Ordinance) and the Producentansvarsförordningen (Extended Producer Responsibility Ordinance). Naturvårdsverket, the Swedish Environmental Protection Agency, oversees compliance. Amendments effective from 2023 introduced updated waste classification requirements and accelerated collection deadlines for datacenter equipment categories. The obligation on the decommissioning team is straightforward in principle: all removed electronic equipment must be transferred to a certified ITAD partner or approved recycler, accompanied by a WEEE manifest called an Avfallsdeklaration. The manifest documents equipment type, quantities, manufacturer details, condition, any hazardous materials present (batteries, components containing lead or mercury), and the intended treatment method: reuse, recycling, or destruction. Data destruction and WEEE compliance are sequential, not parallel. Every data storage device must be sanitised or physically destroyed per NIST SP 800-88 before the equipment leaves your control and is transferred to the WEEE handler. The data destruction certificate travels with the WEEE manifest as part of the chain-of-custody record. An ITAD partner that accepts equipment without first confirming data destruction status is not operating correctly from either a GDPR or a WEEE compliance standpoint. Swedish ITAD partners operating under SWEDAC accreditation (ISO/IEC 17020) are the appropriate recipients for decommissioned datacenter equipment. SWEDAC is Sweden's national accreditation body, operating under the Swedish Board for Accreditation and Conformity Assessment. Choosing an accredited partner ensures the recycling and treatment certification you receive carries regulatory standing. For equipment with residual commercial value, some fraction of decommissioned hardware can be refurbished and resold in secondary markets, partially offsetting decommissioning costs. Reboot Monkey coordinates with ITAD partners to assess hardware for resale candidacy. The decision on which assets to refurbish versus recycle rests with the client; our role is to ensure the data destruction and WEEE compliance steps are completed correctly for every device regardless of its downstream destination. UPS batteries, backup power modules, and lithium-ion devices require separate WEEE handling under Sweden's battery regulations. These are managed as distinct waste streams with their own collection manifests and cannot be bundled with general server hardware in a single Avfallsdeklaration.
  • All decommissioned equipment must be transferred to a SWEDAC-accredited ITAD partner or WEEE-certified recycler
  • An Avfallsdeklaration (WEEE manifest) must accompany every equipment transfer, documenting type, quantity, condition, and hazardous materials
  • Data destruction (NIST 800-88) must be completed before equipment leaves your control. The destruction certificate travels with the WEEE manifest.
  • ITAD partners accredited under ISO/IEC 17020 by SWEDAC provide WEEE treatment certificates suitable for Swedish regulatory compliance
  • UPS batteries, backup power modules, and lithium-ion devices are a separate WEEE waste stream requiring individual collection manifests
  • Reboot Monkey coordinates ITAD partner engagement, manifest preparation, and chain-of-custody documentation as part of the decommissioning service

Swedish Facilities: Equinix, Digital Realty, Conapto, GleSYS, and Bahnhof

Sweden's enterprise colocation market is concentrated in Stockholm, which holds the majority of the country's carrier-neutral datacenter capacity. Gothenburg and Malmö serve regional enterprise demand and Scandinavian cross-border operations. Equinix operates four Stockholm facilities. SK1 and SK2 are located in Södermalm in central Stockholm, with SK1 functioning as Sweden's primary carrier-neutral interconnection hub and the primary co-location point for SwedenIX (formerly STHIX, AS2315). SK3 and SK4 are located north of the city in Väsby, approximately 20 kilometres from central Stockholm, serving enterprises that need Stockholm-area presence but require higher-density or lower-cost rack space. Decommissioning at any Equinix Stockholm facility runs through the Equinix Customer Portal. The formal cage decommission request triggers an operations assessment, equipment removal coordination, and an inspection before handback confirmation is issued. SwedenIX cross-connect ports at SK1 must be formally terminated through the SwedenIX member portal, requiring five to ten business days advance notice. Digital Realty STO1 is located in Älvsjö in the south of the Stockholm metropolitan area. The facility was formerly operated as Interxion before the Digital Realty acquisition and carries significant Netnod (AS12552) presence. Decommissioning at STO1 runs through a formal move-out notification via the customer portal, a detailed asset removal manifest with serial numbers and destinations, a final walk-through with Digital Realty operations, and a handback report. Enterprises with Netnod peering memberships at STO1 must terminate those ports through the Netnod member portal before cage decommission can close, with a five business day notice requirement. Digital Realty participates in the Climate Neutral Data Centre Pact, so clients with ESG reporting requirements can request chain-of-custody documentation suitable for sustainability disclosures. Conapto operates carrier-neutral facilities in Stockholm and Gothenburg. Its decommissioning procedures are less formalised than Equinix or Digital Realty, and a custom process agreement with Conapto operations may be needed before the project begins. GleSYS, a Swedish hosting and cloud provider with colocation services, serves primarily SMB customers and handles decommissioning under its standard terms of service. Bahnhof operates the Vega datacenters in Stockholm, historically serving ISP and hosting customers. Enterprise decommissioning support is available but may require direct engagement with Bahnhof operations management. Reboot Monkey works inside all of these facilities. Our engineers are familiar with the physical layouts, access control procedures, and operator-specific requirements at each site. When your lease ends, we coordinate the operator relationship, manage the cross-connect termination sequencing, and deliver the handback documentation, so your facility exit does not require you to manage multiple contractors and multiple operator portals simultaneously.
  • Equinix SK1/SK2 (Södermalm, central Stockholm): primary SwedenIX hub. Cage decommission via Equinix Customer Portal. SwedenIX port termination requires 5-10 business days.
  • Equinix SK3/SK4 (Väsby, Stockholm North): 20 km from central Stockholm. Same Equinix portal process, potentially lighter SwedenIX cross-connect density.
  • Digital Realty STO1 (Älvsjö, Stockholm South): Netnod IXP presence. Move-out notification, asset manifest, walk-through, 5-day handback report. ESG chain-of-custody documentation available.
  • Conapto (Stockholm / Gothenburg): carrier-neutral, less formalised process. Pre-project process agreement recommended.
  • GleSYS and Bahnhof: SMB-to-enterprise range. Standard terms of service processes. Reboot Monkey manages operator engagement.
  • Reboot Monkey covers Gothenburg and Malmö secondary hubs in addition to Stockholm

Typical Timelines and Cost Drivers

No two decommissioning projects are identical, but the variables that determine timeline and cost are consistent enough to give you a working framework for budget planning. Timeline scales with physical scope. A single rack of servers requires one to three days on-site. Five to twenty racks is typically a one to two week operation. A full cage containing 20 to 50 racks runs two to four weeks. Enterprise-scale projects covering 100 or more racks, or projects spread across multiple facilities, operate on four to eight week phased schedules. These timelines include on-site labour, but they do not automatically include the facility operator's handback confirmation period, which adds five to fifteen business days on top of the physical removal work. Cost is driven by five primary factors. The first is scope: how many racks, how many devices, how many facilities. The second is data destruction method: Clear and Purge operations are typically included in a project-based quote; Destroy-level shredding involves an accredited destruction partner and carries additional per-device fees. The third is logistics complexity: equipment destined for a certified ITAD partner requires manifest preparation, transport coordination, and treatment certificates. The fourth is timeline: accelerated decommissioning, such as responding to a lease dispute, a post-breach incident response, or an urgent NIS2-driven shutdown, involves overtime labour and compressed coordination. The fifth is cross-connect complexity: multiple internet exchange memberships, Equinix Fabric connections, or third-party cross-connects each require formal termination notices and port confirmation, adding coordination steps that take calendar time even if they do not add much cost. Reboot Monkey quotes decommissioning projects on a scope-based project model, covering all labour, data destruction oversight, documentation, and facility handback coordination. Requests for quotation are handled through the contact page at /en/contact/.
  • 1-5 racks: 1-3 days on-site
  • 5-20 racks: 1-2 weeks
  • 20-50 racks (full cage): 2-4 weeks
  • 100+ racks (enterprise scale): 4-8 weeks phased
  • Add 5-15 business days for facility operator handback confirmation period
  • Key cost drivers: scope, data destruction method (Clear/Purge vs Destroy), ITAD logistics, timeline urgency, and cross-connect complexity

Why Vendor-Neutral Matters in Sweden

The Swedish colocation market is not a single facility. Enterprises with serious decommissioning requirements often hold footprints at more than one operator, or are consolidating from a secondary facility into a primary one after a data center migration. A provider that can only decommission inside its own network, or that requires you to use its own ITAD affiliate, is not an independent partner. Reboot Monkey does not own or operate any datacenter. We are not affiliated with any facility operator, ITAD company, or equipment manufacturer. Our engineers work inside Equinix, Digital Realty, Conapto, GleSYS, and Bahnhof using the same access procedures any authorised third-party contractor follows. We select data destruction partners based on SWEDAC accreditation and the specific data classification requirements of your project, not based on commercial arrangements. This independence matters in two practical ways. First, you get consistent process and documentation regardless of which facility you are exiting. Whether your cage is at SK1 or STO1 or a Conapto site in Gothenburg, the Reboot Monkey documentation pack looks the same, uses the same NIST 800-88 references, and satisfies the same GDPR and WEEE compliance requirements. Second, you have a single point of accountability for the entire project. Data destruction, hardware removal, cross-connect termination coordination, WEEE logistics, and facility handback are all under one contract with one responsible party. This is the gap that currently exists in the Swedish market. Facility operators handle their own move-out coordination but do not own the data destruction process. ITAD specialists handle equipment disposal but are not positioned to coordinate with SwedenIX or negotiate cage handback timelines with Equinix operations. Reboot Monkey bridges that gap by operating across all of those activities under a single scope of work.
  • Operates inside all major Swedish facilities: Equinix SK1-SK4, Digital Realty STO1, Conapto, GleSYS, Bahnhof
  • No affiliation with any datacenter operator, ITAD company, or equipment manufacturer
  • Single contract covers data destruction, hardware removal, WEEE logistics, cross-connect termination, and cage handback
  • Consistent NIST 800-88 documentation and GDPR/WEEE compliance output regardless of which facility is being exited
  • Covers Stockholm primary hub plus Gothenburg and Malmö secondary hubs
  • Global 24/7 NOC support and field engineer network across 250+ cities in 190 countries

Migrating your infrastructure to a new Swedish facility before decommissioning the old one. Reboot Monkey manages both the move and the closeout.

Physical server relocation between colocation facilities in Stockholm, Gothenburg, or Malmö.

On-site technical support at Swedish datacenters for cable work, device inspections, power cycling, and hardware verification.

Physical server installation, mounting, and cabling inside Swedish colocation facilities.

Frequently Asked Questions

What is datacenter decommissioning?

Datacenter decommissioning is the complete physical shutdown and removal of IT infrastructure from a colocation facility. It covers the full lifecycle from asset inventory through data destruction, hardware removal, cage cleanup, and facility handback to the operator. It is not the same as cloud service retirement, application migration, or server relocation. The defining outputs are data destruction certificates, a WEEE manifest, GDPR compliance documentation, and a signed cage handback confirmation from the facility.

How long does datacenter decommissioning take in Sweden?

Timeline depends on scope. One to five racks typically takes one to three days. Five to twenty racks is one to two weeks. A full cage decommission of 20 to 50 racks runs two to four weeks. Enterprise-scale projects covering 100 or more racks operate on four to eight week phased schedules. Add five to fifteen business days for the facility operator's handback confirmation period after physical removal is complete.

What does NIST 800-88 mean for data destruction in Sweden?

NIST Special Publication 800-88 Revision 1 is the international standard for media sanitisation. It defines three methods: Clear (logical overwrite, suitable for non-sensitive operational data), Purge (state-of-the-art techniques such as ATA Secure Erase or cryptographic erasure, required for personal data subject to GDPR), and Destroy (physical shredding or incineration, required when purge is not possible or data classification demands it). Swedish enterprises apply it as best practice for demonstrating GDPR Article 32 technical safeguards. Each sanitised device receives a certificate referencing the method used, media serial number, and date. The standard does not use Grade designations or pass-count minimums.

What GDPR documentation does a decommissioning project produce?

A complete decommissioning project produces: per-asset data destruction certificates (method, serial number, timestamp, chain-of-custody), a GDPR Data Processor Termination Notice exchanged with the facility operator confirming no residual data persists post-handback, a cage handback confirmation from the facility, and an asset disposition record listing all devices in scope. IMY guidance suggests retaining these records for at least three years. Reboot Monkey delivers the complete documentation pack as a standard project deliverable.

What is an Avfallsdeklaration and when is it required?

An Avfallsdeklaration is the Swedish WEEE manifest, a legally required document that must accompany all electronic equipment transferred to a certified ITAD partner or recycler. It records equipment type, quantities, manufacturer, condition, hazardous materials (batteries, components containing lead or mercury), and intended treatment method. Data destruction must be completed before equipment transfers to the WEEE handler, and the data destruction certificate must travel with the manifest as part of the chain-of-custody record. Naturvårdsverket, the Swedish Environmental Protection Agency, oversees WEEE compliance.

Does decommissioning at Equinix Stockholm require anything specific?

Equinix requires a formal cage decommission request submitted through the Equinix Customer Portal. This triggers an operations assessment, physical removal coordination, and a final inspection before a handback confirmation letter is issued. For Equinix SK1 in Södermalm, any SwedenIX (AS2315) cross-connect ports must be formally terminated through the SwedenIX member portal before the cage decommission can close, with five to ten business days advance notice required. SK3 and SK4 in Väsby follow the same Equinix process but may have different cross-connect profiles. The entire handback confirmation period runs five to fifteen business days after physical removal is complete.

What does NIS2 require during datacenter decommissioning?

For organisations classified as essential or important entities under Sweden's Cybersecurity Act implementing NIS2, decommissioning of IT systems requires that access controls remain active until final handback, security continuity is maintained throughout the process, and any incidents identified during decommissioning that meet the NIS2 threshold are reported to PTS (Post- och telestyrelsen) within 72 hours. The decommissioning process must be documented as part of the organisation's information security management records. MSB (Myndigheten för samhällsskydd och beredskap) is the primary NIS2 supervisory authority in Sweden.

Can Reboot Monkey decommission equipment outside Stockholm?

Yes. Reboot Monkey covers Stockholm as the primary hub and extends to Gothenburg and Malmö for regional enterprise facilities. Gothenburg hosts Conapto and regional carrier facilities. Malmö serves southern Scandinavian enterprises and Danish cross-border IT operations. For facilities outside these cities, contact us at /en/contact/ to discuss on-site coverage via our field engineer network.

Request a Quote