SWITZERLAND Trends and Developments Contributed by: Jürg Schneider, David Vasella and Hugh Reeves, Walder Wyss Ltd
or to archive or delete personal data. The pro - cedure to follow in the event of a data subject request is similar but not identical to that under the GDPR, due to slightly different obligations for timing and more generous exemptions. Administrative measures and sanctions Under the FADP, the FDPIC can issue binding orders. These include orders to cease process - ing, or to destroy personal data or cease dis - closure abroad, as well as orders to carry out a DPIA or give information to a data subject. The revised FADP has also introduced criminal sanctions of up to CHF250,000 in the event of an intentional breach (including contingent intent) of certain provisions, for example in case of a breach of the information obligation; incomplete or inaccurate information in case of a data sub - ject access request; or where a controller uses a processor without entering into a processing agreement. These sanctions are directed against the individual responsible for the breach (includ - ing but not limited to members of management). Third countries with an adequate level of data protection As under the GDPR, there are third countries that benefit from an adequacy decision and are therefore considered as guaranteeing an ade - quate level of personal data security. The Feder - al Council determines these countries, which are listed in Annex 1 of the DPO. This list is similar to the adequacy list kept by the European Com - mission, but there are differences (for example, Japan is not considered to provide adequate protection). Recommendations Companies that have not already done so should implement all measures and corrective actions that are required to comply with the FADP as
soon as possible. While the level of enforcement in Switzerland continues to be lower than under the GDPR, risks have increased and will likely
continue to do so. Hot Topic Two: AI
As in the rest of the EU – or the world – the rise of AI, and in particular generative AI, is a hot topic in Switzerland. While Switzerland currently has no specific AI regulations (aside from light - weight regulations for federal authorities), it is closely monitoring the developments in the EU and globally. For the time being, data protection remains the key regulation for AI, aside from intellectual prop - erty and the protection of business secrets and obligations of professional secrecy. There are no data protection regulations specifically aimed at AI, but the general principles remain applicable, as well as requirements for contracts with pro - viders or customers and with cross-border data transfer restrictions. There is an emerging under - standing of how these issues should be tackled in relation to the use of (generative) AI, as well as an understanding of how AI governance should be addressed by companies. This being said, on 12 February 2025, the Fed - eral Department of the Environment, Transport, Energy and Communications (DETEC) and the Federal Department of Foreign Affairs (FDFA) presented an overview of possible regulatory approaches to AI to the Swiss Federal Council. On the basis of this overview, the Swiss Fed - eral Council has decided on a Swiss regula - tory approach for AI based on three objectives: strengthening Switzerland’s location for innova - tion, safeguarding the protection of fundamen - tal rights, including economic freedom, and increasing public trust in AI. To achieve these objectives, the Swiss Federal Council has set the
438 CHAMBERS.COM
Powered by FlippingBook