SWITZERLAND Law and Practice Contributed by: Lukas Morscher, Lukas Staub and Jil Eichenberger, Lenz & Staehelin
ommends preventive measures on its website. These include: • the establishment of a separate network seg - ment for devices connected to the internet and devices connected to personal data; • restricting access from the internet to the device; • keeping devices up to date and installing updates; • using protocols allowing only encrypted con - nection; • securing access via the internet by means of a VPN connection or restricting access by using an IP address or GeoIP filter; and • using complex passwords and two-factor authentication. 4.2 Compliance and Governance Due to the technology-neutral approach of Swiss law, deploying IoT solutions must comply with the general rules of unfair competition law, risks and liabilities and data privacy. In particular, the deployment of IoT devices requires ensur - ing cybersecurity and data protection, espe - cially given the vast amounts of data, some of it sensitive, generated and shared by connected devices. The NCSC oversees compliance and incident reporting for cybersecurity and, if per - sonal data is involved, the FDPIC will be involved as well (see 2.1 Highly Regulated Industries and Data Protection and 4.1 Machine-to-Machine Communications, Communications Secrecy and Data Protection ). Manufacturers must adhere to conformity regulations under the Fed - eral Office of Communications (the “OFCOM”) to ensure IoT devices are interoperable and free from interference. As of 1 January 2025, the OFCOM has estab - lished two specialised units: the Market Access and Cybersecurity unit, which ensures that wire -
less devices meet privacy and cybersecurity standards, and the Network and Service Security unit, which focuses on maintaining and enhanc - ing the resilience and availability of telecommu - nications networks. From 1 August 2025, con - nected wireless devices, such as smartphones and smartwatches, will be required to meet stricter cybersecurity requirements to prevent unauthorised data access, mitigate fraud risks and protect against misuse for cyber-attacks. 4.3 Data Sharing Switzerland does not have a specific equivalent to the EU’s Data Act. Data sharing by IoT com - panies is governed by general data protection laws (see 2.1 Highly Regulated Industries and Data Protection ). Sensitive data, such as health, biometric, or religious information, is subject to stricter protections under the DPA, including enhanced consent requirements. Trade and manufacturing secrets may also raise issues under industrial espionage or competition laws. 5. Audiovisual Media Services 5.1 Requirements and Authorisation Procedures Broadcast Media Regulation The broadcasting sector has three main authori - ties responsible for the granting of licences. The Federal Council is the licensing authority for the Swiss Broadcasting Corporation (the “SBC”). With respect to other licences, licensing com - petence has been delegated to the DETEC. The OFCOM puts the licences out for tender and consults interested groups. The OFCOM further fulfils all sovereign and regulatory tasks related to the telecommunications and broadcasting (radio and television) sectors. It fulfils an advi - sory and co-ordinating function for the public and policymakers. It also guarantees that basic
464 CHAMBERS.COM
Powered by FlippingBook