Cybersecurity 2025

SWITZERLAND Law and Practice Contributed by: Hugh Reeves, Jürg Schneider and David Vasella, Walder Wyss Ltd

However, the Swiss government has given cybersecurity increasing attention in the past few years, and the absence of an overarching ad hoc law on cybersecurity may appear mislead - ing given the importance and national relevance of this topic. Nonetheless, this conclusion is unlikely to lead the Swiss legislator (Parliament) to issue any additional topical legislation on cybersecurity in the near future. On the contrary, the federal government has been following the National Strategy for the Protection of Switzer - land against Cyber Risks (NCS). The NCS was last updated in April 2023. The strategy sets out the objectives and measures with which the federal government and the can - tons, together with the business community and universities, intend to counter cyberthreats. A steering committee has been established to plan and co-ordinate the implementation of the strategy. The revised NCS builds on the previ - ous strategies, adding content and precision. It defines 17 measures, each contributing to five strategic objectives, namely: • self-empowerment (Switzerland is to expand its position as one of the world’s leading knowledge, education and innovation loca - tions in cybersecurity); • securing digital services and infrastructures (Switzerland is to implement measures to strengthen cyber-resilience); • ensuring effective detection, prevention, man - agement and defence against cyber-incidents (Switzerland is to ensure the capacities and organisational structures needed to quickly identify cyberthreats and incidents, and mini - mise damage, are in place); • combating and prosecuting cybercrime effec - tively (Switzerland is to expand its ability to identify and prosecute threat actors); and

• maintaining a leading role in international co- operation (Switzerland is to foster an open, free and secure cyberspace and compliance with international law in the digital space). However, the NCS does not foresee the imple - mentation of a dedicated cybersecurity legisla - tion, instead focusing on modernising various pre-existing laws. The updated NCS is testa - ment to the continued growth in relevance of cybersecurity in Switzerland, as well as perhaps the increased global threat posed by cyber-risks. 1.3 Cybersecurity Regulators The FDPIC is a body established at the federal level under the FADP. The FDPIC supervises compliance with the FADP and other federal data protection legislation by federal bodies and advises private bodies. On its own initiative, or at the request of a third party, the FDPIC may carry out investigations into data processing by private bodies. In addition, each canton has its own data protection authority, which is generally competent to supervise cantonal and communal bodies (but not private parties, which are subject to the FDPIC’s authority). Other regulators – for example, FINMA – may play a role in the enforce - ment of data protection (see the following). It is also worth mentioning here that the key offi - cial actor in the cybersecurity area is the NCSC, which is now integrated into the new Federal Office for Cybersecurity (BACS) within the Fed - eral Department of Defence, Civil Protection and Sport (DDPS). Indeed, in an effort to centralise the administrative activities in this area, other actors such as the Reporting and Analysis Cen - tre for Information Assurance (MELANI), GovCert and the Cybercrime Coordination Unit (CYCO) became an integral part of the NCSC and now BACS. Tasks include raising public awareness, receiving reports on cyber-incidents and sup -

277 CHAMBERS.COM

Powered by