Cybersecurity 2025

SWITZERLAND Law and Practice Contributed by: Hugh Reeves, Jürg Schneider and David Vasella, Walder Wyss Ltd

porting operators of critical infrastructures in managing these incidents. Protection of the federal administration against cyber-attacks is now a key task of a new specialist unit within the new State Secretariat for Security Policy (Sepos), also within the DDPS. The FADP does not provide an official role for NGOs and self-regulatory organisations (SROs). Such organisations would not, for example, have a right to bring a civil claim against a company perceived to be in breach of privacy laws. How - ever, there are a number of organisations that promote privacy, including several consumer protection organisations, although they do not perform these tasks on the basis of a legal man - date. The NCSC – now part of BACS – is the key offi - cial actor in the cybersecurity area. GovCERT. ch, whose parent organisation is the NCSC, is the computer emergency response team (CERT) for Switzerland. Its tasks include sup - porting the critical IT infrastructure in Switzer - land in dealing with cyberthreats. It maintains close relationships with other CERT organisa - tions, thereby seeking to promote the exchange of cyberthreat-related information. Furthermore, the FDPIC retains strong prerogatives given the absence of standalone cybersecurity legislation. Given the federal system in Switzerland, it should also be borne in mind that other cantonal and inter-cantonal bodies serve the purpose of information sharing. This is notably the case for the inter-cantonal Swiss Criminality Prevention Service (the SKP and PSC under its German or French and Italian acronyms, respectively). This service seeks to facilitate inter-cantonal police co-ordination as well as crime prevention meas - ures.

FINMA is the competent authority in the bank - ing and financial sectors. As part of its statutory mission, and in the course of supervising regu - lated financial entities, FINMA may also request compliance with applicable data protection and data security regulations. The Federal Office of Communications (OFCOM) is the federal office responsible for the proper implementation of the legal and technical requirements in the communications realm and plays a particularly important role in the area of telecommunications. In the area of unfair com - petition, the State Secretariat for Economic Affairs (SECO) acts for the Swiss Confederation in civil and criminal proceedings if matters of public interest are at stake. In addition, the following authorities may also be competent, albeit indirectly, in the cybersecurity area: • the Federal Office of Civil Aviation (in case of safety-related data breaches in the aviation sector); • the Federal Nuclear Safety Inspectorate (in case of sector-related data breaches); • the Federal Department of the Environment, Transport, Energy and Communications (DETEC), especially in regard to the national railway industry; and • Swissmedic, which receives notifications of serious incidents that can include incidents relating to software as a medical device.

278 CHAMBERS.COM

Powered by