Cybersecurity—Switzerland—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Switzerland—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Switzerland—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Switzerland published as part of the Lexology Getting the Deal Through series by Law Business Research (published: January 2021).

Authors: Walder Wyss Ltd—Michael Isler; Jürg Schneider; Hugh Reeves

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

No overarching cybersecurity legislation has been adopted in Switzerland to date, and there are also no plans to comprehensively address the issue in a bespoke legal instrument. Rather, cybersecurity is and will remain regulated by a patchwork of various acts and regulatory guidance. The sole clear exception to this rule is the Ordinance on the Protection against Cyber Risks in the Federal Administration (CyRV) of 27 May 2020, which entered into force on 1 July 2020. The CyRV governs the organisation of the federal administration from a cyber risks protection standpoint. It therefore regulates the tasks of federal cybersecurity bodies, provides for a competence centre – the National Cyber Security Centre (NCSC) – and moreover regulates various compliance aspects regarding external service providers that contract with the federal administration. 

The pertinent legislative and policy landscape has been analysed in a report concerning the national strategy on the protection of Switzerland from cyber risks, which was first approved by the federal government in 2012 and was updated in April 2018 for the 2018–2022

Popular documents