Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Switzerland: Federal Council opens consultation on Cybersecurity Ordinance

On May 22, 2024, the Federal Data Protection and Information Commissioner (FDPIC) announced that the Swiss Federal Council opened a consultation on the new Cybersecurity Ordinance (the Ordinance).

What are the main aspects of the Ordinance?

The FDPIC noted that in 2023, the Parliament adopted amendments to the Information Security Act (ISA), introducing an obligation to report cyberattacks to critical infrastructures. The Ordinance aims to set out how the reporting obligation will be implemented.

In particular, the Ordinance regulates:

  • the scope of the reporting obligation for authorities and organizations;
  • the types of cyberattacks;
  • the content of the report; and
  • deadlines.

What are the exemptions to the reporting obligation?

The Ordinance provides for exemptions applicable to authorities and companies suffering a cyberattack that has no direct impact on the functioning of the economy or the well-being of the population. For specific sectors, the Ordinance establishes thresholds below which organizations are not required to report an attack. Moreover, a general exemption applies to companies with fewer than 50 employees, an annual turnover of less than CHF 10 million (approx. $11 million), and authorities that are responsible for fewer than 1,000 individuals.

National cybersecurity strategy

Furthermore, the Ordinance regulates the national cybersecurity strategy and its responsible Committee, as well as the tasks of the National Cyber Security Centre (NCSC) in relation to cyberattacks.

Consultation deadline

The consultation ends on September 13, 2024.

You can read the Federal Council's announcement here and the draft Cybersecurity Ordinance here, both only available in French, and the press release here.