Cybersecurity is being taken increasingly seriously in Switzerland – both by the federal government and medium and large businesses. With the Federal Data Protection Act set to be revised in 2020 and additional measures in this space expected, companies are likely to continue investing significant resources into combating cyber risks in 2020 and beyond. This video discusses some of the key issues that have been affecting the Swiss cybersecurity space in 2019 and what to expect in 2020.
On 1 January 2020 the Swiss Financial Market Supervisory Authority implemented various revised rules primarily targeting small banks (the so-called 'small banks regime'). Among other aspects, this will result in a relaxation of IT outsourcing requirements for financial institutions. The amendments are positive and a step in the right direction, as they will allow financial institutions to enjoy more leeway to benefit from IT outsourcing services.
While many countries have introduced far-reaching obligations to report cyber incidents, Switzerland has not yet followed this lead. However, the Federal Council recently adopted a report which considers key issues with regard to the introduction of a general reporting obligation for operators of critical infrastructure. The report also discusses possible implementation models.
The Federal Council recently adopted a dispatch message to improve the legal framework governing distributed ledger technologies (DLT) in Switzerland. The Federal Council's objective is to increase legal certainty, remove obstacles to DLT-based applications and limit the risk of abuse. The Swiss parliament will examine the dispatch message in early 2020.
In view of the media industry's ostensibly democratic and political role, the Federal Council has decided to adopt effective and feasible support measures. These measures will be implemented by adapting existing laws and incorporating online media into the scope of the Federal Act on Radio and Television. However, the plan to create a new Electronic Media Act has been abandoned.
The Supreme Court of the Canton of Zurich recently clarified that employers must clearly regulate the private use of work communication devices, as well as any related control mechanisms. Further, data processing such as verifying WhatsApp chat messages – even if the information is stored on a work mobile phone – must be done in accordance with the more restrictive Article 328b of the Code of Obligations.
The Federal Council recently adopted a plan to implement the national strategy to protect Switzerland against cyber risks until 2022 and took additional steps towards the establishment of a cybersecurity competence centre. Work is also underway to develop a cyber-defence campus and strengthen capabilities relating to information acquisition and allocation.
The Federal Council recently launched the consultation process on the preliminary draft of the new Federal Act on the Protection of Minors in respect of Films and Video Games (Youth Protection Act). The Youth Protection Act, which will comprehensively regulate the protection of minors and close existing legislative gaps, is embedded in a complex set of ongoing legal revisions in a national and international context.
The Federal Supreme Court recently ruled that internet access providers are not liable for third-party websites and portals that make movies available for illegal downloading or streaming. Further, internet access providers are not obliged to monitor or block access to such websites and portals.
The Federal Council recently announced its intention to create a cybersecurity competence centre to provide a one-stop national point of contact for all cybersecurity issues. The plan is a response to requests from Parliament and the business community and is a step towards implementing Switzerland's national strategy for protecting against cyber risks.
In June 2018 the Federal Council issued a preliminary draft of the new Electronic Media Act (EMA), which aims to ensure that media content continues to meet high journalistic standards following profound changes in media use over the past decade. This article explores the highlights of the pre-draft EMA, which will replace the current Federal Act on Radio and Television.
The Federal Council recently adopted a new open government data strategy for providing the public with free access to government data. From 2020 onwards, all government data will gradually be made available for free and in a computer-friendly format. The strategy aims to strengthen transparency, accountability and innovation. With a centralised source of information and appropriate support for data users such as researchers and creators, Switzerland will remain an important innovative hub.
The Federal Council recently adopted a new Digital Switzerland strategy for the next two years. The new strategy replaces the 2016 strategy and, like its predecessor, aims to prioritise the government's efforts in the digital realm. The new strategy places a stronger focus on initiatives relating to artificial intelligence and smart cities, smart villages and smart regions. It also addresses topics ranging from digitalisation in the transport and energy sectors to e-government and cyber risks.
The Federal Office for National Economic Supply recently published the Minimum Standard for Improving ICT Resilience, together with a self-assessment tool. Compliance with this standard should allow organisations to successfully fend off cyberattacks and mitigate cyber-risks. The standard follows a similar structure to the US Department of Commerce's National Institute of Standards and Technology Cybersecurity Framework.
In a recent press release, the Federal Communications Commission (ComCom), jointly with the Federal Office of Communications (OfCom), launched the 5G radio frequency awards process. On behalf of ComCom, OfCom will auction several frequency spectrum blocs, which will be licenced for 15 years. These frequencies are important for the introduction of 5G technology in Switzerland and similar auction processes have already taken place or are under way in other jurisdictions.
A revised version of the federal Ordinance on Internet Domains recently entered into force. It gives the responsible registries the possibility of temporarily blocking the top-level domain names '.ch' and '.swiss' where they are being used for phishing or malware activities. In addition, anti-cybercrime services can request that registries block the domain names. However, these services require prior recognition from the Swiss Federal Office of Communications.
The Federal Council recently announced that the revised Postal and Telecommunications Surveillance Act and its implementing ordinances will enter into force in March 2018. The revised act clarifies, strengthens and broadens the powers of the criminal prosecution authorities when it comes to communications surveillance. More specifically, it seeks to prevent situations where criminal suspects could avoid surveillance by using new technologies.
Switzerland is in the process of adopting legislation on electronic identification. The Federal Council published a preliminary draft e-ID Act and opened it for consultation by any interested actors. The Federal Council recently shared the consultation findings and commissioned the Federal Department of Justice and Police to prepare a revised draft act by Summer 2018.
The Federal Council recently issued a draft of the revised Federal Data Protection Act. This draft marks yet another decisive step towards the overhaul of the Swiss data protection landscape. The act's revision is an ongoing process intended to modernise Switzerland's data protection landscape and align it with revised EU legislation.