Parliament recently approved a new Information Security Act (ISA), almost 10 years after proceedings were initiated. The ISA defines the minimum requirements that all federal authorities must fulfil to protect their information and IT infrastructure. Its approval is a welcome milestone which represents the conclusion of a long parliamentary process and will re-establish information security principles in the federal public sectors.
One of the welcome measures of the Swiss corporate law reform is the so-called 'capital band', which provides companies with more flexibility regarding changes to their capital structure. Since Swiss-listed companies could have used the capital band in an abusive manner to generate tax advantages for certain types of shareholder, the respective tax legislation had to be adapted. All Swiss companies which are considering introducing a capital band should carefully plan ahead.
The Federal Council recently approved the cloud strategy for the federal administration which, among other things, provides for the further use of public cloud services as a strategic extension of existing IT-sourcing options for the federal administration. On the same day, it published the latest report on the Swiss Cloud – a related initiative to examine whether Switzerland should strive for its own cloud and data infrastructure with regard to data sovereignty and reduced dependency on international cloud providers.
The Film Act is under revision, with major implications for online film providers. Under the revised act, companies that show films in Switzerland in their programmes or as 'electronic services on demand or by subscription' (ESDS) must use at least 1% of their gross revenues to invest in independent Swiss film productions or pay a compensation fee. In addition, companies offering films in Switzerland as ESDS must allocate a minimum of 30% of their platform capacity to European films.
The Federal Council recently tasked the Department of Finance with drafting a bill which will introduce a cyberattack notification obligation for operators of critical infrastructure. The draft will appoint a central reporting office and provide uniform criteria for all sectors in order to clarify how the reporting procedure would work. This step forward represents a key point of implementation of the national strategy for the protection of Switzerland against cyber risks.
Parliament recently revised the federal telecoms legislation – in particular, the Federal Telecommunications Act and its various implementing ordinances. These revised regulations entered into force on 1 January 2021. The revision of the telecoms legislation brings about several fundamental changes that affect consumers as well as telecoms service providers and telecoms operators.
The Federal Council recently submitted to Parliament the draft and corresponding dispatch of the new Federal Act on the Protection of Minors in respect of Films and Video Games. Age labelling and age controls for films and video games will be uniformly stipulated throughout Switzerland and made mandatory for films and video games available at public events, through on-demand services and on physical storage media such as tapes, disks or sticks.
The abolition of Swiss withholding tax on bonds and other collective debt financings is a welcome measure that allows Switzerland to significantly strengthen its position as an international finance and treasury centre. All types of financing and refinancing activity in Switzerland will be facilitated as adverse withholding tax consequences can be prevented. This fundamental change of the Swiss withholding tax regime is expected to come into force on 1 January 2022 at the earliest.
The Federal Council's Cyber Committee recently adopted a report on the advancement of the 2018-2022 national strategy for the protection of Switzerland against cyber risks and its gradual implementation. The report focuses mainly on the progress made in supporting small and medium-sized enterprises and promoting research and training.
Under the current tax framework, the non-uniform cantonal tax practices on the capital gains treatment and valuation of employee shares in start-ups and other non-listed companies lead to different tax consequences for employees depending on their place of residence. The Swiss Federal Tax Administration recently created a favourable framework for start-ups and enhanced the legal certainty and predictability of the tax consequences with regard to non-listed employee shares.
The ordinance concerning the tax credit provided for in applicable Swiss double tax treaties has been significantly amended with effect from 1 January 2020. The new ordinance provides welcome amendments, including an extension of the scope of application to Swiss permanent establishments of foreign companies. In contrast, some of the new features introduced in the ordinance may have a negative effect on taxpayers.
Parliament recently approved new regulations for blockchain and distributed ledger technology (DLT). The goal of this new legal framework is to further establish and increase Switzerland's reputation as a leading, innovative and sustainable location for fintech and DLT companies. Because Switzerland already has a world-class and pioneering infrastructure for financial markets, these qualities should allow it to remain at the forefront of the DLT and fintech scene.
Parliament recently approved the final draft of the revised Data Protection Act, which is expected to enter into force in 2022. The revision aims to modernise Switzerland's data protection landscape in line with the more sophisticated EU legislation, particularly the EU General Data Protection Regulation, which entered into force in 2018.
The Federal Administrative Court (FAC) recently issued a ruling concerning the status of instant messaging app Threema from a telecoms surveillance legislation perspective. The consequences of the FAC's ruling, if upheld by the Federal Supreme Court, would exonerate many over-the-top service providers (typically instant messaging and voice call providers) from certain obligations under telecoms legislation. However, businesses active in the telecoms area should nonetheless remain cautious.
The Federal Data Protection and Information Commissioner (FDPIC) recently removed the United States from its list of countries deemed to provide an "adequate level of data protection". Essentially, the FDPIC is of the opinion that legal remedies for data subjects in Switzerland under the Swiss-US Privacy Shield are insufficient. Going forward, businesses must reassess their cross-border data transfers in light of the FDPIC's statement.
The Federal Supreme Court recently issued a ruling addressing the liability of a securities trading company when hackers break into and use a client's email account to send transfer orders. This case is a stark reminder of the importance for anyone using online accounts and online (email) communications to properly secure their IT systems against hackers and other malevolent third parties. In case of any suspicious activity, it is necessary to immediately assess the situation and react accordingly.
The European Court of Justice (ECJ) recently declared that the European Commission's decision that the United States ensured an adequate level of protection of personal data transferred under the EU-US Privacy Shield Framework was invalid. This article examines the effect that the ECJ's decision will have on the Swiss-US Privacy Shield Framework.
The EU Directive on Administrative Cooperation need not be incorporated into Swiss law, but its impact on groups based in Switzerland may be significant. Considering the directive's broad scope, it is crucial that Swiss-based groups identify qualifying intercompany transactions at an early stage and ensure that they comply with the applicable subsidiary reporting obligations in cases with no involvement of EU intermediaries.
The Federal Council recently adopted the Ordinance on Protecting against Cyber Risks (OPCy), which is set to enter into force on 1 July 2020. This move is the next step in a series of measures taken by the Federal Council to adopt a new organisational structure and implement a national strategy to protect Switzerland against cyber risks. Along with the adoption of the OPCy, the Federal Council has also planned for 20 additional positions in the respective offices for cyber risk protection.
The Reporting and Analysis Centre for Information Assurance recently published its latest semi-annual report regarding the most important cyber incidents and cyber risks of the second half of 2019 in Switzerland and abroad. The report contains several practical recommendations for individuals and companies to improve their protection against cyberattacks.