Swiss StabilitySwitzerland was one of the first countries to pass a data protection law in the early 1990s, emphasizing the importance of personal data to the protection of individual personality rights and including data security as a key component of data protection (Willi 2018). Data protection and data security rules cover many of today's cybersecurity legal issues, which has a major impact on cybersecurity in Switzerland.
Swiss data protection laws have survived because they are technology-neutral (Willi 2018). Given the rapid pace of technological change and the fact that this law incorporates a holistic data protection approach, this is even more amazing. However, the legislator has completed a comprehensive reform of the data protection legislation, aligning many parts with the EU's GDPR to promote international contacts and the seamless implementation of homogenous data protection standards for enterprises with cross-border activity (Willi 2018). This new legislation takes effect on September 1, 2023.
CybersecurityThe foregoing factors made Switzerland a cybersecurity and internet governance center. Notable actors include Trust Valley, a private-public initiative to strengthen Switzerland's (and the Lake Geneva region's) position as a hub for digital trust and cybersecurity; the Geneva Internet Platform, operated by the DiploFoundation and a joint effort of the Federal Department of Foreign Affairs (FDFA) and the Federal Office of Communications (OFCOM), is a discussion center for digital policy issues, including cybersecurity (Hofer 2013).
Changing National StrategyHowever, technology has outpaced the nation. Swiss enterprises, many of which are SMEs, often overestimated or mismanaged cybersecurity risks due to a lack of clear information or legal incentives (Rossbach et al. 2016). The federal government realized that data protection legislation has long managed cybersecurity adequately, but there were significant gaps. First, the country lacked a cybersecurity policy, making a federal conversation appropriate. Second, a variety of federal and cantonal entities made it difficult for SMEs to develop proper cyber incident and cyber threat responses (Willi 2018).
Switzerland's 2018–22 national cyber-risk plan addressed these challenges (NCS). This four-year NCS aims to execute many measures. The NCS led to the development of the National Cyber Security Centre, a federal cybersecurity agency that centralizes essential cybersecurity response activities and acts as a common contact point for market actors (eg, SMEs) (Willi 2018).
Security/LibertyTelecommunications surveillance is mandated by Swiss criminal prosecution and the Federal Intelligence Service. They can request live intercepts of telecommunications, get user identity, coordinates, and communication metadata, and access a wide range of telecommunications, such as messaging apps (Swiss Government 2022). Telecoms providers must drop encryption in some instances. Surveillance laws give the government broad powers, prompting public outcry and privacy concerns over the possibility of government abuse (Swiss Government 2022).