Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Cyber

Switzerland: Reporting cyberattacks on critical infrastructure mandatory from 1 April

by , , , , and 1 Min Read

The Federal Information Security Act (ISA) entered into force in Switzerland on 1 January 2024. You can find a detailed summary of the ISA in our previous post Switzerland: New obligation to report cyber incidents.

At its meeting on 7 March, the Federal Council introduced a reporting obligation for cyberattacks on critical infrastructure, which will come into force on 1 April 2025. Operators of critical infrastructures will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. We recommend entities to check if they fall under the rather broad term of “critical infrastructures”. Note that this reporting obligation is under certain circumstances also relevant for non-Swiss entities. The Federal Council has decided to implement the relevant legislation for fines on 1 October 2025 in order to give those concerned sufficient time to prepare for the new reporting obligation. This means that the reporting obligation will apply for six months before failure to report becomes sanctionable.

Further information is available on: https://www.admin.ch/gov/en/start/documentation/media-releases/media-releases-federal-council.msg-id-104400.html

Categories:
Tags:
Author

Alessandro Celli’s broad experience includes technology-related transaction work, intellectual property and competition law, IT, data protection and cyber risk, commercial litigation, sports and entertainment law. Alessandro regularly advises Swiss and international clients on technology-related national and cross-border transactions (JVs, licences, distribution, sale and purchase of technology or related businesses and brands).

Author

Christoph Kurth heads the Investigations, Compliance & Ethics practice of the Swiss offices and co-leads the EMEA Financial Institutions Industry Group.

Author

Julia is a partner in Baker McKenzie's IP and Technology team. She is specialized in IP transactional matters with a particular focus on the healthcare industry.

Author

Eva-Maria Strobel is a Partner in Baker McKenzie's Zurich office, and chairs the Firm's EMEA Intellectual Property, Data & Cyber, Commercial, Tech & Transactions, Regulatory and Trade Practice Groups. With dual qualifications in Switzerland and Germany, she advises clients across industries on the strategic development, protection, and commercialization of intellectual property assets and legal intersections between emerging technologies, artificial intelligence, and data regulation. Eva-Maria regularly contributes to thought leadership on AI and IP, and is a trusted advisor to multinational clients navigating complex regulatory and innovation-driven landscapes.

Author

Johanna Moesch is a senior associate in Baker McKenzie’s Zurich office and a member of the firm’s Commercial, Tech & Transactions as well as Data & Cyber Practice. Prior to joining Baker McKenzie she worked as an associate and senior associate in a major Zurich law firm and prior thereto as a law clerk in a Swiss district court. Johanna obtained a LL.M. degree from the Tsinghua University (Beijing). She is a member of the International Association of Privacy Professionals (IAPP) and since January 2021 a Certified Information Privacy Professional/Europe (CIPP/E).

Author

Nadine Charrière is a senior associate in Baker McKenzie’s Zurich office and a member of the firm’s IP and Commercial, Tech & Transactions Practice. She advises on all aspects of intellectual property law, with a focus on licensing, commercial agreements, and enforcement, particularly in the technology and life sciences sectors.

Related Posts