Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Cybersecurity

Switzerland: Reporting cyberattacks on critical infrastructure mandatory from 1 April

by , , , , , and 1 Min Read

The Federal Information Security Act (ISA) entered into force in Switzerland on 1 January 2024. You can find a detailed summary of the ISA in our previous post Switzerland: New obligation to report cyber incidents.

At its meeting on 7 March, the Federal Council introduced a reporting obligation for cyberattacks on critical infrastructure, which will come into force on 1 April 2025. Operators of critical infrastructures will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. We recommend entities to check if they fall under the rather broad term of “critical infrastructures”. Note that this reporting obligation is under certain circumstances also relevant for non-Swiss entities. The Federal Council has decided to implement the relevant legislation for fines on 1 October 2025 in order to give those concerned sufficient time to prepare for the new reporting obligation. This means that the reporting obligation will apply for six months before failure to report becomes sanctionable.

Further information is available on: https://www.admin.ch/gov/en/start/documentation/media-releases/media-releases-federal-council.msg-id-104400.html

Categories:
Tags:
Author

Alessandro Celli’s broad experience includes technology-related transaction work, intellectual property and competition law, IT, data protection and cyber risk, commercial litigation, sports and entertainment law. Alessandro regularly advises Swiss and international clients on technology-related national and cross-border transactions (JVs, licences, distribution, sale and purchase of technology or related businesses and brands).

Author

Christoph Kurth heads the Investigations, Compliance & Ethics practice of the Swiss offices and co-leads the EMEA Financial Institutions Industry Group.

Author

Julia is a partner in Baker McKenzie's IP and Technology team. She is specialized in IP transactional matters with a particular focus on the healthcare industry.

Author

Eva-Maria Strobel is a partner in Baker McKenzie's Zurich office. She is a member in the Firm's global IPTech Practice Group, chairs the EMEA IPTech Practice Group and heads the Swiss IPTech team. focuses on the development of intellectual property strategies to procure, protect and commercialize her domestic and multinational client's intangible assets and to grow the return on investment.

Author

Johanna Moesch is an associate in the Firm’s Intellectual Property Practice Group in Zurich. Prior to joining Baker McKenzie she worked as an associate and senior associate in a major Zurich law firm and prior thereto as a law clerk in a Swiss district court. She was also a tutor and student research assistant at the University of Basel in the fields of public and private law. Johanna obtained a LL.M. degree from the Tsinghua University (Beijing). She is a member of the International Association of Privacy Professionals (IAPP) and since January 2021 a Certified Information Privacy Professional/Europe (CIPP/E).

Author

Meera Rolaz is an associate at Baker McKenzie's Antitrust, EU & Trade Law and Compliance & Investigations Practice Groups in Zurich. She is also part of the Data & Technology team.

Author

Nadine Charrière is an Associate in the Firm’s Intellectual Property and Technology Practice Group in Zurich. Nadine holds a Master degree in Law and Economics as well as International Management. She gained practical experience in both the legal and business field in Switzerland, Germany, Belgium and Japan before she joined the Firm in 2019. She is a member of the International Association of Privacy Professionals (IAPP) and since October 2021 a Certified Information Privacy Professional/Europe (CIPP/E).

Related Posts