Federal Council Considers Introduction of Cyber Incident Reporting Duty
by Jürg Schneider, Christophe Gosken, Florian Roth
Published: December, 2019
Submission: December, 2019
Contrary to international trends, Switzerland has not yet adopted a general obligation to report cyber incidents. The current system is based on voluntary notification and information exchange via the Reporting and Analysis Centre for Information Assurance and, depending on the sector of activity (eg, nuclear, financial or telecoms services), mandatory notification to the supervisory authority. The introduction of a general obligation to report cyber incidents has been one of the objectives of Switzerland's National Strategy to Protect Switzerland Against Cyber Risks (NCS) (for further details please see "Federal Council to create new cybersecurity competence centre").
Based on the newly adopted report, the Federal Council will examine the following four implementation models:
In view of the rapid development of cyber risks, the Federal Council's upcoming decision could have a considerable impact on the compliance obligations of companies in certain industry sectors. It will therefore be necessary to monitor developments in this area.
- Artificial Intelligence in the World of IP
- Law on Digital Transformation of the Administration
- HHS Advises Health Care Entities Immediately Patch Operating System Vulnerabilities
- Financial Market Commission Publishes, for Public Consultation, New Regulations on Information Security and Cybersecurity for Financial Entities and Regulatory Capital Calculation for Bank
WSG Member: Please login to add your comment.