Switzerland: Parliament adopts amendments to Information Security Act including cyberattack reporting obligation

On 29 September 2023, the Swiss parliament adopted the revision of the Information Security Act including a reporting obligation for cyber attacks on critical infrastructures. The obligation applies to a a list of enumerated operators of critical infrastructure. The list includes providers of cloud computing, search engines, digital security and trust services and data centers based in Switzerland. In addition, the list includes manufacturers of hardware or software whose products are used in critical infrastructures, if the hardware or software enables remote maintenance access or it is used for the control and monitoring of operational systems and processes or for ensuring public safety. The implementation timeline of the amendments is yet to be determined.