Switzerland: Parliament adopts amendments to Information Security Act including cyberattack reporting obligation

Parliament adopts amendments to Information Security Act including cyberattack reporting obligation

On 29 September 2023, the Swiss parliament adopted the revision of the Information Security Act including a reporting obligation for cyber attacks on critical infrastructures. The obligation applies to a a list of enumerated operators of critical in…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider

Implementation Level

national

Government Branch

executive

Government Body

central government

Complete timeline of this policy change

Hide details

2022-01-12

in consultation

On 12 January 2022, the Swiss Federal Council opened a public consultation on a proposal to introdu…

2022-04-14

processing consultation

On 14 April 2022, the Swiss Federal Council closed the public consultation on potential amendments …

2022-12-02

under deliberation

On 2 December 2022, the Federal Council published its explanatory draft of the proposed revision of…

2023-09-29

adopted

On 29 September 2023, the Swiss parliament adopted the revision of the Information Security Act inc…

2025-04-01

in force

On 1 April 2025, the reporting obligation for cyber attacks on critical infrastructures included in…

2025-10-01

in force

On 1 October 2025, the enforcement of fines under the amended Information Security Act begins. Sinc…

Description

Parliament adopts amendments to Information Security Act including cyberattack reporting obligation

Scope

Complete timeline of this policy change