Switzerland: Reporting obligation for cyber attacks on critical infrastructures under amended Information Security Act comes into effect

Reporting obligation for cyber attacks on critical infrastructures under amended Information Security Act comes into effect

On 1 April 2025, the reporting obligation for cyber attacks on critical infrastructures included in 2023 amendments to the Information Security Act comes into effect. This follows the adopted amendment of the law on 29 September 2023 and the officia…

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider

Implementation Level

national

Government Branch

executive

Government Body

central government

Complete timeline of this policy change

Hide details

2022-01-12

in consultation

On 12 January 2022, the Swiss Federal Council opened a public consultation on a proposal to introdu…

2022-04-14

processing consultation

On 14 April 2022, the Swiss Federal Council closed the public consultation on potential amendments …

2022-12-02

under deliberation

On 2 December 2022, the Federal Council published its explanatory draft of the proposed revision of…

2023-09-29

adopted

On 29 September 2023, the Swiss parliament adopted the revision of the Information Security Act inc…

2025-04-01

in force

On 1 April 2025, the reporting obligation for cyber attacks on critical infrastructures included in…

2025-10-01

in force

On 1 October 2025, the enforcement of fines under the amended Information Security Act begins. Sinc…

Description

Reporting obligation for cyber attacks on critical infrastructures under amended Information Security Act comes into effect

Scope

Complete timeline of this policy change