General Overview

Swiss laws currently in force are applied to AI systems. In fact, the Federal Council has adopted a technology-neutral, sector-specific approach, relying on existing legal frameworks to govern AI systems. The Council of Europe Framework Convention on Artificial Intelligence was signed by Switzerland, with a consultation draft of the implementing legislation expected by the end of 2026. Furthermore, non-binding instruments, such as self-declaration mechanisms and industry-led solutions will also be implemented. A draft of these soft law measures is also expected by end of 2026 (see 3.1 General Approach to AI-Specific Legislation).

The following general legal provisions apply to AI systems ‒ see below a summary of the most important provisions.

• Contract law: AI procurement and deployment are generally governed by freedom of contract and mandatory provisions of the Swiss Code of Obligations (CO), with contractual qualification (sale, work contract, mandate or mixed contracts) being the determining factor for warranty and liability (see 13. AI Procurement and Supply Chain Accountability).
• Tort and product liability: tort liability is governed by Article 41 et seq CO (fault-based), Article 55 CO and Article 101 CO (employer/auxiliary liability). The Product Liability Act (PrHG) imposes strict liability for defective products, with the qualification of standalone AI software as a “product” still unsettled (see 10. Liability for AI).
• Privacy and data protection: the Federal Act on Data Protection (FADP) applies to all AI-based processing of personal data (including training an AI model), with key obligations including the principle proportionality, privacy-by-design, information obligations, keeping records of processing activities, the right to information about automated individual decisions, and data protection impact assessments (DPIA) for high-risk processing (see 17. Data Protection).
• IP laws: the Copyright Act (CopA) protects works as intellectual creations of natural persons; purely AI-generated content generally does not qualify as works, though AI-assisted works may. A narrow text and data mining exception exists for scientific research only. Under the Federal Act on Patents for Inventions (PatA), only natural persons can be inventors. The Unfair Competition Act (UCA) protects trade secrets in AI models and training data (see 16. Intellectual Property).
• Product safety: the Product Safety Act (PrSG) applies where AI is embedded in physical products such as medical devices, vehicles or industrial machinery.
• Employment law: Article 328b CO protects employee personality rights, including in the context of AI-based monitoring, while the use of any system monitoring general employee behaviour is prohibited. The Gender Equality Act (GEA) prohibits discriminatory hiring or termination, including by biased AI systems (see 14. Employment).
• Consumer protection: the UCA prohibits misleading practices, including AI-generated content misleading consumers; no specific AI labelling requirements exist currently. However, the FADP provides certain transparency obligations (see 17. Data Protection).
• Criminal law: Swiss criminal law attributes liability to natural persons; AI systems cannot be criminally liable. Responsible developers, operators or deployers may face liability under the Swiss Criminal Code (SCC) for offences such as fraud, defamation, forgery or data protection breaches. Legal entities face subsidiary criminal liability only for a narrow catalogue of offences (Article 102 SCC).

By the end of 2025, Switzerland ranked among the top three in Europe for the use of AI, excelling in generative AI use. Traditional machine learning is often used in areas like fraud detection, credit scoring, AML in financial services, predictive maintenance in manufacturing, and drug discovery in pharma. LLMs are increasingly used in customer service, contract drafting, and multilingual communication and RAG systems in regulated sectors like legal, finance and pharma. Agentic AI is the emerging frontier as 54% of Swiss CEOs in a recent EY survey identified autonomous agents as crucial for their businesses.

On cross-industry governance, digitalswitzerland is co-ordinating a national AI Action Plan, while the Swiss Fintech Innovation association published a risk-based AI implementation framework for financial institutions in 2024.

Despite measurable benefits, ie, 52% of Swiss companies expect AI returns within one year, above the European average, and 73% of Swiss executives expect significant revenue contribution by 2030, scaling remains limited by challenges like inadequate system integration, inability to identify viable use cases, lack of AI literacy, and data protection and security concerns.

Switzerland adopts a facilitative approach to regulating AI, supporting innovation while protecting fundamental rights and investing in education, research and institutional capacity. On 25 November 2020, the Federal Council adopted seven non-binding AI guidelines for the federal administration to foster AI innovation in order to ensure high-quality living standards (see 3.3 Jurisdictional Directives). The Competence Network for AI (CNAI) serves as the federal hub for AI knowledge exchange, while the Canton of Zurich is leading with an AI Innovation Sandbox, which has been extended through 2029.

The ETH Zurich and EPFL founded the Swiss National AI Institute (SNAI) in 2024, with CHF20 million in ETH Board funding for 2025–2028 and access to the “Alps” supercomputer. In 2025, it debuted Apertus, Switzerland’s first open-source, multilingual LLM. With top-tier AI talent and a strong AI research legacy, led by the ETH Zürich and EPFL, Switzerland supports hundreds of deep-tech AI start-ups and attracts leading global technology companies, including OpenAI, Anthropic, Google, IBM, and Apple. Most recently, Project Prometheus, founded by Jeff Bazos, is set to open an office in Zurich.

Switzerland updated its Digital Trust Label in 2024, a first-of-its-kind certification for trustworthy digital services, to address AI-specific topics including transparency, risk management, bias and training-data ethics with label operations transitioning to SGS during the 2025 World Economic Forum in Davos.

Looking ahead, Switzerland will host the Global Summit on AI in 2027, driven by the digitalswitzerland AI Action Plan.

Switzerland currently has no dedicated AI legislation; it relies on existing legal frameworks and sector-specific regulations. 

In February 2025, the Federal Council mandated the Federal Department of the Environment, Transport, Energy and Communications (DETEC) and the Federal Department of Foreign Affairs (FDFA) to present an overview of possible regulatory approaches to AI. Subsequently, the Federal Council adopted a regulatory strategy focused on three objectives: (i) strengthening Switzerland as a location for innovation, (ii) safeguarding the protection of fundamental rights, and (iii) increasing public trust in AI.

To achieve these objectives, the Federal Council signed the Council of Europe’s AI Convention on 27 March 2025. The legislative proposals necessary for its ratification are to be published for consultation by the end of 2026.

To this end, the Federal Department of Justice and Police (FDJP), in co-operation with the DETEC and the FDFA, has been instructed to prepare a consultation draft setting out sector-specific legal measures, particularly in the areas of transparency, data protection, non-discrimination and supervision.

The legislative amendments should be sector-specific, with cross-sector regulation limited to core areas relating to fundamental rights, in particular data protection. The Council of Europe’s AI Convention applies primarily to state actors, leaving the scope of private sector regulation uncertain.

Additionally, the AI regulation will be supported by non-binding instruments, such as self-declaration mechanisms and industry-led solutions. The DETEC, alongside the FDJP, the FDFA and the Federal Department of Economic Affairs, Education and Research (EAER), will finalise an implementation plan for these measures by the end of 2026.

There is no applicable information in this jurisdiction.

Several official, mostly non-binding policies and strategy documents on responsible AI development and use have been issued.

Guidelines on AI for the Confederation (First Published in 2020)

The Federal Council’s AI guidelines provide a general framework of orientation for the Federal Administration as well as for entities entrusted with federal administrative tasks. These are intended to ensure a coherent and consistent approach to AI across federal bodies. They are not directly applicable to private actors.

The framework consists of the following guidelines:

• putting people first;
• regulatory conditions for the development and application of AI;
• transparency, traceability and explainability;
• accountability;
• safety; and
• requirements to actively shape AI governance and involve all relevant national and international stakeholders.

A survey conducted between 2022 and 2024 by the Federal Office of Communication (OFCOM) indicates that the AI guidelines are well known within the Federal Administration and are applied in practice. The practical regulatory impact of the guidelines on the implementation of specific projects remains somewhat limited.

Code of Conduct for Human-Centred and Trustworthy Data Science and AI

The Federal Administration is currently pursuing the implementation of a data strategy aimed at expanding the use of AI methods in policy-making processes. This initiative is supported by academic partners, notably the ETH Zurich and EPFL in Lausanne, which are actively involved in carrying out the mandates adopted by the Federal Council.

In this context, the Federal Statistical Office has developed a Code of Conduct for human-centred and trustworthy data science and AI, which provides practical guidance to raise awareness among administrative units and support the integration of the principles into their daily activities.

For further guidelines issued by regulatory authorities, see 5.2 Regulatory Directives.

There is no applicable information in this jurisdiction.

There is no applicable information in this jurisdiction.

See 3.1General Approach to AI-Specific Legislation.

See 1.1 General Legal Background and 3.1 General Approach to AI-Specific Legislation and the contribution to the current trend and developments.

To date, only one decision has substantively addressed AI in Switzerland. In the DABUS case (26 June 2025, B-2532/2024), the Swiss Federal Administrative Court (FAC) ruled that an AI system cannot be registered as an inventor in the patent register, as only a natural person can be recognised as an inventor. The absence of a natural person constitutes a formal defect, invalidating the patent application, although the invention was generated by AI.

The FAC acknowledged that a natural person may qualify as an inventor if they contribute to the AI’s data processing that leads to the invention. In this specific case, the appellant was recognised as having sufficiently influenced the DABUS system, particularly by providing data, training the system, receiving the outputs, and identifying their patentable nature, allowing the designation of the natural person as the inventor and making the patent application admissible.

In the following cases, Swiss courts have indirectly addressed AI.

• Police law: the Swiss Federal Supreme Court (FSC) recognised that current legislation allows the use of AI-based systems for tasks like predictive policing, identifying dangerous individuals, and facial recognition, provided certain conditions are met (including explicit rules on substantive conditions and procedural modalities; case dated 17 October 2024, 1C_63/2023).
• Intellectual property law: the FSC ruled the trade mark “AI Brain” as descriptive and not distinctive for technology-related products but allowed its registration for unrelated items, signalling that “AI” has now acquired a descriptive meaning in Switzerland (case dated 28 March 2023, 4A_500/2022).

Switzerland lacks a dedicated AI oversight body, with AI managed by existing sector-specific supervisory bodies.

• At federal level, OFCOM plays a leading role on AI regulation and has been central to the Federal Council’s work on defining Switzerland’s regulatory approach to AI (see 3.1 General Approach to AI-Specific Legislation). It runs the Plateforme Tripartie, a national hub for multi-stakeholder exchange on AI and technology.
• The Federal Data Protection and Information Commissioner (FDPIC) oversees AI deployments whenever personal data is processed by federal bodies or private persons. It has issued statements on AI transparency requirements and deepfakes.
• In financial services, the Swiss Financial Market Supervisory Authority (FINMA) has jurisdiction over supervised entities and has made AI governance and risk management a supervisory focus (see 5.2 Regulatory Directives).
• The Swiss Agency for Therapeutic Products (swissmedic) assesses authorisation applications containing AI elements.

• The CNAI, in co-operation with representatives from all departments and the Swiss Federal Chancellery (FCh) has issued several factsheets on AI, including guidance on the use of generative AI tools, raising awareness about LLMs within the Federal Administration. The FCh’s Centre of Expertise for Language Technologies has issued guidelines for DeepL Pro Translator and DeepL Write in the Federal Administration. The FCh also issued the “Strategy: Use of AI systems in the Federal Administration” for AI deployment across the federal administration, accompanied by an implementation plan (see 7.1 Government Use of AI).
• In data protection, the FDPIC regularly issues communications and guidance emphasising the application of the FADP to AI-supported processing, especially highlighting the expectations on transparency (including purposes, functionality, data sources, the right to know whether users are interacting with a machine, and disclosures regarding the manipulation of faces, images or voices of people), the handling of automated individual decisions, and the need for a DPIA.
• In the financial sector, the FINMA Guidance 08/2024 describes observed AI risks and sets out supervisory expectations and practices (for details see 15.2 Financial Services).
• Swissmedic has not issued its own guidelines but takes the guidelines and directives of international organisations and partner authorities into account when assessing authorisation applications including AI elements.
• A further helpful resource is the official AI terminology document introduced by the CNAI.

After completing a preliminary investigation, the FDPIC found that Platform X’s use of personal data to train “Grok” complied with the FADP, as it offered an opt-out option allowing users to refuse the default use of their data for training and fine-tuning “Grok”.

It also concluded its investigation into the use of “intelligent” video surveillance cameras by retailer Coop at self-service checkouts, noting that the system was not capable of facial recognition, thereby complying with the FADP.

Meanwhile, FINMA has intensified its supervisory engagement on AI, including ongoing supervisory observations following its Guidance 08/2024, notably by a market survey of around 400 supervised institutions. To date, no publicly known enforcement actions have been taken by FINMA.

The Swiss Association for Standardization (SNV) serves as Switzerland’s standards body and co-ordinates Swiss stakeholder participation in international and European AI standard-setting workstreams, promoting the adoption of these standards in Switzerland. The SNV has issued a draft on the CEN standard prEN 18286 “Artificial intelligence – Quality management system for EU AI Act regulatory purposes” for public comment until 30 May 2026, outlining how organisations can implement a quality management system to ensure compliance with the EU AI Act.

International AI standards, such as ISO/IEC 42001 (AI management system) and ISO/IEC 23894 (AI Guidance on risk management) may serve as practical benchmarks for governance, risk management, and documentation in Switzerland.

Voluntary frameworks, like the National Institute of Standards and Technology’s (NIST) AI Risk Management Framework, offer guidance on integrating trustworthiness into the lifecycle of AI products, services and systems.

These standards and frameworks can be used to operationalise legal expectations under Swiss law. In regulated sectors, these standards and frameworks can help demonstrate compliance with supervisory expectations and reduce barriers for cross-border businesses aligning with EU requirements.

The Swiss government’s AI use is growing, particularly at the federal level, with applications in process optimisation like semantic search within legislative materials, summarisation of administrative guidance, automated triage of incoming requests and chatbot-based interfaces. AI solutions are generally procured through public tender, following public procurement rules.

The Federal Council’s Guidelines on AI for the Confederation provide a framework of reference for the Federal Administration and ensure policy coherence (see 3.3 Jurisdictional Directives).

On 21 March 2025, the FCh outlined three priorities in its strategy: (i) building AI competences, (ii) ensuring trustworthy use and (iii) increasing efficiency. The strategy includes an eight-point implementation plan, comprising:

• AI co-ordination across the Federal Administration;
• targeted training and education programmes;
• AI marketplace for reusable services and solutions;
• AI user handbooks;
• implementation of AI-specific principles within the existing governance framework;
• provision of an internal generative AI system for use across the administration;
• clarification of the legal framework for automated administrative processes; and
• a systematic assessment of the potential for AI-driven efficiency gains.

On 12 December 2025, the FCh announced measures to strengthen the co-ordination of AI use within the Federal Administration, including changes to the Ordinance on Digital Services and Digital Transformation in the Federal Administration (Digitalisation Ordinance) and relocating the central AI contact point to the FCh (effective 1 February 2026).

The CNAI and FCh jointly co-ordinate AI-related issues within the Federal Administration. To promote transparency and knowledge-sharing, CNAI maintains a public list of AI projects in the Federal Administration, complemented by the list by the NGO AlgorithmWatch CH: “Atlas of Automation Switzerland”.

No reported Swiss judicial decision has been identified to date in which the use of AI by a government agency was the central issue (see 4.1 Precedent Setting Judicial Decisions for other case law).

AI is gaining importance in Swiss national security, despite limited practical deployment. The Swiss Federal Intelligence Service (FIS) has highlighted AI-related threats in its annual reports, emphasising its role within the context of the great-power rivalry between the USA and China, as well as Switzerland’s growing international importance as a major centre of technological innovation.

In December 2025, the Federal Council launched consultations on Security Policy Strategy 2026, recognising AI, biotechnology and quantum technology as transformative forces in security and warfare. AI is emerging as a key technology for modern armed forces and will shape many military capabilities in the future. The consultation period ran until 31 March 2026, with the consultation report pending as of April 2026.

On 12 December 2025, the Federal Council published a report on the opportunities and risks of AI systems in cybersecurity, concluding that AI does not fundamentally alter the nature of cybersecurity, rather it acts as a catalyst for existing developments and lowers the threshold for cyber-attacks (eg, through AI-generated and tailored phishing campaigns) while strengthening defensive capabilities such as early threat detection and vulnerability identification.

In its annual report in February 2026, the National Cyber Security Centre reported growing use of AI by criminals, particularly for realistic and persuasive online scams, especially in investment fraud.

On the legislative front, the Federal Council adopted the dispatch (Botschaft) for the revision of the Intelligence Service Act on 28 January 2026. The revision focuses on the early detection of serious threats, introducing amendments to provisions on intelligence-gathering measures, data processing and supervision, and strengthening the independent oversight of the FIS. A second package addressing cyber threats is scheduled for consultation in mid-2026. A third package on other topics is also expected. These developments may have implications for the FIS’s use of AI-based analytical tools.

On 12 December 2024, the National Council adopted a postulate of its Security Policy Committee (Postulate 24.4265), tasking the Federal Council with the preparation of a report on a comprehensive security and defence strategy addressing the risks and opportunities of autonomous weapons systems and systems incorporating AI, considering the implications for Switzerland’s security and defence industry. As of April 2026, the report has not yet been published.

The legal challenges posed by generative AI systems, such as data protection, intellectual property, liability and personality rights (notably regarding deepfakes), are dealt with by existing frameworks. Please refer to the following sections for more details:

• 16. Intellectual Property;
• 17. Data Protection;
• 10. Liability for AI;
• 12.3 Deepfakes and Synthetic Media; and
• 12. Specific Legal Issues With AI.

The use of generative AI systems has heavily increased the spreading of false information in recent years. This issue is addressed in the current draft of the Federal Act on Communication Platforms and Search Engines (ComPA), which is still under consultation.

AI adoption in the Swiss legal profession is accelerating but faces ethical and regulatory challenges.

Law firms and corporate legal departments use AI for tasks like document review, translation, contract analysis, internal investigations, contract drafting, legal research, and semantic searches in case law databases. Litigation prediction, however, remains limited due to insufficient data. Generative AI tools (ChatGPT, Claude) pose the same risks as in other professions such as “hallucinations”, potentially leading to professional liability. A major constraint is professional secrecy obligations (Article 13 of the Federal Act on the Freedom of Movement for Lawyers (BGFA) and Article 321 of the SCC). The use of foreign cloud-based AI applications, where data may be processed under foreign lawful access regimes (eg, the US CLOUD Act) remains legally disputed, discouraging the adoption of tools outside Swiss or EU jurisdiction. Furthermore, under the BGFA, only licensed lawyers meeting personal qualifications can represent clients in courts or before authorities, a role that AI systems cannot fulfil. However, the BGFA’s monopoly on legal representation and use of the protected professional title does not outright prohibit all forms of legal advice outside formal proceedings. Whether consumer-facing AI tools providing unsupervised legal analysis qualify as unauthorised legal practice remains unresolved. The Swiss Bar Association (SAV/FSA) responsible for the Swiss Code of Professional Conduct (SCPC) is dealing with AI in the legal profession on several levels, eg, by dedicating its 2026 Day of Lawyers (19 June 2026, Kunsthaus Zurich) to the topic of AI’s application in the work of lawyers and notaries. While the SCPC does not yet contain AI-specific provisions, it does allow the use of third-party service providers in Switzerland, the EU, EFTA and the UK if the SCPCs are upheld. Also, the general professional conduct rules (Article 12 BGFA) require lawyers to exercise their profession “carefully and diligently”, making human oversight and thorough review of AI-generated outputs essential.

Switzerland has no AI-specific liability regime. Liability for AI-caused harm is governed by the CO and the PrHG, supplemented by sector-specific strict liability statutes.

• Under tort law (Article 41 ff. CO), claimants must establish fault, unlawfulness, damage and an adequate causal link to claim damages. Negligence may arise from deficient design, inadequate testing, insufficient monitoring or inadequate instructions across the AI lifecycle.
• Contractual liability (Article 97 ff. CO) may apply where the use or deployment of an AI system breaches contractual obligations, including where AI systems are used as auxiliaries under Article 101 CO.
• The PrHG provides strict liability for defective products, which may apply to AI-based systems. However, challenges arise in classifying software driven or self-learning systems as “products” and assessing defectiveness when system behaviour evolves post market placement. Moreover, the PrSG adds ex-ante safety requirements for market entry, raising further questions about the timing of conformity assessments – particularly where the system’s behaviour may change post-deployment through continued learning.

• Vicarious liability under Article 55 CO may apply, although treating autonomous AI systems as human auxiliaries is disputed. The liability of legal entities for the actions of their corporate bodies under Article 55 of the Swiss Civil Code (ZGB) may be triggered if those bodies authorise or direct the deployment of AI systems that cause harm.
• AI-generated outputs may lead to civil and criminal liability for unlawful content. Under Article 28 et seq ZGB, individuals whose personality rights are infringed – for instance through AI-generated false statements, manipulated images, or unauthorised profiling – may seek injunctive relief and damages. Under the SCC, such content may constitute offences like defamation, fraud, or forgery of documents. Since the SCC does not recognise AI systems as liable entities; responsibility falls on identifiable natural or legal persons.
• Across all liability theories, AI-specific challenges primarily concern proof and causation, particularly where harm results from complex or opaque systems or involves multiple actors along the AI value chain.

The DETEC overview of 12 February 2025 highlighted liability as an area needing further evaluation. As of April 2026, the Federal Council has not announced any concrete revisions of the PrHG or the PrSG, and it remains unclear if Switzerland will follow the EU’s lead in modernising its product liability framework for AI. Further clarity may emerge with the consultation draft for the implementation of the Council of Europe’s AI Convention. While the Convention does not establish a standalone liability regime, it requires contracting states to ensure effective remedies for AI-related rights violations and implement accountability mechanisms, focusing primarily on government liability rather than the private sector. 

Agentic AI systems pose legal challenges under civil, criminal, and data protection laws, as liability rests with deployers or operators, since AI systems lack legal personality. Under the CO, organisations deploying agentic systems are generally accountable for outputs under actual or apparent authority principles. However, as human input decreases in an agentic system’s actions, assessing responsibility becomes increasingly difficult, creating an “accountability gap”.

Human oversight is critical, but not yet generally mandated by Swiss law, though the Council of Europe’s AI Convention stresses its importance. FINMA already requires supervised institutions to govern and control AI applications, including autonomous systems.

Nevertheless, Swiss law and emerging regulatory frameworks agree that responsibility cannot be delegated to machines, and mandates accountability among developers, deployers, and operators. Contracts remain the primary tool for allocating risk across organisations, but they cannot override statutory duties to third parties or data subjects.

The Federal Council’s AI principles highlight transparency, traceability, and explainability as core requirements. Disclosure of AI systems’ purpose and functioning is expected to be part of future regulation. 

From a data protection perspective, the same rules apply as to any deployments of AI systems involving personal data. For agentic AI, record-keeping duties likely apply and high-risk AI-supported processing may require a DPIA. Additional safeguards apply where agentic systems perform high-risk profiling or process sensitive personal data, including heightened transparency, security and purpose-limitation requirements. Applicable data protection law also provides logging requirements for certain automated processing activities (see 17. Data Protection).

When deploying agentic systems in sensitive contexts, additional considerations apply and Swiss practitioners can reference prohibited use cases under the EU AI Act as a benchmark.

Sector-specific rules already impose heightened requirements in healthcare, financial services, infrastructure and public sector.

Regulating multi-agent architectures, remains unresolved, with guidance expected by the end of 2026.

Autonomous decision-making, adaptive behaviour, and multi-actor AI deployment challenges the existing legal framework, like the CO and the PrHG (not specifically designed for AI), particularly with regard to questions of attribution, causation, and responsibility. The Federal Council has acknowledged that targeted adjustments to the PrHG may be required (see 10.1 General Theories of Liability).

Liability allocation among developers, deployers, and users depends on the specific case: developers bear responsibility for defective design or training data, deployers for inadequate operational controls, and users for harmful inputs or instructions. For self-learning AI, developer’s control diminishes after deployment, potentially shifting liability for those configuring or operating the system.

Liability challenges are especially pronounced in multi-agent scenarios, where harm results from interactions between multiple autonomous systems across organisational boundaries.

Bias-related legal analysis relies on constitutional non-discrimination, sector-specific anti-discrimination rules (eg, employment law), and data protection law.

Where AI-supported processing of personal data is likely to pose a high risk to data subjects, a DPIA is required; AI can be one of the risk drivers, whereby bias and fairness considerations might be relevant.

As regards “fairness testing” in AI, sector-specific regulators can create de facto testing/auditing expectations, and FINMA explicitly identifies model risks such as bias and expects governance, inventories, risk classification, data quality, tests, monitoring and documentation, explainability and independent review for supervised institutions.

Liability for discriminatory outcomes is typically assessed under civil liability for contractual and non-contractual liability or forms of strict liability (eg, liability of the owner of a motor vehicle or product liability).

AI-supported biometric processing of personal data falls under the FADP. Biometric data qualifies as sensitive personal data, which increases the compliance expectations for biometric AI systems, including the justification for the disclosure of such information to third parties. If such disclosures are based on the affected individual’s consent, consent must be provided explicitly (ie, not implied consent or opt-out options).

Transparency and notice are central (see 5.2 Regulatory Directives). Where biometric AI is used in settings that may be high risk (ie, large-scale surveillance), a DPIA is required.

From 2027, federal and cantonal authorities will be able to conduct facial comparisons through the updated Automated Fingerprint Identification System (AFIS2026), operated by fedpol. Real-time monitoring, including live facial recognition, will not form part of AFIS2026, as no specific legal basis exists for such use. Postulate 26.3517 Revision der Strafprozessordnung in Bezug auf digitale Ermittlungsmethoden, insbesondere mit Blick auf künstliche Intelligenz (Revision of the Code of Criminal Procedure in relation to digital investigation methods, in particular with regard to artificial intelligence (AI)) tasks the Federal Council with reviewing the Swiss Code of Criminal Procedure to address gaps in regulating AI-based investigations, including facial recognition.

Facial recognition undertaken by the FIS is subject to a legal dispute. The FAC ruled that the FIS must disclose its legal analysis on facial recognition (decision A-4286/2022 of 20 April 2026).

Deepfakes and synthetic media are assessed through existing Swiss legal frameworks, notably data protection and personality rights, unfair competition rules and criminal law.

• Deepfakes involving personal data trigger transparency and other data protection obligations if an individual is identifiable. The FDPIC explicitly states that the use of programs enabling manipulation of faces, images or voice messages of people must be clearly indicated, and notes that such manipulation may be unlawful under criminal law.
• Under civil law, personality rights provide protection against unlawful infringements, which can be relevant where deepfakes harm reputation, privacy or the right to one’s image or voice. If an individual’s (or legal person’s) personality rights are infringed, they have several available claims (to seek damages or to stop or prohibit an infringement) that can be enforced directly.
• The UCA prohibits misleading business practices contrary to good faith, which can be relevant if synthetic media is used in marketing so that deceives customers about material features (for example AI-generated images of holiday destinations) where this is not obvious.
• Applicable criminal law provides fragmented protection against deepfakes (notably Article 173 et seq, Article 179decies, Article 197, Article 197a of the Swiss Criminal Code).
• Moreover, the preliminary draft on the ComPA (still under consultation) foresees “notice and action” procedures that would enable users to report potentially illegal content including deepfakes.

Switzerland does not impose a blanket obligation on businesses to disclose the use of AI, but transparency obligations can arise from current regimes, particularly data protection and unfair competition or sectoral law.

Under data protection law, controllers have an information obligation that makes processing activities transparent for individuals to exercise their rights. In particular, the supervisory body emphasises that AI-based processing activities should be transparent as to purpose, functionality and data sources.

For automated individual decisions with legal or similarly significant effects, data protection law contains a specific transparency and human-review safeguard request.

For conversational AI and chatbots, users have a right to know whether they are communicating with a machine and whether their inputs, to the extent that they contain personal data, are used for AI improvements or other purposes.

For AI-generated content, transparency is key to avoid deceptive advertising or misleading product descriptions, which could raise issues under the UCA.

AI contracts rely on the CO, sectoral rules, and the FADP, requiring careful contractual risk allocation.

The legal qualification of the contract applying to AI procurement (sale, work contract, mandate, or mixed contract) determines liability standards, making it crucial to define performance outcomes, accuracy, bias metrics, and service level agreements (SLAs), including remedies like contractual penalties and obligations to manage model drift.

Because Swiss law recognises no ownership in data and provides limited IP protection for AI-generated outputs, contracts must expressly regulate data usage rights, IP ownership, licensing, and treatment of training data and outputs.

Procurement agreements should also include strong compliance warranties, indemnities, audit rights, and exit provisions to address data protection, IP infringement, regulatory obligations (including EU AI Act exposure), transparency, and vendor lock in risks.

Liability caps and insurance requirements are generally permissible under Swiss law.

Swiss businesses procuring AI systems should conduct robust due diligence, as ignoring known AI risks may breach the standard of care. Duty of care obligations, data protection and financial market regulation require businesses to perform due diligences when procuring third-party service.

Although Swiss law does not mandate formal audits of upstream AI providers, deployers remain liable for defects in third-party components under contractual, tort, and product liability principles, creating an obligation to assess and monitor suppliers.

Existing laws, especially the FADP and sectorial guidance like FINMA guidance 08/2024, require documentation and transparency duties, including notifications to affected persons, data-use records, model behaviour, and risk assessments.

Though not legally required, AI traceability, maintaining provenance and lifecycle records for AI systems is essential for managing liability and meeting EU AI Act technical documentation demands where EU exposure exists.

Given the complexity of AI value chains, Swiss law’s freedom of contract enables cascading contractual mechanisms, like flow-down obligations, audit rights, and indemnities, which are key to allocating accountability and managing EU and future Swiss regulatory requirements.

The use of AI-driven tools in recruitment processes presents a significant risk of discrimination. Public sector employers must uphold the principle of equality before the law, encompassing the prohibition of discrimination. This principle is enshrined in the Swiss Constitution and includes, inter alia, the guarantee of gender equality, and an obligation to eliminate disadvantages for individuals with disabilities. These requirements also apply to AI tools.

Private sector employers generally benefit from the freedom of contract, which allows them to select candidates at their discretion and, in principle, without providing justification. However, the Swiss legislator has reinforced the principle of equality before the law through statutory provisions, applicable to the private sector. For example, the GEA prohibits gender-based, direct or indirect, discrimination, particularly by reference to the marital status, family situation or pregnancy. This prohibition applies especially to recruitment, the allocation of duties, remuneration, and dismissal.

Also noteworthy is Article 261bis Swiss Criminal Code, which prohibits discrimination and incitement to hatred.

The use of AI tools for recruitment, whether in the public or private sector, must comply with the FADP as well as Article 28 of the Swiss Civil Code.

In particular, the use of such tools may trigger the requirement to conduct a DPIA. Where an automated individual decision is made, information and human-review obligations apply. If an applicant is rejected solely based on an automated individual decision, the applicant must be informed accordingly. The employer must provide applicants the opportunity to present their views and request a human review of the decision (Article 22 FADP).

Discriminatory dismissals of employment relationships in the private sector based on a characteristic inherent in another party’s personality or on the exercise of a constitutional right are considered abusive (Article 336 (1)(a) and (b) CO). Pursuant to Article 5(2) GEA, where discrimination relates to the refusal of employment or to dismissal, the person concerned is entitled to compensation. The GEA also provides the right to challenge termination, if it is without good cause and following a complaint of discrimination by the employee.

Monitoring

According to the FDPIC, employers must have an objective need to use a surveillance system in order to monitor employees. This arises from the employee’s personality rights under Article 328b CO and Article 26 of Ordinance 3 of the Employment Act (EmpO 3), prohibiting the monitoring of employee’s behaviour. Where monitoring or control systems are required for other reasons, they must be designed and arranged so as not to affect employees’ health and freedom of movement without being under constant surveillance.

Furthermore, if monitoring systems process personal data, the requirements according to the FADP must be complied with. When using monitoring systems, the employer must balance the company’s interests in monitoring against the employees’ personality rights and a DPIA may be required.

A violation of Article 328b OR or the FADP constitutes a violation of personality rights under Article 28 of the Swiss Civil Code and gives rise to claims under Article 28a of the Swiss Civil Code. A violation of Article 26 EmpO 3 must generally be reported to the competent cantonal authority (such as the labour inspectorate). Such violations may result in fines.

Employee Evaluation

It is difficult to distinguish between authorised surveillance (such as monitoring for security, performance, or efficiency reasons) and unauthorised monitoring of behaviour, since behaviour and performance are often closely connected. According to the FDPIC, permitted performance monitoring systems include electronic badges for access to the company, recording the time when workers enter and exit the premises or quality control to record the output of a workstation.

On the other hand, monitoring the behaviour of employees through detailed analyses of their activities on a continuous, periodic or sampling basis is prohibited. This includes the use of AI tools for automated evaluation of employee-based data (vision, movement, speech or communication patterns, psychological results) or systems that monitor the computer or mobile phone activities of employees in the company (spyware, activity trackers, application and websites logs, content scanners of e-mails, mouse and keyboard logs).

In October 2025, the Federal Council launched the consultation of the CompA draft, focusing on very large platforms. The proposal aims to increase transparency around recommender systems, advertising, and data use, also foreseeing complaint and reporting mechanisms for illegal content. According to Article 14 (3)(b) CompA, providers must indicate in their notification whether automated means – including AI– have been used, and, if so, which ones and for what purpose. The consultation closed in February 2026, and the next legislative steps are expected during 2026. Separately, the FADP already applies to platforms that process personal data for purposes such as profiling, targeted advertising, content personalisation and automated individual decisions (see 17. Data Protection).

Existing financial services regulations, although not AI-specific, apply to AI applications. Furthermore, FINMA’s Guidance 08/2024 sets out supervisory expectations across several areas and applies to all supervised institutions using AI:

• governance;
• risk identification and classification;
• data quality, testing and monitoring;
• documentation;
• explainability; and
• independent verification.

Drawing on observations from its ongoing supervisory activities, FINMA found that most institutions remain in the early stages of establishing corresponding governance and risk management structures, with notable gaps around explainability and documentation. A FINMA survey of approximately 400 institutions (24 April 2025) found that around half of the supervised institutions already used AI or have initial applications in development, with a further quarter intending to do so within three years, while only around half had incorporated an AI strategy, indicating that governance has not kept pace with adoption. FINMA confirmed that AI will remain a supervisory priority, with expectations to be refined further.

In a related development, FINMA’s Guidance 02/2026 on digital fraud risks highlights that technological developments – including AI-enabled automation and deepfake-based social engineering – are increasing fraud exposure and require institutions to strengthen governance, operational risk management and controls in digital channels. While not AI-specific, the communication reinforces FINMA’s expectation that supervised institutions proactively identify, monitor and mitigate AI-related fraud vectors as part of their broader risk and compliance framework, potentially also using AI-based solutions.

Switzerland lacks AI-specific healthcare laws. However, the Federal Office of Public Health (FOPH) is reportedly mapping potential AI use, general policy approaches, and possible regulations, considering overlaps, responsibilities within the federal administration and the international context. AI-enabled medical devices already fall under the Therapeutic Products Act, the Medical Devices Ordinance and the In Vitro Diagnostic Medical Devices Ordinance, while clinical investigations are subject to the Human Research Act and the Ordinance on Clinical Trials with Medical Devices. Swissmedic looks to international bodies such as the WHO, ICH, IMDRF, EMA and FDA for guidance when evaluating AI-generated elements in medicinal product development, though a Switzerland-specific supervisory practice in this area is still taking shape.

AI use in healthcare often involves health data, which qualifies as sensitive personal data under the FADP potentially triggering increased requirements around patient information/consent and justification, the possible applicability of research/statistics exceptions, DPIA for high-risk processing, and – where physicians are involved – medical professional secrecy constraints.

The Swiss Medical Association has issued rather basic recommendations on the use of LLMs in medical practice. It advises physicians to prioritise locally hosted/controlled systems and to avoid entering patient or other confidential data into external tools, stressing that any output must be critically reviewed and remains the physician’s responsibility. More detailed guidance is expected as clinical AI use evolves.

The Ordinance on Automated Driving (1 March 2025) permits three categories of operations: (i) automated driving systems on highways, requiring drivers to remain ready to take control at any time, (ii) fully driverless vehicles on designated routes with remote monitoring, and (iii) automated parking systems limited to designated areas. Liability for damage caused by autonomous vehicles remains governed by the Road Traffic Act, with vehicle holders bearing strict liability irrespective of fault. The interaction between this strict liability regime and the allocation of responsibility among manufacturers, software developers, and operators of autonomous systems is still evolving.

A central question for future legislation is the necessary conditions allowing driver relief when using an automated system.

No AI-specific retail or consumer protection legislation has been enacted. The FADP applies in full where AI is used for consumer profiling, personalised pricing, or targeted advertising, while the UCA prohibits misleading AI-generated content and advertisements and undisclosed AI-driven consumer interactions. Algorithmic pricing tools raise exposure under Swiss competition law, and the Competition Commission has identified AI-driven market conduct as a supervisory focus area (see 18.1 Emerging Antitrust Issues in AI).

As of today, no AI-specific regulation exists for the industrial sector or for robotics in Switzerland. AI-enabled industrial products are governed by the existing PrSG and PrHG (see 10. Liability for AI and 11. Agentic AI Systems and Autonomous Decision-Making). This framework was not built for AI and has not yet been updated to reflect the EU’s revised product liability rules, which explicitly extend to software and AI systems.

For Swiss industrial companies active in the EU market, the EU AI Act introduces additional requirements for AI embedded in industrial products, and without corresponding updates to the Mutual Recognition Agreement, Swiss manufacturers may face the burden of separate conformity procedures.

Although, the PrSG imposes ex ante safety requirements for products placed on the market, applying them to AI-enabled industrial machinery and robotics can be challenging where software updates/learning change system behaviour after deployment and responsibility is split across manufacturers, integrators and operators.

Patent protection of AI Assets

The PatA grants patents for new (AI-based) inventions that are applicable in industry, provided they meet the standard requirements of novelty, inventive step, and industrial applicability. The Federal Council confirmed in February 2025 that no legislative amendments are required regarding AI. AI algorithms expressed as mathematical methods alone are generally not patentable. However, AI-based inventions where AI serves as a tool or component within a broader technical solution are patentable under the same standards applied by the European Patent Office.

Copyright Protection for Datasets, Architectures, and Code

The CopA protects “literary and artistic intellectual creations with individual character,” including computer programs. AI source code written by humans qualifies for copyright protection as a computer program, with protection lasting 50 years after the author’s death. Neural network architectures expressed in code similarly enjoy protection, though the underlying abstract mathematical or logical structures do not.

Switzerland does not have a sui generis database right. Protection for databases is available through three alternative channels: copyright law (CopA), unfair competition law, and contract Law. Raw data itself is not copyrightable. A dataset may qualify for copyright protection only if the selection or arrangement of its contents constitutes an intellectual creation with individual character. No Swiss court has yet directly addressed AI authorship. However, purely AI-generated works are unprotected by copyright because they lack a human author. Where a human uses AI as a tool and exercises sufficient creative control, the human is the author, and the work may be copyrightable. This requires a case-by-case assessment.

Trade Secret Protection for Model Weights and Training Methodology

Switzerland provides robust trade secret protection through the UCA and the Swiss Criminal Code.

Model weights qualify as trade secrets if the owner takes reasonable protective measures. Training methodologies, including proprietary protocols, hyperparameter configurations, data preprocessing pipelines, and reinforcement learning strategies, likewise qualify as such. Where training involves unlawfully obtained data subject to trade secret protection, this constitutes unfair competition under the UCA and is prohibited.

IP Rights in AI Inputs and Outputs

Copyright in training data belongs to the original creators. The use of copyrighted works as AI training input raises infringement questions that remain unresolved in Swiss law (see 16.3 Copyright and AI Training Data). User prompts may or may not be copyrightable depending on their individual character.

AI-generated output is not automatically protected by Swiss copyright, as it requires a human author.

Impact of AI Provider Terms

Swiss law does not contain specific provisions governing AI providers’ terms of service. General contract law principles apply. Terms of service are binding if validly incorporated, but unusual or surprising terms in standard business conditions may be unenforceable under the "Unusual Clause Rule" (Ungewöhnlichkeitsregel) developed in Swiss case law.

Infringement Risks

The use of copyrighted works for AI training and the publication of AI-generated outputs may give rise to infringement risks under CopA and unfair competition rules, depending on the circumstances of the individual case.

AI as Inventor or Author

As a general principle, inventors and authors need to be human beings. See 4.1 Precedent-Setting Judicial Decisions for AI as inventor and 16.1 IP Protection for AI Assets for AI as author.

Ownership of AI-Generated IP

For AI-assisted inventions, the natural person who contributed to the inventive process is the inventor and initial owner (inventions made in the course of employment duties belong to the employer under applicable law). For copyright, the author (a natural person) is the initial owner. If the AI generates the work without sufficient human creative contribution, there is no author and no copyright. The work falls into the public domain: neither the AI operator nor the user holds exclusive rights.

AI Training and Infringement

Whether using copyrighted works to train AI systems constitutes infringement under CopA remains legally unresolved, with no court decisions or pending litigation to date.

During the data collection phase, there is legal consensus that downloading and storing copyrighted works via web crawlers constitutes reproduction under Article 10 CopA and amounts to infringement absent consent or an applicable exception. The training phase is more contested: some argue that feeding data through neural networks to adjust weights does not create a “copy” because no human-perceptible reproduction results, while others maintain that the broad interpretation of “reproduction” under the CopA encompasses the training process itself.

The Federal Council acknowledged these uncertainties in its February 2025 report and concluded that adjustments to the CopA are inevitable.

Applicability of Exceptions

Switzerland’s text and data mining exception is limited.

The Scientific research exception (Article 24d CopA) allows reproducing works for scientific research without remuneration, provided the works are legally accessible, covering non-commercial and commercial research. The primary purpose must be scientific research. Commercial AI training for product development likely falls outside this exception. The exception expressly excludes computer programs (source code), meaning that the use of software in AI training datasets cannot benefit from this exception.

The temporary copies exception (Article 24a CopA) permits transient or incidental reproductions that are integral to a technical process and have no independent economic significance. It is unlikely to apply to AI training, as training data is typically stored for extended periods and generates economic benefits.

The private use exception (Article 19 CopA) permits internal use by organisations for information or documentation purposes, subject to remuneration obligations. It is not compatible with AI model training activities.

Licensing Frameworks

Without clear statutory exceptions for commercial AI training, licensing remains the most certain pathway.

Direct licensing from individual rights holders provides the greatest certainty but is often impractical at scale.

Collective licensing through Swiss collective management organisations (ProLitteris, SUISA, SSA, SUISSIMAGE) is under discussion but not yet established for AI training purposes.

Liability for Outputs Resembling Training Data

AI-generated outputs that reproduce recognisable copyrighted works without authorisation constitute an infringement under Article 10 of the CopA, the decisive element being whether “sufficiently large parts” of a protected work are created.

Regulatory Proposals

See 1. Legal Framework and the Switzerland Trends & Developments chapter for further details.

See 16.1 IP Protection for AI Assets and 16.2 AI as Inventor/Author.

Licensing Models

Under the principle of freedom of contract, a wide range of licensing arrangements are possible. The following three licensing models dominate the foundation model landscape.

• Proprietary models (such as GPT-4 or Claude) are typically accessed through terms of service or API agreements. IP in the model (weights, architecture, and training data) remains with the provider. Users receive a limited, non-exclusive licence to use the output. Provider terms commonly restrict reverse engineering, extraction of model weights, competitive use, and benchmarking.
• Open-weight models (such as Meta’s Llama) release model weights publicly but under restrictive licences that impose conditions on use, redistribution, and commercial exploitation. These are not truly “open source” in the traditional sense.
• Full open-source models (such as Switzerland’s own Apertus model) allow unrestricted commercial use, modification, and redistribution with minimal restrictions. Apache 2.0 requires only attribution, imposes no copyleft conditions, and allows derivative models to remain fully proprietary.

IP Implications of API Versus Self-Hosted Models

With API access, the user has no access to model weights, architecture or training data, and IP remains entirely with the provider. Therefore, data protection and professional secrecy concerns can arise if API access is chosen.

Self-hosted models give the user full control over the model and data. IP in the underlying model is governed by the applicable licence, and modifications through fine-tuning may create derivative works. If no data leaves the user’s infrastructure, data protection and professional secrecy concerns are (partially) addressed.

Derivative Works and Fine-Tuning Rights

Under Article 3 of the CopA, derivative works are created by modifying an existing work while preserving its individual character. Whether fine-tuning an AI model creates a “derivative work” depends on whether the fine-tuned model preserves the individual character of the original. It remains uncertain whether model weights constitute a “work” at all as they are numerical parameters.

In practice, the applicable licences that are granted to the users govern fine-tuning rights.

Open-Source AI Licences and Enforceability

Open-source licences are generally treated as contracts and are enforceable under the CO. Enforceability of behavioural restrictions under Swiss law is untested but likely upheld as contractual terms.

The Unusual Clause Rule could theoretically apply, but standard open-source terms are widely known in the industry and would likely be upheld.

Model Merging and Distillation

Model merging and knowledge distillation raise novel IP questions not yet addressed by Swiss courts or legislation. The Swiss legal framework does not yet provide specific guidance on these techniques, and general IP principles would apply.

In Switzerland, data processing under the FADP fully applies to AI training involving personal data. According to the DETEC’s overview of 12 February 2025, current data protection laws sufficiently address AI-related challenges.

General Data Protection Principles

• The FADP’s core principles: these are lawfulness, transparency, purpose limitation, accuracy, proportionality and good faith (Article 6 FADP). Controllers must apply privacy by design, implement adequate security measures (Article 7 and 8), comply with the duty to information (Article 19), observe enhanced obligations for automated individual decisions (Article 21), and conduct a DPIA where processing presents a high risk (Article 22). However, ensuring compliance with these principles is challenging in the AI training context.
• Duty to provide information: organisations using personal data for AI training must update their privacy policy to disclose this new purpose (Article19 FADP). The FDPIC recommends that, manufacturers, suppliers, and users of AI systems must transparently indicate the purpose, functioning, and data sources used in AI-based data processing. However, when data is used for secondary purposes and has been collected by third parties, data subjects often cannot be or are not fully informed. The duty to provide information is subject to several exceptions (Article 20 FADP) that may apply.
• Transparency: the principle of transparency applies to AI training, though secondary use of personal data for AI training is often unclear to data subjects at the time information is provided and may require additional notification (see above).
• Purpose: processing of personal data must be carried out for a predefined and lawful purpose(s). AI training often deviates from the original purpose for which the data was collected, requiring justification either by (i) consent, which may be considered implicitly granted if an updated privacy policy clearly outlines the new purpose and provided to the data subject without objection; or (ii) demonstrating a legitimate interest, eg, compliance with the conditions for lawful data reuse (Article 31 FADP).
• Proportionality: only personal data strictly necessary for AI training should be processed, with clear access and retention policies to ensure systematic deletion once training is complete. However, this is challenging as it also requires ensuring that identifiable data is not included in AI outputs.

Unlawful Data Processing and Legal Justification

Justification for data processing is required if processing violates the general data protection principles, opposes the individual’s explicit will, or involves sharing sensitive data with third parties (Article 30 FADP). Valid justifications include consent, overriding legitimate private or public interests or the law (Article 31 FADP). Obtaining valid consent for AI training is often impractical, requiring reliance on overriding private interests. Developers must demonstrate an overriding private and legitimate interest, in using the data, like improving AI performance, fraud detection, or enhancing security, with no less intrusive alternatives available. This is more likely if the data used is not sensitive, its use is foreseeable, privacy impact is minimal, and strong security measures are applied. An overriding private interest in using personal data to train AI models may be established under the following conditions.

• Processing data for non-individual related purposes, like research, planning, or statistics (Article 31 (2)(e) FADP) is allowed if:
1. the purpose of processing does not target specific individuals;
2. data is anonymised as soon as the purpose permits (ideally before processing begins) or appropriate measures are put in place to ensure protection of personal data;
3. no sensitive data is shared with third parties in identifiable form, unless measures are in place to ensure the purposes do not pertain to specific individuals; and
4. published results do not allow the identification of data subjects.

AI model training faces challenges under this exception. First, training purpose must be non-commercial or purely statistical, which is rare for a model that is ultimately deployed for commercial purposes. Secondly, achieving true anonymisation is practically challenging. However, AI models may be trained using publicly accessible data, unless the data subject explicitly objected to such use (Article 30(3) FADP) or using data of public figures, provided that the data pertains exclusively to their public activities (Article 31 (2)(f) FADP). 

Data Subject Rights

The data subject rights under the FADP apply to AI training, and include:

• right of access, which may be limited if it imposes disproportionate effort on the controller; and
• right of rectification, erasure and objection, though these are harder to fulfil once personal data is integrated into an AI model.

Rights concerning the protection of personality under Articles 28 et seq of the Civil Code also apply.

Anonymous Data

Data controllers should retain only anonymised data, as it falls outside the FADP’s scope (although the anonymisation itself qualifies as processing). Achieving true anonymisation in a legal sense in the context of AI training is challenging: (i) the volume of processed data can enable cross-referencing, making re-identification possible; (ii) AI models may retain certain aspects of the data, potentially reproducing it in generated outputs; or (iii) when combined with external datasets or sources, data previously considered anonymised can become identifiable again. Thus, data usually is better described as pseudonymised. Under the “relative approach”, data remains personal if an actor holds the re-identification key, while being considered anonymous for those without key. Therefore, the pseudonymisation of personal data can be a privacy-preserving measure when using it to train AI models.

Special Categories of Data

For training datasets containing sensitive personal data under Article 5(c) FADP, such as health data, biometric or genetic data, religious beliefs, sexual orientation or political opinions, the following requirements must be met:

• stricter justification for sharing such data with third parties;
• consent must be explicit unless another lawful justification applies;
• implementation robust safeguards, such as encryption, access restrictions, and pseudonymisation; and
• DPIAs and consultation with supervisory authorities when processing large quantities of sensitive data to identify potential compliance risks.

Accountability and Documentation Requirements

Organisations training AI systems must keep records of data processing. Although the obligation to maintain a record of data processing does not apply to legal entities that have fewer than 250 employees and whose data processing poses a negligible risk of harm to the personality of the data subjects (Article 12 (5) FADP), the exemption will likely not apply in the context of AI training due to the large amount of personal data processed, the data memorisation which could inadvertently lead to disclosure of part(s) of the personal data or the risk of re-identification of anonymised data. As a result, the second condition of exemption will be difficult to meet. No specific accountability obligation, like under the GDPR, applies.

Deploying AI systems that process personal data must comply with FADP principles (see 17.1 AI Training and Data Protection) and consider the following additional key points.

Duty to Provide Information

The FDPIC advises informing users when they directly interact with AI systems and clarifying if input data will be reused for self-learning or other purposes. Users must be notified if programs manipulate identifiable faces, images, or voices.

Transparency Regarding Automated Individual Decisions

Data controllers must inform data subjects about decisions solely based on automated processing of personal data that produce legal effects or significantly impact the individuals concerned (Article 21(1) FADP). While a detailed explanation of the system’s functioning is not required, it is recommended, providing information on underlying decision logic, types of decisions being made, their potential outcomes and the effects of such outcomes. Moreover, organisations are advised to disclose any implemented risk mitigating measures, such as mitigating bias or discrimination in AI-driven decision-making. The FADP provides two exemptions to transparency obligation concerning automated individual decisions: (i) the automated individual decision is directly related to the conclusion or performance of a contract between the data controller and the data subject, and the latter’s request is satisfied or (ii) the data subject has expressly consented to the automated decision making (Article 21(3) FADP).

Data Subject Rights

Besides the general data subject rights, data subjects can contest automated individual decisions and request human review of the decision (Article 21(2) FADP). Moreover, the obligation to conduct a DPIA when the intended processing is likely to result in a high risk to the personality or fundamental rights of the person concerned (Article 22 (1) FADP) often applies in practice to the development of an AI system, providing the person concerned with an additional layer of protection (see 17.3 AI Data Governance and Cross-Border Transfers).

Data Retention and Deletion

Personal data must be deleted when no longer necessary (Article 6 (4) FADP) or upon the data subject’s request (Article 32 (2) FADP). In the context of AI, ensuring compliance with data retention/deletion principles can be challenging as it is difficult to identify the locations where the personal data is stored in the AI model (including training datasets and derivative datasets) and, if the AI model has been trained using this data; removing the data might require retraining the model.

Children’s Data in AI Applications

Swiss law does not define a specific age threshold for children, but processing children’s data inherently raises risks under the FADP principles and can be considered a high-risk data processing activity which may trigger the obligation to carry out a DPIA. Therefore, organisations deploying AI systems that process children’s data must ensure that (i) information is provided in clear and concise language that is easily understandable for young people and (ii) where parent consent is required, that such consent has been obtained.

Data Protection Impact Assessments (DPIAs) for AI Systems

Under Article 22(1) FADP, a DPIA is required if the processing is likely to result in a high risk to individuals due to the use of new technologies or the nature, scope, circumstances, and purposes of the processing. The DPIA must include a description of the intended processing, an evaluation of the risks to the personality or fundamental rights of the data subject and the measures planned to protect them. By law, a high risk is deemed to exist under the following circumstances: (i) large-scale processing of sensitive data, and (ii) systematic surveillance of extensive public areas (Article 22 (2) FADP). In practice, AI systems are often deemed high-risk due to the inherent risks associated with automated decision-making, profiling, potential biases, discrimination risks, and lack of transparency. Therefore, in most cases, a DPIA will be required.

Data Protection by Design and by Default in AI Development

Principles of privacy by design and by default (Article 7 FADP) apply throughout the lifecycle of an AI system, requiring controllers to: prioritise the use of (anonymised or) pseudonymised data, use methods such as sampling or the generation of synthetic data, limit data retention periods, exclude irrelevant personal data in the model, encrypt data during storage and transfer, regularly test the AI system to prevent biases or inappropriate processing of personal data.

Processor/Controller Relationships in AI Supply Chains

Under Article 2 FADP, controllers define the data processing purposes and means, while data processors processes data on their behalf.

Distinguishing between these roles can often be challenging. Within the AI context, entities such as suppliers of AI models, data and cloud service providers are typically classified as data processors. However, certain AI developers may also be deemed data controllers if they independently define the purposes and means of data processing. Organisations using a third-party AI model are usually controllers, which is why clear rules on inputting personal data into AI models need to be defined for employees.

Clearly defined roles should be formalised in contracts, specifically outlining the division of responsibilities and establishing clear protocols for data handling practices across the entire AI supply chain (Article 9 FADP).

Cross-Border Data Transfers

Personal data may only be transferred outside Switzerland if the receiving country ensures adequate protection (Article 16 (1) FADP). Switzerland recognises several countries as providing adequate protection (eg, EU/EEA member states and the UK). If the recipient country lacks adequate protection, cross-border data transfers are only allowed if appropriate safeguards are implemented, such as standard contractual clauses (SCCs), binding corporate rules (BCRs), or explicit data subject consent (Article 16(2) FADP).

These principles apply without exception in the context of AI.

Swiss competition law is governed by the Federal Act on Cartels and Other Restraints of Competition (KG). The KG does not provide any AI-specific requirements, and no settled Swiss case law specifically addresses AI-related competition concerns to date. In March 2026, the Federal Competition Commission (COMCO) stated that effective protection of competition requires constant monitoring of developments in the field of AI. COMCO went on to confirm that if there are signs of anti-competitive strategies by dominant firms or of algorithmic collusion (eg, algorithmic pricing that leads to price convergence and hinders competition), it will investigate these cases. At the same time, COMCO acknowledged the advantages of AI and it intends to monitor developments with foresight and prudence. Lastly, COMCO pointed out that interventions that are too early or too severe could undermine innovation potential, whilst acting too late could entrench structures that are harmful to competition ‒ a balance it will need to strike in its supervisory role.

Cybersecurity requirements for AI arise from different legislation, the most prominent ones being the FADP, the Information Security Act (ISG) and financial market regulation.

• Existing laws lack specific technical requirements, however, Article 8 of the FADP requires data controllers to implement “adequate technical and organisational measures” for data security, proportionate to the risk. The Federal Data Protection Ordinance (Articles 1-5) outlines additional security requirements. For AI systems processing personal data, these provisions require protection against attacks that could compromise data integrity or confidentiality throughout the entire data processing lifecycle as well as certain logging requirements.
• Additionally, the UCA protects trade secrets, including proprietary AI models, against unlawful extraction. Model extraction (where a third party reconstructs a proprietary model through systematic querying) may constitute an unfair competitive practice or trade secret violation under Swiss law.
• In the financial sector, the FINMA’s Guidance 08/2024 expects financial institutions to implement adequate governance over AI development, including documentation of model development, validation, and monitoring processes. Finally, the ISG imposes information security obligations on federal authorities and critical infrastructure operators. For AI systems used in critical infrastructure, the ISG’s security requirements extend to the development and operation of those systems.

Incident reporting obligations are also governed by existing legislation.

• The ISG requires operators of critical infrastructures across nine sectors and 27 sub-sectors including energy, healthcare, finance, transport, and ICT to report cyber-attacks to the Federal Office for Cybersecurity (BACS) within 24 hours of discovery (Article 74a et seq ISG). Reportable incidents include attacks threatening critical infrastructure functionality, resulting in data manipulation or leakage, or involving blackmail or coercion.
• The FADP requires controllers to report personal data breaches to the FDPIC “as soon as possible” where the breach is likely to result in high risk (Article 24 FADP).
• Swiss financial institutions face dual mandatory cyber-incident reporting obligations: to FINMA (under Article 29 of the Financial Market Supervision Act and Circular 2023/1) within 24 hours of a significant incident, and the BACS under the ISG within the same timeframe.

Both the ISG and the FADP require companies to ensure that third parties appointed by them comply with the required data security and cybersecurity requirements too.

The use of AI systems for cybersecurity defence, eg, threat detection, anomaly identification, automated incident response is currently not specifically regulated under Swiss law. General legal principles apply.

While Swiss public companies and supervised financial institutions that reach certain thresholds (over 500 employees and either CHF20 million in assets or CHF40 million in turnover for two consecutive years) as well as Swiss companies in certain sectors (active in commodities trading and those importing conflict minerals or at risk of using child labour) are subject to ESG reporting duties since 2024, the current obligations do not require any specific reporting relating to AI. However, depending on a company’s business model and the environmental footprint of its AI infrastructure, AI-related matters may fall within the scope of current mandatory ESG disclosures. Some Swiss companies have begun addressing AI in their sustainability reports, mostly noting an increased electricity consumption due to the increased use of AI systems.

Swiss law lacks AI-specific governance requirements, relying on corporate governance law, data protection regulation, and sector-specific supervisory expectations, particularly in the financial market sector (see 15.2 Financial Services). The practical challenge for Swiss companies is to build AI governance frameworks that satisfy existing legal obligations while anticipating emerging requirements, particularly the EU AI Act’s governance expectations, which apply to Swiss companies with EU market exposure.

The Swiss Federal Council’s AI guidelines (November 2020) recommend clear accountability structures for AI deployment within the Federal Administration. While not legally binding, these guidelines set a certain standard of care expected of Swiss organisations.

Article 716a of the CO requires the board to exercise ultimate oversight over a company’s risk management. Therefore, when AI systems pose material operational, legal, or reputational risks, the board’s supervisory duty extends to AI risk management.

AI governance is interdisciplinary and should not be established as a standalone function. It should integrate into existing governance frameworks (such as a company’s data governance framework), align with company culture and be implemented in a centralised, decentralised or hybrid form.

No Swiss statute mandates a specific AI risk management framework. Risk frameworks should classify AI systems by risk level, define risk tolerance thresholds, and establish escalation procedures. ISO/IEC 42001 (AI management systems) and the NIST AI Risk Management Framework provide voluntary standards that Swiss companies can use as guidance. Furthermore, AI governance should span the full lifecycle: development, testing, deployment, monitoring, and decommissioning. For certain companies (for example, but not limited to, technology-driven companies, regulated companies or large corporations), best practice has become to maintain a comprehensive inventory of all AI systems in use, including their risk classification, data inputs, decision-making scope, and responsible owner.

For other topics such as impact assessments, third-party governance and incident response, most companies rely on existing frameworks which they extent and adapt to cover AI systems. Finally, the Swiss Federal Council’s approach and Swiss regulatory culture generally favour proportionate, risk-based governance. Therefore, AI governance varies between Swiss companies based on their business model, risk appetite and exposure to the EU market.