“Digital healthcare” encompasses various types of digital technology, although their definitions and the distinctions between them have not yet been established by law. Generally, a distinction can be made based on who is involved (service provider or patient) and whether a device is involved. For example, eHealth Suisse (the Swiss Competence and Co-Ordination Centre of the Confederation and the Cantons for digital networking in the healthcare system) describes the following types of digital healthcare.

• Telemedicine focuses primarily on remote interaction between patients and physicians or among physicians in connection with medical diagnosis or treatment, with participants meeting online (via teleconference or videoconference).
• Mobile health (or mhealth) encompasses medical procedures and measures in private and public healthcare that are supported by mobile devices such as cell phones, patient monitoring devices, personal digital assistants (PDAs) and other wirelessly connected devices. It includes digital health applications – ie, all products in a healthcare context (software and/or devices) that derive their utility from mobile technologies (eg, smartphone apps, sensors with GSM connectivity, Internet of Things (IoT) functions).
• The electronic patient record (EPR) is a collection of personal documents containing information about patients’ health. Patients determine who is authorised to view which documents and when. Via a secure internet connection, the information stored in the EPR is accessible at any time to patients and their healthcare professionals who have been granted access rights.
• Remote patient monitoring (or telemonitoring) means the examination, diagnosis and ongoing monitoring of patients using connected devices that measure vital signs (blood sugar, body weight, blood pressure, etc). These connected devices are typically linked to a mobile app that can be used by both the patient and their doctor.

In the context of the mandatory health insurance system, digital health applications have been defined as products that use digital technologies to promote health, support and inform patients, or serve medical purposes. They can be software, an app, a mobile device (eg, sensors for measuring body parameters and software for digital analysis or transmission) or a combination of these. Artificial intelligence (AI) may also be used.

Digital health applications may also be used in combination with a non-digital physical product (eg, a bathroom scale). They may be intended for self-use by patients or healthy individuals, or for use by healthcare professionals. Only digital health applications that serve a medical purpose (see Software as a Medical Device (SaMD) in 2.5 Issue-Specific Legal Framework) are subject to the Swiss Therapeutic Products Act and its ordinances, and may qualify for reimbursement.

Digital technologies are used throughout the entire care continuum in Switzerland, although the extent of their use varies considerably depending on the context. In general, they are used in clinical practice for diagnostic, therapeutic and monitoring purposes. In addition, digital technologies can be useful in a workplace setting and are likely to contribute to well-being in the lifestyle sector.

Clinical Practice

Telemedicine

Telemedicine is among the most visible and widely adopted forms of digital health, particularly within the mandatory health insurance system. Patients may choose a lower-premium insurance model (ie, a telemedicine plan), which requires them to first consult a telemedicine provider through electronic means (eg, by phone) before seeking in-person medical treatment. Non-compliance with this requirement may result in the patient being responsible for the associated costs. With the implementation of the new outpatient tariff system, TARDOC, in 2026, telemedicine consultations replacing traditional telephone consultations can now be billed by all physicians under the mandatory health insurance scheme.

Telemonitoring

Although not yet widely adopted, telemonitoring is gaining increasing recognition in Switzerland. For example, since 2024, telemonitoring services for patients with cardiac implants and/or chronic heart failure have been eligible for reimbursement under the mandatory health insurance scheme.

Software as a Medical Device (SaMD)

SaMD has become well established in the healthcare sector (see also 2.5 Issue-Specific Legal Framework). As of 1 July 2026, a first interactive health application for cognitive behavioural therapy for depression, designed for use by patients on their own (therapists do not have access to the digital health application), will be reimbursed by the mandatory insurance.

Artificial intelligence (AI)

AI is increasingly being integrated into everyday clinical practice, particularly for diagnostic purposes. Examples include AI-assisted mammography and radiology, as well as tools for the early detection of circulatory failure.

EPR

The EPR aims to make patient records electronically accessible to patients and healthcare professionals involved in a patient’s care. To date, however, the EPR has not achieved broad adoption, due in part to its partially voluntary nature for most involved actors. To accelerate digitalisation, in November 2025 the Federal Council decided to replace the existing EPR with a newly established electronic health dossier (E-HD) (see 5.2 Recent or Imminent Reform). Whether the E-HD will succeed in achieving wider uptake and practical implementation remains to be seen.

Lifestyle Applications

These form part of the broader well-being market. They are ubiquitous and are designed to support and optimise well-being (eg, fitness, tracking and self-monitoring apps). Such applications are typically developed and offered by manufacturers outside the traditional healthcare sector, including manufacturers of smartwatches and other wearable devices equipped with sensors that capture and monitor users’ vital signs. They are primarily used for personal well-being and self-optimisation purposes, and are generally not subject to healthcare legislation, provided they do not serve a medical purpose.

Digital healthcare offers benefits at various levels.

Patient Experience and Outcome

Digital healthcare can support patients in both diagnosis and treatment. For example, new AI-assisted mammography tools are often perceived by patients as more comfortable than traditional mammography examinations, as they allow screening without the breast compression that many patients find painful. In the treatment context, digital monitoring tools can facilitate adherence, which is often crucial to therapeutic success. More generally, digital healthcare can help overcome geographical barriers by enabling remote consultations and facilitating access to healthcare services.

However, digitalisation is only as effective as the quality of the underlying data and the proper use of the relevant technologies. For example, digital monitoring tools may provide benefits only if patients follow the instructions and use the tools correctly.

Healthcare Professionals

Digital healthcare tools increasingly assist healthcare professionals in diagnosis, treatment and monitoring, enabling greater efficiency through standardisation and helping to reduce human error. However, as long as digital healthcare systems are not fully standardised across Switzerland, gains in efficiency may be offset by challenges relating to interoperability and user acceptance.

The experience with the EPR illustrates (see 5.2 Recent or Imminent Reform) that the success of digital healthcare depends on healthcare providers being willing and able to adopt such tools. In practice, this also requires the necessary technical infrastructure. For example, private physicians often use their own IT systems, making it cumbersome to integrate state-provided digital health tools into their existing infrastructure. As a result, several practical challenges still need to be addressed before the full benefits of digital healthcare can be realised.

Impact on Healthcare Costs

Although digital healthcare has the potential to reduce healthcare costs, the associated implementation costs should not be underestimated. As the experience with the EPR has shown, physicians in private practice may need to make significant investments in IT infrastructure to realise the full benefits of digital healthcare systems (see 1.2 Use/Application of Digital Healthcare and 5.2 Recent or Imminent Reform).

The increasing inclusion of telemedicine, telemonitoring and digital health applications within the reimbursement framework of mandatory health insurance suggests that these services are considered effective, appropriate and cost-efficient. Otherwise, reimbursement would generally not be available. Nevertheless, the long-term impact of digital healthcare on overall healthcare expenditure remains uncertain. On the one hand, implementation and reimbursement costs may increase spending. On the other hand, digital health tools may generate operational efficiencies and preventative benefits, such as the earlier detection of diseases through AI-assisted diagnostic technologies. Although the overall economic impact remains to be demonstrated in practice, the anticipated efficiency gains and preventative benefits suggest that digital healthcare is likely to have a positive net effect in the long run.

There is no regulatory definition of digital health or digital healthcare in Switzerland yet. eHealth Suisse defines the term “digital health” as an umbrella term for the use of digital technologies in the healthcare sector to improve the efficiency, quality, safety and accessibility of care. It encompasses applications such as telemedicine, electronic health records, health apps and wearables that support prevention, diagnosis, treatment and monitoring. The term “digital health” is increasingly replacing the previously used English term “eHealth” that referred to the integrated use of information and communication technologies to design, support and connect all processes and stakeholders in the healthcare sector (for further definitions, see https://www.e-health-suisse.ch/glossar and 1.1 Types of Digital Healthcare).

Switzerland does not regulate digital health under a single, comprehensive legal framework. As a general rule, legislative competence lies with the cantons unless the Federal Constitution expressly assigns it to the Confederation. As a result, digital health is subject to a range of legal provisions at both the federal and cantonal levels.

At the federal level, the following regulations apply in the context of digital healthcare (non-exhaustive list):

• the Swiss Therapeutic Products Act and the Medical Devices Ordinance apply to medical devices, including software as medical device;
• the Federal Act on Health Insurance and its ordinances apply to questions of reimbursement;
• the Health Professions Act provides for the professional duties of health professionals and the requirement to obtain a cantonal licence to practice their respective professions under their own responsibility;
• Articles 394 et seqq of the Swiss Code of Obligations govern the contractual relationship between patients/customers and physicians; 
• the Federal Act on Data Protection;
• the Federal Act on Research involving Human Beings and the Ordinance on Clinical Trials with Medical Devices;
• the Federal Act on the Electronic Patient Record and its ordinance;
• the Federal Act on Product Liability; and
• the Federal Act on Product Safety.

At the cantonal levels, the following regulations apply (non-exhaustive list):

• the health laws and regulations of the respective cantons govern public health measures and the organisation of the healthcare system, including the licensing of healthcare professionals; and
• cantonal data protection law governs the handling of personal data by cantonal and municipal authorities.

In addition, professional codes of conduct for members of professional associations may apply (eg, the Code of Conduct of FMH for medical doctors).

Although Switzerland has one of the highest-quality healthcare systems in the world, it still has considerable ground to cover when it comes to digitalisation. Data often has to be entered multiple times, systems are not fully interoperable, and there is no common strategy shared by all stakeholders. More generally, the political and legislative implementation process tends to be slow, which may be partly attributable to Switzerland’s federal structure.

To address these challenges, the federal government has launched the national DigiSanté programme for the digitalisation of the Swiss healthcare system (2025–2034). With funding of approximately CHF392 million, the programme encompasses around 50 projects across four priority areas:

• the establishment of uniform interoperability standards;
• the development of a national digital infrastructure;
• the digitalisation of government services such as registries and reporting systems; and
• the facilitation of the secondary use of health data for research and analytical purposes.

Through DigiSanté, the federal government aims to create a digital healthcare system in which relevant data can be exchanged seamlessly and accessed across interoperable systems, with the overarching objective of improving quality, efficiency, transparency and patient safety.

Technical standards are used in the field of digital health to ensure, and document, that a product complies with general safety and performance requirements, as only safe products may be placed on the market. To that end, the legislature may define technical standards that must be observed. In the absence of binding legal requirements, voluntary compliance with recognised technical standards may help demonstrate that a product is safe in accordance with the current state of the art (see 4.3 Defences).

For example, for medical device software, the legislature prescribes a set of technical standards to meet general safety and performance requirements, including clinical or performance evaluation. In the context of digital health, commonly applied technical standards for medical devices and medical device software include, for example:

• SN EN 62304 Medical device software – Software life cycle;
• SN EN ISO 14971 Medical devices – Application of risk management to medical devices;
• SN EN ISO 13485 Medical devices – Quality management systems – Requirements for regulatory purposes;
• SN EN ISO/IEC 15408 Information technology – Security techniques – Evaluation criteria for IT security;
• SN EN IEC 80001 Application of risk management for IT-networks incorporating medical devices; and
• SN EN 82304 Health software.

The following aspects of digital healthcare are subject to specific regulation in Switzerland.

Software as a Medical Device (SaMD)

Software is considered a medical device if, either on its own or in combination with another product, it is intended for a medical purpose for the benefit of an individual (and not merely a population-level benefit), and if the processing of medical data goes beyond mere storage, archiving, simple search, communication or lossless compression. SaMD qualifies as a medical device and is therefore subject to the Swiss Therapeutic Products Act and the Medical Devices Ordinance, and, where applicable, to general legislation such as data protection rules.

Selfcare, Wellness and Fitness IT Products, Such as IoT and Wearables

When without any medical purpose, these are not considered SaMD and therefore do not fall under the Swiss Therapeutic Products Act and the Medical Devices Ordinance. They are instead only subject to general legislation – for example, data protection rules, and, where applicable, other sector-specific regulations not directly related to digital health (eg, wearables must comply with the requirements of the Ordinance on Telecommunications Installations to ensure the health and safety of users, including compliance with electromagnetic compatibility requirements for devices such as fitness trackers using Bluetooth).

While the mere collection of data in this context does not qualify such products as medical devices, they may fall within the scope of the Swiss Therapeutic Products Act and the Medical Devices Ordinance once a medical purpose is involved. For example, measuring pulse rate for fitness purposes does not in itself trigger medical device classification; however, if the data is used to provide medical recommendations or diagnostic conclusions, the product may be considered a medical device and become subject to the corresponding regulatory framework, including extensive obligations for manufacturers and other economic operators.

Cybersecurity and Data Protection

In digital healthcare, this is primarily regulated through general data protection law rather than a dedicated digital health framework. The Federal Act on Data Protection, complemented by cantonal data protection laws for cantonal bodies, governs the processing of sensitive health data. It requires controllers and processors to implement “appropriate technical and organisational measures” based on risk to ensure confidentiality, integrity and availability of data, without prescribing specific technical standards. The regime is technology-neutral and risk-based, and in practice organisations often rely on international standards such as ISO 27001.

The Information Security Act, in force since 2024, establishes cybersecurity governance for the federal administration and introduces requirements for federal contractors. In addition, under certain conditions, healthcare and other critical infrastructure operators such as hospitals, laboratories and social insurers are required to report cyber-attacks to the National Cyber Security Centre (NCSC) within 24 hours. These binding obligations are supplemented by sectoral regulations and non-binding guidance from authorities such as the NCSC, the Federal Data Protection and Information Commissioner (FDPIC) and Swissmedic, which together define practical expectations for cybersecurity in digital healthcare.

AI and Machine Learning

AI and machine learning are currently not comprehensively regulated in Switzerland, which has opted for a sector-specific approach. Accordingly, sector-specific changes will be made as needed, which will most likely be the case in the short to medium term for legislation in the life sciences and healthcare sectors regarding the use of AI. However, Switzerland has signed the Council of Europe’s Framework Convention on Artificial Intelligence (the “AI Convention”). The AI Convention aims to safeguard human rights and democracy. The Federal Council is currently preparing a draft bill to implement the AI Convention into national law, focusing on transparency, data protection, non-discrimination and supervision.

Environmental, Social and Governance (ESG) Matters

ESG matters are currently regulated by Article 964a et seqq of the Swiss Code of Obligations and the Ordinance on Due Diligence and Transparency in relation to Minerals and Metals from Conflict-Affected Areas and Child Labour, which provide for sustainability reporting and due diligence obligations. These provisions are expected to be replaced by the proposed Federal Act on Sustainable Corporate Governance, which is currently under consultation.

With regard to green claims, the Federal Act on Unfair Competition considers it an unfair practice to make claims about oneself or one’s goods, works or services concerning their climate impact where such claims cannot be substantiated on the basis of objective and verifiable criteria. These regulations apply to all companies falling within their scope of application, irrespective of any sector-specific regulation applicable to digital healthcare. Accordingly, while digital healthcare can generally contribute to ESG goals, it is not currently subject to any specific ESG regulations beyond those mentioned above.

Telehealth

In the sense of the overarching concept of “telemedicine”, telehealth is not regulated at the federal level. However, several of the 26 Swiss cantons have introduced provisions on telemedicine in their cantonal health legislation. These most commonly require a licence for anyone offering medical services via telecommunications from within the canton, even if the patients are not located in that canton, or for services offered from outside the canton via telecommunications but made available to the public at a point of sale or similar facility within the canton (eg, the cantons of Basel-Landschaft or Solothurn).

In contrast, the canton of Zurich requires healthcare professionals to provide care in person and, as a general rule, directly to the patient, with the term “directly” generally being understood as excluding telemedicine within the canton. This provision is, however, subject to ongoing revision.

Existing laws generally regulate the area of digital healthcare adequately in the context of medical devices (see 2.5 Issue-Specific Legal Framework). By contrast, in the field of telemedicine, most cantonal laws are either silent or provide only basic rules, which are not necessarily harmonised across Switzerland. Consequently, certain regulatory gaps remain, and harmonisation at the federal level could provide greater legal certainty, particularly given the inherently inter-cantonal and cross-border nature of telemedicine services.

In light of the recent decisions of the Court of Justice of the European Union (CJEU), which clarified that the country-of-origin principle applies to the regulation of telemedicine service providers, as well as the pending CJEU decision on whether this principle also extends to the advertising of telemedicine services (see 5.1 Emerging Legal Issues in Digital Healthcare), further judicial clarification will likely be required with respect to inter-cantonal and international use cases.

For digital health applications that do not serve a medical purpose, there is currently little specific legislation. While this absence of regulation is not necessarily problematic, the distinction between medical and non-medical purposes is not always clear-cut in practice. Moreover, there is a risk that individuals may use such applications for medical purposes despite explicit disclaimers from their manufacturers against such use. It is therefore questionable whether the current regulatory gap adequately protects users in such circumstances.

As digital healthcare is not confined to national borders, patients and consumers may face additional difficulties in enforcing liability claims, particularly where the various actors involved are located in different jurisdictions. In some cases, it may not even be apparent to users which actors are involved in the provision of a particular digital health service.

Accordingly, greater harmonisation at both the national and international levels would be desirable to address these challenges more effectively and, ultimately, to enhance patient safety.

Regulatory oversight of digital healthcare depends on the specific service or product involved. Cantonal legislation is enforced by the respective cantonal authorities, while federal legislation relating to medical devices, including software classified as a medical device, is enforced by Swissmedic. Matters relating to reimbursement fall within the competence of the Federal Office of Public Health.

At the federal level and for private institutions, data protection and privacy issues are supervised by the Federal Data Protection and Information Commissioner, whereas, where cantonal institutions (such as cantonal hospitals) are involved, the relevant cantonal data protection commissioner is responsible for oversight.

Depending on the specific product and involved service provider, digital healthcare is regulated by federal and/or cantonal law – both healthcare-related and general law provisions. To the extent that general law applies, non-healthcare regulatory bodies can be responsible. This is typically the case in the field of data protection. For example, if a responsible public body (eg, cantonal public hospital) envisages a project involving the processing of personal data that, due to the nature of the processing or the data to be processed, poses a high risk to the fundamental rights of the data subjects, the cantonal data protection commissioner must be consulted at an early stage and prior to its start.

Digital health applications that do not have a medical purpose are generally governed by general legal provisions or other sector-specific regulations applicable to particular product features (for example, rules relating to the electromagnetic compatibility of sensors or batteries). In such cases, the relevant supervisory authorities outside the healthcare sector are responsible for overseeing compliance with those specific regulatory requirements.

Regulatory authorities have a statutory duty to enforce the law and monitor compliance with applicable legal requirements. To fulfil this mandate, authorities may initiate investigations on their own initiative, including through inspections, audits or product sampling. They may also act upon notifications from private individuals, competitors, domestic or foreign authorities, or mandatory notifications submitted by service providers or economic operators themselves.

In addition, authorities generally establish annual enforcement priorities by selecting specific products, services or service providers for systematic review. These priorities are typically focused on areas that present increased risks to patient or consumer safety. The outcomes of such enforcement activities are often published in the authorities’ annual reports, which, although retrospective in nature, may provide useful insight into their regulatory focus and enforcement priorities.

To enforce the law, authorities are vested with broad powers, including the ability to impose administrative measures (eg, marketing prohibitions, warnings or the closure of premises) and, in cases of wilful non-compliance, to seek and impose criminal sanctions. At the same time, manufacturers and service providers are generally subject to a duty to cooperate with the authorities. Accordingly, any aspect of digital health may become a focus of regulatory scrutiny and be subject to frequent inspections or other enforcement activities.

Authorities in Switzerland possess extensive powers to monitor compliance with and enforce applicable laws. In parallel, market participants are generally subject to a duty to co-operate with the competent authorities. As a result, the existing legal framework provides authorities with broad and generally sufficient powers to address risks and ensure compliance.

However, given the rapid pace of technological development, the growing number of digital health technologies, and their increasingly cross-border nature, the principal challenge is often not a lack of legal powers but rather the existence of knowledge gaps and uncertainties regarding regulatory competence. For example, while Swissmedic typically possesses the medical and technical expertise required to assess issues relating to medical devices, questions concerning the processing of personal data may fall more appropriately within the remit of the Federal Data Protection and Information Commissioner. Similar challenges may arise where multiple authorities have overlapping or complementary responsibilities.

Accordingly, effective oversight depends not only on the adequacy of existing enforcement powers but also on close co-operation among authorities, the sharing of expertise across regulatory domains, and the adaptation of traditional regulatory competences to emerging technological developments.

Digital healthcare regulation is fragmented and legal risks need to be assessed from multiple angles. Depending on the specific product or service involved, cantonal or federal regulations need to be consulted and, in some cases, multiple laws apply. For instance, if a medical doctor uses a digital health app with a medical purpose for monitoring a specific patient, the Medical Devices Ordinance applies in addition to cantonal provisions and the Health Professional Act. If the patient is further located in a different canton, different cantonal provisions may apply simultaneously, which are not necessarily harmonised within Switzerland (see 2.5 Issue-Specific Legal Framework). This patchwork approach creates legal uncertainty, which requires thorough assessment and monitoring of various laws at cantonal and federal levels.

Non-Compliance With Regulations

The consequences of violation of applicable regulations have to be ascertained under the applicable laws. Generally, a violation can entail administrative measures such as formal objection and restoring obligations, suspension or revocation of licence, and seizure of products (eg, devices). A violation of the applicable law can also be subject to criminal sanctions, which will be primarily imposed on the responsible individual and only subsidiarily on the company. Individual healthcare professionals may also be subject to disciplinary measures (eg, fines or a ban on practising the profession). Generally, these measures can simultaneously apply, depending on the violation involved (see 3.3 Enforcement).

Enforcement by Regulatory Authorities

The competent regulatory authority for enforcement depends on the applicable law. Generally, the cantons are competent for enforcement in the context of healthcare providers, whereas in the area of devices enforcement is usually within the competence of the relevant federal authority (eg, Swissmedic is in charge of the regulations in relation to medical devices). In relation to data processing, depending on the involved bodies, a cantonal data commissioner or the Federal Data and Information Commissioner can be responsible for enforcement. In the context of multiple regulatory authorities, the enforcement practice may differ slightly depending on the regulatory authority involved (see 3.3 Enforcement).

Liability

The use of digital healthcare tools may increase healthcare professionals’ exposure to liability under both tort and contract law, as such tools must be used in a manner that is consistent with the applicable professional duty of care. Healthcare professionals remain responsible for ensuring that the use of digital technologies is appropriate in the specific clinical context and does not compromise patient safety.

In addition, determining the cause of a patient’s injury or other damage may be particularly complex where digital healthcare tools are involved. It may be difficult to establish whether the harm resulted from a healthcare professional’s malpractice, a defect or malfunction of the digital healthcare tool, or a combination of both. Consequently, the allocation of liability between healthcare professionals and the manufacturers or other relevant actors may not always be clear-cut.

Furthermore, digital healthcare gives rise to novel risks that are specifically associated with digital technologies. These include, in particular, cybersecurity risks, data protection breaches, and potential intellectual property infringements, especially where healthcare providers use tools incorporating AI or other advanced technologies (see 4.2 Liability Frameworks and 4.3 Defences).

Legal risks are addressed within the framework of existing statutory regulations. Depending on the circumstances, liability may arise in the form of civil or criminal liability, as well as administrative or disciplinary measures. These forms of liability and enforcement are not mutually exclusive and may apply simultaneously where their respective legal requirements are satisfied. In some cases, the cantons may also be held liable.

Civil Liability

Civil liability may be based on tort law, statutory product liability, or, in certain circumstances, contract law.

• Under tort law, any person who unlawfully causes damage to another, whether intentionally or negligently, is liable to compensate the injured party (Article 41 of the Swiss Code of Obligations). The claimant must establish, inter alia, the existence of damage, an unlawful act, fault, and a causal link between the conduct and the damage.
• The Federal Product Liability Act establishes a strict liability regime. Under this regime, the producer of a product is liable for damage caused by a defective product where the defect results in the death of or personal injury to a person, or in damage to or destruction of property, without any requirement for the claimant to prove fault.
• In certain circumstances, such as within the context of a patient–physician relationship, liability for damages may also arise under contract law. The claimant must establish, inter alia, the existence of a contractual relationship, the occurrence of damage, a breach of contractual obligations, and a causal link between the breach and the damage. Unlike under tort law, fault is presumed, and the defendant bears the burden of proving the absence of fault.

In practice, claimants often rely on the Federal Product Liability Act as the basis for liability claims because it dispenses with the need to prove fault or unlawfulness. Instead, liability arises upon proof of a product defect, damage, a causal link between the defect and the damage, and the defendant’s status as a producer. This tendency may become even more pronounced if Swiss law is influenced by recent developments in the EU. The revised EU Product Liability Directive broadens the scope of covered products by expressly including software (even though it is debatable whether software (at least as a standalone product) already falls within the definition of a product under the Federal Product Liability Act), expands the range of potentially liable parties (for example, fulfilment service providers and, in certain circumstances, providers of data-related services) and significantly eases the claimant’s burden of proof.

Criminal Liability

Criminal sanctions may apply where a person places on the market a device that does not comply with applicable legal requirements (eg, Article 86 paragraph 1 lit d of the Swiss Therapeutic Products Act in relation to medical devices) or endangers the health or safety of persons (eg, Article 16 of the Federal Act on Product Safety, which applies to products in the absence of more specific legislation; although it is disputed whether the term “product” under the current version of the Federal Act on Product Safety also covers software, the draft of the revised Federal Act on Product Safety provides for the inclusion of intangible and digital/virtual objects in the definition of a product in accordance with the definition of “product” in Regulation (EU) 2023/988 on General Product Safety).

Service providers may also be subject to criminal sanctions under cantonal health legislation – for example, where they operate without the required licences. In addition, they may be held liable under the general provisions of the Swiss Criminal Code – for example, for offences involving bodily injury.

Administrative and Disciplinary Measures

Non-compliance with regulatory requirements may also result in administrative measures. Competent authorities generally possess broad enforcement powers and may adopt the measures necessary to restore compliance, including issuing formal orders, requiring corrective actions, suspending or revoking licences, seizing products (such as medical devices), issuing warnings or ordering product recalls.

Individual healthcare professionals may additionally be subject to disciplinary measures, including warnings, fines, temporary suspensions, or permanent prohibitions from practising their profession.

State Liability

To the extent that a public hospital uses digital health tools or provides digital health services that cause damage, the state may be held liable. Liability is governed by the applicable cantonal state liability legislation. Under these laws, the state may be liable for damage unlawfully caused to third parties by public officials acting in the course of their official duties.

There are various mechanisms available to mitigate or defend against exposures discussed in 4.1 Legal Risks of Digital Healthcare.

Civil Liability Defences

In respect of civil liability claims based on tort or contractual law, the claimant has to prove the breach of law or contract, the causal link between the act and the damage as well as the damage itself, and in the case of tort law the defender’s fault. Therefore, defences are typically based on the burden of proof, which rests with the claimant.

Under the Federal Act on Product Liability, the law provides for exceptions to liability – ie, the manufacturer is not liable if it proves that:

• it did not place the product on the market;
• under the circumstances, it can be assumed that the defect that caused the damage did not yet exist when it placed the product on the market;
• it neither manufactured the product for sale or any other form of distribution for commercial purposes nor manufactured or distributed it in the course of its professional activities;
• the defect is attributable to the fact that the product complies with mandatory, officially enacted regulations; or
• the defect could not have been detected based on the state of science and technology at the time the product was placed on the market.

Furthermore, the manufacturer of a raw material or a component product is not liable if it proves that the defect was caused by the design of the product into which the raw material or component product was incorporated, or by the manufacturer’s instructions for that product.

In the context of digital health, the defence that a defect could not have been detected based on the state of scientific and technical knowledge at the time the product was placed on the market may be of particular importance. The same applies to compliance with applicable technical standards (see 2.4 Technical Standards). Accordingly, comprehensive technical and safety documentation may be crucial in establishing a defence under the Federal Act on Product Liability.

Finally, it may be argued that digital health applications consisting of standalone software do not fall within the scope of the Federal Act on Product Liability, because it applies only to “products” as defined as tangible movable goods. However, this strict interpretation remains controversial (and is probably no longer tenable today), and would in any event not apply to software embedded in a physical product, such as a medical device.

Criminal Liability Defences

In relation to criminal liability, informed consent of the patient may constitute an important defence in criminal proceedings based on allegations of personal injury. Furthermore, as criminal sanctions generally require intent or negligence, demonstrating the absence of the requisite subjective element constitutes another key defence.

In general, defence strategies can also be based on the principle of in dubio pro reo. Under this principle, where there is insurmountable doubt as to whether the factual elements of the alleged offence have been established, the court must decide in favour of the accused and proceed on the basis of the facts most favourable to them.

Defences in Relation to Administrative and Disciplinary Measures

When facing potential administrative or disciplinary measures, a co-operative and proactive approach is often beneficial. In particular, where a regulatory violation is promptly remedied to the satisfaction of the competent authorities and without requiring further intervention on their part, the authorities may refrain from imposing additional measures.

From an international perspective, as digital health services increasingly transcend traditional geographical boundaries, it remains to be seen how recent developments in the EU concerning cross-border telemedicine will influence the ongoing revision of cantonal health legislation and the future development of Swiss case law.

In September 2025, the CJEU held in Case C-115/24 that the concept of “telemedicine” covers any health service which is provided, exclusively via ICT, to a patient by a healthcare provider established in a member state other than the member state of affiliation, at a distance and therefore without that patient and that provider being simultaneously physically present in the same location. The Court further clarified that, in principle, the law of the member state in which the provider is established governs the provision of such services, thereby confirming the application of the country-of-origin principle to telemedicine services.

A related question remains pending before the CJEU, namely whether the country-of-origin principle also extends to the advertising of telemedicine services or whether member states may impose more restrictive advertising requirements for the purposes of consumer or patient protection.

As Switzerland is not a member of the EU, this jurisprudence is not directly applicable. Nevertheless, it remains to be seen whether these developments will be considered in the context of ongoing and future revisions of cantonal healthcare legislation. Given the close economic and regulatory ties between Switzerland and the EU, it is conceivable that Swiss legislators, authorities and courts may look to this emerging European case law for guidance when addressing questions relating to cross-border telemedicine.

(See 2.3 Role of Policymakers regarding the national DigiSanté programme and 2.5 Issue-Specific Legal Framework regarding AI and machine learning.)

Electronic Health Dossier

The Federal Act on the Electronic Patient Record is to be replaced by a new Federal Act on the Electronic Health Record, which envisages replacing the current EPR (see 1.2 Use/Application of Digital Healthcare) with a new electronic health dossier (E-HD). The reform is driven by the limited adoption of the Federal Act on the Electronic Patient Record to date, which has been attributed, at least in part, to the largely voluntary participation of key stakeholders.

The proposed reform introduces two fundamental changes. First, it establishes an opt-out model (Widerspruchslösung), under which every person resident in Switzerland would automatically receive an E-HD free of charge, while retaining the right to object. Second, it introduces a mandatory connection requirement, obliging all healthcare professionals and institutions billing services through compulsory health insurance or accident, disability or military insurance to connect to the system and record all treatment-relevant information. The reform further provides that the Confederation will assume responsibility for the technical infrastructure, while the cantons will bear the operating costs. Health data will remain subject to Swiss law and must be stored in Switzerland. At the same time, holders of an E-HD will retain full control over their health data by determining who may access it and by being able to review and manage their information at any time.

The Federal Council submitted the draft Federal Act on the Electronic Health Record, together with its explanatory dispatch, to parliament in November 2025. If the parliamentary process proceeds as expected, the new system could come into force as early as 2030.

Product Liability Legislation

In 2024, Directive (EU) 2024/2853 of the European Parliament and of the Council of 23 October 2024 on liability for defective products, which repeals Council Directive 85/374/EEC, entered into force. This revised EU Product Liability Directive broadens the scope of covered products by expressly including software. The Directive also expands the range of potentially liable parties, including fulfilment service providers and, in certain circumstances, providers of data-related services, and significantly alleviates the claimant’s burden of proof. Given that the Federal Act on Product Liability was largely harmonised with the repealed Directive 85/374/EEC, these developments may create pressure for a corresponding adaptation of Swiss law. However, as of the publication of this chapter, no legislative action has been taken in Switzerland.

(See 2.5 Issue-Specific Legal Framework regarding AI and machine learning, and 4.2 Liability Frameworks regarding criminal liability, in relation to the revised Federal Act on Product Safety.)