What’s new?
On February 12, 2025, the Federal Council Bern decided to ratify the Council of Europe’s Convention on Artificial Intelligence and consequently, harmonize the Swiss law accordingly.
This initiative aims to harness AI’s potential to strengthen Switzerland as an economic and innovation hub on the other hand minimize the social risks.
The legislative changes will primarily be sectoral — such as in healthcare or transportation —and supplemented by non-binding measures, such as self-regulation agreements.
The Federal Department of Justice and Police (DFJP), in collaboration with the Federal Department of the Environment, Transport, Energy, and Communications (DETEC), the Federal Department of Foreign Affairs (FDFA), and the Federal Department of Economic Affairs, Education, and Research (EAER), has been tasked with presenting a draft proposal on AI and complementary measures by the end of 2026.
What documents support the Federal Council’s decision?
1) AI regulation: analysis of the current situation
Prepared by DETEC and FDFA, this analysis examines AI regulatory frameworks in 20 countries, highlighting highly diverse regulatory approaches. The evaluation is based on five criteria: content, applicability to public and private sectors, scope of intervention, implementation status, and governance structures.
Some countries, such as Brazil, Canada, and South Korea, adopt risk-based models inspired by the EU AI Act. Others, such as Israel, Japan, and Singapore, prefer less restrictive regulations to foster innovation.
Countries influenced by the EU tend to adopt horizontal regulatory approaches, while others, such as the UK, follow sectoral guidelines based on OECD principles. Nearly all regulate both the public and private sectors, but only the EU and South Korea have adopted legally binding instruments.
A limitation of the analysis is that it predates the repeal of Biden’s AI executive order by the new President Trump, which reduced attention to direct and indirect risks. The revoked executive order had required AI developers to share safety test results with the federal government before public release.
2) Interdepartmental AI working group report to the Federal Council
This 2023 sectoral impact assessment gathered input from numerous departments and specialized offices on the need for legislative adjustments to manage AI’s impact. The sectors analyzed include energy, transportation, finance, public security, border control, culture, media, health, statistics, administration, and intellectual property.
Specific challenges emerged, common concerns include transparency, explainability, data protection, and discrimination risks.
Although Switzerland’s technology-neutral regulatory framework is appreciated, 80% of departments believe a solely sectoral approach is insufficient.
As a result, a cross-cutting regulatory model was proposed to address common issues, complemented by sector-specific measures where necessary. For example, in the financial sector, FINMA’s December 2024 guidelines are supported by efforts from the State Secretariat for International Finance.
What regulatory approaches were suggested to the Federal Council, and what was chosen?
The analysis of the document suggested three regulatory approaches:
1) Sectoral approach: The Federal Council would not introduce new measures, leaving specialized offices to adjust regulations. However, this strategy risks creating inconsistencies and gaps in addressing cross-cutting challenges.
2) Ratification of the Council of Europe’s AI Convention:
-
- Option a): Minimal implementation, limited to the public sector.
- Option b): Extended implementation, applicable to both public and private sectors.
In both cases, federal-level coordination would be necessary to ensure a unified approach.
3) Ratification of both the Convention and the EU AI Act: Recognizing the mutual recognition agreement between Switzerland and the EU, this approach would require broad regulatory adjustments. However, it would impose the greatest regulatory burden on the Swiss Confederation.
On February 12, 2025, the Federal Council opted for the second approach.
Specifically, the Council ratified the Council of Europe’s AI Convention, intending to integrate it into Swiss law and apply it primarily to the public sector (Option a).
Limited cross-sectoral regulations will also be introduced in key areas for fundamental rights, such as data protection, while maintaining a predominantly sectoral legislative approach.
Additionally, non-binding measures—such as industry codes of conduct or best practices—will be developed to support the Convention’s implementation.
Next steps
As mentioned earlier, the next step involves drafting a preliminary legislative proposal by the end of 2026. This will emphasize transparency, data protection, non-discrimination, and human oversight, alongside a plan for complementary non-binding measures.
The Federal Council believes this approach is balanced and provides a robust legal framework to support AI’s rapid development and potential.
Open issues
EU AI Act and Swiss Companies: The EU AI Act has extraterritorial effects and applies to Swiss companies when they place AI-based products or services on the European market or when AI systems developed in Switzerland are used within the EU.
This means that even if Swiss regulations for the private sector remain “light,” companies operating in the European market must comply with strict EU standards. In particular, they will be required to meet high transparency, security, risk analysis, and fundamental rights protection requirements.
Role of the Federal Data Protection and Transparency Officer (IFPDT): The IFPDT has clarified that Switzerland’s current Federal Data Protection Act (FADP) directly applies to data processing based on AI and automated decision-making. Therefore, in addition to the oversight role of the IFPDT and cantonal authorities, other departments or agencies will be involved for specific sectors, such as banking (e.g., FINMA).
It will be necessary to clarify the responsibilities regarding oversight and notification of adverse events (e.g., data breaches).
Article edited by LabCode
