In a presentation at the University of Bern on 22 August 2023, I explained the modalities regarding data security and reporting obligations under the DPA and the ISG in procurement. Now there is something to report again in this area: From 1 April 2025, operators of critical infrastructure in Switzerland will be obliged to report cyberattacks suffered to the Federal Office for Cybersecurity (BACS) within 24 hours of their discovery. This measure is intended to strengthen cyber security and increase the resilience of essential services. We showed that this is necessary in the Insight of 31 December 2024, in which we reported on the high number of cyber incidents in Switzerland (every 8.5 minutes!). The current article explains the background to the new reporting obligation, the legal basis, the sectors affected and the practical implications, and provides recommendations for action for companies and authorities.

The ESG regulatory environment continues to evolve: the first "Omnibus Simplification Package" aims to simplify reporting obligations and regulatory requirements for companies in the EU. But what is behind the changes? What impact will this have on companies in Switzerland and where do challenges still lurk? We analyse the key points of the reform and report on the relevance for Swiss companies.

The mortgage reference interest rate in Switzerland was lowered to 1.5 percent as of 3 March 2025. This adjustment will have a direct impact on rents in the country. Find out what rights and opportunities this gives tenants and how they can benefit from this change.

The debate surrounding the monetisation of video games has long since become a core issue within the gaming world. For some time now, the focus has primarily been on all forms of loot boxes. However, the constant evolution of technology, society, and the economy has introduced a challenger to loot boxes as a prevalent and long-term monetisation system: the Battle Pass.

In its judgment of 4 October 2024, the Court of Justice of the European Union ruled that an apology may be sufficient as reasonable compensation for non-material damage under Art. 82 GDPR (ECJ, judgment of 4.10.2024, Ref. C-507/23).

The storage and use of credit rating data is subject to strict data protection regulations. The use of creditworthiness data by companies can take place in two directions: On the one hand, companies access creditworthiness information in order to assess risks when awarding contracts. On the other hand, they themselves report data to SCHUFA Holding AG in order to provide the overall system with information.

GEMA sues Suno Inc's AI music tool for unauthorised processing of protected musical works.

Free webinar on 27 February 2025 at 12:00 noon. Register now!

The European Union is pursuing an ambitious digital strategy that also has a significant impact on Switzerland. The latest analysis by the Interdepartmental Coordination Group on EU Digital Policy (IC-EUDP) shows this: While there are currently no immediate risks to access to the single market, new regulations on artificial intelligence, cybersecurity and data management could pose challenges for Swiss companies. How should Switzerland position itself?

The Federal Council is planning a new law to remunerate media companies and journalists for the use of their content by major online services such as search engines and social media. This initiative aims to make the digital use of journalistic services fairer and to strengthen media diversity in Switzerland.

swiss Post "A Mail Plus" consignments can also be tracked and delivered on Saturdays. This can lead to disadvantages for recipients if they are unable to accept the consignment because they are not present (at the office). There is already an explicit regulation in the Code of Civil Procedure to compensate for disadvantages: Notices triggering a time limit that are delivered on a Saturday are only deemed to have been delivered on the next working day.

On 12 February 2025, the Federal Council published an overview of possible regulatory approaches to artificial intelligence (AI), which it had commissioned DETEC and the FDFA to draw up in November 2023. On the basis of this overview, the Federal Council decided in favour of a regulatory approach for AI: ratification of the Council of Europe's AI Convention with sectoral amendments to existing laws. The Federal Council's regulatory approach is based on three objectives: - Strengthening Switzerland as a centre of innovation, - safeguarding the protection of fundamental rights, including economic freedom, and - Strengthening the public's trust in AI. On this basis, the FDJP, together with DETEC, is to draw up a consultation draft and an implementation plan by the end of 2026 (!). In this article, we reflect on the impact of sectoral regulation.