Skip to content

The European Union (EU) has recently adopted regulations in the digital sector and is actively working on new ones. From the Digital Services Act (DSA) and Digital Markets Act (DMA) to the AI Regulation (AI Act) recently passed by Parliament, important changes are imminent in the EU area. The question arises as to how this multitude of regulations will affect Switzerland. Switzerland is actively analysing the impact of EU legislation in the digital sector with the Interdepartmental Coordination Group on EU Digital Policy (IC-EUDP). In its latest report from March 2023, the IC-EUDP does not yet see any immediate need for action, but nevertheless recognises that the EU measures are far-reaching and will affect Switzerland.

In this article, we will take a closer look at the IC-EUDP’s analysis document and summarise the impact of relevant EU legislation for you.

In its latest report, the IC-EUDP states that there are still no significant market access barriers for Switzerland in the digital sector. However, the IC-EUDP recognises that the EU is increasingly positioning itself as a global, digital policy standard setter and that foreign companies, including Swiss companies, will inevitably have to adapt to the rules.

Digital Services Act (DSA)

The Digital Services Act came into force on 16 November 2022. The DSA provides a standardised regulation for the rights and responsibilities of digital services when dealing with illegal or harmful online content. Online platforms are also covered by this regulation. The obligations imposed are determined by the size and scope of the digital service.

The IC-EUDP assumes that this will have both direct and indirect effects on Switzerland and companies based in Switzerland. Like the General Data Protection Regulation (GDPR), the DSA has an extraterritorial effect, meaning that companies that offer services to customers in the EU are also affected by the DSA. The place of establishment is irrelevant here. Enforcement of the regulations is guaranteed by the obligation to appoint a legal representative within the EU. The IC-EUDP views this obligation as a low-threshold barrier to market access, as the appointment of a legal representative does not entail any significant effort and the costs for a legal representative are not disproportionate. Further obligations affect all addressees of the DSA, meaning that there is no discriminatory barrier to market access.

While the IC-EUDP believes that it is possible that companies will also apply EU standards in Switzerland, it is equally possible that Swiss customers will be placed in a worse position than EU customers if no equivalent Swiss legislation is introduced. After all, the obligations imposed represent an additional expense for companies and would only take effect in Switzerland if companies were to commit themselves voluntarily.

Digital Markets Act (DMA)

The Digital Markets Act came into force on 1 November 2022. The purpose of the DMA is to make digital markets fairer and more competitive. Large online platforms with a “gatekeeper function” are to be regulated more strictly in order to prevent abuse of market power.

As there were no companies based in Switzerland that could be classified as large platforms as of March 2023, the IC-EUDP assumed that the direct impact on Switzerland and companies in Switzerland would be minimal.

In the case of the DMA, however, the IC-EUDP assumes that large foreign companies with a “gatekeeper function” will also apply EU rules in Switzerland, as in most cases it would not be financially worthwhile to treat them differently. In the opinion of the IC-EUDP, Swiss users should therefore benefit from the DMA.

Data Governance Act (DGA)

The Data Governance Act was published on 30 May 2022 and will apply from 24 September 2023. It aims to promote the free flow of data in all areas of activity in the internal market. It aims to incentivise the re-use of sensitive data held by public bodies that is subject to a duty of confidentiality.

The Data Governance Act does not apply directly to Switzerland. However, Swiss companies that offer their services as data intermediaries in the EU are subject to certain rules, such as the appointment of a legal representative in an EU member state.

The DPA is also relevant for the transfer of confidential, non-personal data from EU public bodies to Switzerland. In this case, appropriate safeguards for the protection of trade secrets and intellectual property must be ensured. The Commission may adopt implementing acts to determine whether a third country offers an essentially equivalent level of protection. According to the IC-EUDP’s assessment, this may affect companies or organisations in Switzerland that receive confidential data from EU public bodies and wish to transfer it to Switzerland. It is important to distinguish the adequacy decision procedure for the transfer of confidential data from public sector bodies from the adequacy decision procedure under the GDPR, which applies to the transfer of all personal data to third countries.

Data Act

The Data Act is currently in the legislative process and is intended to regulate who may use the personal and non-personal data generated in the EU’s economic sectors and who has access to it and under what conditions.

In Switzerland, there are no general horizontal rules or laws on data governance for non-personal data. However, various projects are underway, including sector-specific initiatives in the areas of geodata, public transport and statistics.

The proposed regulation for the Data Act is still in the legislative process and is the subject of controversial debate. There is a proposal that the Data Act should have an extraterritorial effect, which would mean that Swiss companies would also have to comply with the obligations of the Data Act if they are active in the EU internal market. The proposed restrictions on the cross-border transfer of data to non-EU countries could represent an obstacle to cross-border activities, and the IC-EUDP, together with other authorities, will closely monitor the legislative process in order to identify possible effects at an early stage.

AI Regulation (AI Act)

The AI Regulation was adopted by the EU Parliament on 14 June 2023 and is currently in trilogue (negotiations between the European Commission, the Council of the European Union and the European Parliament). The AI Regulation provides for graduated obligations for artificial intelligence (AI), depending on its level of risk. The higher the risk of the AI, the more obligations are imposed on its operation.

There are currently no specific legal regulations for AI in Switzerland. The handling of AI is based on existing national and international legislation such as the Federal Constitution (FC) and the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR).

While the IC-EUDP considers adjustments to existing regulations in specific sectors to be unavoidable, it considers the general legal framework to be sufficient. It uses OFCOM’s evaluation on this topic from 2022 as the basis for this assessment.

Impacts on Switzerland are feared due to the extraterritorial effect, particularly for Swiss companies and research institutions operating in the EU. According to the IC-EUDP, developments are being monitored and Switzerland is preparing to apply the product certification mechanisms for high-risk products from the AI Ordinance.

Sources:

2023 analysis document – EU digital strategy