Telecommunications providers must cooperate in surveillance – but who exactly? And what data do they have to hand over? The new regulations impose clear obligations.
What is behind the revision?
On 29 January 2025, the Federal Council opened the consultation on the partial revision of the Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF) and the Ordinance of the FDJP on the Surveillance of Postal and Telecommunications Traffic (VD-ÜPF). The aim of the amendment is to more clearly define the duties of co-operation of telecommunications providers and to adapt them to technological developments.
These providers are affected
The new regulations affect telecommunications service providers (TSPs) and providers of derived communications services (DTSPs) in particular. TSPs are companies that provide traditional telecommunications services to the public, such as operators of mobile and fixed networks and internet access services. AAKDs, on the other hand, are service providers that provide communication services without operating their own telecommunications infrastructure. These include, in particular, providers of messaging, VoIP or email services, such as WhatsApp, Signal or Skype.
New categorisation and obligations
The revision introduces a more differentiated categorisation of monitoring obligations. For TSPs, a distinction will continue to be made between those with full obligations and those with reduced obligations. Suppliers with full obligations must technically implement all monitoring measures ordered by the authorities, provide the corresponding interfaces and bear the costs themselves. Providers with reduced obligations are subject to fewer technical requirements and only have to enable certain monitoring measures, but not in real time.
The revision provides for a three-level differentiation for the AAKD. Providers with minimal obligations are only obliged to provide basic identification information, while providers with reduced obligations are additionally obliged to make certain communication data available if ordered to do so by the authorities. AAKDs with more than one million users or an annual turnover of more than CHF 100 million are considered providers with full obligations and – similar to TSPs with full obligations – must actively participate in monitoring measures and provide technical interfaces.
Encryption remains a sticking point
The clarification of the decryption of data is particularly relevant. However, this obligation does not apply to end-to-end encrypted communication – this remains protected. Providers of messenger services or comparable platforms that have no way of accessing the content of the communication are therefore not obliged to remove encryption. On the other hand, the obligation to decrypt applies in particular to server-side encrypted content where the providers themselves have access to the data.
Introduction of new types of information and monitoring
In addition to the redefinition of the obligations to cooperate, new monitoring and information types will also be introduced. Among other things, certain requests for user identification are to be standardised and retroactive monitoring facilitated. Furthermore, in the case of real-time monitoring, the possibility is to be created to record only part of the content data instead of monitoring the entire communication.
What does this mean for affected companies?
The planned partial revision of the VÜPF and VD-ÜPF represents an adjustment to the current technical and economic circumstances. It has a direct impact on telecommunications and communications providers, who should review their compliance processes and familiarise themselves with the new requirements. Those who do not prepare in good time risk problems with implementation. The consultation offers affected companies and interest groups the opportunity to comment on the proposed changes until 6 May 2025 and actively participate in the legislation.
Sources
- Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTA, SR 780.1)
- Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF, SR 780.11)
- Ordinance of the FDJP on the Surveillance of Postal and Telecommunications Traffic (VD-ÜPF SR 780.117)
- Federal Council press release of 29 January 2025
- Explanatory report on the opening of the consultation procedure of 8 January 2025
- Contribution from the FDJP: Duties of those obliged to cooperate