Swiss politics is intensively involved with issues relating to artificial intelligence (AI). The Federal Council has already answered several interpellations and enquiries on topics relating to AI. The topics covered included possible damage caused by false statements from chatbots, the collection of biometric data in railway stations and the impact of AI in general.
Why is data protection relevant for AI applications at all?
AI applications access a large amount of unstructured data and try to recognise patterns in this data using algorithms. This pattern recognition is improved or trained by making a large number of adjustments to the algorithms. The intensive data collection required for the operation of an AI, combined with the linking of data sources, can lead to numerous sources of conflict with data protection law. On the one hand, AI applications are in conflict with the data minimisation principle standardised in Art. 6 para. 2 and 4 of the Federal Act of 25 September 2020 on Data Protection (Data Protection Act, DPA; AS 2022 491). In addition, the purpose limitation of data processing standardised in Art. 6 para. 3 – 4 nDSG is not necessarily observed in AI systems, as AI applications are able to incorporate data that is no longer used into the pattern recognition process, which no longer has anything to do with the original processing purpose. Another problem is the lack of transparency in the decision-making process of an AI application. It is not clear to outsiders on what basis the AI application has made a decision. The obligation to provide information under Art. 7 para. 1 – 2 nDSG is therefore also undermined. AI applications unquestionably fulfil the requirements for an automated individual decision pursuant to Art. 21 para. 1 – 3 nDSG, which provides for information, action and verification obligations.
As can be seen, AI systems collide with established data protection principles and rules in many places. Regulating these aspects is of paramount importance in order to design AI applications in compliance with data protection regulations so that their capabilities can be used with minimised risks.
The motions in detail
Several motions on the topic of AI were submitted during the special session on 4 May 2023. Firstly, a postulate was submitted calling on the Federal Council to examine a transparency register for the use of AI by federal companies (23.3565). Another postulate goes in a similar direction, calling for the transparency register for the use of AI in the federal administration to be reviewed for completeness (23.3566). Furthermore, a regulation of “deepfakes” (23.3563) was called for.
However, there were also several motions that are still pending that deal with the regulation of AI at a higher level. (23.1011, 23.3583, 23.3201, 23.3147)
In the following, we will provide a brief overview of these and other pending motions and explain what lies behind them.
Review of the legal basis for AI in the energy sector – 23.1011
This request to the Federal Council dealt with the use of AI in the energy sector. The applicant wanted to find out the legal framework for the use of AI systems in the sector and the influence of factors such as cyberattacks or risk assessment on the decision-making process. The applicant was also interested in knowing how the energy authorities keep track of the use and impact of AI in the energy sector.
The Federal Council recognises that the topic of AI in Switzerland has not yet been specifically regulated by law for the energy sector. In this context, however, it refers to existing legal requirements from the relevant areas and does not share the applicant’s concerns that there are many uncertainties regarding regulation, overview and assessments. He also referred to the current legislative activities of the European Union (EU) with regard to AI systems, which are being continuously examined by Switzerland for their impact, and emphasised that the first requirements for cyber security and resilience of companies in the electricity supply sector will be enshrined in the Federal Act of 18 December 2020 on the In contrast, the Federal Council has assigned the task of assessing and weighing up the benefits and risks when examining the use of AI systems to the energy companies. The Federal Council also admitted that there is no overview of the use of AI systems in the sector and that the authority to demand this is very limited. In addition to the information that can be requested by law, surveys would be considered on a voluntary basis.
You can find out more here:
Deficits in the legal system in connection with AI – 23.3583/ 23.3201/ 23.3147
These motions raise questions in the context of general legislation and law enforcement relating to AI systems. Questions are being asked about legal loopholes in connection with AI systems and strategies for circumventing or filling them. Safety and the promotion of innovation through a clear legal basis are also addressed.
In its answers, the Federal Council refers to previous national and international activities in this area. It points out that it is active at various levels and will be able to provide clear answers on the need for action by 2024. Both sectoral and horizontal measures are being considered. These should then serve as a basis for further discussions in Parliament and in public.
European digital policy – 21.3676
This motion called for the development of a position in relation to the current European regulation of digitalisation. The applicant’s concern was the definition of clear responsibilities and active involvement in the process in order to represent Switzerland’s interests. The motion argues that Switzerland must not lose sight of its sovereignty under the enormous regulatory pressure from the EU. With Switzerland’s current inactive and wait-and-see approach, there is a risk of losing touch in digital markets and becoming overly dependent on the EU.
The Federal Council emphasises the close monitoring and analysis of European legislation and sees the adoption and possible adaptation of this to Switzerland as an opportunity to put itself in a good starting position. However, no action is currently required as Switzerland does not yet consider developments in the EU to be sufficiently advanced.
You can find out more here:
Cybersecurity – 22.4270 & 22.3414
The initiative was also taken in the area of cybersecurity with motions. Motion 22.4270 called on the Federal Council to promote cybersecurity innovations and projects in Switzerland.
In a second motion 22.3414, the Federal Council is to draft legislation to ensure the security of critical infrastructure in the information and communication sector against cyberattacks by other countries.
The Federal Council refers to various measures that the DDPS has taken to promote innovation. It also considers existing measures to be sufficient. The same applies to the protection of critical infrastructure from the influence of other states. In-depth analyses are already underway in the background, which need to be completed before a legal basis is created. This process is also already underway, so the Federal Council has requested that both motions be rejected.
You can find out more here:
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20224270
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20223414
E-health – 22.3859
Based on motion 22.3859, the Federal Council is to present a clear plan on how the digitisation goals in the healthcare sector can be achieved with standardised processes and data sets and how backlogs can be made up. It is also instructed to create a legal basis for the use of SMVS (Swiss Medicines Verification System) data for the digital management of supply bottlenecks.
Based on motion 22.4423, the Federal Council is to take a further step towards a digitalised healthcare system by creating a legal basis for the use of QR codes on medicinal products.
The Federal Council shares the concern of the first motion that there is a backlog in the digitalisation of the healthcare system, but believes it is already well on the way to addressing this. A dispatch is to be submitted to Parliament by the end of 2023, including a corresponding commitment credit. In this context, however, the Federal Council points to its limited regulatory powers in the healthcare sector and the resulting lack of standards.
In contrast, the Federal Council believes that the request to create a legal basis for the use of SMVS data is premature, as no conclusive analysis of how to manage supply bottlenecks is yet available. The SMVS database is one possible option, but not the only one. Only once the analysis has been finalised will it be possible to determine which solution will be used.
With regard to the second motion, the Federal Council recognises the advantages of using QR codes on pharmaceutical packaging. However, it emphasises the need for appropriate transitional periods and barrier-free access to the information.
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20223859
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20224423
Innovation – 21.3937
This amendment also instructs the Federal Council to set up a guarantee and credit system to enable SMEs to invest in climate-friendly and digitalised work or production processes.
In its statement, the Federal Council refers to existing mechanisms that are already successfully enabling these investments. According to the Federal Council, Switzerland has always been successful in this regard in an international comparison. In addition, further measures to strengthen the venture capital market are planned, so the Federal Council has requested that the motion be rejected.
You can find out more here: