Internet & Online Safety · Switzerland
Online safety & content laws in Switzerland (2026)
Switzerland shaded by its internet & online safety status
Switzerland does not yet have a comprehensive domestic online safety or platform-regulation law. The Federal Council opened consultation in October 2025 on a draft DSA-inspired Act on Communication Platforms and Search Engines (KoPSG), targeting very large platforms (≥10% of Swiss monthly active users ≈ 900,000). Existing rules provide age-verification obligations for on-demand audiovisual and video-game services and general data-protection coverage under the revised nFADP, but no overarching platform content-moderation regime is currently in force.
Key points
On 29 October 2025 the Federal Council launched consultation on a draft Federal Act on Communication Platforms and Search Engines, modelled on the EU DSA. It would impose content-reporting mechanisms, internal complaints procedures, mandatory participation in certified out-of-court dispute resolution, advertising-archive obligations, and transparency on recommendation systems. Consultation closed 16 February 2026; parliamentary timeline not yet set.
The KoPSG draft targets only platforms whose primary function is to store and publicly disseminate user content and that have at least 10% of Switzerland's resident population (≈900,000 people) as monthly active users over a six-month period, plus large search engines. Smaller services are excluded.
The Federal Act on the Protection of Minors in Films and Video Games (JSFVG), passed September 2022 and progressively in force since 2024, requires on-demand service providers to implement age-verification and parental-control systems before first use, and to restrict access to age-inappropriate content including pornography (minimum age 16).
Switzerland is not an EU member and the EU Digital Services Act (DSA) is not directly Swiss law, but Swiss-based companies that offer services to EU users and qualify as intermediary services under the DSA must comply with its obligations. Major platforms operating in Switzerland are therefore subject to DSA requirements in parallel with any forthcoming Swiss rules.
In January 2025 the Federal Council opened consultation (closed 6 May 2025) on a partial revision of the telecommunications-surveillance ordinance (VÜPF). Key proposals include requiring Swiss email and VPN providers with ≥5,000 users to log and retain IP metadata for six months and to deliver metadata to authorities in real time; Article 50a would compel providers to decrypt data they have themselves encrypted. Significant industry and civil-society opposition has been lodged; a final decision was expected no earlier than autumn 2025.
The revised Federal Act on Data Protection (nFADP/DSG) has been in force since 1 September 2023. It significantly updated Switzerland's data-protection framework (bringing it closer to GDPR standards) and imposes obligations on platforms and online services processing Swiss residents' personal data, including breach notification, privacy-by-design, and data-processing impact assessments.
Timeline - major decisions & events
The Federal Council launched a public consultation on the draft Federal Act on Communication Platforms and Search Engines (KomPG), targeting very large online platforms and search engines used by ≥10% of Swiss residents monthly (approx. 900,000 users). The bill imposes content-reporting channels, algorithmic transparency, advertising archives, GTC requirements, and a mandatory Swiss legal representative for foreign operators. Consultation closed 16 February 2026.
DETEC (Federal Department of Environment, Transport, Energy and Communications) ↗An amendment to the Information Security Act (ISG), together with the new Cybersecurity Ordinance (CSV), made it compulsory for operators of critical infrastructure (energy, water, transport, cantonal/communal administrations) to report cyberattacks to the Federal Office for Cybersecurity (BACS) within 24 hours of discovery. Fines of up to CHF 100,000 for non-compliance apply from 1 October 2025.
Federal Office for Cybersecurity (BACS) / NCSC ↗Switzerland's comprehensively revised data protection law took effect, aligning with EU GDPR principles and enabling ratification of Council of Europe Convention CETS 108+. Key additions include mandatory data breach notification, privacy-by-design obligations, new data subject rights, and personal fines up to CHF 250,000—directly affecting how online services handle Swiss users' data.
Federal Council / SECO ↗The Federal Council and cantons approved a new time-unlimited National Cyberstrategy, superseding the 2018–2022 NCS. It defines 17 measures across five objectives: empowerment of individuals/businesses, secure digital services and infrastructure, effective incident detection and response, prosecution of cybercrime, and Swiss leadership in international cooperation.
National Cybersecurity Centre (NCSC) ↗The comprehensively revised TCA explicitly enshrined net neutrality in statute (Art. 12e), requiring ISPs to treat all internet traffic equally without technical or economic discrimination. The revision also strengthened consumer protection online through stricter rules on phone marketing, spoofing prevention, ISP obligations to combat spam, and protections for children and young people.
fedlex.admin.ch ↗Swiss voters approved (63.1% in favour) extending the criminal anti-discrimination norm (Art. 261bis SCC) to cover sexual orientation, explicitly criminalising discriminatory statements made on social media, television, and public venues. This was the first direct-democratic extension of Swiss speech law to cover online platforms.
Federal Chancellery ↗The Federal Council adopted the second NCS, establishing the National Cybersecurity Centre (NCSC) as the primary coordination body for cyber policy. It set structured governance targets for protecting critical infrastructure, the economy, and Swiss society from cyber threats, building on the capability foundations of the 2012–2017 NCS.
National Cybersecurity Centre (NCSC) ↗The revised Ordinance on Surveillance of Post and Telecommunications (VÜPF) implemented the 2016 BÜPF statute, placing concrete data retention and technical interception obligations on ISPs, email providers, and hosting services, with requirements calibrated by provider type and scale. This established the operational framework for lawful interception of internet communications.
fedlex.admin.ch ↗The Federal Council adopted Switzerland's inaugural national cybersecurity strategy, establishing for the first time an institutional and policy baseline for countering cyberrisks at the federal level. The strategy focused on building capabilities, governance structures, and inter-agency coordination mechanisms for protecting critical infrastructure—laying the groundwork for all subsequent cybersecurity legislation.
National Cybersecurity Centre (NCSC) ↗Switzerland - other topics
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Explore the full world map →