ISA as approved by Parliament in December 2020
New reporting obligation pursuant to draft law
Enforcement
New tasks for NCSC
Comment
According to a press release dated 2 December 2022 (available in English, German, French and Italian), the Federal Council has submitted a dispatch (the Federal Council dispatch) along with a draft bill of law to Parliament that will introduce a mandatory reporting of cyberattacks on critical infrastructures in Switzerland. The legal basis for this new reporting obligation will be created by an amendment to the Information Security Act (ISA). The amendment also brings about additional competencies for the Swiss National Cyber Security Centre (NCSC).
ISA as approved by Parliament in December 2020
The original version of the new ISA was adopted by Parliament on 18 December 2020 (for further details, see “Parliament adopts Information Security Act”). Rather than setting out detailed obligations and standards itself (which could be quickly outdated), the ISA is designed as an overarching law establishing a harmonised framework within which the competent federal authorities in the relevant sectors can implement adequate information security measures through…
