On 22 February 2017, the Swiss Federal Council published its stance on the information security act. Since information abuses and disruptions of information systems can seriously affect Switzerland’s interests and the rights of persons, the act sets a uniform formal and legal framework to protect information and the use of IT resources.
With the development of an information society, the corresponding threats have become more complex, which must be addressed in an integrated manner. Based on the internationally recognized standards, the information security act establishes a uniform formal legal framework for the management and implementation of information security within the Federal Government’s scope of competence.
The act is primarily designed for the federal authorities, including the Parliament, federal courts, Federal Prosecutor’s Office and National Bank. Private individuals and businesses are only affected by the act if they carry out security-sensitive activities on behalf of the federal authorities. Also, the Federal Council intends to improve the cooperation with the cantons, which should be represented in the relevant coordination body and contribute to the standardization of the measures.
Among other things, the act regulates risk management, classification of information and security principles in the use of IT resources. The public administration principle should continue to apply without restriction, which is why the draft explicitly takes precedence over the Freedom of Information Act.
The Federal Council intends to reduce the personnel security checks to the minimum that is necessary to identify significant risks for the Federal Government. This means that much fewer inspections should be carried out in the future.
In addition, the act provides for a new supervision and safeguarding procedure for companies that should carry out security-sensitive orders from the Confederation. The Federal Council wants to create a basis for the issuance of security declarations in favour of Swiss companies that apply for foreign contracts and need a national security declaration.