Switzerland — New Federal Act on Data Protection (nFADP/revDSG): AI Compliance Requirements
Switzerland's revised Federal Act on Data Protection (nFADP / revDSG, in force September 1, 2023) applies to any organization processing data of Swiss residents, including through AI systems. Although Switzerland is not EU, nFADP is largely GDPR-aligned. Key AI obligations: transparency about automated decisions that significantly affect individuals, DPIAs for high-risk AI processing, the right to contest automated decisions and request human review, and data security requirements. The FDPIC (edoeb.admin.ch) enforces the law. Switzerland is monitoring EU AI Act and may enact aligned AI-specific legislation.
Key Facts
September 1, 2023
September 1, 2023
CHF 250,000 (approx. USD $285,000) for intentional violations — enforced via criminal prosecution
What Your Business Must Do
3 compliance requirements identified. Critical requirements carry the highest risk of enforcement action.
Automated Decision Transparency (nFADP Art. 21)
High PrioritynFADP Art. 21: controllers making automated decisions that significantly affect Swiss individuals must: (1) disclose the automated decision, (2) give them the right to request human review and state their position, (3) explain the logic. AI systems in hiring, credit, insurance, or customer scoring must implement transparency and appeal rights for Swiss residents.
Data Protection Impact Assessment for High-Risk AI (Art. 22)
High PrioritynFADP Art. 22: conduct a DPIA for high-risk AI processing — large-scale processing of sensitive data or systematic monitoring. Document and conduct a formal DPIA for AI systems processing biometrics, health data, or behavioral profiling at scale for Swiss residents.
Privacy Notice for AI Processing
Medium PriorityProvide clear privacy notices disclosing AI-driven data processing to Swiss residents. Include the existence of automated decision-making and individuals' right to contest. The FDPIC can investigate and issue recommendations.
Frequently Asked Questions
Does Switzerland — New Federal Act on Data Protection (nFADP/revDSG) apply to my business?
Switzerland's revised Federal Act on Data Protection (nFADP / revDSG, in force September 1, 2023) applies to any organization processing data of Swiss residents, including through AI systems. Although Switzerland is not EU, nFADP is largely GDPR-alig. Use ComplianceIQ's free scanner to get a personalized assessment in under 5 minutes.
What is the penalty for non-compliance?
The maximum penalty under Switzerland — New Federal Act on Data Protection (nFADP/revDSG) is: CHF 250,000 (approx. USD $285,000) for intentional violations — enforced via criminal prosecution. Fines are typically scaled by company size, severity of violation, and whether violations were willful or accidental.
How do I comply with Switzerland — New Federal Act on Data Protection (nFADP/revDSG)?
The 3 requirements above cover the core obligations. The fastest path to compliance is: (1) conduct an AI risk assessment, (2) document your AI systems, (3) implement transparency disclosures where required. ComplianceIQ generates all required documents automatically.
Official Source
https://www.fedlex.admin.ch/eli/cc/2022/491/enLast updated: 2026-04-13 — verify at source before relying on this information.
Don't leave compliance to chance
ComplianceIQ scans your AI tools, tells you exactly which regulations apply, and generates all required documents — in 30 minutes.
Start your free compliance scan