Better protection for critical infrastructure in Switzerland

Critical infrastructure faces a range of threats, both man-made and natural. For example, Russia's war against Ukraine has involved numerous attacks on Ukraine's energy supply and communications systems. Natural disasters can also cause severe damage, disrupting the supply of goods and services to the public during and after an event, hampering rescue and reconstruction efforts, and affecting economic activity and daily life in the affected areas for extended periods. Critical infrastructure encompasses the services and systems that Switzerland's economy and population rely on, such as electricity, healthcare and telecommunications. It is therefore essential to ensure this infrastructure is robust and resilient.

Motion 23.3001 ‘Modern legal basis for the protection of critical infrastructure’, submitted by the Security Policy Committee of the Council of States (SPC-S), calls for an amendment to the law to allow the federal government to set binding standards for the reliability and resilience of critical infrastructure. Some sectors, such as electricity supply, already have such requirements, but many others have virtually none.

A second motion by the SPC-S (23.3002), ‘Greater security for Switzerland's most important digital data’, calls for a legal basis to set requirements for how the federal government, the cantons and operators of critical infrastructure must protect security-relevant data.

The Federal Council now plans to draw up regulations to strengthen the resilience and data security of critical infrastructure within the federal remit. It has instructed the DDPS, working closely with other departments (EAER, DETEC, FDF, FDJP), to establish the key parameters for drafting two bills by the end of 2026 and to conduct a regulatory impact assessment.