Detailed overview
Switzerland does not currently have a specific horizontal AI Act. The Swiss Federal Office of Communications states that Switzerland has no specific AI legislation at present. Switzerland is taking a sector-specific approach and intends to implement the Council of Europe AI Convention through targeted legal amendments and non-binding measures.
Data protection as the primary lens
Swiss AI compliance is currently based mainly on existing law, especially the Federal Act on Data Protection. The Federal Data Protection and Information Commissioner states that Swiss data-protection law applies directly to AI-supported personal-data processing. This is important because many AI systems process personal data during training, fine-tuning, prompting, profiling, inference or output generation.
AI systems involving personal data must be transparent. Individuals should be informed about the purpose of processing, the functionality of the AI system and the data sources used. Users should know when they are communicating with a machine and whether their input data is used for self-learning or training. Manipulation of faces, images or voices should be indicated where relevant.
High-risk AI-supported personal-data processing may require protective measures and a data-protection impact assessment. The Swiss data-protection authority also identifies privacy-undermining applications, such as comprehensive real-time facial recognition and social scoring, as prohibited under data-protection law.
Council of Europe AI Convention
The Swiss Federal Council has stated that Switzerland intends to ratify and implement the Council of Europe AI Convention. The planned approach is sector-specific, with possible amendments in areas such as healthcare and transport, and with cross-sector rules only where needed for central fundamental-rights issues such as transparency, data protection, non-discrimination and supervision.
Penalties
Switzerland does not currently have one AI-specific penalty table. Penalties depend on the underlying legal regime, such as data protection, financial regulation, healthcare, product safety, employment or criminal law. AI systems processing personal data should be assessed under Swiss data-protection rules from the design stage.
Practical requirements & details
Sourced from the Federal Act on Data Protection (FADP, revised in force since 1 Sept 2023), FDPIC AI position papers, FINMA RiskMap, Swissmedic AI medical-device guidance.
FDPIC expectations for AI processing personal data
- Identify the legitimate purpose and proportionality of personal-data processing across the AI lifecycle.
- Inform individuals about purpose of processing, functionality of the AI system and data sources.
- Users must know when they are communicating with a machine and whether input is used for training.
- Manipulation of faces, images, voices: clearly disclose.
- High-risk AI processing: protective measures + DPIA.
Prohibited (under FDPIC view)
- Comprehensive real-time facial recognition; social scoring — considered prohibited under existing privacy law.
FINMA + Swissmedic
- FINMA Risk Map highlights AI risks for financial institutions — governance, model risk, third-party risk.
- Swissmedic SaMD requirements for AI medical devices.
Council of Europe AI Convention
- Switzerland intends to ratify and implement via sector-specific amendments (healthcare, transport) plus cross-sector rules where needed.
Penalties
- FADP: criminal fines for natural persons up to CHF 250,000 for intentional violations of duties (e.g. breach of duty to inform, breach of professional secrecy).
- Sectoral fines under FinSA/FINIG, MedTech, criminal law, etc.