Switzerland to draft law on cybersecurity of digital products
Switzerland is preparing a new law to make digital products more secure. By setting minimum cybersecurity standards, monitoring markets, and aligning with the EU, the law will protect consumers, strengthen national security, and ensure trust in the technologies people rely on every day.
The Swiss Federal Council has announced plans to introduce a new law aimed at improving the cybersecurity of digital products. At its recent meeting, it tasked the Department of Defence (DDPS), in collaboration with the Department of Communications (DETEC) and the Department of Economic Affairs (EAER), with preparing a draft bill by autumn 2026.
Why is this law needed?
Many modern devices, from smartphones to industrial equipment, contain digital components that can be vulnerable to cyberattacks. When hackers exploit weaknesses in software or hardware, they can quickly infiltrate numerous systems. This can cause serious financial damage, disrupt essential services, and even threaten national security if critical infrastructure is affected.
Currently, Switzerland has no comprehensive rules requiring manufacturers to build digital products with strong security in mind. Parliament raised this gap several times, most recently through Motion 24.3810, which called for urgent checks on cybersecurity. The new legislation is intended to close this gap by setting minimum requirements and giving authorities the ability to block insecure devices from the market.
What the new rules will cover
The law will establish clear cybersecurity obligations for companies developing or selling digital products. It will also:
- Set rules for monitoring digital products on the market
- Require companies to manage security risks throughout a product’s lifecycle
- Allow authorities to ban the import and sale of unsafe or insecure products
The work will be led by the National Cyber Security Centre (NCSC), supported by the Federal Office of Communications (OFCOM) and the State Secretariat for Economic Affairs (SECO).
Alignment with the European Union
The new Swiss rules will take into account the European Union’s Cyber Resilience Act (CRA), which entered into force in December 2024. The CRA requires manufacturers to design secure products, report vulnerabilities quickly, and provide updates during the product’s lifespan. Switzerland aims to align with these standards to avoid placing unnecessary burdens on businesses, especially those operating internationally, while tailoring requirements to its own economy.
Why this matters for civil society
Stronger cybersecurity standards protect not only governments and companies but also ordinary citizens. Civil society stands to benefit in several ways:
- Consumer protection: More secure devices mean fewer risks of data theft, fraud, or surveillance.
- Public safety: Secure digital components in critical services, such as healthcare, transport, or energy, help reduce risks of large-scale disruptions.
- Trust in technology: Clear rules push companies to build safer products, making the digital environment more reliable for everyone.
- Balanced governance: By opening the draft bill to public consultation, Switzerland ensures that not just industry, but also citizens and advocacy groups, can shape the rules.
Next steps
The draft bill will be published for consultation by autumn 2026. After this stage, it will be submitted to Parliament for debate and approval. If adopted, the law will mark a major step toward strengthening Switzerland’s digital resilience and aligning its rules with European standards.
