IT LAW IN THE SPRING SESSION 2023
In the Spring Session 2023, various IT law topics will be debated again. With the amendment of the Information Security Act (ISG) and the discussion of various initiatives on internet pedophilia, this time, the focus will be on cyber topics.
IT-rechtliche Themen im Nationalrat:
- Motion: Ensuring freedom of the press in financial marketplace matters. This motion requests the Federal Council to examine whether current legislation should be amended to ensure freedom of the press in financial marketplace matters and subsequently – after considering the interests – to propose an amendment to the relevant legislation if necessary. In particular, it adopts changes to ensure that Art. 47 of the Banking Act cannot interfere with freedom of the press by deterring or imposing criminal sanctions if journalism is conducted in good faith. This discussion is not new and came up during the amendment of Art. 47 Banking Act, as it may have an impact on media professionals. The Committee for Economic Affairs and Taxation of the National Council decided in favor of an examination, and the Federal Council recommended the acceptance of the motion.
- Parliamentary initiative: Internet giants are to be taxed! The Parliament of the Canton of Jura calls on the Federal Assembly to draft a law for taxing all business transactions in Switzerland with the GAFAM-BATX giants. This is intended, among other things, to protect local businesses better. The initiative has already been discussed in the Council of States, where it was decided not to follow it.
- Procedure for the resolution of differences: Federal Act on the Use of Electronic Means for the Performance of Official Duties. The Federal Act on the Use of Electronic Means for the Performance of Official Duties is in the procedure for resolving differences between the two chambers.
- Notarial Digitalization Act. Federal law prescribes the form of public notarization for numerous legal transactions. Under current law, the original of the public deed must be produced as a paper document. The draft law referred to in the dispatch is intended to adapt notarization law to developments in society, technology and the economy. In the future, it should be possible to create the original public document in electronic form. The Council of States had discussed the law in the winter session and approved it with certain amendments. The Legal Affairs Commission has now completed detailed deliberations on the bill. Aware of how sensitive and strictly confidential the data in question is, the Commission has made certain adjustments to the draft adopted by the Council of States in order, among other things, to specify the obligations of the authorities in the area of data protection. The Commission adopted the bill in the overall vote by 18 votes to 6 (with no abstentions).
- Information Security Act. Amendment (introduction of a reporting obligation for cyberattacks on critical infrastructures). The Federal Council wants to introduce a reporting obligation for cyberattacks on critical infrastructures. At the same time, the concept of critical infrastructure is also to be extended to parts of the private sector. The revised act would create the legal basis for mandatory reporting duties for operators of critical infrastructures and define the tasks of the National Cyber Security Center (NCSC), which is envisaged as the central reporting point for cyber attacks. Although the consultation showed broad support for a reporting duty, at the same time, it was criticized that the term cyber attack was too broad and imprecise and that the reporting mechanisms also needed to be regulated more clearly. The Federal Council has made some amendments in this regard, in particular by introducing the term “cyber threat” to clarify that incidents that have been successfully averted are not in the scope of cyberattacks. The National Council is debating the bill as the first Council.
- Federal Council proposal: New production systems (NEPRO) for swisstopo. Guarantee credit for 2023-2029: To meet current and future social and technical requirements, the Federal Council wants to equip the Federal Office of Topography swisstopo with new, modern production systems. To this end, at its meeting on 22 June 2022, the Federal Council approved the release of 37 million Swiss francs of the guarantee credit for “New swisstopo production systems” (NEPRO). The Federal Council refers the release to parliament and requests the release of the first stage 2023-2024 in the amount of 17.3 million Swiss francs.
- Motion: Procurement of information and communication technologies in Switzerland for the protection of the population. The purpose of this motion is to instruct the Federal Council to give preference to Swiss producers over foreign suppliers when procuring information and communication technologies and resources for organizations such as the Swiss Armed Forces, the Federal Office for Civil Protection, the Federal Intelligence Service, etc., which are central to Switzerland’s security. The corresponding legal basis should be created or adapted. The Federal Council recommends rejection since, according to Art. 21(3)(a) Federal Act on Public Procurement, a contract can be directly awarded to domestic companies without a public invitation to tender if it is vital for national defense. Furthermore, the revised Federal Act on Public Procurement contains the exception in Art. 10(4)(a) that the law does not apply to public contracts if this is deemed necessary for the protection and maintenance of external or internal security or public order.
- Parliamentary initiative: More freedom for work in the home office. This initiative asks parliament to modernize the Labor Act and thus improve the conditions and flexibility for home office.
IT law topics in the Council of States:
- Motion: More security for Switzerland’s most important digital data. The Security Policy Committee of the Council of States wants to instruct the Federal Council to create the necessary legal basis to ensure greater security for the most important digital data of the Confederation, the cantons and the municipalities, as well as the operators of critical infrastructures. The bill is to provide for the following measures in particular: (1) Criteria shall be defined for determining which data from which authorities (Confederation, cantons and municipalities) and operators of critical infrastructures shall be subject to special digital protection. (2) The standards for managing the security of this data shall be defined. (3) If possible, the storage infrastructure design shall be entrusted to Swiss companies – in cooperation with Swiss universities. However, whether the federal government has the constitutional authority to issue the required specifications for all levels is questionable. The preference for Swiss companies shows a tendency toward more protectionism in data localization; it must also be critically questioned.
- Motion: Modern legal basis for the protection of critical infrastructures. The Security Policy Committee of the Council of States wants to instruct the Federal Council to revise the legal basis for the protection of critical infrastructures in such a way that the protective effect is improved and the responsibilities and processes for routine and crisis situations are clarified. The following interdependencies must be considered: Cooperation within the federal administration, cooperation with the cantons and their departments, collaboration with the departments of the federal government, and cooperation with private parties that own critical infrastructures. This would lead to the next Information Security Act revision.
- Motion: Facilitate digital accounting. The purpose of this motion is to instruct the Federal Council to amend the Business Records Ordinance (Geschäftsbücherverordnung, GeBüV) and other necessary enactments in order to facilitate the digitization of accounting. It should be possible to store documents on modifiable data carriers without digital signatures or similar procedures, provided that proof of origin and integrity can be provided via the principles of proper accounting in accordance with Art. 957 ss. Code of Obligations. A digital signature of documents or the use of similar procedures shall be voluntary. However, it is unclear whether the GeBüV actually needs to be adapted for this purpose. The Federal Tax Administration does not require a digital signature in its controls. A more detailed article on the topic can be found here: https://www.lauxlawyers.ch/en/digital-bookkeeping-is-possible-without-the-use-of-digital-signatures.
- Combating internet pedophilia. There are various initiatives to combat internet pedophilia, including calls for the specific features of new forms of sexual harassment with writings and employing current information or communication technologies to be recorded in law and for a national strategy to be drawn up to combat internet pedophilia so that the prosecution of internet pedophilia criminals does not fail because of cantonal borders and cantonal differences in law. Furthermore, it is demanded that the Criminal Procedure Code be amended so that suspicion-independent under-cover investigations concerning pedosexual crimes are possible at the federal level. These are the aforementioned initiatives:
- Mandatory adaptation of the criminal offense of sexual harassment of children
- National Strategy to Combat internet pedophilia
- Finally combating pedocrime on the Internet effectively
- Finally ensure the protection of children from the rapidly increasing pedosexual violence on the Internet with an effective national action plan.
- Evaluation of the Gaming Act: Is the blocking of unauthorized online offers sufficiently effective? In the context of an interpellation, the Federal Council is to answer questions summarizing the effectiveness of the measures taken to block unauthorized online gambling. In particular, whether the block cannot be circumvented too easily with a VPN connection.
- Interpellation: Booster for the electronic patient dossier. In the context of an interpellation, the Federal Council should answer the following questions in summary: (1) How many cantons need to adapt their legal foundations to receive federal financial aid? If cantons need to revise their laws, how long does it take for them to be enacted? Is there corresponding experience from the electronic patient dossier startup financing? If it takes several years to come into force, can the goal of transitional financing be achieved? (2) Has the Federal Council examined the possibility of using only federal funds for the timely achievement of the target (2 million electronic patient dossiers in 2 years) and for the promotion of electronic patient dossier openings? (3) Are there any reasons against a rapid commitment of the service providers in the context of the first Federal Law on the electronic patient dossier message? (4) What is the Federal Council’s view of the proposal to bring forward the electronic patient dossiers obligation of service providers as part of a partial revision of the Federal Law on health insurance and not to wait for a partial revision of the Federal Law on the electronic patient dossier? In this regard, the Federal Council refers to the key data of the Federal Law on the electronic patient dossier revision communicated on April 27 2022.
- Postulate Strategy Digital Sovereignty of Switzerland. With the submitted postulate, the Federal Council is to be instructed to report on how it defines “Digital Sovereignty” for Switzerland; how it assesses the state of digital sovereignty of our country; which overarching, comprehensive strategy it intends to take to strengthen the digital sovereignty of our country, which is to be classified as of the highest importance in terms of state policy, economy and society. Based on this overarching strategy, the report shall identify any need for legislative action, priorities, as well as a timeline for the implementation of the necessary measures and make statements on the provision of the necessary funds to quickly implement the most urgent and promising projects to strengthen/achieve digital sovereignty.