Switzerland Tightens Cybersecurity: Mandatory Attack Reporting from April 2025
Switzerland is fortifying its cybersecurity measures. From April 1, 2025, operators of critical infrastructure will be legally required to report cyber-attacks to the National Cyber Security Centre (NCSC). This follows a Federal Council mandate on March 7, 2023.
The new law, amending the Information Security Act, necessitates entities like energy suppliers, water companies, transport services, and local administrations to report attacks within 24 hours of discovery. This harmonizes Switzerland with other nations such as Australia, the EU, Japan, Singapore, South Korea, the UK, and the US, which have analogous reporting requirements.
Incidents that jeopardize infrastructure functionality, manipulate or leak data, or involve blackmail or coercion must be reported. A user-friendly reporting form will be accessible on the NCSC's Cyber Security Hub. Operators who neglect to comply may face penalties, with a grace period until October 1, 2025.
The new Swiss cyber-reporting mandate, effective April 1, 2025, seeks to bolster national cybersecurity resilience. It promotes prompt reporting of attacks, facilitating timely response and mitigation strategies. This move aligns Switzerland with global cybersecurity standards.
Read also:
- Aquatech purchases Koch's Direct Lithium Extraction business, merging Li-ProTM DLE technology into the PEARLTM Technology Platform.
- Li Auto faces scrutiny after crash test involving i8 model and a truck manufacturer sparks controversy
- Emerging Investment Trends in China's Ethical Finance Sector for 2025
- Construction and renovation projects in Cham county granted €24.8 million focus on energy efficiency
