Parliament Abolishes Reporting Requirement for Severe Vulnerabilities
Published: Thursday, Sep 21st 2023, 08:00
Mise à jour le : Vendredi, 13 octobre 2023, 14:12
Retour au fil d'actualité
The Swiss Federal Council and the two chambers of the Swiss Parliament have agreed to amend the Information Security Law, which will require operators of critical infrastructure such as healthcare and energy providers and railway companies to report cyberattacks with a high potential for damage to the federal government. However, they will not be required to report serious vulnerabilities in their IT systems. The National Council voted on Thursday morning to accept the position of the Council of States and to waive the reporting requirement for serious vulnerabilities. Opponents of the reporting requirement argued that it would not be effective, as there was not enough clarity about the number of affected companies and the type of vulnerabilities to be reported. The amendment to the Information Security Law is now ready for the final votes at the end of the autumn session in both chambers. Those who do not comply with the reporting requirement can be fined up to 100,000 Swiss francs. The National Center for Cybersecurity (NCSC) will be the central reporting center for cyber incidents. In 2021, the NCSC received around 22,000 cases of cybercrime - almost twice as many as in 2020. However, many of the reported incidents were attempted attacks and not successful attacks. The Federal Council created the NCSC in 2019 to provide support to those who report incidents.
©Keystone/SDA
French 
English 
German 
Spanish 
Arabic