In brief
The Federal Information Security Act (ISA), which only entered into force on 1 January 2024 is already being amended with an obligation to report cyberattacks for operators of critical infrastructures. The term “critical infrastructures” is defined in a broad manner and captures many private companies. On 18 January 2024, the deadline for challenging the amendment by way of a public referendum expired. This means that the amended version (“revISA“) will become law, with the new obligation to report cyberattacks expected to come into force in 2025, although an exact date has not yet been set.
In this alert, we address the most pressing questions around this new reporting obligation and provide you with important takeaways.
Click here to read the full alert.
Author
Alessandro Celli
Alessandro Celli’s broad experience includes technology-related transaction work, intellectual property and competition law, IT, data protection and cyber risk, commercial litigation, sports and entertainment law. Alessandro regularly advises Swiss and international clients on technology-related national and cross-border transactions (JVs, licences, distribution, sale and purchase of technology or related businesses and brands). He counsels on sourcing and data protection, competition law and business restructuring as well as sports and entertainment law in relation to media or sponsoring. As a member of the IP and Disputes practice groups, Alessandro is leading the IT/C (TMT) team in our Zurich office. His actual focus lies primarily on new technologies and business processes within a digitalized global economy and the associated legal and compliance challenges. His work has been increasingly determined by co-operational (sourcing) work as well as regulatory items involving the rapidly developing new technologies with a large impact also on the financial services sector. Alessandro has chaired the committee on legislation and practice at the Zurich Bar Association and is a member of the boards of selected Swiss companies.
Author
Christoph Kurth
Christoph Kurth heads the Investigations, Compliance & Ethics practice of the Swiss offices. Further, he is a member of the EMEA Steering Committee Compliance & Investigations and co-leads the EMEA Financial Institutions Industry Group. He has been recognized by Legal 500 as a leading individual for compliance, regulatory and investigation matters.
Before joining the Firm, Christoph was global head of Litigation & Investigations and general counsel in Asia for a large Swiss bank. For over 10 years, he has led complex regulatory and criminal investigations as well as high stakes litigation across the US, Europe and Asia, and has advised on transformational regulatory developments and wealth management products and services across Switzerland and Asia. In his roles, Christoph has worked closely with business leaders, government authorities and the media, navigating businesses through regulatory and other challenges. Prior to this, Christoph was a litigator in leading practices in Switzerland and the US. Christoph also teaches post-graduate courses in 'Crisis Management' and 'Risk Governance' at the Europa Institute at the University of Zurich.