Swiss new upcoming privacy laws are almost equal to North Korea practises

amu · November 18, 2025, 4:43am

Switzerland’s reputation as a privacy haven for digital services is currently facing significant challenges due to a proposed overhaul of its surveillance laws.

While Switzerland is not a member of the EU and is therefore not directly subject to the EU’s Digital Services Act (DSA) or Product Liability Directive (PLD), it has its own domestic legislation governing data retention and surveillance.

The most critical update concerns the proposed revision of the Swiss Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF) and the Federal Act on the Surveillance of Post and Telecommunications (BÜPF).

Key Updates on Mandatory User Logging in Switzerland

The proposed revisions, which have been met with strong opposition from privacy groups and Swiss-based tech companies (like Proton), aim to significantly expand surveillance obligations.

Area of Change	Proposed New Requirement (VÜPF Revision)	Impact on Services
Mandatory Data Retention	Services with 5,000 or more users (including VPNs, encrypted email, and chat services) may be required to log and retain user IP addresses for six months, regardless of existing no-log policies.	Eliminates the legal basis for “no-log” claims for many Swiss providers and mandates proactive data collection for non-commercial activity.
Identity Verification	Services may be required to verify a user’s identity using official documents (e.g., ID, phone number) for registration.	Makes anonymous access to many Swiss digital services, including VPNs and secure email, nearly impossible.
Decryption Obligations	Providers may be required to be technically able to decrypt any data they encrypt on the user’s behalf upon request from authorities.	Creates a de-facto requirement for backdoors or key escrow for provider-side encryption. Note: This excludes end-to-end encrypted (E2EE) messages exchanged directly between users.
Scope of Affected Providers	The scope is significantly broadened to target “derived service providers,” closing previous loopholes that exempted many smaller privacy-focused services (like ProtonMail).	Broadens the legal compliance burden from just large ISPs to a much wider range of online services.

amu · November 18, 2025, 4:47am

The proposed changes to the Swiss surveillance law are contained within the revisions to the Ordinance on the Surveillance of Postal and Telecommunications Traffic (VÜPF) and the Ordinance of the Federal Department of Justice and Police (VD-ÜPF).

Since this is a proposed revision, the “official link” is to the governmental consultation documents and the relevant law on the official Swiss Federal platform.

Here are the most direct official links and relevant statements from the companies involved:

I. Official Swiss Government Links (Consultation)

The official documents for the consultation, which ran from January 29, 2025, until May 6, 2025, were published on the Swiss Federal Gazette website (Fedlex) by the Federal Department of Justice and Police (EJPD).

Official Consultation Document Reference (BBl 2025 335):
- Source: Bundesblatt / Feuille Fédérale (Official Federal Gazette)
- Title: Teilrevisionen zweier Ausführungserlasse zur Überwachung des Post- und Fernmeldeverkehrs (VÜPF, VD-ÜPF)
- Official Link (German, as found in search): BBl 2025 335 - Vernehmlassungsverfahren. EJPD. Teilrevisionen zweier Ausführungserlasse zur Überwachung des Post- und Fernmeldeverkehrs (VÜPF, VD-ÜPF) | Fedlex
- Note: This link provides the reference number, publication details, and the location of the documents on the Fedlex data archive.
The Current Governing Law (Federal Act on the Surveillance of Post and Telecommunications—BÜPF):
- The revision focuses on the Ordinances (VÜPF and VD-ÜPF) which implement the Federal Act (BÜPF).
- Official Link to the current VÜPF (German): SR 780.11 - Verordnung vom 15. November 2017 über die Überwachung des Post- und Fernmeldeverkehrs (VÜPF) | Fedlex

II. Official Company Statements and Analysis

While the government publishes the proposed law, companies like Proton and Tuta publish their response and analysis on their official blogs:

Company	Relevant Analysis/Statement
Proton	Has made numerous public statements, including the threat to leave Switzerland, often reported via press like Der Bund and Radio Télévision Suisse (RTS). Their official blog and press releases are the primary source for their position.
Tuta Mail	Published a detailed analysis of the proposed VÜPF changes and their implications for privacy: Switzerland plans surveillance worse than US.
Swiss Industry Group (Swico)	The Swiss business association for the digital economy submitted a formal rejection of the revisions. Their statement is highly critical of the law’s scope and impact on SMEs: Überwachung des Post- und Fernmeldeverkehrs: zurück an den Absender (Monitoring of Postal and Telecommunications Traffic: return to sender).

Note: The official Swiss government documents are primarily available in the official languages (German, French, Italian).