Switzerland announces new cyber-attack reporting requirement for financial institutions

Modern cityscape at City of Zürich. — *Photo: Getty Images*

June 5, 20242 min read

Ordinance sets out obligation to report cyberattacks on critical infrastructure.

On May 22, 2024, the Swiss Federal Council released its draft ordinance implementing the reporting requirement in the event of cyber-attack as set out in the Information Security Act. The public consultation will last until September 13, 2024. This new reporting requirement is expected to apply from January 1, 2025.

The Information Security Act contains a

Compliance, Cyberattack, Data protection, Federal Office for Cyber Security, FINMA, Information security, Information Security Act, Reporting, Swiss Banking Act, Swiss Data Protection Act, Swiss Federal Council, Swiss Financial Market Infrastructure Act, Swiss Insurance Supervision Act, Switzerland

Subscribe to continue reading

Subscribe for free to read a limited selection of articles like this one, or get a premium plan for unlimited access to all of them and more.

Subscribe Sign in

What you get with a premium plan:

Ad-free experience across all content
Daily regulatory insight and practical guidance
Unlimited access to all articles
Exclusive interviews, event coverage, and in-depth analysis
Every podcast and video featuring trusted industry experts
Full set of Rules Navigator tools

Latest News

Recent fraud cases reflect a more selective SEC approach

Health‑related fraud cases feature in latest DOJ enforcement actions

Stop! What should organizations think of the new UK Fraud Strategy?

Latest News

SEC and CFTC revisit Form PF – a recalibration of data and regulatory intent

FCA work in review: April 11-21, 2026

UnitedHealthcare speeds up payments, slashes prior authorization for rural hospitals

Latest News

Boardrooms at critical point, say KPMG and INSEAD

Modern supervision in insurance: Balancing AI innovation, hallucination risks, and regulatory coherence

AI enforcement accelerates as federal policy stalls and states step in

Latest News

GRIP Country Guides: Saudi Arabia

To our readers

Framing the Issue: Can AI models forget things?

Latest News

GRIP Country Guides: Saudi Arabia

SEC and CFTC revisit Form PF – a recalibration of data and regulatory intent

Boardrooms at critical point, say KPMG and INSEAD

Switzerland announces new cyber-attack reporting requirement for financial institutions

Subscribe to continue reading

What you get with a premium plan: