Report on the "Switzerland's most important digital data" workshops

03.07.2025 - The National Cyber Security Centre (NCSC) is currently working on a framework for implementing Motion 23.3002 “Greater security for Switzerland's most important digital data”. The motion calls for federal government, the cantons, the communes and operators of critical infrastructures to enhance the security of their most important digital data. To implement the motion, the NCSC held practical workshops with critical infrastructure operators. The findings of these workshops have now been published in a report, which will serve as a basis for further action.

Protecting particularly important digital data is key to strengthening cybersecurity in Switzerland. With Motion 23.3002, Parliament has instructed the Federal Council to create a legal framework to enhance the security of the most important digital data held by the federal government, the cantons, the communes and critical infrastructure operators. The aim of the motion is to establish criteria for determining which data held by the authorities and critical infrastructure operators requires special digital protection. In preparation for implementing the motion, the NCSC consulted with critical infrastructure providers.

A key challenge in implementing the motion is identifying Switzerland's most important data. To identify what data are vital to keep essential services running – for example those in the energy, health care, financial and food supply sectors – the NCSC held three workshops with representatives of criticial infrastructure providers between May 2024 and January 2025.

The workshops used a scenario-based approach, starting with the hypothetical mass failure of key IT infrastructure components. The participants analysed which data are indispensable for maintaining essential services under such circumstances and identified industry-specific differences and cross-sectoral dependencies.

The results of the workshops are documented in a report. The report provides an overview of the regulatory framework, challenges related to data security and compliance, the importance of certain data during a failure scenario, and sector-specific differences in data requirements and protective measures. It also highlights the measures proposed by the participants to protect key data.

The results of the workshops also emphasise the importance of a coordinated, cross-sectoral approach to strengthening resilience. Switzerland's digital capacity to act can only be secured in the long term through clear guidelines, institutionalised cooperation and by taking technical and organisational aspects into account.

The results of the workshops provide a crucial foundation for further action in implementing Motion 23.3002. The next step will be to establish a legal framework with a focus on cross-sectoral dependencies, requirements for secure data exchange and approaches for a resilient digital infrastructure in Switzerland.