Broad support among businesses and cantons for cyberattack reporting obligation

12.05.2022 - The consultation on the introduction of a reporting obligation for cyberattacks on critical infrastructures has ended. It showed that a reporting obligation is generally welcomed by businesses, the research sector and the cantons. The NCSC will now examine all of the feedback received and finalise the proposal.

Due to the growing threat posed by cyberincidents to the economy and the population, the Federal Council wishes to strengthen the reporting system. Critical infrastructure operators should be obliged to report cyberattacks to the NCSC. This should allow for a better overview of cyberattacks in Switzerland. At the beginning of the year, cantonal governments, critical infrastructure operators and representatives from the research and business communities were invited to review the documentation on the introduction of a cyberattack reporting obligation.

By mid-April, around 100 responses had been received. The majority confirmed the proposed legislative texts. An obligation to report to a central federal office is seen as a useful means of strengthening cybersecurity. Those affected consider it very important that the reporting obligation can be carried out without unnecessary bureaucracy and does not lead to an additional burden.

The NCSC will now finalise the proposal by autumn. The Federal Council will then decide whether and when to submit the bill to Parliament for discussion.

The feedback received is available at: