The European Union (EU) has recently adopted regulations in the digital field and is actively working on new ones. From the Digital Services Act (DSA) and Digital Markets Act (DMA) to the AI Act, which has just been passed by Parliament, important changes are imminent in the EU area. The question arises as to how this multitude of regulations will affect Switzerland. With the Interdepartmental Coordination Group EU Digital Policy (IC-EUDP), Switzerland is actively investigating the effects of EU legislation in the digital area. In its latest report of March 2023, the IC-EUDP does not yet see any immediate need for action, but nevertheless recognizes that the EU measures are far-reaching and will affect Switzerland.
In this article, we will take a closer look at the IC-EUDP’s analysis document and summarize the effects of relevant EU legal acts for you.
In its latest report, the IC-EUDP states that there are still no significant market access barriers for Switzerland in the digital sector. However, the IC-EUDP recognises that the EU is increasingly positioning itself as a global digital policy standard setter and that foreign companies and thus also Swiss companies will inevitably have to adapt to the rules.
Digital Services Act (DSA)
The Digital Services Act came into force on 16 November 2022. The DSA provides a uniform regulation for rights and responsibilities of digital services in dealing with illegal or harmful online content. Online platforms are included in this regulation. The obligations imposed are determined by the size and scope of the digital service.
The IC-EUDP assumes that this will have both direct and indirect effects on Switzerland and companies based in Switzerland. Like the General Data Protection Regulation (GDPR), the DSA has an extraterritorial effect, so that companies that offer services to customers in the EU are also affected by the DSA. The place of establishment is irrelevant here. Enforcement of the regulations is guaranteed by the obligation to appoint a legal representative within the EU. The IC-EUDP considers this obligation to be a low-threshold barrier to market access, as the appointment of a legal representative does not involve a significant effort and the costs for a legal representative are not disproportionate. Further obligations affect all addressees of the DSA, so that there is no discriminatory market access hurdle.
While, in the view of the IC-EUDP, it is possible that companies will also apply EU standards in Switzerland, it is equally possible that customers from Switzerland will be placed in a worse position than EU customers should no equivalent Swiss legislation be introduced. After all, the obligations imposed represent an additional expense for the companies and would only take effect due to a voluntary commitment by the companies in Switzerland.
Digital Markets Act (DMA)
The Digital Markets Act came into force on 1 November 2022. The purpose of the DMA is to make digital markets fairer and more competitive. Large online platforms with a “gatekeeper function” are to be more strongly regulated in order to prevent abuse of market power.
Since as of March 2023 there were no companies based in Switzerland that could be classified as large platforms, the IC-EUDP assumed a low direct impact on Switzerland and companies in Switzerland.
In the case of the DMA, however, the IC-EUDP assumes that large foreign companies with a “gatekeeper function” will also apply EU rules in Switzerland, as in most cases a different treatment would not be financially worthwhile. Swiss users are thus likely to benefit from the DMA, according to the IK-EUDP.
Data Governance Act (DGA)
The Data Governance Act was published on 30 May 2022 and is applicable from 24 September 2023. It aims to promote the free flow of data in all sectors of activity in the internal market. It aims to create incentives for the re-use of sensitive data held by public bodies that are covered by a confidentiality obligation.
The Data Governance Act does not apply directly to Switzerland. However, Swiss companies that offer their services in the EU as data intermediaries are subject to certain rules, such as the appointment of a legal representative in an EU member state.
The DGA is also relevant for the transfer of confidential, non-personal data from EU public bodies to Switzerland. In this case, adequate safeguards for the protection of business secrets and intellectual property must be ensured. The Commission may adopt implementing acts to determine whether a third country offers a substantially equivalent level of protection. According to the IC-EUDP’s assessment, this may concern companies or entities in Switzerland that wish to receive confidential data from EU public authorities and transfer it to Switzerland. It is important to distinguish the adequacy decision procedure for the transfer of confidential data from public sector bodies from the adequacy decision procedure under the GDPR, which applies to the transfer of all personal data to third countries.
Data Act
The Data Act is currently in the legislative process and aims to regulate who may use personal and non-personal data generated in the EU’s economic sectors and who has access to it and under what conditions.
In Switzerland, there are no general horizontal rules or laws on data governance for non-personal data. However, various projects are underway, including sector-specific initiatives in the areas of geodata, public transport and statistics.
The proposed regulation on the Data Act is still in the legislative process and is controversial. There is a proposal that the Data Act should have an extraterritorial effect, which would mean that Swiss companies would also have to follow the obligations of the Data Act if they operate in the EU internal market. The proposed restrictions on cross-border data transfers to non-EU states could be a barrier to cross-border activities, and the IC-EUDP, together with other authorities, will closely monitor the legislative process in order to identify possible impacts at an early stage.
AI Regulation (AI Act)
The AI Regulation was adopted by the EU Parliament on 14 June 2023 and is currently in trilogue (negotiations between the European Commission, the Council of the European Union and the European Parliament). The AI Regulation provides for graduated obligations for Artificial Intelligence (AI), depending on its level of risk. The riskier the AI, the more obligations are imposed on its operation.
In Switzerland, there are currently no specific legal regulations for AI. The handling of AI is based on existing national and international legal provisions such as the Federal Constitution (FC) and the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR).
While the IC-EUDP considers adjustments to existing regulations in specific sectors to be unavoidable, it sees the general legal framework as sufficient. It uses OFCOM’s evaluation on this subject from 2022 as the basis for this assessment.
Impacts on Switzerland are feared due to the extraterritorial effect, especially for Swiss companies and research institutions operating in the EU. According to the IC-EUDP, developments are being monitored and Switzerland is preparing to apply the mechanisms of product certification for high-risk products from the AI Regulation.