Swiss politics is intensively concerned with questions of artificial intelligence (AI). The Federal Council has already answered several interpellations and questions on AI-related topics. Topics covered included possible damage caused by false statements made by chatbots, the collection of biometric data in railway stations and the impact of AI in general.
Why is data protection relevant to AI applications at all?
AI applications access a large amount of unstructured data and try to recognise patterns in this amount of data by means of algorithms. This pattern recognition is improved or trained through a large number of adjustments to the algorithms. The intensive data collection required to operate an AI, combined with the linking of data sources, can lead to numerous sources of conflict with data protection law. On the one hand, AI applications are in conflict with the data minimisation principle standardised in Art. 6 para. 2 and 4 of the Federal Act of 25 September 2020 on Data Protection (Data Protection Act, nDSG; AS 2022 491). Furthermore, the purpose limitation of data processing standardised in Art. 6 para. 3 – 4 nDSG is also not necessarily observed in AI systems, as AI applications are able to incorporate data that is no longer used into the pattern recognition process and no longer has anything to do with the original processing purpose. Also problematic is the lack of transparency in the decision-making process of an AI application. It is not apparent to outsiders on what basis the AI application has made a decision. The obligation to provide information from Art. 7 para. 1 – 2 nDSG is therefore also undermined. AI applications undoubtedly fulfil the requirements for an automated individual decision pursuant to Article 21 (1) – (3) nDSG, which provides for information, action and verification obligations.
As can be seen, AI systems collide in many places with established principles and rules of data protection. Regulation of these aspects is of paramount importance in order to make AI applications compliant with data protection, so that their capabilities can be used with minimised risks.
The motions in detail
During the special session of 04.05.2023, several motions were submitted around the topic of AI. Firstly, a postulate was submitted calling on the Federal Council to examine a transparency register for the use of AI by federal companies (23.3565). Another postulate goes in a similar direction, demanding that the transparency register for the use of AI in the federal administration be checked for completeness (23.3566). Furthermore, a regulation of “deepfakes” was demanded (23.3563).
However, there were also several motions that are still pending dealing with the regulation of AI at a higher level. (23.1011, 23.3583, 23.3201, 23.3147)
In the following, we will give a brief overview of these and other pending motions and explain what is behind them.
Review of the legal basis for AI in the energy sector – 23.1011
This request to the Federal Council dealt with the use of AI in the energy sector. The requester wanted to know the legal framework of the use of AI systems in the sector and the influence of factors such as cyber attacks or risk assessment on the decision-making process. In addition, the applicant was interested in knowing how energy authorities keep track of the use and impact of AI in the energy sector.
The Federal Council acknowledges that the topic of AI in Switzerland has not yet been specifically regulated by law for the energy sector. In this context, however, it refers to existing legal requirements from the relevant areas and does not share the applicant’s concerns that there are many uncertainties regarding regulation, overview and assessments. He further referred to the current legislative activities of the European Union (EU) regarding AI systems, which would be continuously examined by Switzerland for impacts, and emphasised that initial requirements for cyber security and resilience of companies in the electricity supply sector would be anchored in the Federal Act of 18 December 2020 on the. The Federal Council, on the other hand, attributes the assessment and weighing of benefits and risks when considering the use of AI systems to the energy companies. The Federal Council also admitted that there was no overview of the use of AI systems in the industry and that the powers to demand this were very limited. In addition to the information that may be demanded by law, surveys would be considered on a voluntary basis.
Read more here:
Deficits of the legal system in connection with AI – 23.3583/ 23.3201/ 23.3147
These proposals raise questions in the context of general legislation and law enforcement in relation to AI systems. They ask about gaps in legislation related to AI systems and strategies to circumvent or fill them. Security and the promotion of innovation through a clear legal basis are also addressed.
In its answers, the Federal Council refers to the previous national and international activities in this matter. It shows that it is active at various levels and will be able to provide clear answers to the need for action by 2024. Sectoral as well as horizontal measures are possible. These will then serve as a basis for further discussions in parliament and in public.
European Digital Policy – 21.3676
This motion called for the development of a position on the current European regulation of digitalisation. The applicant’s concern was the definition of clear responsibilities as well as active involvement in the process in order to represent Switzerland’s interests. The motion argues that Switzerland should not lose sight of its sovereignty under the enormous regulatory pressure from the EU. With Switzerland’s current inactive and wait-and-see approach, there is a risk of losing touch with digital markets and becoming too dependent on the EU.
The Federal Council emphasises the close monitoring and analysis of European legislation and sees the adoption and possible adaptation of this to Switzerland as an opportunity to put itself in a good starting position. At present, however, no need for action is seen, as Switzerland does not consider the developments in the EU to be far enough advanced.
You can find more on this here:
Cybersecurity – 22.4270 & 22.3414
In the area of cybersecurity, the initiative was also taken with motions. Motion 22.4270 called on the Federal Council to promote cyber security innovations and projects in Switzerland.
In a second motion 22.3414, the Federal Council is to draft a law to ensure the security of critical infrastructure in the information and communication sector against cyber attacks by other states.
The Federal Council refers to various measures that the DDPS has taken to promote innovation. It also considers existing measures to be sufficient. The same applies to the protection of critical infrastructure from the influence of other states. In-depth analyses are already underway in the background, which need to be completed before legal foundations are created. This process is also already underway, so that the Federal Council has requested that both motions be rejected.
You can find more information here:
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20224270
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20223414
E-Health – 22.3859
Based on the motion 22.3859, the Federal Council is to present a clear plan on how the digitisation goals in the healthcare system can be realised with standardised processes and data sets and how backlogs can be made up. In addition, it is instructed to create a legal basis for the use of SMVS data (Swiss Medicines Verification System) for the digital management of supply bottlenecks.
The Federal Council is to take a further step towards a digitalised healthcare system, based on Motion 22.4423, by creating a legal basis for the use of QR codes on medicinal products.
The Federal Council shares the concern of the first motion that there is a need to catch up in the digitisation of the healthcare system, but considers that it is already well on the way to addressing this. A dispatch is to be submitted to parliament by the end of 2023, including a corresponding commitment credit. In this context, however, the Federal Council points to its limited regulatory competence in the healthcare sector and the resulting lack of standards.
On the other hand, the Federal Council believes that the request to create a legal basis for the use of SMVS data is premature, as there is not yet a conclusive analysis of how to manage supply bottlenecks. The SMVS database was a possible option, but not the only one. Only when the analysis has been completed can it be determined which solution will be adopted.
With regard to the second motion, the Federal Council sees the advantages of using QR codes on medicinal product packaging. However, it emphasises the need for appropriate transition periods and the accessibility of the information.
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20223859
- https://www.parlament.ch/de/ratsbetrieb/suche-curia-vista/geschaeft?AffairId=20224423
Innovation – 21.3937
This infringement further mandates the Federal Council to set up a guarantee and credit system to enable SMEs to invest in climate-friendly and digitalised working or production processes.
In its statement, the Federal Council refers to existing mechanisms that already successfully enable these investments. According to the Federal Council, Switzerland has always been successful in this regard in international comparison. Moreover, further measures to strengthen the venture capital market are planned, so that the Federal Council has requested that the motion be rejected.
You can find out more here: