The Swiss data protection regulator has stopped waiting. In its 2024/2025 annual report, the Federal Data Protection and Information Commissioner (FDPIC, the EDÖB) confirmed it had increased the staff dedicated to data protection violations by around 30% and concluded the first formal proceedings under the revised Data Protection Act.
In a separate public statement, the FDPIC has made clear that the Federal Act on Data Protection is directly applicable to AI-supported data processing. For Swiss companies operating AI agents in 2026, this changes the calculus on every active project.
What revDSG-compliant actually means for an AI agent
The revDSG (revised Federal Act on Data Protection, internationally referred to as nFADP or FADP) has been in force since 1 September 2023. It is Switzerland’s national data protection law and applies to any organisation whose processing has an effect in Switzerland, even if the processor is based abroad.
A revDSG-compliant AI agent is one where the data flow, vendor stack, decision logic, documentation, and incident handling all satisfy the FADP and the FDPIC’s interpretation of it. This is broader than the question “are we GDPR-compliant?” — Switzerland is GDPR-aligned, but it is not GDPR-identical. Three differences matter for AI projects:
- Extraterritorial scope. A US-hosted LLM serving Swiss customer queries falls inside the revDSG scope.
- Personal liability. Fines of up to CHF 250,000 can be imposed on the responsible natural person (not just the company) for willful breaches of information, disclosure, and cooperation duties.
- Cross-border transfers. When transferring data to a country without an adequacy decision, the EU Standard Contractual Clauses on their own are not enough. Switzerland requires a Swiss Addendum.
For a Head of Compliance, a DPO, or a COO who has personally signed off on an AI agent deployment, the personal liability point is not an abstract one. It changes who carries the risk if something goes wrong.
Why standard AI agent architectures fail revDSG
Most AI agents on the market today were built for the US or wider EU market. The architecture choices that made them fast to ship are the same choices that create Swiss data protection exposure. Three patterns appear consistently in projects we review at Swiss banks, insurers, and pharma companies.
The agent calls a US-hosted model over an API. Customer data leaves Switzerland during inference. Without a Swiss Addendum and a documented Transfer Impact Assessment, this is a finding waiting to happen. The vendor’s “GDPR-compliant” claim is not evidence of revDSG compliance.
The agent stores conversation history “for quality” indefinitely. Under revDSG, retention must be tied to a defined purpose, and the principle of data minimisation applies. “We keep it for quality” is not a documented purpose.
The agent makes automated decisions that affect customer rights without disclosing them. Article 21 FADP requires the controller to inform the data subject when a decision is based exclusively on automated processing and has a legal or significantly adverse effect. There is also a right to express a point of view and request human review. A nuance worth knowing: Article 21 imposes a disclosure duty, where Article 22 GDPR imposes an outright prohibition. The Swiss regime is more permissive in form. The disclosure obligation is just as binding.
None of this is unusual. This is the standard build pattern, and these are the cases the FDPIC has been investigating. Public 2025 rulings against Cembra Money Bank on information rights, and an ongoing examination of PostFinance’s voice-recognition authentication, show the regulator is willing to take on regulated firms and AI-adjacent processing.
What compliant Swiss AI agent projects look like in 2026
There is no single answer. There is a small set of design decisions, and a compliant project picks the right combination for its risk profile. The patterns below are what work in Swiss-regulated industries right now.
1. Swiss or EU data residency for inference and storage
The cleanest path is to keep both inference and storage inside Switzerland, or as a fallback inside the EU. Azure OpenAI Service in Switzerland regions, EU-hosted Bedrock, and self-hosted open-weight models on Swiss infrastructure each remove the international transfer question for the inference step. Storage of logs, embeddings, and retrieval data should follow the same boundary.
This adds engineering work and usually adds cost. It removes the largest single category of revDSG exposure.
2. Swiss Addendum and a Transfer Impact Assessment
When data residency in Switzerland is not feasible, the project needs the Swiss Addendum signed with the processor, plus a Transfer Impact Assessment. The assessment documents the legal landscape in the destination country and the technical and contractual safeguards in place. The FDPIC expects to see these documents during inspections.
3. DPIA completed before deployment
Article 22 FADP requires a Data Protection Impact Assessment (DPIA, or DSFA in German) for processing that presents a high risk to data subjects. AI agents in regulated industries almost always meet that threshold. The DPIA should identify the risks, the mitigations, and the residual risk, and it should be signed before go-live.
The most common finding in regulated AI projects is that the DPIA was started after launch or skipped entirely.
4. Data minimisation at the architecture level
Many AI agent platforms pass the entire customer record into the prompt context. Proportionality and data minimisation under revDSG require the agent to receive only the data needed to answer the question, with PII redacted or tokenised where it is not strictly needed for the response.
This is an architecture decision. Prompt engineering cannot fix it after the fact. Retrieval should fetch only the relevant fields, and sensitive data should be masked before it reaches the LLM.
5. Audit trail and explainability built into the stack
Every interaction needs to be traceable: which data went in, which model and version answered, which sources the answer was grounded in, and which human reviewed the case when a review was triggered. This serves three purposes:
| Requirement | What the audit trail enables |
|---|---|
| Right to information (Art. 25–27 FADP) | Showing what was processed and on what basis |
| Right to human review (Art. 21 FADP) | Demonstrating the review pathway exists and works |
| Internal audit and ISO 27001 controls | Producing evidence for security and compliance reviews |
A simple chat log is not an audit trail. The trail needs to include retrieval sources, model version, prompt template version, and any human review decision.
6. Build with a Swiss specialist
Some firms choose to build the entire compliance layer in-house. For most mid-size Swiss firms, this is slower than working with a partner who has already absorbed the learning curve. As a Swiss AI agency focused on regulated industries, Lab51 builds AI agents with Swiss-resident inference, Swiss Addendum templates, DPIA scoping support, and audit-grade logging built into the standard project from day one. The trade-off is integration time. Compliance scope is already inside the perimeter.
If you have an internal AI team with revDSG experience, build. If you do not, partnering removes 6 to 12 months of trial and error.
Why is this a 2026 problem
Three things have converged this year.
The FDPIC has moved from guidance to enforcement. Cases opened in 2024 have reached the decision phase, and published rulings are setting the precedent that compliance teams will be measured against. Swiss regulators have, in their own words, finished their introductory work on the new law and are now implementing it.
Swiss B2B buyers, especially in finance and pharma, have started asking procurement-stage questions about AI: where the data is processed, who the sub-processors are, and what the DPIA concluded. Suppliers without good answers are being filtered out before the demonstration.
The internal cost of waiting is rising. Every month a compliance-cautious project stays in limbo, a competitor with a working AI-supported workflow becomes faster, cheaper, and better at the same operations work. Inaction is no longer a free option.
The companies moving in 2026 are the ones with the clearest checklist. Risk appetite has very little to do with it.
The next step
If you are accountable for an AI agent decision in a Swiss-regulated firm, the practical next step is a short, defensible internal checklist that covers the design choices above and the rest of the FADP perimeter — vendor diligence, retention, data subject rights, training-data scope, and EDÖB notification thresholds.
We have published one. Fill out the form and receive the list in your email:
A 7-stage framework covering data flow, vendor selection, DPIA scope, audit trail design, and EDÖB-ready documentation. Built for Heads of Compliance, DPOs, and COOs at Swiss-regulated firms.
If you have any questions left, you can contact us feeling up the contact form.
