Switzerland does not yet have specific AI legislation. The approach chosen is one of technological neutrality: existing laws apply. In practice, three legal frameworks directly govern AI use in business.
The new Federal Act on Data Protection (nLPD, in force since September 2023) applies directly to AI-based processing. It requires transparency about the purpose and sources of data, impact assessments where high risks are involved, and a right to human review of automated decisions (art. 21 nLPD). Penalties can reach 250,000 CHF and expose senior executives to personal liability.
The Code of Obligations (art. 41 CO) requires the user organization to compensate any damage caused by an AI system it operates. The company is liable, not the system. The Federal Product Liability Act may also apply if the AI is classified as a defective component.
The European AI Act, adopted in March 2024 and entering into force progressively until 2026, directly concerns Swiss companies that operate in the European market or whose AI systems are deployed in the EU. It classifies AI into four risk levels (unacceptable, high, limited, minimal) and imposes documentation, audit, and CE marking requirements for high-risk systems.