Focus on digital infrastructure and cybersecurity: the 2025 winter session

The motion by Council of States member Matthias Michel from the canton of Zug instructs the Federal Council to create the legal basis for systematically improving the federal administration’s data holdings and making them usable for AI applications. The aim is to produce high-quality, structured and internationally comparable data that can be used for multiple purposes, such as research and data-based applications.

The study ‘Data-Sharing Initiatives and Data Rooms 2025’ commissioned by digitalswitzerland and Swiss Data Alliance underscores this need for action: there are already over a hundred initiatives in Switzerland for data exchange between business, administration and research. However, their potential often remains untapped. The main reasons are poor data quality, a lack of standards and insufficient interoperability. Financing and trust between the players are also considered key obstacles.

Without common standards, clear responsibilities and reliable governance, the benefits of data rooms remain limited. From digitalswitzerland’s point of view, there is therefore a need for a coordinated and practical data infrastructure that integrates the state, business and science. It is clear that data availability and data security are inextricably linked and must be considered together.

Resilience as a shared task

Against this backdrop, the Parldigi parliamentary group held an event in Bern on Thursday dedicated to the topic of ‘Rethinking cybersecurity’, which was organised by digitalswitzerland together with other partners. Around eighty participants from administration, politics, science, business and civil society took part.

The event was opened by National Councillor Gerhard Andrey, member of the Parldigi core team and co-president of the parliamentary group Cyber. The subsequent presentations provided insights into current developments in cybersecurity, including new threats, agent-based AI systems and zero-trust approaches. In the closing round, Min Li Marti, the other co-president of the group, emphasised the importance of cross-sector cooperation in order to tackle cyber security as a challenge for society as a whole.

This assessment is reflected in the decisions taken during the winter session. Parliament increased funding for the Federal Office for Cyber Security in order to strengthen prevention and defence. From digitalswitzerland’s point of view, it is crucial that these additional funds are used specifically to strengthen existing capabilities and that new regulatory requirements remain proportionate.

Cybersecurity should be effectively increased without creating unnecessary administrative burdens for companies. In addition to protecting digital infrastructures, the question of how state and economic actors can act in a legally binding manner in the digital space is also becoming increasingly important.

e-ID for businesses

A postulate by National Councillor Andrey ties in with the e-ID adopted by Swiss voters in September and calls on the Federal Council to examine how it can be extended to legal entities.

It calls for a portable electronic identity for businesses that builds on the state’s trust infrastructure and enables organisations to operate in the digital space. Companies should be able to manage digital evidence such as roles or authorisations themselves. This promises to significantly reduce the administrative burden, especially for SMEs.

Alignment with international standards should also ensure connectivity with foreign systems, enabling Swiss companies to operate with legal certainty in international digital business transactions.

Following the referendum against the e-ID Act, the Alliance for the e-ID is campaigning for the Swiss population to receive a secure, state-issued digital identity card (e-ID). This will allow anyone who wishes to do so to identify themselves digitally in the future, securely and easily.

“The new e-ID is a decisive step forward for digital Switzerland and its economy. It strengthens trust in online interactions, offers citizens more convenience when dealing with the authorities digitally and simplifies business processes for companies.” – Franziska Barmettler, CEO digitalswitzerland

The new e-ID is the result of close collaboration between civil society, business and science – moderated and developed by the federal authorities. The result is a public service trust infrastructure for the general public that enables end-to-end and secure digital administrative processes and transactions with companies. This will considerably simplify many everyday situations for the population – such as concluding mobile phone contracts, obtaining an extract from the debt collection register or providing proof of age.

“By anchoring basic principles of data protection such as data minimisation and open source code, the e-ID forms an important basis for the development of digital services. The ongoing involvement of civil society is crucial to ensure public-interest and user-centred solutions that benefit us all.” – Erik Schönenberger, Managing Director Digitale Gesellschaft

The use of the new e-ID remains voluntary. The new law ensures that traditional identification using an ID card is still possible – freedom of choice is preserved. The decentralised nature of the infrastructure strengthens data protection and only mandatory data fields can be queried. Users of the new e-ID remain undisturbed – no third party, neither private nor governmental, gains access to individual transactions. This makes completely anonymous proof of age possible for the first time.

“Whether to protect your own identity, to ensure the protection of minors or for secure digital communication with the authorities – the electronic identity is an important step towards responsible and trustworthy digitalisation in Switzerland.” – Olga Baranova, Managing Director CH++

With the new e-ID, the central points of criticism of the first bill, which was voted on in March 2021, have been resolved. The legal basis for the e-ID is therefore supported almost unanimously by all parliamentary groups in the Federal Assembly. A broad, cross-party alliance of civil society organisations, academia and business associations also support the e-ID.

“The state digital identity card is a work of the century – the Switzerland of tomorrow is building on it. The e-ID strengthens direct democracy, removes existing hurdles, enables secure signature collection and more participation, for example for young people and people with disabilities.” – Daniel Graf, Board of Trustees member of the Stiftung direkte Demokratie

The Alliance for the e-ID thrives on the commitment of broad circles and is open to organisations and individuals from science, civil society, politics and business. Anyone who wants to stand up for a secure national digital identity is cordially invited to become part of this alliance and help shape the campaign.

“With great unity across all parties, Parliament and the administration have created a modern law for a new, state-run and trustworthy e-ID following the massive popular majority against the last bill.” – Gerhard Andrey, National Councillor and co-initiator of the new e-ID

About the Alliance for the e-ID:
The Alliance for the e-ID is an association of organisations and individuals from various sectors of society who are jointly committed to the introduction of a secure and state-issued digital identity card in Switzerland.

The Federal Council opened the consultation on the proposal for a new e-ID law. digitalswitzerland notes that the proposal for a new e-ID law resonates broadly with our members by setting the framework for a trust infrastructure whose core element is a government-issued e-ID. digitalswitzerland welcomes the strategic direction of the preliminary draft.

However, we are convinced that electronic identity can only become widely accepted in Switzerland if it is embedded in an inclusive ecosystem of electronic credentials. We consider it essential to include this aspect in the purpose article of the law. We also consider the regular audit of state-operated infrastructure, a vehicle for expert input on technological law implementation, fee structure according to international standards, and regulation of private confirmation mechanisms to be useful.

A brief summary of the key proposals:

1. Equal status for e-ID and e-ID ecosystem.
   Ensure that the e-ID, as the main credential of the ecosystem, thrives in a broad ecosystem that includes the private sector. The law should express this intention more clearly.
2. Expert input on the technological implementation of the law
   Create an instrument that allows for the involvement of experts from academia and industry in the implementation of the law (e.g. UX, security).
3. Fee structure according to international standards
   Follow internationally accepted principles for connectivity of SSI networks and make them free of charge for users (e.g. Sovrin Foundation rulebook).
4. Regulate private confirmation mechanisms
   Ensure that sector-specific trusted third parties or organisations can continue to perform their function in the digital ecosystem (e.g. swissuniversities).
5. Cybersecurity from the very beginning
   Check the structure of the Fedpol system for issuing E-IDs technically and procedurally for security issues. This should be anchored in the law.

The full statement can be found here in German and French.

In the autumn session from 12 to 30 September 2022, more than 30 items on digital policy are on the agenda – one of the main focuses in the Council of States are on the area of Digital Health.

The complete outlook is available in the national languages German and French.

In a letter dated 18 May 2022, the consultation on the Maturity Recognition Ordinance and the Administrative Agreement on the Recognition of Maturity Certificates was launched. digitalswitzerland thanks economiesuisse for this opportunity and is happy to comment from the perspective of the digital economy. We would like to state that we fully support economiesuisse’s statement.

Read our full consultation in German or French.

Every initiative, whether domestic or pan-european, exists primarily to solve a problem. GAIA-X is no exception. What makes the European initiative unique is the diversity of interrelated problems that it aims to solve all at once. This makes it ambitious and daring, while simultaneously raising expectations and pressure. As such, it is even more important to know concretely what it is and what it is not. And above all: what problems it actually aims to solve. So let’s start there.

The modern world runs on that data, which opens up a world of possibility for government, academia, organisations and SMEs. This is no secret. However, there are a number of obstacles to accessing their innovation value. Most importantly: stakeholders today cannot make entirely self-determined decisions. Why is that, and what really stands in the way?

Let’s take a look at six concrete barriers that exist today.

The unfortunate fact remains that all these barriers continue to persist. They are preventing stakeholders from unlocking the full value of their data. GAIA-X promises to address these obstacles in a manner that is true to European values and standards, and paves the way for a future-ready data infrastructure.

At its core, GAIA-X is a European governance project aimed at building the foundation for a data-driven economy. Therein, it can be interpreted as a ‘proposal’ for the next generation of a federated data infrastructure based on the latest thinking that is in line with European values, namely openness, transparency, and trust. 

How exactly is GAIA-X accomplishing this task? Short Answer: Through guidelines, policies and software frameworks. Indeed, the key deliverables of the initiative are documentation, notably the GAIA-X Policy Rules Document, GAIA-X Architecture Document, and Data Space Principles, which collectively form the de-facto ‘GAIA-X Standard’. The architecture of GAIA-X is based on the principle of decentralisation. GAIA-X is the result of many individual data owners (users) and technology players (providers) – all adopting a common standard of rules and control mechanisms – the GAIA-X standard. 

This GAIA-X Standards has a ‘harmonising’ effect. In this envisioned infrastructure, stakeholders would always be given the “option but not the obligation”. Once adopted, the de-facto standard would allow for self-determined decision making when it comes to data and cloud. The end result is aimed to obtain transparency, controllability, portability and interoperability across data and services, which allows for self-determined decision making and raises the competitiveness of Europe in the digital age. 

Fortunately for us, it’s in the name. ‘Gaia’ is the Greek goddess of Earth, symbolising a nurturing growing ecosystem, whereas the ‘X’ hints at the framework that is followed to achieve it.

In essence, the intended set of rules and regulations (i.e. the GAIA-X Standard) and the implementation of GAIA-X provide for the linking of data ecosystems and infrastructure ecosystems. As such, in its most abstract form, GAIA-X has three distinct components:

1. Data Ecosystem (i.e. the upper part of the X). Here, the initiative fosters ontologies for interoperability and API within and across sector-specific data spaces. Why does this matter? It provides Swiss organisations with one additional tool to empower collaborative data spaces and to develop innovative data-driven business models (referred to as Advances Smart Services) via a common framework that is standardised, efficient and self-sovereign (see example below).

2. Federation Services (i.e. the intersection of the X). Here, the initiative builds on EU policies & code of conducts that already exists to develop a so-called ‘Architecture of Standards’. That said, Federation Services go beyond compliance-supporting elements and will also include identity and  trust services, and a catalogue of GAIA-X compliant services. Why does this matter? It allows Swiss organisations to develop GAIA-X compliant services offering an easier mechanism to be compliant with the European Data Protection Regulation, the ‘Free Flow of Non-Personal Data Regulation’ and the European Cybersecurity Act. It includes the minimum technical requirements and services necessary for security by design and privacy by design.

3. Infrastructure Ecosystem (i.e. the bottom part of the X). Here, the initiative establishes portability and interoperability between network and interconnection providers. Why does this matter? It allows Swiss organisations, from corporates to SMEs, to have a more transparent view of the cloud offers and the dependencies (‘lock-in effects’) on individual providers would be reduced.

These three components in aggregate constitute the “GAIA-X Standard” in its most abstract form. It needs to be noted that the initiative aims to build this standard, and significant adoption thereof, within five years. The initiative further envisions the EU becoming a significant player in the global economy of data by the end of 2025.

While it is important to understand what GAIA-X is, it is equally critical to comprehend what the initiative does not do. At minimum, there are two elements that are frequently misunderstood or misinterpreted: 

First, some people suggest that GAIA-X builds infrastructure that stands in competition to existing cloud providers. This is not true. The initiative does not build any infrastructure itself. It fundamentally aims to connect and harmonise (i.e. through guidelines, policies and software frameworks) based on the principles of decentralisation. As such, GAIA-X is not an infrastructure itself but more a multitude of individual platforms that all follow a common standard – the GAIA-X standard. 

Second, other critics may suggest that GAIA-X intends to form a new digital oligopoly with exclusive access. This is also not true. The initiative is open to all organisations (from small Swiss SME to international cloud providers). Further, the GAIA-X European Association for Data and Cloud AISBL is a non-profit association that ensures the equal contribution possibility of all members. This, coupled with its ‘harmonising effect’, paves the way for fairer competition instead of a novel oligopoly. 

Let’s start at the problem: despite its potential, effective cross-organisational data collaboration doesn’t happen. But what exactly is the root cause of that? 

First, there are technological barriers that impede data collaboration. At present there are multiple technology stacks, unclear and inconsistent standards, a lack of APIs and limited interoperability. This, in aggregate, results in additional coordination efforts on both technical teams, and a prominent reason why you could not engage in cross-organisational data collaboration. Secondly, there are governance considerations that need to be taken into account which, even if you could, cast doubt on whether you should. There has been limited transparency on how the data exactly behaves once it is shared. 

Specifically, who gets which data under what conditions. The inability to make self-determined decisions regarding shared data further hinders effective cross-organisational data collaboration.

It is precisely here, where GAIA-X, and specifically the de-facto standard, provides one part of the solution. The common governance specifically helps companies that intend to create data rooms in their respective sector/industry. This has three concrete benefits: 

1. The GAIA-X Standard helps with regulatory compliance at an EU level, while setting out clear APIs/Standards for interoperability and portability.

2. The GAIA-X Standard provides clarity about terms of engagement via a single ‘agreement’ between organisations, which has been validated through the EU working groups.

3. The GAIA-X Standard sets out a framework for data collaboration wherein decision-making is possible on how, where and with whom data is shared – always on the basis of having the option (but not the obligation).

This has a very concrete impact as it paves the way for national and international data spaces for trustworthy and autonomous collaboration between organisations. 

According to a survey by Bitkom, the digital industry association in Germany, one in seven companies wants to build its core business on data in the foreseeable future while 75 percent of companies lag behind in the development of data-driven business models. Many organisations see part of the solution in GAIA-X. Indeed, 46 percent of German companies are interested in European cloud and data infrastructure according to a survey in June 2022. Some organisations are actively investing in GAIA-X initiatives. Consider, for instance, the Catena-X Consortium, focusing on the automotive industry in Germany. 

Through an open data ecosystem, governed by the GAIA-X Standard, it connects all players to end-to-end value chains. This allows for radically different business models, specifically traceability of CO2 footprint across the supply chain. Its ecosystem approach, alongside the ability to make self-determined decisions about data, has incentivised even long-standing competitors to come together. In the case of Catena-X, several staunch automotive competitors are collaborating including BMW, Mercedes, and Volkswagen. As this example indicates, GAIA-X remains part of the solutions (via the GAIA-X Standard), while the implementation of such consortia are usually led within the industry itself.  

More interestingly still: countries seem to be focusing on their nationally relevant industries: automotive in Germany, finance in Luxembourg, tourism in Italy. The reason for this is simple: Data ecosystems have an economic gravitas and are forming an inimitable competitive advantage. Such ecosystems aim to become local focal points for digital value creation via data collaborations. They further safeguard and expand the industrial competitiveness of many European economies.

The question becomes, where does Switzerland want to focus? At present, there are several important national initiatives underway: 

• Mobility: The National Data Infrastructure on Mobility (NADIM) aims at improving and facilitating multimodal transportation services and traffic management.
• Energy: The Swiss Hub for Energy Data (SHED) aims at improving the digitalisation of the Swiss energy grid by promoting decentralized, sustainable and reliable energy supply.
• Health: The Swiss Personalised Health Network (SPHN) aims at making health-relevant data interoperable and shareable for research in Switzerland.
• Public Sector: The National Data Management Programme (NaDB) aims at making data management in the public sector easier and more efficient by reusing data. 
• Finance: b.Link (Six) aims at offering standardised interfaces to financial institutions as well as software and service providers.

Further, there are two GAIA-X use cases that have been put forward by Roche. Namely, the “Framework of medical records in Europe” and the “Patient Empowered, Privacy Secured”. More will likely follow across different industries. 

There are multiple ways to connect to the Gaia-X Initiative. It is possible to connect existing organisations directly to the data-spaces which are currently forming abroad via the local coordinators (see summary of European data spaces above).

Another possible avenue is the creation of a local GAIA-X Hub, specifically targeted to the needs of Switzerland and its organisations. GAIA-X Hubs are the central contact points for companies, stakeholders, initiatives, associations, and public sector bodies in each country contributing to the GAIA-X and its standard. Internationally, the role of the hub is to nurture a dynamic, grassroots ecosystem that will help to conceptualise use cases that can be joined or replicated, and to shape the “GAIA-X Standard” at a European level. Domestically, the focus is to bundle national initiatives in alignment with the GAIA-X Standard, while creating use cases as part of working groups to shape an innovation-friendly data ecosystem. GAIA-X Germany, for instance, features the following domain working groups: Agriculture, Energy, Finance, Geoinformation, Health. Industry 4.0/SME. Mobility, Public Sector, Smart City/Smart Region. Smart Living.

As of June 2022, there are 15 GAIA-X Hubs either established in Europe, while others are in the process of setting up their local Hub. Japan and South Korea, despite not being in Europe, have also set up their Hubs. This underscores the critical point that GAIA-X builds a future-ready infrastructure on European principles, which resonate far beyond Europe.

In the fall of 2021, several digitalswitzerland members raised the importance of GAIA-X for Switzerland. Ever since, digitalswitzerland has worked towards establishing a connection between the European initiative and Switzerland and representing the view of the private sector in the dialogue. We connected with the GAIA-X CEO Francesco Bonfiglio, and with representatives of the German GAIA-X Hub. In parallel, Swico surveyed its members, which revealed that 77 % of organisations believe that a connection to the Gaia-X initiative can bring advantages to the industry.

Based on these findings, digitalswitzerland launched broad outreach to 10 European hubs in order to learn from their experience about the formation and operation of the Hubs. The purpose was to understand what we, as Switzerland, could learn from our European neighbours. The table below summarises the most important statements given by representatives of the associations that are leading the GAIA-X Hubs. The statements have been anonymised.

Armed with a better understanding of the exact nature of GAIA-X Hubs, digitalswitzerland prepared a workshop with representatives from governance, academic and industry associations to jointly develop an understanding of the scope/role of a potential Swiss GAIA-X Hub. On December 1st 2021, the workshop took place in Bern with the following participants: FDFA, Federal Chancellery, Swico, Swiss Data Science Centre (ETH, EPFL), SATW, and Swiss Data Alliance. The workshop included a Q&A session with representatives from GAIA-X Germany. 

The workshop came to two conclusions: First, there is consensus about the importance of advancing data spaces in Switzerland among all participants. This means that the existing data spaces need to be examined and that GAIA-X, as an enabler, should be closely monitored. Second, there seems to be interest to further explore a vehicle (called a “Swiss Data Hub”) that has the task of empowering and connecting the currently fragmented national data spaces. Here GAIA-X could be “one tool in the toolbox”.

In January and February, representatives from digitalswitzerland and the FDFA, jointly refined the concept of a so-called Swiss Data Hub, including its vision and underlying objectives. In March, the Federal Department of Foreign Affairs and the Federal Office of Communications published the “Report: Promotion of trustworthy data spaces and digital self-determination”, which includes various measures to promote trustworthy data spaces and digital self-determination in Switzerland and abroad. Therein, an official recommendation for action is the investigation of a possible “Swiss Data Hub”. This hub should act as a central point of contact for data rooms and empower them. The report further calls for the development of a voluntary “Code of Conduct” for Swiss data rooms. 

The Digital Self-Determination Network, which has been designated as the vehicle for further developments. The next concrete steps will be the development of a voluntary national code of conduct for the operation of trusted data rooms. This should happen by June 2023 with the involvement of all relevant actors. Interested parties can become a member of the network here. 

digitalswitzerland is a Swiss-wide, cross-sector initiative that aims to strengthen and anchor Switzerland as a leading digital research and innovation location. Herein, supranational efforts are relevant in positioning Switzerland as a leading digital nation. In addition, digitalswitzerland shares the underlying value of the GAIA-X initiative, namely openness, transparency, and trust. 

digitalswitzerland welcomes this development and wants to continue the discussion. In principle, we are prepared to support such a data hub in cooperation with other associations, provided that the Swiss government ‘matches’ the joint investments from the private sector (i.e. 50/50 split). We see this as the most sensible option given that the GAIA-X has advantages for both the Swiss private sectors (via data rooms) and for all of Switzerland (via digital sovereignty). In the interim, digitalswitzerland will continue to advocate for maintaining a connection to the GAIA-X initiative, support national data rooms and liaise between international data rooms and national organisations.

The 2022 summer session was dominated by crisis management. Parliament dealt with rising energy prices, Ukraine, the financial consequences of the Corona pandemic and the effects of climate change. From a digital policy perspective, Parliament made progress on e-government.

The complete review is available in the national languages German and French.

In the summer session from 30 May to 17 June 2022, there are once again more than 50 items on the agenda relating to digital policy – many of them from the fields of e-government and cybersecurity.

The complete review is available in the national languages German and French.

During the short special session from 9 to 11 May 2022, the National Council dealt with over 20 items of business relevant to the ICT economy and the digitisation of Switzerland.

The complete review is available in the national languages German and French.