May I use ChatGPT as a Swiss fiduciary? Data protection, DPA & business version (revFADP + possibly Art. 321 SCC)

What is this about?

For a fiduciary firm, the question "May I use ChatGPT?" has two layers. First, data protection law: the moment you enter your clients' personal data (names, AHV/social-security numbers, salary data, tenancy details) into ChatGPT, you are processing personal data within the meaning of the revised Federal Act on Data Protection (revFADP, in force since 1 September 2023). Second, confidentiality: fiduciaries owe their clients confidentiality primarily under contract (mandate law, Art. 398 CO - duty of care and loyalty) and professional standards. The criminally sanctioned professional secrecy under Art. 321 of the Swiss Criminal Code (SCC) does not list "fiduciaries" in its exhaustive catalogue (clergy, lawyers, notaries, auditors under the CO, physicians, etc.); for a typical fiduciary firm it applies only where the firm exceptionally acts as an auxiliary of a lawyer or as an auditor bound to secrecy under the CO. For most bookkeeping, tax and payroll mandates, the relevant standard is therefore contractual confidentiality, not Art. 321 SCC.

The short answer: yes, permitted in principle - but not with every version and not without a contract. The free ChatGPT Free tier and the personal ChatGPT Plus plan are unsuitable for client data because no data processing agreement (DPA) can be concluded there and inputs may by default be used for model training. The business versions ChatGPT Business (formerly Team) and ChatGPT Enterprise, as well as the API, by contrast offer a DPA, a contractual training exclusion and configurable data residency.

This article is not legal advice. It frames the legal situation (as of 2026) and shows which conditions you must put in place.

Why does it matter?

A fiduciary processing client data is, in data-protection terms, either a controller (determining purpose and means) or a processor for the client (Art. 5 lit. j/k revFADP). When using ChatGPT, the fiduciary outsources processing to OpenAI - which thereby becomes a (sub-)processor. Such outsourcing is permitted under Art. 9 revFADP only if (a) the third party processes the data only as the controller itself would be allowed to, (b) no statutory or contractual confidentiality obligation stands in the way, and (c) data security is ensured.

In addition - in the specific constellations where it applies - there is professional secrecy. Under Art. 321 para. 1 SCC, anyone who reveals a secret entrusted to them in their professional capacity is liable to imprisonment of up to three years or a monetary penalty. Importantly, Art. 321 is an offence prosecuted only on application ("shall, on complaint, be liable"); the prosecuting authority does not act ex officio but only upon a criminal complaint by the injured party. And: this norm captures a typical fiduciary firm only where it acts as an auxiliary of a lawyer or as an auditor under the CO (see above). According to prevailing doctrine and practice, engaging a cloud or AI provider does not breach secrecy provided the provider qualifies as an auxiliary of the secrecy holder: it must be contractually bound by instructions and to confidentiality, and the data must not be used for extraneous purposes (such as model training).

If the necessary basis is not established, several consequences loom: in the cases covered by Art. 321, criminal proceedings for breach of secrecy (only on complaint by the injured person, Art. 321 para. 1 SCC - not an ex-officio offence); independently, an investigation by the FDPIC with possible orders; and - often the most damaging in practice - a loss of client trust together with civil liability risk for breach of the contractual confidentiality duty (Art. 398 CO).

How does it work legally?

1. The version determines the legal basis. OpenAI concludes a Data Processing Addendum (DPA) only for ChatGPT Business (formerly Team), ChatGPT Enterprise and the API. For these products, inputs and outputs are by default not used to train the models. For ChatGPT Free and Plus this contractual training exclusion does not exist in the same way; there, only a manual opt-out is possible (Settings > Data Controls > "Improve the model for everyone"), which excludes new conversations from training - this is insufficient for client data because it does not replace the DPA required by Art. 9 revFADP.

2. DPA + auxiliary construction. OpenAI's DPA maps the requirements of Art. 9 revFADP: binding instructions, confidentiality, technical and organisational measures, and a sub-processor regime. This contractually shapes OpenAI as an instruction-bound auxiliary - the doctrinal bridge on which cloud use by secrecy holders is permissible under prevailing doctrine in the first place. For an ordinary fiduciary mandate, this auxiliary construction matters mainly for contractual confidentiality; the criminal secrecy of Art. 321 SCC is relevant only in the special cases noted above.

3. Cross-border disclosure (Art. 16/17 revFADP). OpenAI processes data partly in the USA. There is no general adequacy decision for the USA; however, since 15 September 2024 the Federal Council recognises an adequate level of protection for US companies certified under the Swiss-U.S. Data Privacy Framework (DPF) (resolution of 14 August 2024). Disclosures to DPF-certified US recipients are therefore permitted without additional safeguards. If the specific recipient (e.g. OpenAI) is not DPF-certified, disclosure is permitted only with appropriate safeguards - in practice the standard contractual clauses OpenAI offers in the DPA (Art. 16 para. 2 lit. d revFADP). OpenAI's DPF certification status must be checked separately in the DPF participant list. Since January 2026, OpenAI additionally offers data residency in Europe/EEA with in-region inference for Enterprise and the API, reducing cross-border disclosure for data at rest; whether a Swiss storage location is explicitly included should be verified in the current OpenAI DPA. Certain control-plane functions may still route through the USA.

4. Residual risk - lawful access. Even with EU hosting, theoretical governmental access (CLOUD Act) remains possible with a US corporation. For especially sensitive secrets, data minimisation (pseudonymisation, no clear names) or a Switzerland-hosted alternative should therefore be considered.

Step by step: introducing ChatGPT compliantly

1. 01Choose a business version (ChatGPT Business [formerly Team], Enterprise or API) - exclude Free/Plus for client data.
2. 02Conclude a Data Processing Addendum (DPA) with OpenAI and verify the training exclusion in the settings.
3. 03Activate Europe/EEA data residency (Enterprise/API), check for a Swiss storage location in the OpenAI DPA, and clarify the standard contractual clauses or DPF certification status for cross-border disclosure (Art. 16 revFADP).
4. 04Adjust the internal processing agreement with the client: disclose and obtain approval for sub-processing to OpenAI (Art. 9 para. 3 revFADP).
5. 05Record ChatGPT in the register of processing activities, if Art. 12 revFADP applies (obligation mainly for ≥ 250 employees or large-scale processing of particularly sensitive data; smaller firms check the exemption under Art. 12 para. 5 revFADP in conjunction with Art. 24 DPO), and document the TOMs (Art. 8 revFADP).
6. 06Draft a written AI policy: permitted/prohibited data, pseudonymisation rule, four-eyes review of outputs.
7. 07Train staff (recommended; the AI literacy obligation under Art. 4 EU AI Act since 02.02.2025 is binding only insofar as outputs are used in EU territory) and review usage periodically.

When is use justifiable?

Using ChatGPT in a fiduciary firm is justifiable when the following conditions are cumulatively met:

- Business version with DPA: ChatGPT Business (formerly Team), Enterprise or API - with an actively concluded Data Processing Addendum and a confirmed training exclusion. - Internal processing agreement: Your own DPA with your client covering onward outsourcing to OpenAI, where you yourself are a processor (Art. 9 para. 3 revFADP - approval of sub-processing). - Record of processing & TOMs: ChatGPT recorded as a processing activity in your register where the record-keeping duty applies (Art. 12 revFADP; SMEs with fewer than 250 employees are exempt under Art. 12 para. 5 revFADP in conjunction with Art. 24 DPO, unless they process particularly sensitive data on a large scale or conduct high-risk profiling - with payroll/AHV data, however, the exemption often does not apply), with documented technical and organisational measures (Art. 8 revFADP). - Internal directive: A written AI policy defining which data may and may not be entered.

ChatGPT is well suited to internal, non-personal or pseudonymised tasks: drafting contracts without clear names, research on accounting questions, structuring text, first drafts of correspondence subsequently reviewed by a professional. The AI literacy obligation under Art. 4 of the EU AI Act (Regulation (EU) 2024/1689) has applied since 2 February 2025; for a Swiss fiduciary firm it is binding only where the firm falls within the scope of the Regulation - notably as soon as AI outputs are used in EU territory (Art. 2 para. 1). For purely Swiss mandates, training is recommended due diligence, not a direct EU obligation.

When should you NOT use it?

Refrain from ChatGPT - or at least from entering identifiable data - in the following cases:

- Free or personal tiers: ChatGPT Free and Plus are not permissible for client data. The DPA is missing, and inputs may by default be used for training. A mere manual opt-out in the account is not enough to satisfy Art. 9 revFADP (and, in the relevant cases, Art. 321 SCC). - Secrecy without an auxiliary contract: As long as OpenAI is not contractually bound as an instruction-bound auxiliary (DPA + confidentiality + training exclusion), revealing protected client data is at least a breach of the contractual confidentiality duty (Art. 398 CO). A criminal breach under Art. 321 SCC arises only in addition where you exceptionally act as an auxiliary of a lawyer or as an auditor obligated under the CO - for an ordinary bookkeeping, tax or payroll mandate, Art. 321 SCC does not apply. - Sensitive personal data (Art. 5 lit. c revFADP) such as health, social-assistance or criminal-proceedings data: the risk here is high; entry should occur only in pseudonymised form and after a separate balancing of interests. - Missing internal governance: Without an AI policy and training - and, where the record-keeping duty applies, without a register entry - use is not compliantly documented even with the correct licence.

Ground rule: when in doubt, no clear names, no AHV numbers, no complete files in the prompt. If you are unsure whether OpenAI holds up as an auxiliary or whether Art. 321 SCC applies in the specific case, seek professional clarification before productive use. This is not legal advice; case-by-case assessment remains a matter for a lawyer.

FAQ

Related topics

Sources

1. Bundesgesetz über den Datenschutz (revDSG, SR 235.1) - Volltext Fedlex
2. Schweizerisches Strafgesetzbuch Art. 321 (Verletzung des Berufsgeheimnisses), SR 311.0 - Fedlex
3. EDÖB - Swiss-U.S. Data Privacy Framework / Angemessenheitsbeschluss USA (seit 15.09.2024)
4. OpenAI Data Processing Addendum (DPA)
5. OpenAI - Enterprise privacy (Training, DPA, Retention, Data Residency)
6. Verordnung (EU) 2024/1689 (EU-KI-Verordnung), Art. 2 & Art. 4 - EUR-Lex
7. EDÖB - Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter