fairlane.systems

TIA · COMPLIANCE

Third-country transfer and Transfer Impact Assessment (TIA): Swiss data in US and PRC cloud LLMs

Art. 16/17 revFADP, EU-US DPF with Swiss annex, EDÖB TIA module. When SCC suffice, when BCR are needed, what to assess at OpenAI/Anthropic.

Researched & fact-checked by: · As of: 2026-05

What does the third-country transfer regime in revFADP cover?

The revised Federal Data Protection Act (revFADP) regulates in Articles 16 to 18 the disclosure of personal data abroad. A third country in the sense of the Act is any state outside Switzerland not recognised by Federal Council ordinance as providing adequate protection. The list of recognised states is in Annex 1 of the DPO and as of May 2026 includes EU/EEA countries, the United Kingdom, Canada (commercial sub-area), Israel, Argentina, Uruguay, New Zealand, Japan, South Korea and the United States (subject to the Data Privacy Framework, see below).

Where the third country is NOT on the list, Art. 16 para. 2 revFADP applies: disclosure is permitted only if suitable safeguards ensure adequate protection in the specific case. Recognised safeguards include: international treaty, standard data protection clauses (SCC), specific contractual clauses, binding corporate rules (BCR, approved by EDÖB), or a code of conduct / certificate. In the absence of suitable safeguards, Art. 17 revFADP kicks in with exception grounds: explicit consent of the data subject, contract performance, overriding public interests, protection of life and limb, publicly available data.

Relevant for AI use: every prompt transmission to a US or PRC provider containing personal data is a disclosure under Art. 16 revFADP. The question is never WHETHER it is a transfer – the question is which safeguard supports it and whether the safeguard is sufficient in the specific case. This examination is called Transfer Impact Assessment.

Why the TIA is central with cloud LLMs

Switzerland recognised in July 2024 the Swiss-U.S. extension of the EU-US Data Privacy Framework (DPF), effective 15 September 2024. Since then US companies certified with the US Department of Commerce for the Swiss-U.S. DPF count as recipients with an adequate level of protection under Art. 16 para. 1 revFADP. Microsoft, Google and Anthropic are certified; OpenAI completed its certification in March 2025.

The DPF does not however suffice in all cases. First, it only covers data within the certified scope – the list of data types is self-declared by the recipient and may be narrow. Second, the Federal Supreme Court and doctrine (Vischer, Walder Wyss, Homburger) have not yet conclusively ruled whether the DPF sufficiently constrains continuing US mass surveillance under Section 702 FISA and Executive Order 12333. Third, the DPF is a bilateral mechanism; it does not apply to PRC providers (Alibaba Tongyi, Baidu Ernie, DeepSeek-Cloud).

The EDÖB has therefore recommended since September 2023, with its TIA guidance, to assess every third-country transfer in a documented procedure – even where the destination is on the adequacy list. The TIA module is a structured questionnaire ending in a formal documentation that serves as proof in EDÖB proceedings.

How a TIA for a cloud LLM is built

The EDÖB TIA module is structured in four blocks.

Block 1 – Transfer description: Who is controller, who is recipient? Which data categories? Which purposes? Which retention period? Example OpenAI: controller Swiss SME fiduciary, recipient OpenAI Ireland Ltd (as contractual party) with sub-processing by OpenAI OpCo LLC (USA), data categories pseudonymised mandate data and accounting questions, purpose answer generation, retention Zero Data Retention.

Block 2 – Legal-environment analysis: Which laws in the destination country allow government access? For the US: FISA Section 702 (mass surveillance of foreigners), Executive Order 12333 (foreign-intelligence collection), CLOUD Act (extraterritorial production orders), Stored Communications Act. For the PRC: Cybersecurity Law 2017, Data Security Law 2021, Personal Information Protection Law 2021, National Intelligence Law Article 7 (duty to cooperate with intelligence services). This block documents the legal exposure.

Block 3 – Case-specific risk analysis: How likely is government access to the specific data? Factors: political sensitivity of data, prominent persons, sector-specific intelligence interest (semiconductors, pharma, defence). For a Swiss fiduciary using AI for routine balance-sheet plausibility checks the risk is low; for a law firm with a US-sanctioned client or a pharma company with active-substance data it is real.

Block 4 – Supplementary measures: Where the risk analysis shows residual risks, technical and organisational safeguards are added: pseudonymisation, encryption at rest and in transit (TLS 1.3 as minimum), zero data retention, EU hosting of the inference endpoint (Azure OpenAI EU, Anthropic via AWS Frankfurt, Google EU Data Boundary), strict sub-processor lists, contractual clauses on information about authority requests.

TIA workflow in 6 steps

  1. 01Build a transfer inventory: which data go to which recipient, in which country, under which legal basis?
  2. 02Adequacy check: is the destination listed (DPO Annex 1)? If yes, is the recipient DPF-certified? If not, which safeguard under Art. 16 para. 2 revFADP?
  3. 03Legal-environment analysis: which authority access powers in the destination country? FISA 702, CLOUD Act, EO 12333 for the US; PIPL + NIL Art. 7 for the PRC.
  4. 04Case-by-case risk assessment: data categories, affected persons, sectoral intelligence interest, likelihood, severity.
  5. 05Supplementary measures: encryption, pseudonymisation, EU-hosted inference endpoint, ZDR, contractual notification clauses.
  6. 06Documentation and review: complete the EDÖB module, file in the compliance dossier, review annually and on every material change.

When a TIA is required

Mandatory: before any first-time disclosure of personal data to a recipient outside the CH/EU/EEA adequacy zone, or with DPF certification outside the declared scope. Even where the destination country is listed, the EDÖB recommends a simplified TIA as routine documentation.

In practice, for AI use in Swiss SMEs: TIA for OpenAI, Anthropic, Google, Microsoft Azure OpenAI on first implementation. TIA for Cohere (Canada – adequate but TIA recommended). TIA with elevated requirements for DeepSeek-API (PRC, no DPF), Baidu, Alibaba. NO TIA needed for Mistral SaaS in the EU, Aleph Alpha on CH hosting, or local Llama/Qwen deployments.

Repetition: the TIA must be redone on any material change – provider switch, new data categories, change of hosting location, new key law in the destination country. An annual routine review is customary. The document remains in the compliance file and is to be produced on EDÖB request.

Special caution for particularly sensitive personal data under Art. 5 lit. c revFADP (health, religious beliefs, criminal prosecution, biometric data) and for data under professional secrecy (Art. 321 SCC). Here requirements on the safeguard and supplementary measures are markedly stricter; when in doubt, no third-country disclosure.

When a classical TIA does not apply

A TIA is not a cure-all. Three constellations where TIA documentation does not suffice and other paths are needed:

Professional-secrecy cases: For Art. 321 SCC data (lawyer, notary, physician), a TIA with positive risk assessment alone does NOT satisfy the criminal confidentiality duty. Additional client consent, true anonymisation, or local hosting are required. See Professional Secrecy Art. 321 SCC.

Politically high-sensitivity mandates: Where data categories belong to sectors actively collected against in the destination country (US-FISA listings: semiconductors, quantum, biotech, defence; PRC intelligence interest: pharma, semiconductors, machinery), residual risk is not manageable with standard measures. EU hosting or local operation is the only clean solution.

Mass transfer with personal reference: Where a process transfers millions of personal-data records per year (e.g. AI-supported CRM analysis on all customer data), TIA evaluation itself becomes a task. EDÖB attention is high. BCR instead of SCC, plus EU hosting, are advisable.

No TIA required: with full anonymisation under Art. 5 lit. a revFADP (irreversible loss of personal reference). Anyone mathematically anonymising a dataset (k-anonymity >= 5, differential privacy) can send it without a TIA. Caution: pseudonymisation alone is NOT anonymisation in the legal sense.

Trade-offs

STRENGTHS

  • Structured documentation covers the burden of proof toward EDÖB
  • DPF significantly reduces effort for US recipients (simplified TIA suffices)
  • EDÖB module is freely available as a template, legally vetted
  • Annual routine review builds trust with clients and auditors

WEAKNESSES

  • Full TIA for non-DPF recipients (PRC) costs 4 to 8 consultant-days
  • Repetition needed on every material change – ongoing effort
  • DPF can be struck down again (Privacy-Shield risk); no long-term reliance advisable
  • TIA does not solve every problem – standard TIA measures do not suffice for professional-secrecy data

FAQ

Is the DPF enough or do I still need a TIA?

Both. The DPF creates the adequacy presumption; the TIA documents that you concretely examined that presumption. The EDÖB recommends a simplified TIA also for DPF-certified recipients, because the DPF covers only the recipient's declared scope and US mass surveillance under FISA 702 remains a legal question. Simplified TIA = about 4 pages; full TIA for non-DPF recipients about 15-25 pages.

Which LLM providers are DPF-certified?

As of May 2026: Microsoft Corporation (incl. Azure OpenAI Service), Google LLC, Anthropic PBC, OpenAI OpCo LLC (since March 2025), and Amazon.com Inc. (incl. AWS Bedrock). Non-DPF: DeepSeek, Alibaba Tongyi, Baidu Ernie, Mistral SaaS (EU, no DPF needed), Cohere (Canada, separate adequacy regime). The official list is at dataprivacyframework.gov.

What happens if the DPF is struck down again?

The DPF is the successor of the Privacy Shield (struck down 2020) and the Safe Harbor (struck down 2015). NGOs already announced challenges to the EU-US DPF in 2024. Should a CJEU judgment or an EDÖB decision strip away the DPF for Switzerland too, the adequacy presumption disappears – and all transfers can only be legitimised via SCC, BCR or consent. Prepare: include SCC clauses in the DPA contract today as a "fallback".

Do I need SCC or BCR for OpenAI?

OpenAI is DPF-certified (since March 2025). In the regular case DPF adequacy plus a simplified TIA suffices. SCC are recommended as a fallback in the DPA (standard template 2021/914 with the EDÖB Swiss adjustments). BCR are sensible only for groups with a large corporate perimeter, as a BCR procedure at the EDÖB takes 12-24 months. For SMEs: DPF + SCC fallback + simplified TIA = practical path.

Related topics

revDSG · COMPLIANCErevDSG / revFADP and AI: what the revised Swiss Data Protection Act means for LLM useART. 321 SCC · COMPLIANCEProfessional secrecy (Art. 321 SCC) and AI use: what lawyers, notaries, physicians and auditors must observeROUTING · AI CONCEPTMulti-LLM routing: which model when, for how muchOPENAI · LLM PROVIDEROpenAI GPT models from a Swiss fiduciary perspective: residency, pricing, complianceSELF-HOSTED VS. CLOUD · AI CONCEPTSelf-hosted vs. cloud LLM: a decision framework for SMEs and fiduciaries

Sources

  1. EDÖB – Leitfaden zur Prüfung des Datenexports (TIA-Modul) · 2024-08
  2. revDSG Art. 16-18 – Bekanntgabe ins Ausland (fedlex.admin.ch) · 2026-01
  3. Swiss-U.S. Data Privacy Framework – Federal Council recognition (15 September 2024) · 2024-08
  4. DSV Anhang 1 – Staaten mit angemessenem Schutzniveau · 2026-01
  5. Microsoft EU Data Boundary – Documentation for EU/EFTA customers · 2026-03
  6. OpenAI – Swiss-U.S. DPF certification (dataprivacyframework.gov) · 2025-03

FITS YOUR STACK?

This is not legal advice. For binding interpretation consult a Swiss lawyer / data-protection officer. We produce a transfer inventory and TIA documentation for your LLM pipeline in 3 to 7 days. Initial call free of charge.

Book a call