fairlane.systems

revDSG · COMPLIANCE

revDSG / revFADP and AI: what the revised Swiss Data Protection Act means for LLM use

The revised Swiss FADP has been in force since 1 Sep 2023. Anyone running LLMs on personal data must observe Art. 4, 5, 6, 7, 16-18, 19 and 21.

Researched & fact-checked by: · As of: 2026-05

What is the revDSG?

The fully revised Federal Act on Data Protection (FADP, SR 235.1) entered into force on 1 September 2023. It replaces the 1992 statute and aligns Switzerland with the EU GDPR without being its exact mirror. The English short form "revFADP" appears in cross-border contracts; in Swiss practice "revDSG" or simply "DSG" dominates.

The Act applies to language models whenever personal data is processed – that is, any information relating to an identified or identifiable natural person (Art. 5 lit. a FADP). For a client chatbot, AI-assisted payroll, or LLM-based email triage this is practically always the case. Indirect identifiability (e.g. street + date of birth) also counts.

Violations carry fines up to CHF 250,000 per incident – the responsible natural person, not the company, is criminally liable (Art. 60 ff FADP). The FDPIC (Federal Data Protection and Information Commissioner) has issued several clarifications since entry into force, in particular on AI systems (2024 opinion on generative AI, updated 2025/2026).

Why it matters

Three points make the FADP mandatory reading for AI projects.

First: accountability stays with the Swiss principal. A Swiss fiduciary office that uses a US LLM provider remains accountable for the provider's behaviour under Art. 9 FADP. "We only use OpenAI" does not discharge the duty – the FDPIC treats OpenAI as a processor, which forces a written data processing agreement (in FADP language: contract with the processor under Art. 9).

Second: third-country transfer is not automatic. Annex 1 of the FADP Ordinance (DSV / OPDP, SR 235.11) does not list the United States as a country with adequate protection – even after the Swiss-US Data Privacy Framework took effect on 15 Sep 2024. The framework permits transfer only to certified US companies. OpenAI, Anthropic and Google Cloud were certified at the start of 2026; many smaller providers are not.

Third: solely automated individual decisions are regulated. Art. 21 FADP requires information when a decision is based exclusively on automated processing and produces legal effects or significantly impairs the person. Example: an LLM score "client creditworthy yes/no" without human review triggers the information and hearing duties.

Which articles apply where

The articles below should be reviewed in practical order for any AI project.

Art. 4 – Supervisory authority. The FDPIC is competent for federal bodies and private processors. Consultations are free; formal investigations may lead to recommendations that are published.

Art. 5 – Definitions. "Personal data" is defined broadly. Even pseudonymised data remains personal data as long as re-identification is possible. Fully anonymised data falls outside the Act – the threshold is high (k-anonymity = 5 is the minimum debated).

Art. 6 – Principles. Good faith, proportionality, purpose limitation, accuracy. Concretely: an LLM may not be fed training data whose disclosure the client could not have expected ("purpose limitation"). A model fine-tuned on client emails may violate purpose limitation – even if the data stays "internal only".

Art. 7 – Privacy by design and by default. Privacy by Design + Privacy by Default are not a recommendation but law. For LLM setups: log system prompts only when needed, keep default retention short, mask personal-data fields before sending them to US models.

Art. 16-18 – Cross-border disclosure. Third-country transfer is permitted only when (a) adequate protection per the FADP Ordinance annex, (b) standard contractual clauses (the FDPIC published its own set in 2023), (c) binding corporate rules, or (d) explicit consent. A transfer impact assessment (TIA) is good practice in Switzerland too since the CJEU's "Schrems II" ruling.

Art. 19 – Duty to inform. When personal data is collected, the data subject must be informed: who (controller identity), why (purpose), from where (third source), to whom (recipient, third country). A website privacy notice is sufficient only if it is concrete and not "boilerplate".

Art. 21 – Automated individual decision. Duty to inform applies when a decision is solely automated and has legal effects. The data subject has the right to be heard and the right to manual review. Rule of thumb: as long as a human takes the final decision and can reject the model output, the case is outside Art. 21.

revDSG compliance check for AI in 7 steps

  1. 01Map the data flow: which personal data goes where, in which phase (training, inference, logging, backup)?
  2. 02Define the legal basis: consent (Art. 6 para. 7), contract performance, overriding interest (Art. 31 para. 1) – and document it.
  3. 03Sign a DPA with the LLM provider (OpenAI DPA, Anthropic DPA, Google Cloud Terms) – check the sub-processor list.
  4. 04Run a transfer impact assessment (TIA) for US providers: is the provider certified under the Swiss-US Data Privacy Framework?
  5. 05Update the privacy notice: Art. 19 – who, what, for what, from where, to whom, third country, retention.
  6. 06Check Art. 21: are there solely automated decisions with legal effect? If yes, add information + hearing + manual review.
  7. 07Maintain the record of processing activities (ROPA) under Art. 12 – mandatory from 250 employees, or for particularly sensitive data, or for high-risk processing.

When the revDSG check is mandatory

A formal FADP check is mandatory whenever an AI system (a) processes personal data, (b) is operated by a controller seated or established in Switzerland, or (c) produces effects in Switzerland. The territorial principle in Art. 3 FADP is broad – a German provider whose service affects Switzerland is also covered.

Concrete trigger points: first integration of an LLM provider in a production process; moving a dataset from on-premise to cloud; switching LLM providers; adding new data types (e.g. health or judicial data – particularly sensitive under Art. 5 lit. c); changing the processing region (EU vs US); any new sub-processor the LLM provider engages (e.g. CDN, logging provider).

Less obvious but often missed: even the model evaluation phase falls under the FADP if real personal data is used in test prompts. Recommendation: run the eval phase exclusively with synthetic or anonymised data.

When the FADP does not apply (carefully)

Three groups fall outside: purely anonymous data without re-identification risk, data on legal persons (the revised FADP protects only natural persons – protection of legal persons was abolished in 2023), and purely private use without external disclosure (Art. 2 para. 1 FADP).

In practice, "we only process company data" is often a mistake: as soon as contact persons, employees, directors or beneficial owners appear by name, personal-data law is back. An LLM analysis of "contract with Mustermann AG" typically contains personal data of the signing management.

This is not legal advice. For binding interpretation please consult a Swiss law firm or external data protection advisor. The FDPIC itself does not issue binding advance rulings, only non-binding consultations.

Trade-offs

STRENGTHS

  • Clear legal framework – unlike many countries, the duties are explicit
  • FDPIC focuses on consultation more than on sanctions
  • Close to GDPR – DPA templates from the EU market are largely reusable
  • Personal liability for natural persons raises compliance awareness at management level

WEAKNESSES

  • Cross-border transfer remains fragile – certifications can be revoked
  • Sub-processor chains at LLM providers are hard to oversee
  • Art. 21 (solely automated decisions) is legally contested – edge cases are unclear
  • Fines up to CHF 250,000 per incident – these accumulate quickly across clients

FAQ

Do I need a separate client consent for AI use?

Not strictly. Processing can also rest on contract performance or overriding interest (Art. 31 FADP). Transparency is mandatory however: the privacy notice must concretely mention that LLM providers act as processors, with the region (EU/US) and the certification named. Consent is recommended in two cases: particularly sensitive data (health, religion, court proceedings), and solely automated decisions under Art. 21.

Is the Swiss-US Data Privacy Framework sufficient for OpenAI use?

Yes, provided OpenAI appears on the current US Department of Commerce certification list and you have a written DPA. As of May 2026 OpenAI is certified. The certification can be revoked – monthly checks of the list on dataprivacyframework.gov are therefore recommended. An additional TIA remains advisable but not mandatory if the certification applies.

What happens if a client requests access under Art. 25?

You must disclose the personal data processed about the client within 30 days – including data in LLM logs and prompt caches. Practical consequences: system-prompt logging must be searchable, the retention policy must be documented, and the LLM provider must be contractually obliged to search its logs on request (standard DPA clause).

Does LLM use trigger a data protection impact assessment (DPIA)?

Under Art. 22 FADP a DPIA is mandatory if the processing entails a high risk to personality or fundamental rights. Indicators: large dataset, particularly sensitive data, new technology (LLM currently counts), automated decisions with legal effect. For a client chatbot under attorney-client privilege: DPIA recommended. For internal spell-check on non-personal text: not required.

Related topics

EU AI ACT · COMPLIANCEEU AI Act 2026: high-risk duties from 2 August 2026 – what Swiss providers must do nowTIA · COMPLIANCEThird-country transfer and Transfer Impact Assessment (TIA): Swiss data in US and PRC cloud LLMsART. 321 SCC · COMPLIANCEProfessional secrecy (Art. 321 SCC) and AI use: what lawyers, notaries, physicians and auditors must observeAUDIT TRAIL · AI CONCEPTAI audit trail design: what to log so an AI answer stays audit-readyROUTING · AI CONCEPTMulti-LLM routing: which model when, for how much

Sources

  1. EDÖB – Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter, Homepage · 2026-05
  2. Bundesgesetz über den Datenschutz (DSG, SR 235.1) – Fedlex Volltext · 2023-09
  3. Verordnung zum Datenschutzgesetz (DSV, SR 235.11) – Fedlex Volltext · 2023-09
  4. EDÖB – Stellungnahme generative KI und Datenschutz · 2024-11
  5. Swiss-US Data Privacy Framework (US Department of Commerce) · 2024-09

FITS YOUR STACK?

What this looks like in your business – a 30-minute intro call.

Book a call