revDSG and AI in the fiduciary office: DPA, data categories, FDPIC position, GwG practice

What this is about

Swiss fiduciary offices in 2026 sit between three duties: the revised Data Protection Act (revDSG, in force since 1 Sep 2023), the Anti-Money Laundering Act (GwG with 2026 revision), and the professional-care framework of TREUHAND|SUISSE. Anyone deploying AI – for client queries, document recognition, payroll – does not exit those duties but compounds them. A general revDSG compliance page (see ndsg-revfadp-ki) covers the legal architecture. This page focuses on fiduciary-specific practice: which contracts to sign, which data go where, which models at all, and which pitfalls the FDPIC has flagged for the fiduciary market.

Core message: AI in a fiduciary office in 2026 is not prohibited, but only permitted with documented groundwork. TREUHAND|SUISSE, with Connect AI, launched TreuhandGPT in December 2025 – a sector-specific platform that takes precisely this groundwork as its base. Anyone wishing to work directly with OpenAI, Anthropic, Mistral or locally with Ollama must assemble the building blocks themselves.

This is not legal advice. For binding interpretation in an individual case please consult a Swiss law firm specialising in data protection or an external data protection advisor. The FDPIC offers free but non-binding consultations.

Why the fiduciary narrowing matters

Three factors set the fiduciary situation apart from the general revDSG situation.

First: data categories are denser and more sensitive. A fiduciary bookkeeping holds wages (Art. 5 lit. c revDSG: particularly sensitive because social-insurance relevant), GwG data (identification, beneficial owners, risk classification), credit information, tax identifiers (AHV number, UID), family circumstances, client-relationship structures with potentially sensitive aspects. Each category has its own legal implications.

Second: the accountability chain is tighter. Fiduciaries are bound, depending on the mandate, by professional secrecy (SCC Art. 321 is by some commentators applied analogously), the contractual confidentiality duty (CO Art. 398), and where licensed as audit experts additionally by the Federal Audit Oversight Authority (FAOA). An AI incident that pushes a client dataset unlawfully into a US model is not just a revDSG breach – it can be a professional-duty breach with career consequences.

Third: client expectation is more sensitive. A fiduciary client assumes their wage data and tax correspondence do not land in a US cloud. Doing so without clean disclosure risks not only an FDPIC recommendation but client churn. The FDPIC explicitly noted in its January 2026 statement on generative AI that the duty to inform on processing by language models must be concrete and not "boilerplate".

Fourth point, often overlooked: professional secrecy carries no implied waiver via AI use. Even when the client consents to the fiduciary engagement generally, that consent does not automatically cover disclosure to an LLM provider.

Sensitivity-based routing – the core architecture

Fiduciary practice in 2026 has settled on a three-tier routing logic, described concretely here.

Tier A – public/synthetic. Market research, guideline search, tax-rate lookup, harmless standard questions. No personal data involved. Routing: cheapest fitting model – typically DeepSeek Chat or Mistral Small on the EU platform. No DPA-specific issue. Office token cost under CHF 1/month.

Tier B – anonymised or pseudonymised client data. Mail classification (category, language, urgency) without client IDs, booking logic with ID masking, document recognition with redaction of address and AHV number before the model call. Routing: Anthropic Claude Sonnet (via AWS eu-central-1 with zero retention, DPA in Anthropic commercial terms) or Mistral Large (La Plateforme EU). Both have DPAs, both are listed under the Swiss-US Data Privacy Framework since 2026 or covered via EU residency. Typical token cost CHF 5 to 25 per month.

Tier C – clear data, particularly sensitive or under professional secrecy. Wage data with names, GwG risk classifications, credit data, attorney-client correspondence, complete client files. Routing: local model on own server (Ollama with Llama 3.3 70B or Mistral 8x22B, GPU hardware required). No cloud routing for this tier – not even into the EU. This data stays in own infrastructure, ideally on a server in Switzerland (Infomaniak, Threema hosting, Hetzner via a Swiss reseller).

FDPIC position 2026. The FDPIC commented in January 2026 via Steiger Legal: generative AI as such is not under the FADP, but as soon as personal data is processed all duties apply. The FDPIC Data Protection Day 2026 (University of Lausanne) focused among other things on the "work" sector, which directly touches wage and HR data. From FDPIC contributions 2024-2026 we read four concrete recommendations: documented data-flow analysis, written DPA with every processor, clear client information, and human-in-the-loop for automated decisions with legal effects (Art. 21 FADP).

DPA – which document to sign? With OpenAI: the "OpenAI Data Processing Addendum" as part of business terms (applies from account type "business" or "enterprise"; not in the standard API). With Anthropic: "Anthropic Data Processing Addendum" via commercial terms; AWS Bedrock use in eu-central-1 additionally brings the AWS GDPR SCCs. With Mistral La Plateforme: the "Mistral DPA" includes SCCs for France/EU hosting. With Google Gemini: the "Google Cloud Data Processing Addendum". All four must be signed before production use.

Fiduciary revDSG AI check in 7 steps

1. 01Inventory data categories per workflow: public guideline, anonymised classification, clear wage data, GwG risk data, attorney privilege.
2. 02Build a routing table: each category to tier A (standard LLM), B (EU DPA LLM), or C (local LLM).
3. 03Sign a DPA with every productively used LLM provider: OpenAI DPA, Anthropic DPA, Mistral DPA, Google Cloud DPA. Check the sub-processor list.
4. 04Run a transfer impact assessment for US providers: is the provider currently listed under the Swiss-US Data Privacy Framework (dataprivacyframework.gov)?
5. 05Update privacy notice and client terms: which providers, which region, which data categories (Art. 19 FADP, concretely worded).
6. 06Check the human-in-the-loop obligation for all decisions with legal effect (Art. 21 FADP) and anchor it in the workflow.
7. 07Maintain the record of processing activities (ROPA) under Art. 12 – mandatory below 250 employees too where particularly sensitive data is processed (wages count).

When the fiduciary revDSG check is mandatory

Mandatory in five constellations.

First: first deployment of an LLM in a productive fiduciary process. Even when the software sounds well-promoted and safe – the check before go-live is mandatory.

Second: change of LLM provider. Every change is a new cross-border transfer and sub-processor situation requiring a fresh review.

Third: addition of a new data category. If the office previously ran only guideline queries with AI and now adds wage data, the data category escalates (Art. 5 lit. c) – the check starts over.

Fourth: with TreuhandGPT or other sector platforms, the assessment is not "the platform takes care of everything". The office must check whether client data follow the desired paths and which DPA the platform vendor has signed with sub-models.

Fifth: clients with elevated protection needs (law firms as clients, notaries, doctors, public authorities). Local-only processing may become an explicit contractual obligation – and should be written, formally.

When AI in a fiduciary office should not be deployed

Do not deploy if data-protection groundwork cannot or will not be completed. DPA with the LLM provider, documented data-flow analysis, updated privacy notice and updated client terms – these are not "nice to have" but mandatory preconditions. Postponing them postpones the risk into the future, not away.

Do not deploy without human approval on decisions with legal effect. Art. 21 revDSG requires the data subject to have the right to be heard and to manual review when a decision is solely automated and has legal effect. Example: AI-assisted credit classification deciding on a mandate acceptance without human review. Such setups are problematic under Art. 21 and in fiduciary context will practically always require a human layer.

Do not deploy for particularly secret mandates (attorney, medical) without local processing. The dominant reading of SCC Art. 321 in 2024-2026 literature requires that the secrecy trust not be passed through to a US LLM provider that is at least theoretically under US authority access.

Do not deploy if client information stays unclear. Art. 19 revDSG demands concrete information, not "boilerplate". "We may use modern IT tools" no longer suffices in 2026 – explicitly name the provider, the region, and the data categories involved.

This is not legal advice. When in doubt: book an FDPIC consultation (free, non-binding) or engage a Swiss data-protection law firm.

Trade-offs

FAQ

Related topics

Sources

1. EDÖB – Datenschutztag 2026, Universität Lausanne (Sektor Arbeit/Gesundheit/Bildung) · 2026-01
2. Steiger Legal – EDÖB Stellungnahme zu generativer KI und Datenschutz (Januar 2026) · 2026-01
3. TREUHAND|SUISSE / Connect AI – TreuhandGPT (Dezember 2025) und KI im KMU · 2026-02
4. Bundesgesetz über den Datenschutz (DSG, SR 235.1) – Fedlex Volltext (Art. 5/19/21) · 2023-09
5. Swiss-US Data Privacy Framework – Certification List (US Department of Commerce) · 2026-04
6. TREX / Treuhand|Suisse – Fachartikel KI und Automatisierung in der Treuhandpraxis · 2026-03