Our thinking

AI Watch: Global regulatory tracker

What's inside

Keeping track of AI regulatory developments around the world.

The global dash to regulate AI

Artificial intelligence (AI) has made enormous strides in recent years and has increasingly moved into the public consciousness.

Increases in computational power, coupled with advances in machine learning, have fueled the rapid rise of AI. This has brought enormous opportunities, as new AI applications have given rise to new ways of doing business. It has also brought potential risks, from unintended impacts on individuals (e.g., AI errors harming an individual's credit score or public reputation) to the risk of misuse of AI by malicious third parties (e.g., by manipulating AI systems to produce inaccurate or misleading output, or by using AI to create deepfakes).

Governments and regulatory bodies around the world have had to act quickly to try to ensure that their regulatory frameworks do not become obsolete. In addition, international organizations such as the G7, the UN, the Council of Europe and the OECD have responded to this technological shift by issuing their own AI frameworks. But they are all scrambling to stay abreast of technological developments, and already there are signs that emerging efforts to regulate AI will struggle to keep pace. In an effort to introduce some degree of international consensus, the UK government organized the first global AI Safety Summit in November 2023, with the aim of encouraging the safe and responsible development of AI around the world. 

Most jurisdictions have sought to strike a balance between encouraging AI innovation and investment, while at the same time attempting to create rules to protect against possible harms. However, jurisdictions around the world have taken substantially different approaches to achieving these goals, which has in turn increased the risk that businesses face from a fragmented and inconsistent AI regulatory environment. Nevertheless, certain trends are becoming clearer at this stage:

  1. "AI" means different things in different jurisdictions: One of the foundational challenges that any international business faces when designing an AI regulatory compliance strategy is figuring out what constitutes "AI." Unfortunately, the definition of AI varies from one jurisdiction to the next. For example, the draft text of the EU AI Act adopts a definition of "AI systems" that is based on (but is not identical to) the OECD's definition, and which leaves room for substantial doubt due to its uncertain wording. Canada has proposed a similar, though more concise, definition. Various US states have proposed their own definitions, which differ from one another. And many jurisdictions (e.g., the UK, Israel, China, and Japan) do not currently provide a comprehensive definition of AI. Because several of the proposed AI regulations have extraterritorial effect (meaning more than one AI regulation may apply simultaneously), international businesses may be forced to adopt a "highest common denominator" approach to identifying AI based on the strictest applicable standard.
  2. Emerging AI regulations come in different forms: The various emerging AI regulations have no consistent legal form – some are statutes, some are executive orders, some are expansions of existing regulatory frameworks, and so on. The EU AI Act is a "Regulation" (which means that most of it will apply directly in all EU Member States, without the need for national implementation in most cases). The UK has taken a different approach, declining to legislate at this early stage in the development of AI, and instead choosing to task existing UK regulators with the responsibility of interpreting and applying five AI principles in their respective spheres. In the US, there is a mix of White House Executive Orders, federal and state initiatives, and actions by existing regulatory agencies, such as the Federal Trade Commission. As a result, the types of compliance obligations that international businesses face are likely to be materially different from one jurisdiction to the next. Many other jurisdictions have yet to decide whether they will issue sector-specific or generally applicable rules and have yet to decide between creating new regulators or expanding the roles of existing regulators, making it challenging for businesses to anticipate what form their AI regulatory relationships will take in the long term.
  3. Emerging AI regulations have different conceptual approaches: The next difficulty is the lack of a consistent conceptual approach among emerging AI regulations around the world – some are legally binding while others are not, some are sector-specific while others apply across all sectors, some will be enforced by regulators while others are merely guidelines or recommendations, and so on. As noted above, the UK approach is to use existing regulators to implement five AI principles, but with no new explicit legal obligations. This has the advantage of meaning that businesses will deal with AI regulators with whom they are already familiar but has the disadvantage that different UK regulators may interpret these principles differently in their respective spheres. The EU AI Act is cross-sectoral and creates new regulatory and enforcement powers for existing bodies, including the European Commission, and also creates entirely new bodies such as the AI Board and the AI Office, while leaving EU Member States to appoint their own AI regulators tasked with enforcing the AI Act. In the US, the Federal Trade Commission, Equal Employment Opportunity Commission, Consumer Financial Protection Bureau, and Department of Justice issued a joint statement clarifying that their existing authority covers AI, while various state regulators are also likely to have competence to regulate AI. International organizations including the OECD, the UN, and the G7 have issued AI principles, but these impose no legal obligations on businesses. In principle, these initiatives encourage consistency across members of each organization, but in practice this does not seem to have worked.
  4. Flexibility is a double-edged sword: In an effort to create AI regulations that can adapt to technological advances that have not yet been anticipated, many jurisdictions have sought to include substantial flexibility in those regulations, either by using deliberately high-level wording and policies, or by allowing for future interpretation and application by courts and regulators. This has the obvious advantage of prolonging the lifespan of such regulations by allowing them to be adapted to future technologies. However, it also creates the disadvantage of uncertainty because it leaves businesses uncertain of how their compliance obligations will be interpreted in the future. This is likely to mean that it is harder for businesses to know whether their planned implementations of AI will be lawful in the medium-to-long term and may make it harder to attract long-term AI investment in those jurisdictions.
  5. The overlap between AI regulation and other areas of law is complex: A substantial number of laws that are not directly focused on AI nevertheless apply to AI by association within their respective spheres, meaning that any use of AI will often trigger compliance issues and legal challenges even where there is not (yet) any enforceable AI-specific law. These areas of overlap include: IP (e.g., IP infringement issues with respect to AI model training data, and questions about copyright and patentability of AI-assisted inventions); antitrust; data protection (which adds restrictions to processing of personal data, and in some cases imposes special compliance obligations for processing carried out by automated means, including by AI); M&A (where AI innovation is driving dealmaking in many markets); financial regulation (where financial regulatory requirements may limit the ways in which AI can lawfully be deployed); litigation; digital infrastructure; securities; global trade; foreign direct investment; mining & metals; and so on. This overlap will mean that many businesses need to understand not just AI regulations in general, but also any rules that affect the use of AI in the context of the relevant sector or business activity.

Businesses in almost all sectors need to keep a close eye on these developments to ensure that they are aware of the AI regulations and forthcoming trends, in order to identify new opportunities and new potential business risks. But even at this early stage, the inconsistent approaches each jurisdiction has taken to the core questions of how to regulate AI is clear. As a result, it appears that international businesses may face substantially different AI regulatory compliance challenges in different parts of the world. To that end, this AI Tracker is designed to provide businesses with an understanding of the state of play of AI regulations in the core markets in which they operate. It provides analysis of the approach that each jurisdiction has taken to AI regulation and provides helpful commentary on the likely direction of travel.

Because global AI regulations remain in a constant state of flux, this AI Tracker will develop over time, adding updates and new jurisdictions when appropriate. Stay tuned, as we continue to provide insights to help businesses navigate these ever-evolving issues.

Articles

Australia

Voluntary AI Ethics Principles guide responsible AI development in Australia, with potential reforms under consideration.

Australia

Brazil

The enactment of Brazil's proposed AI Regulation remains uncertain with compliance requirements pending review.

Sao Paulo

Canada

AIDA expected to regulate AI at the federal level in Canada but provincial legislatures have yet to be introduced.

Canada

China

The Interim AI Measures is China's first specific, administrative regulation on the management of generative AI services.

China

Council of Europe

The Council of Europe is developing a new Convention on AI to safeguard human rights, democracy, and the rule of law in the digital space covering governance, accountability and risk assessment.

European Union

European Union

The EU introduces the pioneering EU AI Act, aiming to become a global hub for human-centric, trustworthy AI.

 

European Union

France

France actively participates in international efforts and the EU AI Act negotiations, and proposes sector-specific laws.

Paris

G7

The G7's AI regulations mandate Member States' compliance with international human rights law and relevant international frameworks.

G7 flags

Germany

Germany evaluates AI-specific legislation needs and actively engages in international initiatives.

Germany

India

National frameworks inform India’s approach to AI regulation, with sector-specific initiatives in finance and health sectors.

India

Israel

Israel promotes responsible AI innovation through policy and sector-specific guidelines to address core issues and ethical principles.

Israel

Italy

Italy plays a prominent role in EU AI Act negotiations and engages in political discussions for future laws.

Milan

Japan

Japan adopts a soft law approach to AI governance but lawmakers advance proposal for a hard law approach to generative AI foundation models.

Tokyo

Norway

Position paper informs Norwegian approach to AI, with sector-specific legislative amendments to regulate developments in AI.

Norway

OECD

The OECD's AI recommendations encourage Member States to uphold principles of trustworthy AI.

country flags

Singapore

Singapore's AI frameworks guide AI ethical and governance principles, with existing sector-specific regulations addressing AI risks.

Singapore

Spain

Spain creates Europe's first AI supervisory agency and actively participates in EU AI Act negotiations.

Madrid

Switzerland

Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.

Switzerland

Taiwan

Draft laws and guidelines are under consideration in Taiwan, with sector-specific initiatives already in place.

Taiwan city

United Kingdom

The UK prioritizes a flexible framework over comprehensive regulation and emphasizes sector-specific laws.

London hero image

United Nations

The UN's new draft resolution on AI encourages Member States to implement national regulatory and governance approaches for a global consensus on safe, secure and trustworthy AI systems.

United Nations

United States

The US relies on existing federal laws and guidelines to regulate AI but aims to introduce AI legislation and a federal regulation authority.

New York city photo

Contacts

Tim Hickman
Partner
London
Erin Hanson
Partner
New York
Dr. Sylvia Lorenz
Partner
Berlin
Switzerland

AI Watch: Global regulatory tracker - Switzerland

Switzerland's National AI Strategy sets out guidelines for the use of AI, and aims to finalize an AI regulatory proposal in 2025.

Insight
|
8 min read

Laws/Regulations directly regulating AI (the “AI Regulations”)

Currently, there are no specific laws, statutory rules, or regulations in Switzerland that directly regulate AI. AI in Switzerland is currently subject to “traditional” laws that are mostly technology-neutral, such as data protection legislation or medical device regulations, and other sector-specific frameworks. 

Status of the AI Regulations

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. The Federal Council has instructed the Federal Department of the Environment, Transport, Energy and Communications (DETEC) to identify potential approaches to regulating AI by the end of 2024, with the aim of issuing a mandate for an AI regulatory proposal in 2025.1

Although Switzerland has usually favored a technology-neutral approach with a focus on sectoral rules instead of a horizontal regulation, a report on “Artificial intelligence and international rules” in 2022 found that this approach may cause tensions with the international regulatory framework.2 In any event, it is expected that any future AI regulation in Switzerland will be compatible with international standards to ensure that regulatory rules are not fragmented. 

In this context, Switzerland also takes an active role in shaping global AI regulations, such as through discussions within the Council of Europe Committee on Artificial Intelligence.

Other laws affecting AI

There are various laws that do not directly seek to regulate AI but may affect the development or use of AI in Switzerland. A non-exhaustive list includes:

  • The revised Federal Act on Data Protection (FADP) entered into force on September 1, 2023 and includes provisions on automated decision-making in relation to personal data3
  • Intellectual property laws may affect several aspects of AI development and use (particularly the Copyright Act4 and Patents Act5)
  • Civil law (such as the Swiss Civil Code6, Code of Obligations7 or the Product Liability Act8)
  • Product safety laws, both general (such as the Product Safety Act9) and sectoral (such as the Therapeutic Products Act10 and Medical Devices Ordinance11)
  • Non-discrimination laws in the areas of gender equality and protection of disabled people (Gender Equality Act12 and Disability Discrimination Act13)
  • Swiss Criminal Code14
  • General human rights legislation (such as the Federal Constitution  and Convention15 for the Protection of Human Rights and Fundamental Freedoms)

In addition, there is soft law and guidance from authorities, including guidelines about artificial intelligence for the federal government (2020)16 recommendations from the Swiss Federal Data Protection and Information Commissioner about data processing in relation to AI (2023)17 and expectations from the Swiss Financial Market Supervisory Authority (FINMA) for the use of AI by regulated institutions (FINMA Risk Monitor 2023)18  (see section 6 below for more examples).

Definition of “AI”

As noted above, there are currently no specific laws or policies in Switzerland that directly regulate AI. Accordingly, no definition of AI is currently recognized through Swiss national legislation. As Swiss laws have focused on a technology-neutral regulation, there has been no need for a distinct legal definition.

While AI has been defined in publications by different government bodies (such as the Federal Department of Foreign Affairs’ “Artificial Intelligence and international rules” report of April 202219, or the Federal Council’s “Challenges of Artificial Intelligence” report of December 201920), such definitions have been inconsistent, and it is not possible to draw firm conclusions about future regulation at the time of writing.

Territorial scope

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Accordingly, there is no specific territorial scope at this stage. However, it should be noted that existing laws, such as the FADP, may apply extraterritorially under conflict-of-laws rules.

Sectoral scope 

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Accordingly, there is no specific sectoral scope at this stage. However:

  • The Federal Council has implemented general guidelines to ensure appropriate use of AI in federal departments and agencies, as well as external partners entrusted with governmental tasks including: developing sectoral AI strategies; introducing or adapting specific sectoral regulations; developing or using AI within the Federal Administration; and shaping the international regulatory framework on AI21
  • The FADP regulates the processing of personal data, and the Swiss Federal Data Processing and Information Commissioner has expressed expectations in relation to AI (as noted above)
  • FINMA has set out requirements in its circulars that may (indirectly) govern the use of AI by supervised institutions (e.g., Circular 2023/01 on “Operational risks and resilience” and Circular 2018/03 on “Outsourcing”). In addition, FINMA has expressed expectations in relation to the use of AI (as noted above)
  • The use of AI in medical devices is regulated under the Therapeutic Products Act, the Medical Devices Ordinance and related ordinances22
  • The DETEC may grant exceptional authorizations for the testing of autonomous vehicles on public roads based on the Road Traffic Act23
  • The Federal Office of Civil Aviation may grant authorizations for autonomous drone operations

Compliance roles

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Accordingly, there are currently no specific or unique obligations imposed on developers, users, operators and/or deployers of AI systems. There are, however, general requirements for the governance in companies, in particular stock companies, which continue to apply in relation to AI, and additional requirements apply for listed entities.

Core issues that the AI Regulations seek to address

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Where authorities have expressed expectations, these focus on robustness and reliability, non-discrimination, transparency, governance and accountability.

Risk categorization

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Although the EU’s risk categorization is mentioned in the “Artificial intelligence and international rules” report by the Federal Council, the report states that Swiss regulation may not be confined to such an approach.24

Key compliance requirements

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. However, the existing legal framework must be observed.

Regulators

As mentioned above, the Federal Council has begun a project to identify a regulatory approach to AI by 2024.25 Such regulation would be subject to the standard legislative procedure. It is unclear whether such regulation would involve a supervisory or regulatory authority, or which authority would exercise any enforcement powers.

However, as indicated above, certain authorities have supervisory and/or regulatory powers under existing laws that do not directly regulate AI but extend to its use in regulated sectors. For example, the Federal Data Protection and Information Commissioner (FDPIC) is the privacy authority and supervises federal data protection regulations. In this capacity, the FDPIC also supervises data protection in the context of AI.  Another example is FINMA, which (as noted above) has issued circulars that may apply to the use of AI (although AI is not explicitly mentioned) and has expectations in relation to the use of AI.26 Moreover, FINMA monitors the use of AI in the financial sector and may potentially step in if it determines a regulatory need (although no concrete plans are known).27

In addition, other federal and cantonal governmental bodies address AI and participate in the regulatory processes, for example: 

  • The Swiss Federal Institute of Intellectual Property has set up a project group to examine questions relating to the impact of AI on intellectual property law, and has started a joint project with the University of Zurich dedicated to AI and intellectual property28
  • The Federal Roads Office is assessing the consequences and impacts of automated driving on regulations29
  • The Federal Administration has set up the interdepartmental Competence Network for Artificial Intelligence as a central point of contact for AI within the Administration30
  • The Canton of Zurich has set up the Innovation Sandbox for AI as a test environment for the implementation of AI projects with collaboration on regulatory issues31

Enforcement powers and penalties 

As noted above, there are currently no specific laws or regulations in Switzerland that directly regulate AI. Accordingly, it is currently unclear what enforcement powers the relevant authority will have or what penalties they may impose upon breaches. 

As AI is currently governed by “traditional” laws, the regulators may have enforcement powers in relation to breaches of these laws. For instance, the FDPIC may issue binding orders to modify, suspend or discontinue data processing, or to delete personal data (but has no power to impose penalties). Some data protection violations may also be subject to criminal prosecution. In the area of financial market legislation, the FINMA has extensive enforcement tools, including ordering action to restore compliance with the law, industry bans, cease-and-desist orders and activity bans, the disgorgement of profits, withdrawal of authorization, or liquidation of supervised institutions.

1 See here
2
See here, pages 20 et seq.
3
See the FADP here, article 21
4
See the Copyright Act here.
5
See the Patents Act here.
6
See the Swiss Civil Code here
7
See the Code of Obligations here.
See the Product Liability Act here.
See the Product Safety Act here.
10 
See the Therapeutic Products Act here.
11
See the Medical Devices Ordinance here.
12
See the Gender Equality Act here.
13
See the Disability Discrimination Act here.
14 
See the Swiss Criminal Code here.
15
See the Federal Constitution here.
16
See here.
17 
See here
18 
See here.
19
See here, page 5.
20
 See here, page 5.
21
See here.
22 
See here.
23 
See the Road Traffic Act here, Article 106(5)
24
See here, pages 14 et seq. and page 20
25
See here.
26 
See here.
27
See here.
28 
See here.
29 
See here.
30
See here.
31 
See here.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2024 White & Case LLP


Walder Wyss contributors

David Vasella

David Vasella
Partner, Walder Wyss
+41 58 658 52 87
david.vasella@walderwyss.com

Kento Reutimann

Kento Reutimann
Attorney at Law, Walder Wyss
+41 58 658 55 11
kento.reutimann@walderwyss.com

 

Top