Six-month reporting obligation for cyberattacks on critical infrastructures
Bern, 29.09.2025 — Since 1 April 2025, there has been a legal obligation in Switzerland to report cyberattacks on critical infrastructure. The National Cyber Security Centre (NCSC) regards the results after the first six months as positive. So far, a total of 164 reports have been received from critical infrastructures. From 1 October 2025, the planned sanctions for failing to report attacks will come into force.