Adequacy of Switerland by the EU

On the basis of Article 45 of Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)), the European Commission determines whether a country outside the European Union (EU) offers an adequate level of data protection. The European Commission then issues an adequacy decision and carries out periodic reviews to ensure that an adequate level of data protection is still guaranteed.

The effect of an adequacy decision is that personal data can flow from the EU (and from Norway, Liechtenstein and Iceland, which, as members of the European Economic Area (EEA), are also subject to the GDPR) to a third country without any additional safeguards being required.

To date, the European Commission has recognised several countries as offering adequate protection. Switzerland was granted an adequacy decision on 26 July 2000, and Swiss data protection law has of course evolved in the meantime to continue to ensure a high level of data protection. The Federal Act on Data Protection and its implementing ordinances were revised to strengthen data protection, firstly to respond to the rapid development of new technologies and secondly to take account of international developments, in particular the reforms carried out by the European Union and the Council of Europe in this field.

On 15 January 2024 the European Commission published a report on the maintenance of adequacy decisions with regard to several third countries, including Switzerland, thereby confirming that Switzerland offers an adequate level of data protection.

Last modification 20.02.2024

Top of page