Summary: Switzerland will mandate that operators of critical infrastructure report cyber-attacks to authorities starting April 1, 2025. This requirement is part of an amendment to the Information Security Act that aims to enhance national cyber resilience. Operators will need to notify the National Cyber Security Centre (NCSC) within 24 hours if the attacks threaten critical functions or involve data manipulation or coercion.
Affected: Operators of critical infrastructure in Switzerland
Keypoints :
- Legislation introduced by the Federal Council on March 7, 2023, requires cyber-attack reporting.
- Operators must notify the NCSC within 24 hours if an attack impacts critical functions.
- Failure to report can result in fines, and a grace period is in place until October 1, 2025.
Source: https://www.infosecurity-magazine.com/news/switzerland-mandates-cyber/