Market Research · Switzerland · Finance
Switzerland's Enterprise AI Path: Narrow Regulation, Heavy Supervisory Expectations

Switzerland is not writing an AI Act. That choice is deliberate, and it is the single fact that shapes every enterprise AI decision made in the country right now. Instead of a horizontal law modeled on the EU, the Federal Council has opted for targeted, sector-specific rules layered on top of existing financial, data-protection, and product-safety regimes — a lighter statutory footprint than Brussels, but not a lighter compliance bar. For banks, insurers, and life-sciences firms already supervised by FINMA and bound by the revised Federal Act on Data Protection (FADP), the practical governance burden is arguably comparable; it just arrives through existing regulators rather than new legislation.
A deliberately narrow regulatory path
On 12 February 2025, the Federal Council confirmed that Switzerland will ratify the Council of Europe’s Framework Convention on Artificial Intelligence, which it signed in March 2025, and will implement it through amendments to existing sectoral law rather than a standalone AI statute. As Pestalozzi Attorneys summarize the decision, Switzerland is pursuing “targeted, sector-specific adjustments,” reserving general rules for cases where fundamental rights are directly at stake, alongside non-binding accompanying measures. A consultation draft covering transparency, data protection, non-discrimination, and oversight is due from the Federal Department of Justice and Police by the end of 2026, with a parallel plan for non-binding measures — including alignment with major trading partners — due on the same timeline, per the Federal Chancellery’s AI regulation page. Until then, no new AI-specific statute changes what enterprises must do today.
FINMA sets the real near-term bar for finance
For financial institutions, the operative document is not a future AI law but FINMA Guidance 08/2024, published 18 December 2024. It applies existing, technology-neutral governance and risk-management requirements to AI rather than creating new ones, and it is explicitly principle-based rather than prescriptive — FINMA describes it as sharing observations from supervisory practice, not issuing new rules. The guidance flags model risk (robustness, explainability, bias), data risk, third-party dependency, and operational and reputational exposure, and it expects clear allocation of responsibility for AI development, testing, and monitoring. A related FINMA survey published in April 2025 found roughly half of surveyed institutions already using AI or piloting initial applications, with another quarter planning adoption within three years — and institutions reporting a heavier focus on data-protection risk than on model risk, a gap FINMA’s guidance is explicitly designed to close.
Data protection is the de facto AI law
In the absence of AI-specific legislation, the revised FADP, in force since 1 September 2023, is doing much of the regulatory work. Switzerland’s data protection authority, the FDPIC, has stated plainly that current data-protection legislation already applies directly to AI-supported processing: the FADP’s transparency, purpose-limitation, and high-risk-processing (including mandatory data protection impact assessments) obligations extend to AI systems by design, because the law is written in technology-neutral terms. Practices the FDPIC calls out as incompatible with the FADP include real-time comprehensive facial recognition and social-scoring-style profiling. For enterprise buyers, this means AI governance in Switzerland is inseparable from data-protection compliance — there is no separate AI track to design around.
Deep research infrastructure behind the market
Switzerland’s enterprise AI market sits on unusually strong domestic research capacity. The Swiss AI Initiative, led jointly by ETH Zurich and EPFL with more than ten partner institutions, released Apertus in September 2025 — a fully open, multilingual foundation model (8B and 70B parameter versions) trained on the CSCS “Alps” supercomputer, with architecture, training data, and weights all published under Apache 2.0. EPFL’s announcement frames it explicitly as a transparency and sovereignty play — relevant to regulated buyers who need auditable, explainable models rather than opaque APIs. That research base gives Switzerland-based enterprises a credible domestic alternative to hyperscaler-only model sourcing when auditability matters.
Adoption is concentrated in pharma and banking
Adoption evidence in regulated sectors is concrete rather than aspirational. Roche’s acquisition of AI diagnostics specialist PathAI, reported by swissinfo, and Novartis’s expanded partnership with Google DeepMind’s Isomorphic Labs — an upfront payment plus milestone-based payments reported in the same swissinfo coverage of AI-discovered drugs — show Swiss pharma treating AI as core R&D infrastructure, not an experiment. UBS Global research similarly frames AI as a structural theme now embedded in how Swiss companies invest and compete, not a side initiative.
What this means for enterprise buyers
Switzerland’s light statutory footprint is not a green light — it’s a redirection. Regulatory obligation still lands, just through FINMA supervision and FADP data-protection law rather than a horizontal AI act, and both already demand documented model governance, risk classification, and data protection impact assessments. Enterprise buyers in finance, healthcare, and government should build AI systems assuming FINMA-grade governance and FADP-grade data handling as the floor, not the ceiling, of what “compliant” means — because by the time a sector-specific AI statute lands in 2026 and beyond, the underlying accountability standard will already be years old.