Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button
Advertisement

Switzerland introduces 24-hour cyber reporting mandate for critical infrastructure

Switzerland has announced that the critical sector will be mandated to report a cyber attack within 24 hours of discovery.

user icon Daniel Croft
Tue, 11 Mar 2025 Security
Switzerland introduces 24-hour cyber reporting mandate for critical infrastructure
expand image

From 1 April, critical infrastructure operators who suffer a cyber attack will be required to report it to the Swiss National Cyber Security Centre (NCSC) within the first 24 hours of discovering a breach.

These include water, energy, communications, transport, health, administration and more areas of the critical sector.

You’re out of free articles for this month

“These reports will enable the NCSC to assist victims of cyber attacks and alert operators of critical infrastructure,” said the NCSC in a statement.

“The move is considered a significant step for Swiss cyber security, enhancing information sharing and response to cyber threats.“

The new mandate is an amendment to Switzerland’s Information Security Act, and while it will come into effect in April, those who fail to report will not face sanctions until 1 October, allowing operators to prepare their threat detection and analysis.

“This means that the reporting obligation will apply for six months before failure to report becomes sanctionable,” added the NCSC.

Those organisations that suffer a cyber attack that “threatens the functioning of critical infrastructure, has resulted in the manipulation or leakage of information, or involves blackmail, threats or coercion” will be mandated to report it under the new scheme.

To ease the reporting process, the NCSC has made the reporting form available on its Cyber Security Hub website. Those who are not registered can access a form on the NCSC website and email it.

“After submitting the initial report within 24 hours of discovering the incident, they have 14 days to complete their report,” it said.

The NCSC said the new reporting requirements are in line with international standards, including the EU Directive that mandates that all EU member states report cyber security events.

Australia, the US, Japan, the UK, and more have also mandated reporting requirements for critical infrastructure.

The Australian Cyber Security Centre (ACSC) requires organisations that become “aware that a critical cyber security incident has occurred, or is occurring, AND the incident has had, or is having, a significant impact on the availability of your asset” to report it to the ACSC within 12 hours of discovery.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2025 MOMENTUMMEDIA