Zurich, 16.02.2026 Today the public consultation on the proposed law on communication platforms and search engines has ended. Interested parties were encouraged to submit their feedback on the draft proposal. ISOC-CH has used the opportunity to express the concerns with the proposed law that contains similar – though lesser – provisions than the EU Digital Services Act (DSA). The biggest concern lies in the decision making process on whether a “potentially illegal” user provided content shall be sanctioned; in particular when it is unclear whether or not a content is illegal (as this also includes legal content). Furthermore, the proposed law intends to delegate this decision from the judiciary to platform operators. While the judiciary is bound to the constitutional fundamental rights (such as freedom of speech and freedom of information, i.e. primarily defensive rights against the state), these rights do not apply to decisions of platform operators. As we learned e.g. by the “Twitter Files”, this setup has been misused by the last US government to delegate censorship in Social Media to private parties (such as NGOs), in order to circumvent the 1st amendment of the US Constitution (freedom of speech) You can find our full response to this public consultation here (in German). The post Public Consultation on Platform Regulation appeared first on ISOC Switzerland Chapter.

In 1996, at the annual gathering of the World Economic Forum in Davos, a libertarian manifesto rang out across the early web. John Perry Barlow’s “Declaration of the Independence of Cyberspace” imagined a realm beyond the reach of governments—weightless, borderless, self-governing.  Three decades later, the mood has shifted. In 2026, the question that was asked in Davos is no longer whether cyberspace is independent, but whether Europe can claim its own share of it. “Is Europe’s digital sovereignty feasible?” —an admission that sovereignty, once dismissed as obsolete in the digital age, has returned with force. In Brussels, Ursula von der Leyen elevates the concept in her agenda for Europe. The Digital Services Act asserts regulatory authority over global platforms. And in Bern, the Digital Switzerland Strategy 2026 places digital sovereignty at the heart of the country’s technological future. The idea of openness that we took for granted is now out of the window as the world is rapidly getting more confrontational. Geopolitical instability has exposed supply chains once thought secure. Artificial intelligence systems proliferate faster than institutions can comprehend them. Social media platforms shape public discourse at a scale no parliament or newspaper ever commanded. What was once an abstract ideal—control over one’s digital destiny—has become a strategic imperative. But in the rush to reclaim sovereignty, three uncomfortable questions loom—rarely addressed, often postponed. First: sustainability. Digital transformation is not ethereal. It consumes energy, rare earths, water, and land. Sovereignty in the cloud is still grounded in physical infrastructure. Second: health. The same networks that promise empowerment also entrench dependency. Internet addiction, algorithmic amplification, and perpetual connectivity strain mental health in ways policymakers are only beginning to quantify. Third: resilience. As societies entrust essential services—communication, finance, education, health—to digital systems, vulnerability deepens. Physical disasters, cyberattacks, and systemic failures no longer threaten convenience alone; they threaten continuity. It is in this context that the Switzerland chapter of the Internet Society steps into the debate with a deceptively simple question: What does digital sovereignty actually mean? Not as a slogan. Not as a regulatory instrument. But as a lived reality—for policymakers, educators, civil society, and above all, citizens. Respecting key values like openness, privacy, and democracy.  On March 27th, 2026, through a public event with special guests from European civil society organizations, ISOC-CH launches a long-term campaign to examine that question publicly—placing sustainability, health, resilience, openness, privacy, and democracy at its core. And on April 24th, at Open Education Day, it will extend the inquiry to the classroom, asking what digital sovereignty demands of those who shape the next generation. Because sovereignty in the digital age is not declared once and for all. It is negotiated—line by line, protocol by protocol, value by value. The Internet Society (ISOC) Switzerland Chapter is a non-profit organization that engages on a variety of Internet-related topics, ensuring that it is a place of possibility, opportunity, and progress that benefits people worldwide. We provide technically-grounded advice, policy recommendations, and educational material regarding privacy, security, Free and Open-Source Software, and digital sovereignty. We also organize informative events and debates like the annual Public Policy Sessions and participate in collaborative research projects like the NGI0 Commons Fund. As a national chapter of the international organization responsible for the .org domain, ISOC CH acts as a gateway between Switzerland and the international digital civil society. You can consider becoming a member (through the main ISOC web site) following the instructions at https://isoc.ch/membership, or just subscribe to our newsletter (2-3 announcements per year) by sending a message to contact@isoc.ch. The post What does digital sovereignty means for … policy makers, educators, the government, civil society, YOU? appeared first on ISOC Switzerland Chapter.

By Berna Alp and Marianthe Stavridou INTRODUCTION As societies undergo rapid digital transformation, public infrastructure is being fundamentally rethought. Money is no exception. While cash is declining across much of the world the question is no longer whether money will become digital, but how. Digital money or digital money transfers are not merely a technical upgrade. It encodes political choices about privacy, power, accountability, and sovereignty. The architecture chosen today will shape how citizens interact with the state, how markets function, and how much autonomy individuals retain in everyday economic life. In Europe, the Digital Euro project represents one path forward: a centrally governed, account-based system operated through banks and payment service providers. In Switzerland, a different model is emerging—built on open-source software, privacy by design, and cryptographic guarantees rather than institutional promises. This alternative is embodied in GNU Taler, an operational digital payment system already in use. This article compares the two approaches across six criteria that consistently surface in public debates on digital infrastructure: privacy, security, inclusion and usability, transaction costs, tax compliance, and digital sovereignty. Using publicly available documentation from the European Central Bank and real-world deployments of GNU Taler, the comparison highlights a fundamental divergence in design philosophy. At its core, the contrast is simple. The Digital Euro relies on identification, intermediaries, and trust in centralized institutions. GNU Taler relies on data minimization, mathematical guarantees, and transparency through open code. One treats privacy as a policy choice that can be adjusted. The other makes privacy a technical property that cannot be revoked. As governments decide how digital money should work, Switzerland’s experience shows that alternatives to surveillance-based payment systems are not theoretical. They already exist—and they work. DIFFERENT REALITIES – A COMMON ISSUE  As cash usage declines across many societies-from Scandinavia to China-we face a fundamental question: What kind of digital infrastructure should replace it? Two competing paradigms are emerging, and the choices made today will shape the future of money, privacy, and democratic control over critical public systems. The European Central Bank, through its Digital Euro project, represents one approach: centralized control, proprietary systems, and comprehensive transaction surveillance.  Switzerland, through three distinct but interconnected initiatives, offers an alternative: open-source infrastructure, privacy-by-design, and digital sovereignty through transparency[1]. The contrast between the EU and Swiss approaches reflects fundamentally different assumptions about how to achieve security, stability, and public trust in digital infrastructure. These differences stem from two distinct perspectives: a closed socio-economic and political system with a top-down decision-making approach, which may lead to increased surveillance and authoritarianism; and a more complex, mixed system with a bottom-up approach which, when applied correctly, can result in an open, social, and stable system based on trust[2]. Despite the EU’s open-source policy[3], the European Central Bank (ECB) has disregarded it in the Digital Euro project creating also a rift between EU’s policy and ECB’s approach.  THE DIGITAL EURO’S CLOSED ARCHITECTURE – A MISSED OPPORTUNITY To understand why the Swiss model offers advantages, we first examine the Digital Euro payment system’s design. The European Central Bank presents the Digital Euro as inclusive, privacy-preserving, and sovereign. However, analysis against public-interest criteria reveals significant tensions between these stated goals and the proposed architecture. To evaluate the Digital Euro payment system, we use six criteria that consistently emerge as priorities in citizen surveys, Internet governance debates, and open digital infrastructure design: privacy; security; usability, inclusion & accessibility; freedom from transaction costs; tax collection & income transparency; and sovereignty through open source (FLOSS)[4]. For comparison, we examine GNU Taler, an open-source payment system that takes an alternative architectural approach. GNU Taler is currently operational in Switzerland through Taler Operations AG[5].  THE CORE PROBLEMS PRIVACY THROUGH PROMISES, NOT DESIGN The online Digital Euro relies on an account-based architecture[6] requiring full identification by banks and Payment Service Providers (PSPs). There is zero privacy from them – they know and monitor everything the user does as with credit cards today.  The ECB receives transaction data through the DESP (Digital Euro Service Platform), but claims to use pseudonymisation and encryption techniques to prevent direct linkage to individuals. However, PSPs have full visibility of user identities and transaction details, and the centralized architecture with unique DEAN (Digital Euro Account Number)[7]identifiers creates technical capability for re-identification through behavioral pattern analysis, even if policy promises claim otherwise.   This is fundamentally a trust model: users must believe intermediaries’ promises that they will not exploit or share the data (until they get hacked or e.g. being privatized). The offline variant of the digital euro offers cash-like anonymity while devices remain disconnected, but constrained by strict transaction limits designed to prevent money laundering and tax evasion and to mitigate the fact that such a solution cannot be secure and prevent two-sided anonymous spending that could be hidden from taxation.  THE OFFLINE SECURITY PARADOX Fully offline payment systems face an unsolvable mathematical problem: double-spending. Without real-time network connectivity to verify that a token hasn’t already been spent, a malicious actor could theoretically duplicate and spend the same digital token multiple times. While secure hardware elements can mitigate this risk, such protections have always been compromised historically. The ECB’s response to this inherent weakness, is very low transaction and holding limits, which simultaneously undermines the system’s usability and inclusion objectives. This creates a paradox: offline mode exists to provide cash-like privacy, but the security constraints required will make it too limited for everyday use. INCLUSION WITHOUT INNOVATION Despite its framing as an inclusion initiative, ECB documentation explicitly acknowledges that onboarding, authentication, and usage barriers will not differ materially from existing digital payment solutions.  Around 13.5 million people[8] in the euro area are non-bankable. As access to the Digital Euro will again be given through the existing banks and PSPs, any change to this number is highly unlikely.  Furthermore, the Digital Euro’s reliance on modern smartphones (Android or iPhone) creates additional exclusion barriers beyond the existing requirements for government-issued identification and KYC verification, many people lack access to compatible devices or the technical literacy needed to navigate authentication systems. THE SOVEREIGNTY BLIND SPOT Perhaps most striking is the absence of binding Free Libre Open-Source Software (FLOSS) requirements. Despite explicit EU-level policy commitments to open source in public digital infrastructure, ECB procurement documents do not mandate open-source licensing. This creates long-term vendor dependency, reduced public auditability, weakened democratic oversight and security opacity (vulnerabilities hidden in proprietary code).  For critical monetary infrastructure, arguably more important than any other government system, this represents a significant failure of digital sovereignty. And the fact that the Digital Euro will only work on Android mobiles and iPhones, both US corporate ecosystems, is another proof that sovereignty is far from being addressed in this project. To illustrate what would be possible with exiting FLOSS technology and to compare it to the payment solution design of the ECB for the Digital Euro, let us look at the GNU Taler design. GNU Taler was developed over the past decade and in 2021, the Swiss National Bank published Working Paper 2021-03, “How to Issue a Central Bank Digital Currency,” co-authored by cryptography pioneer David Chaum, GNU Taler founder Christian Grothoff, and SNB official Thomas Moser[9]. The paper proposes a token-based CBDC architecture based on the GNU Taler protocol. HOW GNU TALER WORKS GNU Taler implements a cash-like payment system with asymmetric privacy: cryptographically[10]guaranteed anonymity for payers combined with full transparency for recipients. At the level of technical architecture, a token-based (not Distributed Ledger Technology (DLT) based) system using blind signature cryptography and mathematically guaranteed payer anonymity is in place. The system cannot link payments to spenders, even if forced to do so. Recipients remain fully identifiable, enabling income transparency for taxation. No user accounts, identity-based fraud, or tracking infrastructure are possible Key Innovation here is the security through data minimization, not data protection. What doesn’t exist cannot be stolen, leaked, or abused. COMPARISON: TALER VS. DIGITAL EURO PRIVACY The online Digital Euro is fully account-based and requires identification, giving banks and payment providers complete access to users’ transaction data and leaving privacy dependent on institutional promises that can fail through misuse or breaches. Its offline version offers anonymity but only for small amounts and relies on a mathematically fragile design that is inherently insecure. The offline anonymity may be wiped out once the wallet is reconnected tothe central system. In contrast, GNU Taler provides cryptographically enforced anonymity by never collecting payer data at all. Privacy is guaranteed by design, not policy. As a result, GNU Taler offers unconditional and durable privacy, while the Digital Euro offers either none online, or temporary, but mathematically insecure privacy offline.  SECURITY The online Digital Euro centralizes identity and transaction data, making it a prime target for cyberattacks and leaving risks like fraud and account takeover unchanged. Its offline version is vulnerable to double-spending and depends on historically fragile hardware security. GNU Taler avoids these threats entirely by eliminating user accounts and centralized databases, drastically reducing fraud risks to mainly device theft, which can be managed through available backups. Overall, the Digital Euro brings  nothing new online and introduces new weaknesses offline, while GNU Taler achieves security through data minimization. INCLUSION & USABILITY The online Digital Euro requires full identification, KYC compliance, and access to modern smartphones, effectively reproducing the same barriers that already exclude non-bankable and low-tech users, while its offline mode only allows very small payments and still depends on smartphone hardware, whereas GNU Taler enables digital payments with a single click authorization, offering cash-like simplicity that  even fits the needs of non-literate users, making it genuinely inclusive compared to the Digital Euro’s continued reliance on traditional account creation, identification and multi-factor authentication. TRANSACTION COSTS Although the Digital Euro is advertised as “free for basic use,” intermediaries still need compensation, meaning merchants will pay for infrastructure, compliance, and fraud, whereas GNU Taler is built around near-zero transaction fees, with its Free/Libre Open-Source Software (FLOSS) model removing licensing expenses and enabling economically viable micropayments down to fractions of a cent. So instead of merely shifting fees from Visa/Mastercard to European banks as in the case of the digital euro, GNU Taler delivers real structural cost reductions and significantly lowers fraud-related expenses to benefit all stakeholders. TAX COMPLIANCE For tax compliance, the online Digital Euro enables full transaction surveillance with complete visibility into user activity, while its offline mode allows untraceable cash-like payments limited to small amounts that neither fully prevent abuse nor resolve evasion risks, whereas GNU Taler structurally enforces transparency on merchants’ and recipients’ income without monitoring individual payers-ensuring taxes are collected where money is received rather than where it is spent-uniquely combining strong privacy with effective tax enforcement. SOVEREIGNTY The Digital Euro is likely to depend on proprietary systems, creating vendor lock-in and reliance on US-controlled devices and software ecosystems, and even if built by European firms, closed licensing prevents independent security audits, limits adaptability to evolving policy needs, and ties long-term operation to vendor survival and goodwill, whereas true digital sovereignty requires control over the code itself rather than the provider’s nationality, something GNU Taler achieves as fully Free/Libre Open-Source Software that is publicly auditable, vendor-independent, and deployable across platforms without reliance on specific technologies, delivering complete digital sovereignty. QUICK COMPARISON  CriterionDigital Euro (Online)Digital Euro (Offline)GNU TalerPrivacyAccount-based with full identificationStrong anonymity while offlineCryptographic payer anonymitySecuritySame as for credit cardsDouble-spending vulnerabilityNo ID fraud/Account take over, no data theft possible.UsabilitySimilar to current methods.Limited by transaction capsCash-like simplicityCostFree for basic use; intermediary fees remain and merchants always payAs for online version with high hidden costs (fraud, hardware)Near-zero fees by designTax TransparencyAll transaction details recordedCash-like untraceable transfersIncome transparency onlySovereigntyProprietary software dependencyProprietary hardware & software dependencyFully open source   CONCLUSION: ETHICS AS THE FOUNDATION OF DIGITAL MONEY At its core, the debate between the Digital Euro and GNU Taler is not merely technical or economic—it is fundamentally ethical. Digital payment systems shape power relations between citizens, institutions, and the state. When infrastructure is built around surveillance, centralized control, and proprietary technologies, it normalizes the erosion of privacy, weakens democratic oversight, and concentrates authority in the hands of a few intermediaries. Even when justified in the name of security or efficiency, such architectures risk transforming everyday economic activity into a source of continuous monitoring. The Swiss approach embodied by GNU Taler demonstrates that ethical design is not only possible but practical. By minimizing data collection, enforcing privacy through cryptography rather than policy promises, ensuring transparency where it matters for taxation and law enforcement, and relying on open-source principles, it aligns technological innovation with core democratic values: autonomy, accountability, inclusion, and sovereignty. Instead of asking citizens to trust institutions with vast amounts of sensitive data, it removes the need for such trust altogether through structural safeguards. Ethically responsible digital money should protect individuals by default, not conditionally. It should empower societies through openness, not lock them into opaque systems of control. As governments across Europe and beyond redesign monetary infrastructure for the digital age, the choice is ultimately between systems that can expand surveillance and dependency, and systems that preserve freedom, dignity, and public trust. The lesson from Switzerland is clear: ethical digital infrastructure is not an obstacle to progress, but it is the very foundation of a resilient, inclusive, and democratic financial future. -------------------------------------------------------------------------------- [1] It should be clear that ethics-by-design, privacy-by-design, transparency-by-design, and similar approaches demonstrate that a wide range of values can be taken into consideration during system development. However, they do not guarantee that these values will ultimately be realized. Incorporating such considerations into the design process nonetheless increases the possibility that these values will be embedded in the final system. (Brey, P., Dainow, B. Ethics by design for artificial intelligence. AI Ethics 4, 1265–1277 (2024). https://doi.org/10.1007/s43681-023-00330-4) [2] This distinction draws on debates about governance models in digital infrastructure, particularly contrasting centralized, top-down systems that prioritize control and standardization with decentralized, bottom-up approaches that emphasize transparency, participation, and trust. (Leese, Matthias. (2026). Benchmarking and Provenance: The Politics of Data Trust in EU Internal Security. International Political Sociology 20 (1): olaf042. https://doi.org/10.1093/ips/olaf042 [3] https://commission.europa.eu/about/departments-and-executive-agencies/digital-services/open-source-software-strategy_en [4] The analysis draws primarily on the ECB’s own documentation, publicly available information on the internet and the assessment framework developed in “Decoding the Digital Euro”, a book by Leon V. Schumacher. (2023). Decoding the Digital Euro: Friend or Foe? ISBN: 978-3-9525996-0-0.  [5]https://www.taler.net/en/news/2025-01.html [6]https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.degov240325_digital_euro_multiple_accounts.en.pdf [7] https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.dedocs220420.en.pdf [8] https://www.ecb.europa.eu/press/economic-bulletin/articles/2022/html/ecb.ebart202205_02~74b1fc0841.en.html [9] https://www.snb.ch/en/publications/research/working-papers/2021/working_paper_2021_03 [10] https://en.wikipedia.org/wiki/Blind_signature The post Open Source vs. Closed Control: How Switzerland Built Better appeared first on ISOC Switzerland Chapter.

Swiss lawmakers have taken a significant step in protecting privacy rights while maintaining security oversight. The parliamentary Transport and Telecommunications Commission (KVF-S) unanimously supported the Feller Motion, which emphasizes balancing surveillance with fundamental rights, economic competitiveness, and job creation. Following feedback from stakeholders, including ISOC Switzerland Chapter, during the consultation process, the Federal Council agreed to revise and re-consult on proposed changes to surveillance ordinances. Importantly, the Federal Council confirmed that encryption removal obligations do not apply to end-to-end encryption used by messaging services. This development supports Switzerland’s position as a leading jurisdiction for privacy-focused technology companies and reinforces the country’s commitment to protecting fundamental rights while addressing legitimate security concerns. The Internet Society (ISOC) Switzerland Chapter is a non-profit organization that engages on a variety of Internet-related topics, ensuring that it is a place of possibility, opportunity, and progress that benefits people worldwide. We provide technically-grounded advice, policy recommendations, and educational material regarding privacy, security, Free and Open-Source Software, and digital sovereignty. We also organize informative events and debates like the annual Public Policy Sessions and participate in collaborative research projects like the NGI0 Commons Fund. As a national chapter of the international organization responsible for the .org domain, ISOC CH acts as a gateway between Switzerland and the international digital civil society. You can consider becoming a member (through the main ISOC web site) following the instructions at https://isoc.ch/membership, or just subscribe to our newsletter (2-3 announcements per year) by sending a message to contact@isoc.ch The post Positive Development in Swiss Surveillance (VÜPF and VD-ÜPF) Framework Debate appeared first on ISOC Switzerland Chapter.

The European Commission has been asking for feedback from the 6th of January to the 3rd of February to shape its “European Open Digital Ecosystem Strategy”. In our submission we stress that it is important to understand that Free and Open-Source Software (FOSS) * is the backbone of our digital infrastructure; * is a global and collaborative phenomenon and that isolating it along geographic boundaries is counterproductive; * has to be understood as a symbiotic ecosystem of diverse players (businesses, public administrations, foundations, academic institutions, and individual contributors) rather than “just” an economic sector/industry; * has a variety of strategic and practical benefits over proprietary software solutions and should therefore be adopted widely by European institutions. If you’re interested in the topic, we can also recommend you to read the submissions of the Free Software Foundation Europe and the OSI Europe Foundation. -------------------------------------------------------------------------------- The Internet Society (ISOC) Switzerland Chapter is a non-profit organization that engages on a variety of Internet-related topics, ensuring that it is a place of possibility, opportunity, and progress that benefits people worldwide. We provide technically-grounded advice, policy recommendations, and educational material regarding privacy, security, Free and Open-Source Software, and digital sovereignty. We also organize informative events and debates like the annual Public Policy Sessions and participate in collaborative research projects like the NGI0 Commons Fund. As a national chapter of the international organization responsible for the .org domain, ISOC CH acts as a gateway between Switzerland and the international digital civil society. You can consider becoming a member (through the main ISOC web site) following the instructions at https://isoc.ch/membership, or just subscribe to our newsletter (2-3 announcements per year) by sending a message to contact@isoc.ch. The post Our submission to the EU Call for Evidence on the “European Open Digital Ecosystem Strategy” appeared first on ISOC Switzerland Chapter.

Are you interested in shaping the future of the Internet in Europe? This is a great opportunity for young people in our community to engage directly in European digital policy discussions. The European Dialogue on Internet Governance (EuroDIG) is the European regional event of the United Nations Internet Governance Forum (IGF). Each year, it brings together 600–900 stakeholders from across Europe, both on site and online, to discuss key issues related to the future of the Internet. The messages emerging from these discussions are published and presented to the European Commission, the Council of Europe, the UN Internet Governance Forum, and other relevant institutions. EURODIG 2026: KEY DETAILS * Dates: 26–27 May 2026 * Location: Charlemagne Building, European Commission, Brussels * Host: EURid, the registry for the .eu domain name * Special milestone: Celebrating 20 years of .eu, marking two decades of trusted digital identity in Europe YOUTHDIG 2026: FULLY FUNDED YOUTH PARTICIPATION The Youth Dialogue on Internet Governance (YOUthDIG) is a programme designed to empower young people aged 18–30 to actively participate in EuroDIG. YOUthDIG: * Fully funds participants’ travel to YOUthDIG and EuroDIG * Introduces participants to European digital policies and current Internet governance issues * Provides capacity-building training to enable meaningful participation in EuroDIG sessions * Includes intercultural activities and a strong peer-learning environment * Supports young people in contributing their perspectives to policy discussions The programme begins with four online webinars, followed by a three-day in-person pre-programme, and then continues directly into EuroDIG. * YOUthDIG dates: 22–25 May 2026 * EuroDIG dates: 26–27 May 2026 APPLY NOW The call for applications for YOUthDIG 2026 is now open. We strongly encourage members of our community to apply and to share this opportunity with others who may be interested in contributing to discussions on the future of the Internet. More information and the application details are available here: https://www.eurodig.org/get-involved/youthdig/#tab-call-for-application-26 Thank you for supporting and empowering the next generation of digital leaders. The post Call for Applications: YOUthDIG 2026 & EuroDIG in Brussels appeared first on ISOC Switzerland Chapter.

On the 18th of November 2025 two conferences in two European capitals simultaneously discussed issues pertaining to the buzzword of digital sovereignty: the DINAcon in Bern, Switzerland and the European Digital Sovereignty Summit in Berlin, Germany. Despite addressing similar topics, the conferences could not have been more different in content, however: While Swiss administrators used the DINAcon to present their implementation efforts with respect to the free and open-source software and interoperability requirements outlined in articles 9 and 14 of the EMBAG law, respectively, the European governments represented in the European Council pitched a very different vision of digital sovereignty in Berlin: One which emphasizes the competitiveness of and investment into proprietary European software solutions, most likely at the expense of consumer protections. We, as the Switzerland Chapter of the Internet Society (ISOC-CH), are very concerned about the commercial re-interpretation of the term digital sovereignty. While supporting local businesses to develop and administer digital solutions is an essential part of the equation to achieve digital sovereignty, it must not come at the cost of jeopardizing the ability of states to act independently now and in the future. The reaction to an outsized dependency on (state-sponsored) American and Chinese Big Tech firms cannot possibly be an outsized dependency on (state-sponsored) European or Swiss Big Tech companies. Apart from ignoring the fact that companies can change domiciles, be bought by foreign investors or go bankrupt, the “buy European” approach also showcases a lack of creativity and imaginative power on the part of European politicians who cannot fathom an alternative to emulating other global powers and reveals a fundamental misunderstanding about the nature of technological dependencies: The fact that a software vendor or cloud computing provider is domestic does nothing to reduce the vendor lock-in effects, the restrictiveness of proprietary software licenses, and the resulting stifling of competition and innovation. Simply procuring digital services domestically falls massively short of achieving digital sovereignty as defined by either the Swiss (with a narrow focus on the state) or European (with a wider perspective including non-state actors) regulators: > “Digital sovereignty requires the necessary control over and ability to act in > the digital realm to ensure the delivery of state services.” – own translation > of the Swiss government’s definition of digital sovereignty > “Digital sovereignty is the ability of Member States to be able to regulate > their digital infrastructure, data and technologies. It encompasses the > ability of individuals, businesses and institutions in Europe to act > independently in the digital world, allowing for autonomous decisions about > the use, governance, and development of digital systems without undue reliance > on external actors […].” – taken from the Declaration for European Digital > Sovereignty A more encompassing answer as to how ensure digital sovereignty is needed. Any entity which wants to have control over the digital services it uses and aims to be able to change them to serve its specific needs should strive to operationalize the following principles: * local infrastructure: Having access to geographically local computing resources, network infrastructure, and electricity is a prerequisite for being able to exert control over one’s digital services. * local expertise: Without a motivated, experienced and educated local work force who can develop, debug and deploy digital services one cannot truly operate in a self-sovereign manner. * interoperability: Open standards and open data formats allow for connectivity between services and reduced switching costs, thereby preventing vendor lock-ins and increasing one’s agency. * free and open-source software: The four freedoms of free and open-source software (use, change, share and improve) give a legal and technical guarantee to the user to be a self-determined actor rather than a disenfranchised consumer. Instead of paying lip service to free and open-source software like the European Declaration for Digital Sovereignty does by making it optional and conditional, > “Open-source solutions can play an important role enhancing digital > sovereignty, > provided they meet high cybersecurity standards and are complemented by > reliable proprietary technologies where appropriate.” policy makers should recognize that actual digital sovereignty cannot be achieved without a firm commitment to free and open-source software. Operationalizing these criteria is obviously harder than simply procuring domestic digital products. It requires new capabilities, organizational structures and cultural changes. But unlike the simplistic “buy domestic” strategy – whose political appeal in times of economic and geopolitical turmoil is obvious – they actually provide a path to achieve what the Declaration for European Digital Sovereignty sets out as a goal: ensuring “the ability of individuals, businesses and institutions in Europe to act independently in the digital world”. As an NGI-0 consortium member, ISOC-CH will continue highlighting the advantages of free and open-source software, open standards, and open data formats for attaining digital sovereignty to policy makers, administrators, educators, and the wider public. We are happy to support Swiss decision makers on municipal, cantonal and federal levels with our expertise and network to take steps towards true digital sovereignty together. The post The state of discussions on digital sovereignty in Switzerland and Europe appeared first on ISOC Switzerland Chapter.

On Friday 18 September a small group of people gathered at L200 (and online) to analyze certain important risks associated with the new law on the Swiss E-ID. The discussion was very lively and productive and the main outcomes relevant for keeping a critical attitude with the fast digital transformation that is happening everywhere. We identified 3 major “risk areas” that need to be better understood especially now that the outcome of the referendum was positive, and the Swiss E-ID will be eventually implemented: 1) Unnecessary dependence on technology in everyday life. 2) Extended exposure of one’s private data. 3) Increased potential damage by identity theft, device hacking or failure. Some of these risks could be better addressed by the current law, most notably the lack of clear measures that ensure its optional character. And others, like the increased exposure to surveillance and various forms of attacks or accidents, are questioning the necessity of a Swiss E-ID in the first place.  The main goal of our discussion was not to repeat the main arguments that prioritize those risks in comparison to the respective benefits mostly related to convenience and law enforcement. The goal was to discuss the most effective ways of communicating those risks to raise the awareness and engagement levels toward a wise digital transformation. 1) The optional character of the Swiss E-ID is an empty promise This is a key point to communicate properly: A digital E-ID stops to be “optional” when it is obligatory for an activity that is really important for someone. If the E-ID is required for me to have an operation for a serious disease it stops being optional for me. It is obligatory. And if for people that have an ID, the compromise to have also an E-ID to access vital services might not seem such a disaster, it becomes one for those without an ID in the first place. If you are not one of those that believe that such people should be exterminated, you should make sure that the E-ID stays truly optional. The law does not guarantee this, but the people can still fight for it. Related to this topic, you can read a recent publication by the Computer magazine titled “How much technology is needed to build a smart community space?“, by Panayotis Antoniadis, which explains why it is important to maintain a wide set of more or less technological options for addressing social problems and why FLOSS software is a key ingredient for enabling local communities to make the right choices. 2) Stronger identity means more powerful surveillance Simple narratives around surveillance capitalism like the “age verification with restricted data” case study, as promoted of the “pro” campaign for the Swiss E-ID, can be dangerous. The threats to privacy caused by the avalanche of digitization cannot be addressed only through protection measures. It is a complex issue that requires complex thinking, not an easy task for communication specialists.  The intention of the Swiss E-ID law has a positive dimension. It aims to minimize the amount of personal data shared with private companies when they need to verify certain aspects of our identity, most notably our age. This is a good design, but it underestimates the power of big corporations to extract more than necessary information in the same way that nudge people into accepting their cookies.  Moreover, it adds one more actor that has full access of one’s digital life, the government. Big companies still collect the same amount of personal data they did before and in addition have access also to our official identification information. And the government that was not aware of our online activities, it will now has also access to a significant part of it. Of course, we trust more our government than Facebook. This is clear. But even a benign state can fail sometimes, can become the victim of attacks, or change in light of a big crisis. Finally, even if we do our best to protect our privacy online, this success can cause important side-effects. A more trustworthy digital world can increase our addiction and dependence on digital services and the power of those having access to this information for producing knowledge on human behavior. 3) Increased digitization increases vulnerability to attacks or failures Accidents or failures happen always, with the examples of blackout in Spain and the airport ransomware still present in our memory, we can only hope that we will not be among the victims of the next natural disaster, malicious attack, or internal failure.  Moreover, the danger of identity theft is another reason why the optional character is highly compromised. Here, the Swiss E-ID law cannot do much. It is a matter of implementation and the advantage is always to those that wait in the back instead of leading the process. The fact that the proposed solution is not fully open source can only make us worry. The more we depend on digital devices for our everyday life the more vulnerable we depend on potential failures and accidents. If we get used to our Swiss E-ID and we leave its physical counterpart always at home, the more harmful it will become if we fall from the bicycle and break our phone or if we lose it before going to an important event or trip that requires it. Final note: the critical role of Free/Libre and Open Source Software The result of the referendum was remarkably close despite the fact that the majority of political parties were in favor. This means that the Swiss people are really concerned by the risks of digitization and thus it is really important to discuss and debate about specific details of its implementation. For this, the role of Free/Libre and Open Source Software is critical, and ISOC-CH is a communication partner of the more ambitious funding programmes for supporting FLOSS software worldwide, the NGI0 Commons Fund. Our forthcoming “what does digital sovereignty mean for … ” series, will include this key dimension in the overall debate taking the perspective of different actors and focusing on what can be actually done, now. Just waiting the European industry to fight the American Big Tech on its own field is not very productive. There is a lot we can all do to protect ourselves from actors that abuse their power and from technologies that do not serve our real needs.  Become an ISOC-CH member and/or join our announcements list by sending a message to contact@isoc.ch to stay tuned! The post What could possibly go wrong with the Swiss E-ID? (a short summary) appeared first on ISOC Switzerland Chapter.

A small group of experts from ISOC-CH, the pEp (pretty Easy privacy) project, former Planck Security AG/SA, Cisco and Google gathered on Thursday, Oct 29 at L200 to discuss the last developments in the email encryption space, securing email, beyond the body to header protection. The cozy Happy Hour approach gave the base for a longer discussion which started by two input talks on the topic. INPUT 1: THE MOTIVATION (WHY WE SHOULD CARE ABOUT EMAIL ENCRYPTION) by Hernâni Marques (ISOC-CH) The first talk by Hernâni Marques (ISOC-CH, formerly pEp) gave some motivational arguments for why it still matters to care about email encryption, given, e.g., the fact that email is still the most widely distributed identity system for services on the Internet, with virtually no service allowing a proper sign up without an email address which also has the advantage that pseudonyms can be used avoiding to (directly) reveal one’s identity. There was also emphasis put on the existing Mass Surveillance practices — over 10 years ago, former national security contractor Edward Snowden showed the pervasive nature of US-led Mass Surveillance. It can be assumed the existing practice got even reinforced in the meantime. Also Switzerland engages in practices of Mass Surveillance — a respective secret service law was approved with majority vote by the Swiss population, making the also mentioned cypherpunk movement’s core point real privacy for citizens, enterprises or even the very own government, can only be achieved by technical means, that is, using cryptography. INPUT 2: TECHNICAL DEVELOPMENTS (THE RFC 9788 STANDARD) by Bernie Höneisen (Ucom.ch / ISOC-CH) On the second input talk, Bernie Höneisen (Ucom.ch / ISOC-CH) showed ongoing developments from the IETF space which aim at making email encryption more accessible and useful. Main focus was put on the latter part. Using S/MIME or PGP/MIME, emails can be protected body-wise. However, the protection of current email systems typically does not include the header section. But the latter may contain sensitive information; e.g. the Subject header field might give enough clues on what a communication is about (without even knowing the messages’ content). To also protect sensitive information contained in the header section of an email, the IETF recently published a new standard (RFC 9788). In addition to protecting header fields, the document provides means to protect against a few other attacks as well as mechanisms to avoid protected information inadvertently leaking to unprotected (parts of) reply or forwarded emails. As Bernie pointed out and as it can be seen in his slide deck, tests in the past showed that existing header protection attempts showed different kind weaknesses in rendering emails. This included artifacts like having to click on attachments to open an email or even getting nuisance warnings regarding security. Using RFC 9788, also legacy email clients can render the received message without major issues. RFC 9788 describes in details how emails with header protection are created, rendered and replied to in a secure and private manner. Furthermore it includes test vectors and a lot of other useful information. Along with RFC 9788, the IETF also published RFC 9787 providing guidance on End-to-End Email Security for implementers of email systems. OPEN DISCUSSION The discussion following the above was vivid with every person present playing an active role able to talk at length, leading to a few non-obvious take-aways: * People don’t seem to care a lot about email encryption, while the government even has legislation in place targeting that channel (in CH: BÜPF and NDG) * The email system is a legacy system and (because of interoperability) difficult to fix * end-to-end encryption (E2EE) in email is an exception, while most organizations, which use encryption, use S/MIME internally * Other (popular) messaging systems failed at replacing email, and its letter rather than chat / office room character; in that sense subject protection, for setting a topic, is very helpful * Encryption between email servers, which got momentum after Snowden revelations, like widespread HTTPS use, might be enough to solve “80% of the issue with 20% of the effort”, as one participant put; even though this not being a true E2EE solution. * Companies hesitant to E2E email encryption due to legal requirement or preserving information after a employee moves on ABOUT THE EVENT FORMAT The Happy Hour format proved to be a nice way to discuss a topic in an easy atmosphere, with the social aspect playing a bigger role than normally, this by the soon break of the line between presenters and (interested). Happy Hours are a suitable format for events where ISOC-CH members want have to a topic discussed and elaborate on a topic with an expert group, and not just to present a piece of content without the expectation of much engagement. The post EVENT SNAPSHOT: ISOC-CH Happy Hour on email encryption appeared first on ISOC Switzerland Chapter.

From 21–23 November 2025, the Miljenko Dereta Center in Belgrade hosted DESCON 9.0. Organized by the Internet Society – Serbia Chapter, this year’s conference carried the theme “Trust and Power: AI is a Harsh Mistress.”Participants from diverse fields—developers, researchers, activists, artists, and technologists—gathered to explore how today’s technological infrastructure is reshaping society. The event once again distinguished itself through its interdisciplinary reach across ecology, open hardware, digital rights, citizen science, and artificial intelligence. Opening the conference, Desiree Miloshevic, DESCON’s founder, reminded the community that DESCON is where hands-on experimentation meets policy. What began as a small IoT and security meetup has grown into a platform for sustainable connectivity, civic innovation, and climate technology. She called on participants to question assumptions, collaborate across sectors, and build technology that protects dignity and the public good. The keynote by Marianthe Stavridou, Vice-Chair of the Internet Society – Switzerland Chapter, traced a line from Plato’s Cave to the algorithmic systems shaping our perception today. She warned of a drift toward “technofeudalism”, where data becomes the ultimate commodity in the hands of a few. The message is clear: AI is not the fate of humanity but its mirror—ethics, transparency, and openness must guide its developments. The Finnish researcher Jari Arkko spoke remotely, examining AI’s massive and growing environmental footprint, from energy-hungry data centers to costly hardware. Yet he emphasized that AI can still be a net-positive force when used judiciously to optimize energy systems in transport, buildings, and industry. Sometimes, he noted, the best solution is not AI. Later, Urs Gehrig demonstrated how AI is transforming reliability engineering across sectors, from automated train inspections to integrated data systems. His takeaway: AI succeeds when organizations collaborate, understand their processes, and move beyond proofs-of-concept toward practical deployment. Andrijana Gavrilović of the Diplo Foundation unpacked why global AI governance remains slow and fragmented. Drawing on the work of the UN High-Level Advisory Body on AI, she highlighted recommendations for a scientific panel, regulatory interoperability, global data frameworks, and a smaller but focused UN AI office. With forums like the Global Digital Compact taking shape, she stressed that AI is global—and its governance must urgently catch up. From the UNDP, Slobodan Marković reflected on Serbia’s early AI leadership through its 2019 strategy and institutions like the National AI Institute and the national data center. But momentum is fading: political backing has weakened, pilots have stalled, and the upcoming AI strategy lacks a funded action plan. Serbia’s future AI progress, he argued, depends entirely on renewed political will and sustained investment. The Share Foundation team—Andrijana Ristić, Tijana Stevanović, and Filip Milošević—offered a clear-eyed analysis into global spyware operations and Serbia’s own NoviSpy case. They warned that spyware is now an expanding industry threatening not just individuals but democratic systems. Encryption is meaningless if the device is compromised, they stressed, and “I have nothing to hide” is not a defense but a dangerous surrender of rights. The workshop “AI Is a Harsh Mistress” tackled the promises and risks of autonomous decision-making. One group highlighted the strain data centers place on power grids, the erosion of coding competence due to AI assistance, and conflicts between commercial and human-centered AI models. Another group emphasized existing EU protections—such as GDPR Article 22—while noting that enforcement lags behind technological reality. Both agreed on the need for human oversight, stronger legal safeguards, and attention to how AI disproportionately affects vulnerable communities. The DESCON 9.0 Hackathon launched with high energy, challenging teams to upgrade KLIMERKO, the citizen-science air-quality network born at DESCON 7.0. Teams explored new sensors, solar-powered prototypes, LoRaWAN connectivity, indoor TFT displays, and predictive models combining Klimerko data with weather forecasts. Across three days, DESCON 9.0 showed how bottom-up initiatives can bring together people from different disciplines to confront the defining challenges of the algorithmic age. The event underscored a shared belief: technology is not an inevitable force but a human choice. The systems we design must elevate dignity, strengthen trust, and distribute power fairly. The labyrinth of the digital future may be complex—but navigating it is a collective effort. Many thanks to Desiree Miloshevic Evans, Ivan Jelić, Milena Milivojev, Jan Krasni, Božidar Tanasković, Vanja Stanić, the team and the Internet Society – Serbia Chapter for an inspiring and unforgettable event. The post DESCON 9.0: Navigating Trust and Power in the Algorithmic Age appeared first on ISOC Switzerland Chapter.