Switzerland’s federalist tradition delegates significant autonomy to its 26 cantons, allowing them to tailor policies and services to local needs. The introduction of a nationwide electronic identity (e-ID) system, however, represents a marked shift in digital governance: by vesting authority over identity issuance and verification in the federal state, the new e-ID law centralizes power and diminishes cantonal prerogatives. While a unified e-ID promises interoperability and enhanced security, the concentration of competence at the Confederation level undermines subsidiarity, stifles local innovation, and risks a democratic deficit in a system historically grounded in cantonal and people’s self-determination. Swiss Federalism and Cantonal Autonomy Under Article 3 of the Swiss Constitution, all future powers belong to the cantons, unless the Swiss people and the cantons decide, by constitutional amendment, that they shall be attributed to the federation. This principle enshrines the subsidiarity norm: matters best handled locally remain within cantonal competence, ensuring policies reflect regional languages, legal traditions, and administrative capacities. In practice, cantons exercise broad authority over education, healthcare, policing, and civil registers and identity documents, areas where proximity to citizens fosters trust and responsiveness. The E-ID Law and the Centralization of Digital Identity On December 20, 2024, the Swiss Federal Assembly passed the Federal Act on Electronic Identity Credentials and Other Electronic Credentials, establishing a state-recognised e-ID to be rolled out by 2026. Unlike earlier, canton-driven pilots, the new scheme mandates that all public authorities—confederation, cantons, and municipalities—accept the federal e-ID alongside physical ID for electronic identification purposes. While private providers may operate wallets, the Confederation retains exclusive authority over the trust framework, credential schemas, and revocation registries. Consequently, cantonal solutions will be superseded by a one-size-fits-all model dictated by federal technical and policy choices. Erosion of Subsidiarity and Local Tailoring By reallocating identity-management powers from cantons to the federal state, the e-ID law breaches the subsidiarity ethos. Cantonal administrations lose autonomy over design and implementation—functions they have long performed in tandem with local stakeholders. This top-down approach risks producing a monolithic system that may not align with linguistic and procedural variations across cantons. For instance, user interface elements or data-disclosure workflows optimized for German-speaking urban centres may prove cumbersome in rural, French- or Italian-speaking cantons. Hindering Innovation and Experimentation Cantons have historically acted as laboratories of democracy, piloting digital services—such as e-voting, local health portals, and municipal e-administration platforms—before scaling them nationally. Centralizing identity issuance under the Confederation risks stifling this dynamic: any significant alteration or enhancement to the e-ID framework will require federal approval, elongating development cycles and dampening the incentive for localized experimentation. Moreover, private-sector innovators that previously partnered with individual cantons face higher barriers: they must navigate federal procurement processes and standardized certification regimes, reducing flexibility and increasing costs. Complexity, Incoherence, and Privacy Concerns Centralized identity provisioning introduces its own technical pitfalls. A major critique of a state- run, single identity provider is that no central actor can serve all user groups coherently—voluntary adoption means some citizens will decline the e-ID, necessitating parallel systems and eroding transparency. Services catering to non-Swiss or partially registered residents would require separate identity providers, creating confusion and administrative overhead. Furthermore, having the Confederation mediate every authentication event concentrates sensitive metadata—access logs, usage patterns, and verification requests—within a single national database, heightening the risk of mass surveillance. Furthermore, the notion of a single identity gateway also creates a tempting target for adversaries: rather than spreading their efforts across thousands of sites and services, attackers can focus on subverting one system to harvest credentials en masse. A breach of the central provider—even a transient outage or misconfiguration—could effectively lock every user out of their online accounts, from banking and healthcare to social media and e-government services. Worse yet, such concentration makes it trivial to compile comprehensive activity logs, enabling sophisticated profiling, unsolicited marketing, or politically motivated surveillance at a scale previously impossible. Phishing campaigns would only need to mimic one login flow, increasing their success rate and reducing the cognitive load on the victim. And because the e-ID would be used ubiquitously, there’d be no “dark spaces” left for whistleblowers, dissidents, or vulnerable populations to maintain anonymity when they really need it. In short, replacing the polycentric patchwork of today’s digital identities with a single monolithic system risks undermining both individual security and societal freedoms, trading fragmentation for fragility and opacity. Democratic Accountability and the Referendum Safeguard Switzerland’s direct-democracy mechanisms offer a check against unilateral centralization: opponents of the e-ID law have gathered sufficient signatures to force a nationwide referendum, likely scheduled for autumn 2025. Yet, in the interim, cantonal administrations must adapt to the new federal framework, incurring integration costs and reengineering existing digital processes. If the referendum overturns the law, this transitional burden will represent wasted resources and damaged trust between the Confederation and cantons. Conclusion The e-ID law exemplifies the tension between the efficiencies of a centralized digital infrastructure and the principles of Swiss federalism. While a unified identity system may streamline cross-border and inter-cantonal digital services, the shift of power from cantons to the Confederation compromises subsidiarity, curtails local innovation, and risks democratic disconnect. As Switzerland navigates its referendum, policymakers should consider hybrid approaches: granting cantons a participatory role in governance bodies, enabling localized interface customization, and ensuring interoperability standards rather than monolithic platforms. Such measures could preserve the dynamism of cantonal digital experimentation while achieving the interoperability and security goals that underpin a national e-ID. The post Concentration of Power in Swiss E-ID appeared first on ISOC Switzerland Chapter.

Zurich, 6 mai 2025 – La consultation qui se termine aujourd’hui sur la révision partielle de l’Ordonnance sur la surveillance de la correspondance par poste et télécommunication (OSCPT) ainsi que de l’Ordonnance du DFJP (OD-SCPT) [1] soulève d’importantes questions et suscite de vives inquiétudes. Les modifications prévues menacent non seulement le droit fondamental à la vie privée, mais aussi la sécurité du chiffrement. Les VPN et autres services de communication chiffrés sont particulièrement visés – avec des conséquences potentiellement désastreuses pour les citoyens et les entreprises. UNE ATTEINTE À LA VIE PRIVÉE La révision de l’OSCPT prévoit une extension des obligations de surveillance pour les fournisseurs de services de télécommunication (FST) ainsi que pour les services de communication dérivés (FSCD), y compris des obligations élargies d’identification des utilisateurs et de conservation des données. Ces mesures portent gravement atteinte à la vie privée des citoyens sans qu’une justification claire à ce recul soit clairement exprimé. Le secret médical ou la protection des sources journalistiques s’en trouvent directement affectés. DES DONNÉES INUTILEMENT STOCKÉES OUVRENT LA PORTE AUX RISQUES D’ABUS Chaque donnée conservée augmente mécaniquement le risque que celle-ci soit utilisée ou consultée de manière abusive. Les métadonnées peuvent donner des aperçus détaillés sur les relations entre individus, leur localisation et leurs habitudes. La conservation obligatoire des métadonnées pendant six mois permet non seulement une surveillance de masse, mais aussi potentiellement d’autres accès illégitimes par des tiers, comme des pirates informatiques, des criminels ou des employés simplement mal intentionnés. Si de telles données tombent entre les mains de criminels, elles pourraient être utilisées pour le chantage, la fraude téléphonique, le phishing, le vol d’identité et d’autres formes d’abus. LA COMPROMISSION DU CHIFFREMENT EST LA MORT DU CHIFFREMENT L’obligation proposée de supprimer le chiffrement compromet la sécurité de tous. Les fournisseurs seraient contraints d’installer des backdoors ou d’utiliser d’autres méthodes qui affaiblissent délibérément le chiffrement afin de pouvoir permettre aux autorités d’accéder à ces données. Mais si ces failles existent, elles existent pour tout le monde: leur installation permettrait aux pirates informatiques, aux criminels ou entités étrangères d’avoir accès à toutes les données circulant dans le pays. On ne peut pas chiffrer pour les uns, et pas pour les autres. Le gouvernement britannique a récemment tenté d’adopter une réglementations en ce sens: la conséquence immédiate en a été qu’Apple a annoncé le retrait des services chiffrés pour ses clients au Royaume-Uni. Citation traduite de l’allemand: «Apple et de nombreux experts en sécurité informatique soutiennent qu’une porte dérobée rend absurde tout chiffrement. Dès qu’il existe un moyen de déchiffrer des données chiffrées, ce n’est qu’une question de temps avant que des criminels ou des régimes autoritaires ne l’exploitent. Le chiffrement de bout en bout signifie exactement cela : personne d’autre que l’utilisateur lui-même – pas même Apple – ne peut accéder aux données. Une porte dérobée constitue donc toujours une faille de sécurité massive.» [2] En Suisse, les services offrant des solutions respectueuses de la vie privée ont traditionnellement une position forte. Les fournisseurs suisses comme Proton, NymVPN, PVY.swiss ou Threema sont particulièrement touchés par la nouvelle réglementation. Proton a déjà annoncé qu’il quitterait la Suisse s’il ne pouvait plus y exercer ses activités correctement. [3] RÉFÉRENCES [1] https://www.fedlex.admin.ch/fr/consultation-procedures/ended#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1 [2] https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910 [3] https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung The post La révision prévue de l’OSCPT menace les droits fondamentaux et compromet le chiffrement appeared first on ISOC Switzerland Chapter.

ISOC-CH is a key partner in the Horizon Europe NGI0 Commons Fund, and through this engagement a great opportunity arises to develop as an organization both locally in Switzerland and abroad, creating links between local issues and struggles for digital rights and important developments at the European and global level. The role of ISOC-CH in the NGI0 project is to develop the so-called “Tech dossiers” of free/libre and open software. That is, a comprehensive introduction to a certain are of digital services (e.g., cloud storage, video conferencing, AI), addressing specific audiences (e.g., policy makers, youth, educators, elderly) with a suitable medium (e.g., guidelines, podcast, curriculum). For this project, we are searching for a candidate that will cover the topic of cloud solutions, addressing policy makers and the government in the context of digital sovereignty with an expected engagement of 20% for a period of 1 year, with a possible extension up to 2 years.. In addition, this year, the Board of ISOC Switzerland will be reshuffled. We are looking for additional board members, including for treasurer and/or policy.  For more information and application process, you can reach us at contact@isoc.ch or in one of the upcoming events announced on our web site, https://isoc.ch, and linkedin page. More details about the application process will be announced after the General Assembly 2025. Before, you are very welcome to join the ISOC-CH’s Policy Sessions 2025 on the topic of E-ID, an excellent introduction for this job position! The ISOC-CH board. The post ISOC-CH is hiring! appeared first on ISOC Switzerland Chapter.

On May 15th, ISOC Switzerland Chapter hosted the Public Policy Sessions 2024 including a diverse set of introductory talks and a very interesting panel on the topic of disinformation online, organized by Bernie Hoeneisen, co-founder of ISOC-CH. You can watch the recorded live stream here: https://livestream.com/internetsociety/isoc-ch-public-policy2024 First, Markus Kummer (ISOC-CH Chapter Advisory Council Representative) introduced... The post Public Policy Sessions 2024 (summary) appeared first on ISOC Switzerland Chapter.

On Friday, March 24th, 2023, the ISOC-CH General Assembly decided to join the explicit disassociation from the position paper "Joint Statement zur Plattformregulierung" issued and co-signed by Digitale Gesellschaft (Digiges) a few months ago. The post ISOC-CH to support disassociation from DigiGes Platform statement appeared first on ISOC Switzerland Chapter.

On Friday, March 24th, 2023, the ISOC-CH General Assembly decided to join the explicit disassociation from the position paper "Joint Statement zur Plattformregulierung" issued and co-signed by Digitale Gesellschaft (Digiges) a few months ago. The post ISOC-CH to support disassociation from DigiGes Platform statement appeared first on ISOC Switzerland Chapter.

The parliamentary initiative Pult violates the Swiss Federal Constitution, including freedom of expression and information as well as freedom of the media. Therefore ISOC-CH, pEp Foundation and Pirate Party recommend rejection of the parliamentary initiative Pult. The post ISOC-CH, pEp Foundation and Pirate Party recommend rejection of the parliamentary initiative Pult appeared first on ISOC Switzerland Chapter.

On June 5th and 6th, Mission Publiques invited stakeholders worldwide to discuss the future of Internet governance and to seek answers to How to shape the future of digital cooperation? Who should decide how to leverage the opportunities brought by the use of digital technologies and mitigate the risks they involve? A couple of board... The post ISOC Switzerland Chapter takes part in “We the Internet” Global Citizens’ and Stakeholders’ Dialogue appeared first on ISOC Switzerland Chapter.

When we write a message or record a voice message, we usually have a recipient in mind. When we send the message, we choose the contact or contacts we want to send the information to and that’s the end of it. We assume that those people and nobody else will receive and read that particular... The post Encryption – What is it good for? appeared first on ISOC Switzerland Chapter.

Today, the Internet touches upon nearly all aspects of our lives. With the advent of the Covid-19 crisis, its importance has grown even further, as people lean on it as a prop to enable them to do their job, their shopping, or important administrative chores such as filing taxes. So, what are the reasons why... The post Three Technologies that Shaped the Internet appeared first on ISOC Switzerland Chapter.