Switzerland’s federalist tradition delegates significant autonomy to its 26
cantons, allowing
them to tailor policies and services to local needs. The introduction of a
nationwide
electronic identity (e-ID) system, however, represents a marked shift in digital
governance:
by vesting authority over identity issuance and verification in the federal
state, the new e-ID
law centralizes power and diminishes cantonal prerogatives. While a unified e-ID
promises
interoperability and enhanced security, the concentration of competence at the
Confederation level undermines subsidiarity, stifles local innovation, and risks
a democratic
deficit in a system historically grounded in cantonal and people’s
self-determination.
Swiss Federalism and Cantonal Autonomy
Under Article 3 of the Swiss Constitution, all future powers belong to the
cantons, unless the
Swiss people and the cantons decide, by constitutional amendment, that they
shall be
attributed to the federation. This principle enshrines the subsidiarity norm:
matters best
handled locally remain within cantonal competence, ensuring policies reflect
regional
languages, legal traditions, and administrative capacities. In practice, cantons
exercise
broad authority over education, healthcare, policing, and civil registers and
identity
documents, areas where proximity to citizens fosters trust and responsiveness.
The E-ID Law and the Centralization of Digital Identity
On December 20, 2024, the Swiss Federal Assembly passed the Federal Act on
Electronic
Identity Credentials and Other Electronic Credentials, establishing a
state-recognised e-ID
to be rolled out by 2026. Unlike earlier, canton-driven pilots, the new scheme
mandates that
all public authorities—confederation, cantons, and municipalities—accept the
federal e-ID
alongside physical ID for electronic identification purposes. While private
providers may
operate wallets, the Confederation retains exclusive authority over the trust
framework,
credential schemas, and revocation registries. Consequently, cantonal solutions
will be
superseded by a one-size-fits-all model dictated by federal technical and policy
choices.
Erosion of Subsidiarity and Local Tailoring
By reallocating identity-management powers from cantons to the federal state,
the e-ID law
breaches the subsidiarity ethos. Cantonal administrations lose autonomy over
design and
implementation—functions they have long performed in tandem with local
stakeholders.
This top-down approach risks producing a monolithic system that may not align
with
linguistic and procedural variations across cantons. For instance, user
interface elements or
data-disclosure workflows optimized for German-speaking urban centres may prove
cumbersome in rural, French- or Italian-speaking cantons.
Hindering Innovation and Experimentation
Cantons have historically acted as laboratories of democracy, piloting digital
services—such
as e-voting, local health portals, and municipal e-administration
platforms—before scaling
them nationally. Centralizing identity issuance under the Confederation risks
stifling this
dynamic: any significant alteration or enhancement to the e-ID framework will
require
federal approval, elongating development cycles and dampening the incentive for
localized
experimentation. Moreover, private-sector innovators that previously partnered
with
individual cantons face higher barriers: they must navigate federal procurement
processes
and standardized certification regimes, reducing flexibility and increasing
costs.
Complexity, Incoherence, and Privacy Concerns
Centralized identity provisioning introduces its own technical pitfalls. A major
critique of a state-
run, single identity provider is that no central actor can serve all user groups
coherently—voluntary adoption means some citizens will decline the e-ID,
necessitating parallel
systems and eroding transparency. Services catering to non-Swiss or partially
registered
residents would require separate identity providers, creating confusion and
administrative
overhead. Furthermore, having the Confederation mediate every authentication
event
concentrates sensitive metadata—access logs, usage patterns, and verification
requests—within
a single national database, heightening the risk of mass surveillance.
Furthermore, the notion of a single identity gateway also creates a tempting
target for
adversaries: rather than spreading their efforts across thousands of sites and
services, attackers
can focus on subverting one system to harvest credentials en masse. A breach of
the central
provider—even a transient outage or misconfiguration—could effectively lock
every user out of
their online accounts, from banking and healthcare to social media and
e-government services.
Worse yet, such concentration makes it trivial to compile comprehensive activity
logs, enabling
sophisticated profiling, unsolicited marketing, or politically motivated
surveillance at a scale
previously impossible. Phishing campaigns would only need to mimic one login
flow, increasing
their success rate and reducing the cognitive load on the victim. And because
the e-ID would be
used ubiquitously, there’d be no “dark spaces” left for whistleblowers,
dissidents, or vulnerable
populations to maintain anonymity when they really need it. In short, replacing
the polycentric
patchwork of today’s digital identities with a single monolithic system risks
undermining both
individual security and societal freedoms, trading fragmentation for fragility
and opacity.
Democratic Accountability and the Referendum Safeguard
Switzerland’s direct-democracy mechanisms offer a check against unilateral
centralization:
opponents of the e-ID law have gathered sufficient signatures to force a
nationwide
referendum, likely scheduled for autumn 2025. Yet, in the interim, cantonal
administrations
must adapt to the new federal framework, incurring integration costs and
reengineering
existing digital processes. If the referendum overturns the law, this
transitional burden will
represent wasted resources and damaged trust between the Confederation and
cantons.
Conclusion
The e-ID law exemplifies the tension between the efficiencies of a centralized
digital
infrastructure and the principles of Swiss federalism. While a unified identity
system may
streamline cross-border and inter-cantonal digital services, the shift of power
from cantons
to the Confederation compromises subsidiarity, curtails local innovation, and
risks
democratic disconnect. As Switzerland navigates its referendum, policymakers
should
consider hybrid approaches: granting cantons a participatory role in governance
bodies,
enabling localized interface customization, and ensuring interoperability
standards rather
than monolithic platforms. Such measures could preserve the dynamism of cantonal
digital
experimentation while achieving the interoperability and security goals that
underpin a
national e-ID.
The post Concentration of Power in Swiss E-ID appeared first on ISOC Switzerland
Chapter.
Tag - Public Policy
Zurich, 6 mai 2025 – La consultation qui se termine aujourd’hui sur la révision
partielle de l’Ordonnance sur la surveillance de la correspondance par poste et
télécommunication (OSCPT) ainsi que de l’Ordonnance du DFJP (OD-SCPT) [1]
soulève d’importantes questions et suscite de vives inquiétudes. Les
modifications prévues menacent non seulement le droit fondamental à la vie
privée, mais aussi la sécurité du chiffrement. Les VPN et autres services de
communication chiffrés sont particulièrement visés – avec des conséquences
potentiellement désastreuses pour les citoyens et les entreprises.
UNE ATTEINTE À LA VIE PRIVÉE
La révision de l’OSCPT prévoit une extension des obligations de surveillance
pour les fournisseurs de services de télécommunication (FST) ainsi que pour les
services de communication dérivés (FSCD), y compris des obligations élargies
d’identification des utilisateurs et de conservation des données. Ces mesures
portent gravement atteinte à la vie privée des citoyens sans qu’une
justification claire à ce recul soit clairement exprimé. Le secret médical ou la
protection des sources journalistiques s’en trouvent directement affectés.
DES DONNÉES INUTILEMENT STOCKÉES OUVRENT LA PORTE AUX RISQUES D’ABUS
Chaque donnée conservée augmente mécaniquement le risque que celle-ci soit
utilisée ou consultée de manière abusive. Les métadonnées peuvent donner des
aperçus détaillés sur les relations entre individus, leur localisation et leurs
habitudes. La conservation obligatoire des métadonnées pendant six mois permet
non seulement une surveillance de masse, mais aussi potentiellement d’autres
accès illégitimes par des tiers, comme des pirates informatiques, des criminels
ou des employés simplement mal intentionnés. Si de telles données tombent entre
les mains de criminels, elles pourraient être utilisées pour le chantage, la
fraude téléphonique, le phishing, le vol d’identité et d’autres formes d’abus.
LA COMPROMISSION DU CHIFFREMENT EST LA MORT DU CHIFFREMENT
L’obligation proposée de supprimer le chiffrement compromet la sécurité de tous.
Les fournisseurs seraient contraints d’installer des backdoors ou d’utiliser
d’autres méthodes qui affaiblissent délibérément le chiffrement afin de pouvoir
permettre aux autorités d’accéder à ces données. Mais si ces failles existent,
elles existent pour tout le monde: leur installation permettrait aux pirates
informatiques, aux criminels ou entités étrangères d’avoir accès à toutes les
données circulant dans le pays. On ne peut pas chiffrer pour les uns, et pas
pour les autres.
Le gouvernement britannique a récemment tenté d’adopter une réglementations en
ce sens: la conséquence immédiate en a été qu’Apple a annoncé le retrait des
services chiffrés pour ses clients au Royaume-Uni.
Citation traduite de l’allemand: «Apple et de nombreux experts en sécurité
informatique soutiennent qu’une porte dérobée rend absurde tout chiffrement. Dès
qu’il existe un moyen de déchiffrer des données chiffrées, ce n’est qu’une
question de temps avant que des criminels ou des régimes autoritaires ne
l’exploitent. Le chiffrement de bout en bout signifie exactement cela : personne
d’autre que l’utilisateur lui-même – pas même Apple – ne peut accéder aux
données. Une porte dérobée constitue donc toujours une faille de sécurité
massive.» [2]
En Suisse, les services offrant des solutions respectueuses de la vie privée ont
traditionnellement une position forte. Les fournisseurs suisses comme Proton,
NymVPN, PVY.swiss ou Threema sont particulièrement touchés par la nouvelle
réglementation. Proton a déjà annoncé qu’il quitterait la Suisse s’il ne pouvait
plus y exercer ses activités correctement. [3]
RÉFÉRENCES
[1]
https://www.fedlex.admin.ch/fr/consultation-procedures/ended#https://fedlex.data.admin.ch/eli/dl/proj/2022/21/cons_1
[2]
https://www.gizmodo.de/apple-sagt-nein-zu-uk-backdoor-end-to-end-verschluesselung-faellt-weg-2000014910
[3]
https://www.watson.ch/digital/wirtschaft/517198902-proton-schweiz-chef-andy-yen-zum-ausbau-der-staatlichen-ueberwachung
The post La révision prévue de l’OSCPT menace les droits fondamentaux et
compromet le chiffrement appeared first on ISOC Switzerland Chapter.
ISOC-CH is a key partner in the Horizon Europe NGI0 Commons Fund, and through
this engagement a great opportunity arises to develop as an organization both
locally in Switzerland and abroad, creating links between local issues and
struggles for digital rights and important developments at the European and
global level.
The role of ISOC-CH in the NGI0 project is to develop the so-called “Tech
dossiers” of free/libre and open software. That is, a comprehensive introduction
to a certain are of digital services (e.g., cloud storage, video conferencing,
AI), addressing specific audiences (e.g., policy makers, youth, educators,
elderly) with a suitable medium (e.g., guidelines, podcast, curriculum).
For this project, we are searching for a candidate that will cover the topic of
cloud solutions, addressing policy makers and the government in the context of
digital sovereignty with an expected engagement of 20% for a period of 1 year,
with a possible extension up to 2 years..
In addition, this year, the Board of ISOC Switzerland will be reshuffled. We are
looking for additional board members, including for treasurer and/or policy.
For more information and application process, you can reach us at
contact@isoc.ch or in one of the upcoming events announced on our web site,
https://isoc.ch, and linkedin page.
More details about the application process will be announced after the General
Assembly 2025.
Before, you are very welcome to join the ISOC-CH’s Policy Sessions 2025 on the
topic of E-ID, an excellent introduction for this job position!
The ISOC-CH board.
The post ISOC-CH is hiring! appeared first on ISOC Switzerland Chapter.
On May 15th, ISOC Switzerland Chapter hosted the Public Policy Sessions 2024
including a diverse set of introductory talks and a very interesting panel on
the topic of disinformation online, organized by Bernie Hoeneisen, co-founder of
ISOC-CH. You can watch the recorded live stream here:
https://livestream.com/internetsociety/isoc-ch-public-policy2024 First, Markus
Kummer (ISOC-CH Chapter Advisory Council Representative) introduced...
The post Public Policy Sessions 2024 (summary) appeared first on ISOC
Switzerland Chapter.
On Friday, March 24th, 2023, the ISOC-CH General Assembly decided to join the
explicit disassociation from the position paper "Joint Statement zur
Plattformregulierung" issued and co-signed by Digitale Gesellschaft (Digiges) a
few months ago.
The post ISOC-CH to support disassociation from DigiGes Platform statement
appeared first on ISOC Switzerland Chapter.
On Friday, March 24th, 2023, the ISOC-CH General Assembly decided to join the
explicit disassociation from the position paper "Joint Statement zur
Plattformregulierung" issued and co-signed by Digitale Gesellschaft (Digiges) a
few months ago.
The post ISOC-CH to support disassociation from DigiGes Platform statement
appeared first on ISOC Switzerland Chapter.
The parliamentary initiative Pult violates the Swiss Federal Constitution,
including freedom of expression and information as well as freedom of the media.
Therefore ISOC-CH, pEp Foundation and Pirate Party recommend rejection of the
parliamentary initiative Pult.
The post ISOC-CH, pEp Foundation and Pirate Party recommend rejection of the
parliamentary initiative Pult appeared first on ISOC Switzerland Chapter.
On June 5th and 6th, Mission Publiques invited stakeholders worldwide to discuss
the future of Internet governance and to seek answers to How to shape the future
of digital cooperation? Who should decide how to leverage the opportunities
brought by the use of digital technologies and mitigate the risks they involve?
A couple of board...
The post ISOC Switzerland Chapter takes part in “We the Internet” Global
Citizens’ and Stakeholders’ Dialogue appeared first on ISOC Switzerland Chapter.
When we write a message or record a voice message, we usually have a recipient
in mind. When we send the message, we choose the contact or contacts we want to
send the information to and that’s the end of it. We assume that those people
and nobody else will receive and read that particular...
The post Encryption – What is it good for? appeared first on ISOC Switzerland
Chapter.
Today, the Internet touches upon nearly all aspects of our lives. With the
advent of the Covid-19 crisis, its importance has grown even further, as people
lean on it as a prop to enable them to do their job, their shopping, or
important administrative chores such as filing taxes. So, what are the reasons
why...
The post Three Technologies that Shaped the Internet appeared first on ISOC
Switzerland Chapter.