After lots of negative criticism about new surveillance regulations, Swiss Justice Minister Beat Jans promised improvements. But the new draft would push companies like Proton away from Switzerland.

(ORIGINAL ARTICLE IN GERMAN, link below. Translation with deepl.com with some editing)

It is the winter session, and on this 10 December 2025, the small chamber is debating the proposal by FDP Councillor Johanna Gapany, which concerns the Ordinance to the Federal Act on Postal and Telecommunications Surveillance (Vüpf). At the start of 2025, the Swiss Government sent its draft revision of the ordinance out for consultation. Gapany is now calling for this draft to be fundamentally revised.

On the red carpet in the festively decorated entrance hall, the head of one of Switzerland’s leading IT firms, answers questions from TV journalists: Andy Yen of Proton. He came from Geneva to follow the debate in the small chamber.

The situation in Parliament is also unusual: for once, it is not a left-wing but a centre-right politician who is attempting to stop the Federal Council’s surveillance plans.

In the last 12 months international media professionals and YouTubers have been warning that products such as those from Proton would become unusable should the «Vüpf» (ordinance) come into force. Since the Snowden leaks in 2013, the Geneva-based company is known offering privacy products like email, collaboration tools and VPN. The revision would destroy this business model entirely.

Proton CEO Andy Yen therefore warned: should the planned revision come into force, his company will relocate its headquarters abroad. The Geneva-based IT firm has already invested 90 million Swiss francs in data centres in Germany and Norway.

No surprise: The regulatory revision, presented by the Department of Justice and Police under SP Federal Councillor Beat Jans, could be written by autocrats. The federal government wants to make it mandatory that IT companies need to identify all their users via passport or telephone number and to store this data, along with usage data, and agencies can request them on demand. This obligation would be mandatory for IT firms with 5,000 users. Even small start-ups would thus become surveillance agents for the Swiss law enforcement authorities.

The planned Swiss regulation is comparable to internet laws in Russia, China and Iran. I wrote a year ago that the draft of the new ordinance to the Federal Act on Postal and Telecommunications Surveillance could have been signed directly from the Kremlin. The comparison with Russia alarmed civil society and triggered a petition with 15,000 digital signatures.

The consultation response to the revised ordinance was consequently scathing: parties from left to right feared a veritable surveillance apparatus. Only the cantons seem to be supporters of the proposal – with a few exceptions such as the canton of Geneva, which has already introduced a right to digital integrity for its residents. The support of the majority of cantons comes as no surprise, as the driving forces behind the proposal are the cantonal public prosecutors’ offices and police investigators.

They want to obtain more data on suspects – at any time and as quickly as possible with just a few clicks. And not just in cases of serious crimes. The newest statistics show how the appetite for data among criminal investigators is growing: The Swiss Surveillance Service for Postal and Telecommunications Traffic announced that the number of requests for information granted last year rose by more than 30 per cent. These requests involve information such as telephone directory or IP address queries made to telecoms companies or email providers.

However, the outcry in Switzerland and international had an impact on the government to back down the proposal. The justice minister recommended to approve the political proposal by the liberal deputy Johanna Gapany, which would oblige it to revise its draft and start another open consultation.

So this could be happy end and a new start.

A secret draft – and a few amended figures

But what the deputies do not yet know: in the meantime, another draft of the ordinance is already reviewed by some selected companies.

From February 2026, it is classified – and are not a real improvement comparing to the draft 1.0. It is a provisional ‘Vüpf 2.0’ version drawn up by the department of SP Federal Councillor Beat Jans and sent to selected Swiss IT firms. I published the draft exklusively on republik.ch

The draft for the new revision shows: only a few parameters have been changed.

For instance, the department has reduced the number of companies that would be affected by the regulation: The new threshold is set at companies with more than 100,000 customers, rather than 5,000. Small email providers or hosting services based in Switzerland would therefore no longer have anything to fear. However, successful companies such as Proton, Threema or Tresorit would still be required to identify their customers.

Proton’s Head of Communications, Edward Shone says the draft is completely “unacceptable” in its current form. Only a few varialbes have changed; otherwise, everything remains the same: “Even if the smallest Swiss companies are exempted from the regulation, this still causes systemic problems in the Swiss technology sector that undermine the rights of Swiss citizens and create a regressive legal framework.”

A legal framework that falls short even of the US – where, as is well known, there isn’t even a data protection law and the surveillance apparatus wields massive power.

A legal assessment by an external lawyer got to the same conclusion. 100,000 customers are certainly “not a large number of users”, as required by the federal law on which the ordinance is based. Furthermore, identifying users would permanently destroy the business models of Swiss companies focused on data protection. “These companies have threatened to relocate abroad. That is unlikely to change.” For most of the companies approached by Republik, one thing is clear: the new proposal for the revision of the ordinance is still a no-go.

In addition to Proton, another thriving IT company has spoken out: Nym from Neuchâtel, which is advised by the famous whistleblower Chelsea Manning. Lawyer and Chief Operating Officer Alexis Roussel also says: “If this new draft remains as it is, we will definitely turn our backs on Switzerland.”

The civil rights organisation Digitale Gesellschaft says: “The new threshold exempts a few small companies from the obligations. But this is no game-changer,” says co-managing director Rahel Estermann. “The government will fail with this draft too.” The bill, she says, remains characterised by a «spirit of surveillance». And by general suspicion towards the entire population.

And how are Jans’s department and the Office for the Surveillance of Postal and Telecommunications Traffic, which is responsible for the matter, reacting?

There is no final draft yet, says Jean-Louis Biberstein, lawyer and spokesperson for the service, in response to a query from Republik. The particular point about the number of affected companies is discussed in the relevant group. Yet this group includes just one person representing the affected companies – a circumstance that annoyed the IT-savvy centrist politician Dominik Blunschy.

Insiders have the impression Justice Minister Beat Jans has not yet realized how critical and serious the situation is for IT companies.

Here the full article in german: https://www.republik.ch/2026/05/07/geheimer-ueberwachungsentwurf-der-bundesrat-hat-nichts-gelernt