1 Upcoming Revisions

The telecommunications sector is on the move when looking at the upcoming legislation in revision, namely revisions of the Intelligence and Security Act, the Lawful Interception Act, the Telecommunications Act, the Copyright Act and of the Data Protection Act.

The first revision to enter into force is the revision of the Intelligence and Security Act, followed by the revision of the Lawful Interception Act. The other revisions are still in process, none of them has reached parliament yet. Nevertheless, the amend-ment of the two first acts provide us with the oppor-tunity for a tour d'horizon.

2 Intelligence and Security Act and its Ordinances

Even after passing parliament, the Intelligence and Security Act has remained quite controversial and a referendum has been requested. It has not been successful and the Intelligence and Security Act passed referendum last September. Thereafter, the Ordinances have been drafted, sent into consultation and finalized.

The new Intelligence and Security Act requests coop-eration of service providers, without, however, using the terms defined in the Telecommunication Act or in the Lawful Interception Act, so that it remain unclear who will need to cooperate (unclear personal scope of application).

The service providers will mainly have to cooperate with regard to two measures:

  • Intrusion in the computer systems and net-works (e.g. Trojan horses), whereby the cooperation obligations are not precisely de-fined so that the role of the service providers is unclear yet;
  • access cable networks, whereby the service providers will have to provide the Service with (technical) access information to the ca-ble network and give access to their location if requested, and provide data found by means of keyword research.

The two measures may only be ordered if certain conditions are met. The measures need to be ap-proved by the Federal Administrative Court and, be-sides this approval, the access to cable networks needs also to be approved by the Head of the Federal Department of Defence, Civil Protection and Sport (one of the seven Federal Councillors). The service providers will not have a right to challenge the order unless the order requests obligations for the service provider that are not foreseen by the Intelligence and Security Act.

The Intelligence and Security Act and its Ordinances entered into force on 1st September 2017

3 Lawful Interception Act and its Ordinances

3.1 Revison

Parliament has revised the Lawful Interception Act in March 2016 and a first draft of the Ordinances thereto has been sent for consultation before authorities, political parties and stakeholders a few months ago. The final version of the Ordinances is still expected.

The personal scope of application of the revised Law-ful Interception Act has been extended and includes now the following providers in the telecommunications sector:

  • telecommunications service providers, as defined in the Telecommunications Act
  • OTT service providers enabling one or two way communication
  • providers of company networks
  • providers of public access points
  • retailers of SIM or similar cards

Below, you will find a summary of their obligations under the revised Lawful Interception Act.

3.2 Telecommunications Service Providers

The interception obligations for the telecommunica-tions service providers have essentially remained unchanged, i.e. they must provide the Surveillance Service with the following data:

  • identification data
  • content data in real time, and
  • traffic data in real time and retroactively for a period up to 6 months.

The Ordinances will define the different interception types in more details.

3.3 OTT Service Providers

The OTT services providers fall under the scope of the Lawful Interception Act, which is new. Up to pre-sent, some OTT service providers fell under the scope as they were considered as telecommunica-tions service providers (like skype), while others did not (like facebook). In this sense, the revised Lawful Interception Act brings clarity and guarantees equal rights.

The main obligations of the OTT service providers are to provide the Surveillance Authority with:

  • access to their premises and systems
  • information requested
  • traffic data the providers have in their pos-session.

However, major providers of OTT services will have to provide more data to the Surveillance Service, namely the same data as the telecommunications service providers. This means that major providers of OTT services will have to provide the Surveillance Authority with

  • identification data,
  • content data in real time, and
  • traffic data in real time and retroactively for a period up to 6 months.

The draft Ordinance defines the major providers of OTT services as companies with (i) an annual consol-idated turnover of CHF 100 mio (essentially in the telecommunications sector) and which provide their OTT services to at least 5000 customers or (ii) com-panies having received more than 50 surveillance requests during the precedent 12 month-period. This definition could be modified in the final version of the Ordinance.

3.4 Providers of Company Networks and Provid-ers of Public Access Points

Both providers of corporate networks (internal net-works) and providers of public access points (internet café, hotels, restaurants, hospitals, schools, etc.) have to cooperate with the Surveillance Service by providing:

  • access to their premises and systems
  • information requested
  • traffic data the providers have in their pos-session.

3.5 Retailers of SIM Cards or Similar Cards

Retailers of SIM cards or similar cards have to identify the purchaser and need to retain copies of their pass-port, ID or of the Swiss residence and/or work permit. The ordinance does not explicitly require in-person identification; other means of identifications might be possible.

3.6 Proof of Compliance

Upon request of the Surveillance Service, the tele-communications service providers have to prove at their own costs that they comply with the Lawful Inter-ception Act and are in a position to fulfil their obliga-tions.

The service providers may delegate lawful intercep-tion to another service provider.

3.7 Sanctions

In case of non-compliance, the revised Lawful Inter-ception Act foresees a fine up to CHF 100'000.

3.8 Entry into Force

The revised Lawful Interception Act will enter into force on 1st January 2018.

4 Telecommunications Act

The first draft of the revised Telecommunications Act has been sent for consultation before authorities, political parties and stakeholders. Based on the out-come of the consultation, the authorities will send a second draft to Parliament presumably in Octo-ber/November 2017. We expect that the draft will respect technology neutrality, protect minors, include network neutrality or transparency, liberalize the use of radio frequencies and reduce the administrative burden for service providers.

According to our experience, the revised Telecom-munications Act will not enter into force within the next 3 or 4 years.

5 Copyright Act

The first draft of the revised Copyright Act has been sent for consultation and contained a clause on liabil-ity exclusion for hosting and access providers if they followed a notice-take down-procedure (hosting pro-viders) or blocked transmission (access providers). The obligation for the access providers to block transmission has been broadly criticized. The new draft of the Copyright Act to be sent to Parliament will probably contain a notice-take down-procedure for hosting providers together with an exclusion of liability but no blocking obligations for access providers.

According to our experience, the revised Copyright Act will not enter into force within the next 2 or 3 years.

6 Data Protection Act

The draft of a revised Data Protection Act has been sent into consultation with authorities, political parties and stakeholders. The outcome of the consultation is currently processed and, based thereon, a revised draft will be published. The first draft increases the rights of the data subject and introduces heavy sanc-tions, so that opposition of the economy is expected and the draft to be sent to Parliament might differ from the first draft that has been published. One of the main focuses of the revision, which will probably remain, is the adequacy of the Swiss level of data protection with regard to the protection granted under General Data Protection Regulation (GDPR) of the European Union.

Because the GDPR enters into force in May 2018, the authorities push the revision but, according to our experience, the revised Data Protection Act will not enter into force within the next 2 years.

7 Conclusion

The pending revisions in the telecommunications sector requests the providers to keep their eyes open and to constantly adapt their processes in order to remain compliant. Overall, a challenging task.

1st September 2017

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.