Summary: Switzerland’s National Cybersecurity Centre (NCSC) has introduced a new regulation mandating critical infrastructure organizations to report cyberattacks within 24 hours. This initiative, effective from April 1, 2025, aims to enhance national cybersecurity in response to rising threats. Non-compliance after a leniency period will incur fines up to CHF 100,000.
Affected: Critical infrastructure organizations in Switzerland
Keypoints :
- Organizations must report cyberattacks affecting operations, including data manipulation and unauthorized access.
- The new reporting requirement is part of an amendment to the Information Security Act (ISA).
- A leniency period until October 1, 2025, is provided, after which fines for non-compliance will apply.