The EU’s NIS2 directive takes effect in October 2024 and massively tightens cybersecurity requirements. But does it also affect Swiss companies? The answer is more complex than a simple yes or no.

This guide explains what NIS2 is, which companies are affected, what Switzerland’s position is, and what practical consequences Swiss companies with EU activities face.

What Is NIS2?

The Basics

NIS2 = Network and Information Security Directive 2

Predecessor: NIS1 directive (2016), the first EU-wide cybersecurity regulation.

Why NIS2? NIS1 was too weak, too many gaps, too little harmonisation between member states. Cyber threats have increased massively.

Goal of NIS2:

  • Higher cybersecurity level in the EU
  • Harmonization between member states
  • More companies covered
  • Harsher penalties for non-compliance

Core Elements

1. Extended Sector Coverage

NIS1: 7 sectors (energy, transport, banking, etc.)

NIS2: 18 sectors, including:

  • Energy (electricity, gas, oil, hydrogen)
  • Transport (air, rail, water, road)
  • Banking & financial market infrastructure
  • Healthcare
  • Drinking water & wastewater
  • Digital infrastructure (cloud, DNS, TLD)
  • ICT service management (managed services)
  • Public administration
  • Space
  • Chemicals
  • Food
  • Production of critical products (medical devices, etc.)
  • Postal & courier services
  • Waste management
  • Research
  • Digital providers (online marketplaces, search engines, social media)

2. Size Thresholds

Essential Entities:

  • Medium to large companies

  • 50 employees OR

  • EUR 10 million annual turnover

Important Entities:

  • Smaller companies in critical sectors

  • 50 employees OR

  • EUR 10 million annual turnover

Exceptions:

  • Micro-enterprises (<10 employees and <EUR 2 million turnover) mostly exempt
  • But: Critical services may still be covered

3. Cybersecurity Requirements

Companies must:

  • Implement risk management
  • Ensure business continuity (backup, disaster recovery)
  • Supply chain security (supplier risks)
  • Security in development & operations
  • Vulnerability management
  • Incident response processes
  • Use cryptography & encryption
  • Security awareness training
  • Multi-factor authentication (MFA)
  • Zero-trust principles where possible

4. Reporting Obligations

For cybersecurity incidents:

First report: Within 24 hours of discovery (early warning)

Second report: Within 72 hours (detailed information)

Final report: Within 1 month (final analysis)

To: National cybersecurity authority (different in each EU country)

5. Sanctions

Essential entities: Fines up to EUR 10 million OR 2% of global annual turnover (whichever is higher)

Important entities: Fines up to EUR 7 million OR 1.4% of global annual turnover

Personal liability: Management can be held personally liable.

Timeline

January 18, 2023: NIS2 directive entered into force (at EU level)

October 17, 2024: Deadline for member states to transpose NIS2 into national law

From October 2024: NIS2 becomes effective in EU countries (depending on national implementation status)

Status today (2025): Most EU countries have implemented NIS2, some with delays.

Does NIS2 Affect Swiss Companies?

The Complex Answer

Directly: No. Switzerland is not an EU member, so NIS2 does not apply directly to Swiss companies.

Indirectly: Yes, under certain conditions.

When Swiss Companies Are Affected

Scenario 1: Subsidiaries in the EU

If: Your Swiss company has a branch, subsidiary, or office in an EU country.

Then: This EU entity is subject to NIS2 if:

  • It operates in a covered sector
  • It meets the size thresholds (>50 employees or >EUR 10 million turnover)

Real example: Swiss IT Service Provider

Situation: Swiss IT company (headquarters Zurich, 80 employees) has subsidiary in Germany (30 employees).

NIS2 relevance:

  • German subsidiary is subject to NIS2 (sector: ICT service management)
  • Must meet cybersecurity requirements
  • Must report incidents
  • Must be compliant by October 2024

Practical consequence: Swiss parent company must support German subsidiary (often shared IT systems).

Scenario 2: Critical Services in the EU

If: Your Swiss company provides critical services to EU customers.

Examples:

  • Cloud services for EU companies (IaaS, PaaS, SaaS)
  • Managed security services for EU companies
  • DNS services
  • Content delivery networks (CDN)
  • Digital services (online marketplaces, search engines)

Then: You may be considered a “service provider for essential entities” and must meet NIS2 requirements.

Real example: Swiss Cloud Provider

Situation: Swiss cloud provider, 40% customers in EU, offers IaaS.

NIS2 relevance:

  • Digital infrastructure (cloud) is NIS2 sector
  • Services for EU customers → affected
  • Must meet cybersecurity standards
  • Incident reporting obligation for EU-related incidents

Practically: Compliance needed to avoid losing EU customers.

Scenario 3: Supplier for NIS2-Obligated Companies

If: Your Swiss company is a supplier to EU companies that fall under NIS2.

NIS2 requirement: Supply chain security, companies must manage risks at suppliers.

Practical consequence: EU customers will require from you:

  • Evidence of cybersecurity measures
  • Certifications (ISO 27001, etc.)
  • Contractual security clauses
  • Incident notification obligations

Not directly NIS2-obligated, but: Commercial pressure to retain EU customers.

Real example: Swiss Software Manufacturer

Situation: Swiss SaaS provider, sells HR software to EU companies (e.g., hospitals, administrations).

Impact:

  • EU customers (hospitals = NIS2-obligated) check suppliers
  • Require ISO 27001, SOC 2, NIS2-like controls
  • Contract includes security audits, incident notification

Without compliance: Risk of losing EU contracts.

Scenario 4: Cross-border Activities

If: Your Swiss company operates physically in EU (e.g., transport, energy, critical infrastructure).

Example:

  • Swiss transport company drives in EU
  • Swiss energy company operates facilities in EU border region

Then: EU activities are subject to local regulation including NIS2.

Summary: Are You Affected?

Checklist:

  • Do you have a branch/subsidiary in EU?
  • Do you offer critical services to EU customers (cloud, DNS, managed services)?
  • Are you a supplier to NIS2-obligated EU companies?
  • Do you operate physically in EU (transport, energy, infrastructure)?
  • Are you active in a NIS2 sector (see list above)?
  • Do you meet size criteria (>50 employees or >EUR 10 million turnover)?

If multiple answers are “Yes”: NIS2 probably affects you indirectly.

Switzerland’s Position on NIS2

Official Stance

Switzerland is not an EU member: NIS2 does not apply directly in Switzerland.

But: Switzerland recognises the importance of cybersecurity and is working on its own regulations.

Swiss Cybersecurity Regulation

Current Status (2025)

National Strategy for Protecting Switzerland from Cyber Risks (NCS):

  • Strategic framework
  • No binding regulation like NIS2
  • Voluntary measures

Information Security Act (ISG):

  • Applies to federal administration
  • Not to private sector

Critical Infrastructures:

  • Some sectors have special regulations (banks, energy)
  • No thorough cybersecurity obligation like NIS2

FINMA (Financial Sector):

  • Banks & insurance: Regulated IT risks (FINMA Circular 2008/21)
  • Cybersecurity requirements similar to NIS2

Energy Sector:

  • Electricity Supply Act (StromVG): Security requirements for critical infrastructure
  • Similar to NIS2 energy sector

Healthcare:

  • Varies by canton
  • No national cybersecurity obligation (unlike NIS2)

Future Developments

Option 1: Swiss NIS Equivalent

Discussions ongoing: Federal Council is examining whether Switzerland needs its own NIS law.

Arguments for:

  • Swiss companies in EU business need clarity
  • Raise cybersecurity level in CH
  • International compatibility (e.g., for data exchange with EU)

Arguments against:

  • Regulatory burden for SMEs
  • Swiss autonomy
  • Existing sectoral regulation sufficient

Status: No decision yet (as of 2025).

Option 2: Sectoral Approaches

More likely: Switzerland expands existing sectoral regulation:

  • Energy: Extended cybersecurity obligations
  • Health: National standards
  • ICT: Voluntary standards (e.g., via industry associations)

Option 3: Equivalence Agreement with EU

If: Switzerland and EU negotiate equivalence (Swiss standards recognised as equivalent).

Advantage: Swiss companies would have easier EU market access.

Status: No concrete plans (as of 2025).

What This Means for Swiss Companies

Short-term (2024-2026):

  • No direct Swiss NIS2 obligation
  • But: EU activities affected (see scenarios above)
  • Voluntary cybersecurity standards recommended

Medium-term (2026-2028):

  • Possibly Swiss regulation
  • Alignment with EU standards likely
  • Early preparation pays off

Long-term (2028+):

  • Swiss NIS equivalent conceivable
  • International cybersecurity standards become standard

NIS2 Requirements in Detail

What Must Affected Companies Do?

1. Risk Management & Governance

Requirement:

  • Identify, assess, treat security risks
  • Documented processes
  • Regular reviews (at least annually)
  • Management responsibility (not just IT)

Practically:

  • Conduct risk assessment
  • Build risk register
  • Define treatment measures
  • Involve board/management

Tools:

  • ISO 27005 (Risk Management)
  • NIST Cybersecurity Framework
  • BSI IT-Grundschutz

2. Business Continuity & Disaster Recovery

Requirement:

  • Backup strategy (tested!)
  • Disaster recovery plan
  • Recovery time objectives (RTO/RPO)
  • Regular tests (at least annually)

Practically:

  • 3-2-1 backup rule (3 copies, 2 media, 1 offsite)
  • Offline backups (protection from ransomware)
  • Document DR tests
  • Written recovery procedures

Costs: CHF 10,000-50,000 (depending on size)

3. Supply Chain Security

Requirement:

  • Assess cybersecurity risks at suppliers
  • Contractual security requirements
  • Monitor critical suppliers
  • Incident notification from suppliers

Practically:

  • Supplier assessment (questionnaire)
  • Identify critical suppliers
  • Security clauses in contracts
  • Require ISO 27001 from suppliers (where critical)

Example clause: “Supplier must report cybersecurity incidents within 24h.”

4. Security by Design

Requirement:

  • Integrate security in development & operations
  • Secure Software Development Lifecycle (SSDLC)
  • Regular security tests

Practically:

  • Code reviews with security focus
  • Penetration testing (at least annually)
  • Vulnerability scanning (continuous)
  • Secure coding guidelines

For the penetration testing and red team assessments NIS2 envisions, Swiss-based RedTeam Partners can help companies demonstrate compliance through CREST-certified testing that aligns with EU expectations.

Especially relevant for software developers.

5. Vulnerability Management

Requirement:

  • Fix known vulnerabilities promptly
  • Patch management process
  • Vulnerability disclosure policy

Practically:

  • Deploy vulnerability scanner
  • Patch schedule (critical patches: 48h)
  • Inventory of all assets (what needs patching?)
  • Emergency patches for zero-days

Tools:

  • Qualys, Tenable Nessus, Rapid7

6. Incident Response

Requirement:

  • Incident response plan
  • Defined processes & responsibilities
  • 24/7 availability
  • Documentation & lessons learned

Practically:

  • Create IR playbooks
  • Define incident response team
  • Prepare external support (forensics, legal)
  • Incident response exercises (tabletop)

Costs: CHF 15,000-40,000 (setup + training)

7. Cryptography & Encryption

Requirement:

  • Encrypt data (in transit & at rest)
  • Modern crypto standards
  • Key management

Practically:

  • TLS 1.3 for data transmission
  • AES-256 for data-at-rest
  • Encrypted backups
  • Hardware Security Modules (HSM) for keys (if highly critical)

Minimum:

  • HTTPS everywhere
  • Encrypted drives/storage
  • Encrypted emails (where sensitive)

8. Security Awareness Training

Requirement:

  • Regular training (at least annually)
  • All employees
  • Phishing awareness
  • Documentation

Practically:

  • Annual security training (1-2h)
  • Phishing simulations (quarterly)
  • Security newsletter (monthly)
  • Onboarding security training

Costs: CHF 50-150 per employee/year

9. Multi-Factor Authentication (MFA)

Requirement:

  • MFA for all privileged access
  • MFA for remote access
  • Modern MFA methods (not just SMS)

Practically:

  • MFA for VPN, admin accounts, cloud services
  • Authenticator apps (Google, Microsoft, etc.)
  • Hardware tokens (YubiKey) for highest security
  • Conditional access (risk-based)

Costs: CHF 20-50 per user/year (software) CHF 40-80 per user (hardware token)

10. Reporting Obligations

Requirement:

  • Report cybersecurity incidents (see timeline above)
  • To national authority (e.g., in DE: BSI, in FR: ANSSI)
  • Structured information (use template)

Practically:

  • Define process (who reports when?)
  • Establish contact with authority (before incident!)
  • Prepare reporting forms
  • Involve legal counsel

Attention: Not every incident is reportable, only those with “significant impact.”

What is “significant”?

  • Service interruption >X hours
  • Data loss
  • Financial damage
  • Danger to health/safety

(National regulation defines thresholds)

Compliance Checklist

Technical measures:

  • Firewall & network segmentation
  • Endpoint protection (EDR)
  • Security monitoring (SIEM/SOC)
  • Vulnerability scanning
  • Patch management
  • Backup & recovery (tested)
  • Encryption (data-at-rest & in-transit)
  • MFA for all critical systems
  • Access control (least privilege)

Organisational measures:

  • Security policies documented
  • Risk assessment conducted
  • Incident response plan available
  • Business continuity plan
  • Supply chain security process
  • Security awareness training
  • Management reporting (quarterly)

Compliance:

  • Reporting process defined (incidents)
  • Contact with national authority
  • Documentation (audits)
  • Contractual arrangements (suppliers)

Practical Impact for Swiss Companies

Impact 1: Compliance Costs

For affected Swiss companies:

Initial costs (setup):

  • Gap assessment: CHF 10,000-30,000
  • Technical measures: CHF 30,000-150,000 (depending on size)
  • Organisational measures: CHF 20,000-60,000
  • External consulting: CHF 30,000-100,000
  • Total setup: CHF 90,000-340,000

Ongoing costs (annually):

  • Security monitoring (SOC): CHF 40,000-120,000
  • Vulnerability management: CHF 10,000-30,000
  • Training: CHF 5,000-20,000
  • Audits & compliance: CHF 15,000-40,000
  • Tool licences: CHF 20,000-60,000
  • Total annually: CHF 90,000-270,000

For SMEs (50-100 employees): CHF 100,000-200,000 (setup) + CHF 50,000-100,000/year

For mid-sized (200-500 employees): CHF 200,000-400,000 (setup) + CHF 150,000-300,000/year

Impact 2: Competitive Advantage

Positive side:

Swiss companies that are NIS2-compliant:

  • More attractive to EU customers
  • Higher trust
  • Competitive advantage over non-compliant providers
  • Premium pricing possible (“NIS2-ready”)

Marketing: “Our service meets EU NIS2 standards, your data is secure.”

Real example: Swiss cloud provider advertises NIS2 compliance, wins EU hospital as customer (they are NIS2-obligated and need secure suppliers).

Impact 3: Supplier Selection

EU customers become more critical:

If you are a Swiss provider:

  • EU customers check your cybersecurity
  • Require certificates (ISO 27001, SOC 2)
  • Contract clauses (security audits, incident notification)

Without compliance:

  • Risk of losing EU tenders
  • “Not EU-compliant” = exclusion criterion

Preparation pays off.

Impact 4: Cyber Insurance

Insurers adapt policies:

NIS2 compliance:

  • Can reduce premiums
  • Better conditions
  • Higher coverage amounts

Non-compliance:

  • Higher premiums
  • Exclusions (e.g., no coverage for gross negligence)
  • Regulatory fines not insured

Insurers ask: “Do you meet NIS2?” (even for Swiss companies)

Impact 5: M&A and Due Diligence

During company acquisitions:

NIS2 compliance is checked:

  • Swiss company buys EU company → NIS2 liabilities
  • EU company buys Swiss company → wants NIS2 compliance

Due diligence:

  • Cybersecurity audit
  • Compliance status
  • Potential fines (if non-compliant)

Impact on company value: Non-compliance = risk discount (5-15% possible)

Industry-Specific Considerations

Financial Sector

Swiss banks & insurance:

Already heavily regulated:

  • FINMA requirements similar to NIS2
  • ISO 27001 often already in place
  • Incident reporting obligations exist

NIS2 impact:

  • EU activities: NIS2 compliance additionally
  • Harmonization possible (FINMA ≈ NIS2)
  • Additional effort limited

Recommendation: Gap assessment between FINMA and NIS2.

Healthcare

Swiss hospitals, clinics, pharma:

Currently:

  • Regulated differently by canton
  • No national cybersecurity obligation

NIS2 impact:

  • EU business (e.g., clinical trials in EU): affected
  • Suppliers to EU hospitals: indirectly affected
  • Pressure for higher cybersecurity

Special feature: Patient data = particularly sensitive → NIS2 + GDPR.

Recommendation: Even without obligation, implement NIS2-like standards (reputation).

Energy & Critical Infrastructure

Swiss energy companies:

StromVG: Swiss electricity providers already have security obligations.

NIS2 impact:

  • Cross-border networks (CH-EU): affected
  • Export/import electricity: coordination needed
  • Harmonise standards (StromVG & NIS2)

Recommendation: See NIS2 as complement to StromVG.

IT & Technology

Swiss IT service providers, SaaS, cloud:

High risk of being affected:

  • Many EU customers
  • Critical services (cloud = NIS2 sector)
  • Supply chain (supplier to NIS2 companies)

NIS2 impact:

  • Direct: EU branches
  • Indirect: EU customers require compliance
  • Competitive advantage through early compliance

Recommendation: ISO 27001 + NIS2 gap assessment start immediately.

Transport & Logistics

Swiss transport companies:

NIS2 covers:

  • Air, rail, water, road (from certain size)

Switzerland-EU traffic:

  • Cross-border → affected
  • EU activities subject to NIS2

Special feature: Physical security + cybersecurity (e.g., air traffic control, rail control).

Recommendation: Don’t forget OT security (Operational Technology).

Production & Industry

Swiss industrial companies:

NIS2 sectors:

  • Critical production (medical devices, chemicals, etc.)

Impact:

  • EU plants: affected
  • Supplier to EU industry: indirectly affected
  • OT/ICS security (production facilities)

Recommendation: IEC 62443 (Industrial Security) + NIS2.

Implementation Recommendations for Swiss Companies

Phase 1: Clarification (1-2 months)

Step 1: Are we affected?

Questions:

  • Do we have EU activities?
  • Are we in NIS2 sector?
  • Do we meet size criteria?
  • Are we supplier to NIS2 companies?

Method:

  • Internal analysis
  • Or: External consulting (CHF 5,000-15,000)

Output: Clarity whether affected (direct/indirect/not).

Step 2: Gap assessment

If affected:

  • Where are we today?
  • What’s missing for NIS2 compliance?
  • What measures needed?

Method:

  • Self-assessment (NIS2 checklist)
  • Or: External audit (CHF 10,000-30,000)

Output: Catalog of measures with prioritisation.

Phase 2: Planning (1-2 months)

Step 3: Create roadmap

Define:

  • Which measures in what order?
  • Timeline (NIS2 deadline: October 2024, if delayed possibly later)
  • Budget (see costs above)
  • Responsibilities

Prioritization:

  1. Critical gaps (high risk)
  2. Quick wins (easy to implement)
  3. Long-term projects (complex)

Step 4: Budget & resources

Clarify:

  • Approve internal budget
  • External support needed? (Consultants, MSSP)
  • Personnel (dedicated role for compliance?)

Typical: CHF 100,000-300,000 for SMEs (see costs above).

Phase 3: Implementation (6-12 months)

Step 5: Technical measures

Example sequence:

  1. Activate MFA (weeks)
  2. Test backup & recovery (1-2 months)
  3. Deploy vulnerability scanning (1 month)
  4. Set up SIEM/SOC (2-4 months)
  5. Implement encryption (2-3 months)

Parallel: Organisational measures.

Step 6: Organisational measures

Example sequence:

  1. Document policies (1 month)
  2. Conduct risk assessment (1-2 months)
  3. Create incident response plan (1 month)
  4. Start security training (ongoing)
  5. Supply chain security process (2-3 months)

Step 7: Testing & documentation

Before go-live:

  • Backup recovery test
  • Incident response exercise (tabletop)
  • Penetration test
  • Complete documentation (for audit)

Duration: 1-2 months

Phase 4: Operations & Maintenance (ongoing)

Step 8: Monitoring & review

Ongoing:

  • Security monitoring (24/7)
  • Vulnerability management (weekly)
  • Patch management (according to schedule)
  • Incident response (as needed)

Regular:

  • Risk review (quarterly)
  • Management reporting (quarterly)
  • Audits (annually)
  • Training (annually)

Step 9: Continuous improvement

Annually:

  • What worked?
  • What needs improvement?
  • New threats?
  • Adjust measures

NIS2 is not a project, but a process.

Frequently Asked Questions (FAQ)

1. Must I report NIS2 incidents as a Swiss company?

Answer:

  • If you have EU subsidiary: Yes (to EU authority)
  • If you offer critical services in EU: Yes
  • Purely Swiss operation: No (but possibly voluntarily sensible)

2. Is ISO 27001 sufficient for NIS2 compliance?

Answer: ISO 27001 is a good basis, but not sufficient.

NIS2 has additional requirements:

  • Specific reporting obligations
  • Supply chain security (more detailed)
  • Business continuity (more concrete requirements)

Recommendation: ISO 27001 + NIS2 gap assessment.

3. Can I outsource NIS2 compliance?

Answer: Partially.

Can outsource:

  • Security monitoring (MSSP)
  • Incident response (retainer)
  • Vulnerability management
  • Compliance consulting

Cannot outsource:

  • Responsibility (stays with you)
  • Reporting obligations (you must do)
  • Governance & policies

Hybrid model makes sense.

4. What happens with non-compliance?

In EU:

  • Fines up to EUR 10 million or 2% turnover
  • Management personally liable
  • Reputational damage

For Swiss company:

  • Direct: Only if EU subsidiary/branch
  • Indirect: Loss of EU customers, competitive disadvantage

5. When does NIS2 come to Switzerland?

Answer: Unclear.

Possible scenarios:

  • 2026-2028: Swiss equivalent (but uncertain)
  • Or: Remains with sectoral regulations
  • Or: Voluntary standards

Recommendation: Don’t wait, EU business requires compliance now.

6. What certification do I need for NIS2?

Answer: NIS2 does not require specific certification.

But helpful:

  • ISO 27001 (basis)
  • ISO 27002 (controls)
  • SOC 2 (for cloud/SaaS)
  • BSI IT-Grundschutz (recognised in DE)

NIS2 compliance is checked via audits (by national authorities).

7. How long does NIS2 compliance take?

Answer: Depends on starting point.

If already good security level: 6-12 months

If starting from zero: 12-18 months

Recommendation: Start early, don’t underestimate deadline.

Checklist: NIS2 Preparation for Swiss Companies

Immediately (Month 1-2)

  • Clarify: Are we affected? (direct/indirect)
  • Identify business activities in EU
  • Check NIS2 sector membership
  • Plan gap assessment (internal or external)

Short-term (Month 3-6)

  • Conduct gap assessment
  • Approve budget (CHF 100,000-300,000 for SMEs)
  • Create roadmap (prioritise measures)
  • Implement quick wins (MFA, backup tests)
  • Evaluate external support (MSSP, consultants)

Medium-term (Month 6-12)

  • Implement technical measures (see checklist above)
  • Implement organisational measures
  • Document policies & processes
  • Test incident response plan
  • Start security training

Ongoing (from Month 12+)

  • Security monitoring 24/7
  • Vulnerability management
  • Patch management
  • Quarterly risk review
  • Annual audits
  • Continuous improvement

Conclusion: What Swiss Companies Should Do Now

Key Messages

1. NIS2 affects more Swiss companies than expected Not directly, but indirectly through EU activities.

2. Compliance is complex and costly CHF 100,000-300,000 (setup) + ongoing costs.

3. Starting early pays off Competitive advantage, win EU customers.

4. Hybrid approach makes sense Internal + MSSP for operational security.

5. Even without obligation: Good cybersecurity pays off NIS2 standards are best practice, protect against cyberattacks.

Action Recommendation

Step 1: Clarify your situation (immediately)

  • Affected or not?
  • EU activities?
  • Gap assessment

Step 2: Plan (Month 1-3)

  • Roadmap
  • Budget
  • Resources

Step 3: Implement (Month 3-12)

  • Technical + organisational
  • Internal + external (MSSP)

Step 4: Operate (ongoing)

  • Monitoring
  • Reviews
  • Continuous improvement

Golden Rules

Rule 1: Don’t wait NIS2 is already in force (EU), early compliance = competitive advantage.

Rule 2: Don’t underestimate Compliance is not a 2-month project, plan 6-12 months.

Rule 3: Get help External expertise (consultants, MSSP) accelerates compliance.

Rule 4: See it as opportunity Higher cybersecurity level protects your company, not just compliance.

Rule 5: Document Audits require evidence, document everything.

NIS2 is complex, but doable. With proper preparation, Swiss companies can not only be compliant but also more secure and competitive.

Transparency Note: Alpine Excellence only lists verified providers. When seal holders or cybersecurity service providers are mentioned in this article, it serves to illustrate compliance requirements and services concretely, not as advertising.