Why Swiss Authorities Are Concerned
At the heart of the warning is the lack of true end-to-end encryption offered by many large SaaS providers. Under laws like the US Cloud Act, these companies could be compelled to hand over data to US authorities—even if it’s stored in Switzerland. The concern extends beyond encryption: complex chains of external service providers make it difficult to verify security and maintain control over sensitive information.
Implications for Public Data
Privatim emphasizes that using international cloud services can result in a significant loss of control for Swiss public institutions. Without the ability to manage encryption keys directly, these bodies cannot fully safeguard citizens’ fundamental rights when handling confidential data. The guidance is clear: highly sensitive information should only be stored with providers where the government can control encryption keys and ensure the service cannot access the data.
Swiss Privacy Standards vs. the US Cloud Act
Switzerland has long been known for strict data protection laws, and the 2023 revision of the Swiss Data Protection Act introduced even tighter rules for cross-border data disclosures. In this context, the US Cloud Act poses a challenge: even data hosted in Swiss regions may be subject to US legal requests, conflicting with Swiss standards for privacy and digital sovereignty.
Homegrown Alternatives Gain Momentum
Fortunately, Swiss alternatives are emerging. Proton, for example, has become a recognized name in secure email and cloud services. With client-side encryption, open-source components, and compliance with Swiss law, Proton ensures that user data remains inaccessible—even under legal pressure. For organizations looking to align with European data privacy rules, such solutions are increasingly attractive.
Opportunities for Privacy-Focused Providers
With the three American hyperscalers controlling roughly two-thirds of the cloud market, switching away from them is no small task. Yet growing European privacy regulations create opportunities for companies that can offer compliant, secure alternatives. As organizations seek to retain control over sensitive data, privacy-focused providers may see significant growth in the coming years.
