EXTO
English
Free scan

Switzerland

The Swiss rules that apply to you — not just the EU ones.

Swiss companies face their own obligations on top of EU regulations: supply-chain due diligence, data protection, and sustainability reporting. EXTO covers all three — on a platform built in Switzerland. Find out which apply to your company.

Start the free scan Fiduciary / consultant?

Three Swiss frameworks, one platform.

Beyond EUDR, ESPR, CSRD and CSDDD, Switzerland has its own compliance regime under the Code of Obligations and the revised data-protection law. Whether each applies to you depends on your size, sector and supply chain — here's the picture.

CO Art. 964j-l · DDTr

Supply-chain due diligence: conflict minerals & child labour

Companies based in Switzerland must run supply-chain due diligence and report annually if they import or process tin, tantalum, tungsten or gold from conflict-affected areas, or offer products or services where there is a reasonable suspicion of child labour.

Scope: SMEs and low-risk companies are exempt from the child-labour due-diligence obligations (a Swiss SME does not exceed two of: CHF 20M balance sheet, 250 full-time employees, CHF 40M turnover, over two consecutive years). But the SME exemption does NOT cover conflict minerals — if you import or process them above the threshold, you are in scope regardless of size.

nFADP / nLPD · SR 235.1

Data protection: the revised Swiss data-protection act

In force since 1 September 2023 with no transition period, the revised Federal Act on Data Protection (nFADP, French nLPD) is Switzerland's GDPR-aligned privacy law. It applies to any company — Swiss or foreign — that offers goods or services to people in Switzerland or processes their personal data.

Scope: this is the framework that reaches the most SMEs — almost any business handling personal data is affected. Companies with fewer than 250 employees are exempt from the formal record-of-processing-activities obligation, provided their processing does not pose a high risk to data subjects. The other duties — transparency, security, breach notification, data-subject rights — still apply.

CO Art. 964a-c

Sustainability reporting: non-financial & climate matters

Large Swiss public-interest companies must publish an annual report on non-financial matters — environment (including a climate transition plan), social and employee issues, human rights and anti-corruption.

Scope (in force): currently applies to public companies, banks and insurers with at least 500 full-time employees AND either CHF 20M total assets or CHF 40M turnover. Most SMEs are out of scope today.

How EXTO helps

Scan. Report. Monitor.

1

Scan

Free
  • 53 questions, 7 frameworks
  • Tells you which Swiss rules apply
  • Summary PDF, no login
2

Detailed report

CHF 490
  • Full gap analysis across the Swiss frameworks
  • Action plans + thresholds explained
  • PDF + DOCX your fiduciary can execute
3

Platform

from CHF 99/mo
  • Dashboard + alerts
  • Tracks reform changes as they land
  • Audit trail for each obligation

Frequently asked questions about Swiss compliance

Which Swiss rules apply to my SME?

It depends on your activity. The revised data-protection act (nFADP) reaches almost every business handling personal data. Supply-chain due diligence (CO 964j-l) applies if you import conflict minerals or have child-labour risk in your supply chain. Sustainability reporting (CO 964a-c) currently only applies to large companies (500+ employees). The free scan tells you which apply to your specific situation.

Am I exempt from the child-labour due diligence?

SMEs and low-risk companies are exempt from the child-labour due-diligence obligations under CO 964j-l. A Swiss SME does not exceed two of these in two consecutive years: CHF 20M balance sheet, 250 full-time employees, CHF 40M turnover. Note the exemption does not extend to conflict minerals — importing or processing them above the threshold puts you in scope regardless of size.

Does nFADP apply if I'm a small company?

Yes — the nFADP applies regardless of size to any company processing the personal data of people in Switzerland. Companies with fewer than 250 employees are exempt only from the formal record-keeping obligation (and only if processing is low-risk); transparency, security, breach-notification and data-subject-rights duties still apply.

Do I have to do Swiss sustainability reporting?

Under the law currently in force (CO 964a-c), only large public-interest companies — 500+ employees with CHF 20M assets or CHF 40M turnover — must report. A proposed reform would lower this toward 250 employees and align with the EU CSRD, but it is paused pending the EU Omnibus framework, with a decision expected in 2026. As of today the 500-employee threshold stands.

What's the difference between the Swiss rules and the EU ones?

They overlap but are distinct. The Swiss frameworks (CO 964a-c, 964j-l, nFADP) apply based on a Swiss seat or Swiss data subjects, generally without the EU's extraterritorial reach. EU rules like EUDR, CSRD and CSDDD can apply to you separately if you place goods on the EU market or supply EU customers. Many Swiss SMEs are touched by both — which is why EXTO covers them together.

Is this legal advice?

No. EXTO is a diagnostic tool: it identifies which obligations apply and where your gaps are, and generates an action plan your fiduciary can execute. It replaces neither legal advice nor certification.

Not sure which Swiss rules apply to you? Find out now.

The scan is free, no login, no commitment. You'll know exactly where you stand across all three Swiss frameworks.

Start the free scan