Using AI with Personal Data: How to Stay on the Right Side of Swiss Privacy Regulations
Learn how to leverage AI services with personal data while ensuring adherence to Swiss data protection laws.
In my experience, 80% of AI initiatives never make it to production, and one of the biggest roadblocks is data privacy concerns that arise after the prototype stage.
Many businesses get excited about AI’s potential, test promising use cases, and then hit a wall when it comes to handling personal data in a legally compliant way. They find themselves stuck in a data privacy jungle, unsure of how to move forward without violating regulations.
To successfully navigate this jungle, businesses need a clear understanding of data privacy—what it is, why it exists, what types of data require protection, and how this data can be stored and processed in a compliant manner. By demystifying these elements, companies can confidently deploy AI while staying within the bounds of Swiss data protection laws and international regulations like the GDPR.
In this post, we’ll break down the essentials of privacy-compliant AI and provide a roadmap for businesses looking to leverage AI without legal risks.
Disclaimer: This article is for informational purposes only and does not constitute legal advice. If you require legal guidance on data privacy compliance, consult a legal professional.
What data needs protection – and why?
Before we can ensure AI is used in a privacy-compliant way, we need to understand what types of data require protection and why they are regulated.
General personal data
General personal data ("allgemeine Personendaten), such as names, email addresses, and phone numbers, is protected under the Data Protection Act (FADP/DSG) to ensure individuals retain control over their personal information and to prevent misuse, including cyberattacks aimed at accessing financial data.
Sensitive personal data
Sensitive personal data ("besonders schützenswerte Daten"), such as religious beliefs, sexual orientation, or political opinions, is specially protected under the Data Protection Act (FADP/DSG) to prevent discrimination and to safeguard individual freedoms.
Professional and official secrets
Professional and official secrets ("Berufs- und Amtsgeheimnis"), such as legal, medical, or governmental confidentiality, are strictly protected under the Criminal Code (StGB) to ensure that clients, patients, and citizens can disclose sensitive information without fear of exposure, to prevent discrimination (e.g. based on medical history) and to prevent economic and personal harm.
Bank customer data
Bank customer data (CID) is strictly protected under the Banking Law (BankG) and regulated by FINMA to ensure financial privacy and prevent misuse.
Using bank customer data with AI in the cloud is possible, but it requires deep legal and compliance expertise to navigate strict regulations. This topic goes beyond the scope of this article, but renowned data protection authority David Rosenthal from the law firm Vischer has shared a variety of valuable insights and compliance frameworks on the subject, including this guide for banks interested in moving data to the cloud for AI processing.
Intellectual property
Intellectual property, such as trade secrets and proprietary company knowledge, is a critical asset that provides businesses with a competitive edge and drives innovation. Protecting this data is the responsibility of the company, and employees who unlawfully disclose confidential information can face legal consequences under the Criminal Code (StGB).
Since intellectual property does not constitute personal data, it falls outside the scope of this article on data privacy compliance.
Copyrighted content
Copyrighted material, such as text, images, poems, school books, songs, and movies, is legally protected to ensure creators receive fair recognition and compensation for their work. AI must not be trained on or use copyrighted content without the explicit consent of the copyright owner, and any AI-generated output with significant human involvement is generally not eligible for copyright protection.
As copyrighted material is primarily concerned with intellectual property rights rather than personal data, it also falls outside the core focus of this article on data privacy compliance.
Summary
To keep this article concise, the remainder will focus on personal data and the first three categories—general personal data, sensitive personal data, and professional & official secrets. Bank customer data, while critical, requires deep legal and compliance expertise and has already been extensively covered here by David Rosenthal.
| Type of Data | Legal Frame-work | Reason for Protection |
|---|---|---|
| General personal data | Data Protection Act (FADP/DSG) | Supports the right to informational self-determination |
| Sensitive personal data | Data Protection Act (FADP/DSG) | Prevents discrimination |
| Professional & official secrets | Criminal Code (StGB) | Ensures trust in disclosing sensitive information to officials and prevents discrimination |
| Bank customer data | Banking Law (BankG) / FINMA | Preserves financial privacy of individuals and companies |
| Intellectual Property | Criminal Code (StGB) | Protects competitive advantages, fosters innovation and business growth |
| Copyrighted content | Copyright Act (CopA/URG) | Recognises authorship, ensures fair compensation for creators |
The challenge
The challenge many companies face is that while protected data is stored in Switzerland, the most advanced AI services and cloud providers are located overseas. Even though open-source models are available, building entirely on-premises solutions with specialised hardware for model training or inference is rarely advisable and often lacks a favourable cost-benefit ratio.
To leverage these advanced AI tools and cloud-based services, companies must export data, for processing, storage, or both.
The FADP/DSG has strict requirements for such exports. According to Article 16:
Personal data may be disclosed abroad […] if an appropriate level of data protection is guaranteed […].
In the next section, we'll look at the scenarios where an appropriate level of data protection is met.
Legally compliant ways to export personal data overseas
Under Articles 16 and 17 of the Swiss Data Protection Act (FADP/DSG), exporting personal data to foreign AI services is only permitted under specific conditions. These safeguards ensure that data remains protected even when transferred outside of Switzerland. The key scenarios allowing such exports include:
- Adequate level of protection – The Federal Council has determined that certain countries provide an adequate level of data protection, meaning their laws meet Swiss data protection standards. These countries are listed in Exhibit 1 of the Data Protection Ordinance (DPO/DSV) and include all EU countries and the UK. However, the United States is not on this list due to its lack of a comprehensive national data privacy law and the broad access granted to US authorities under the Cloud Act and other regulations, which allow them to obtain data from US companies and their subsidiaries abroad.
- International agreements – The transfer is based on a treaty under international law, ensuring mutual recognition of data protection safeguards between Switzerland and the receiving country.
- Standard Contractual Clauses (SCCs) – The Swiss organisation has signed a contract with the overseas AI service provider that includes standard data protection clauses ("SCCs") or other clauses approved by the Swiss Federal Data Protection and Information Commissioner.
- Publicly accessible data – If the data subject has made the data generally accessible and has not explicitly prohibited processing, or if the data originates from a statutory register that is publicly available or accessible to those with a legitimate interest, export may be allowed.
- Contractual Necessity – If data transfer is directly connected with the conclusion or performance of a contract, it may be lawfully disclosed abroad.
- Explicit Consent – The data subject has explicitly consented to the disclosure of their data to a foreign service.
In the next two sections, we’ll examine how to apply this knowledge of the Swiss Data Protection Act (FADP/DSG) to leverage AI services in the US or in Europe through subsidiaries of US companies.
Developing AI services in Europe using US hyperscaler subsidiaries
In response to GDPR and strict data privacy regulations, major US hyperscalers such as AWS, Microsoft Azure, and Google Cloud have established legal entities and data centers in Europe. These European subsidiaries enable businesses to leverage cloud and AI services while complying with local data protection laws.
Since these European entities are legally incorporated within the EU, they must adhere to EU data privacy laws, which, as discussed earlier, are considered equivalent to Swiss data protection standards. This means that exporting personal data to these European entities is legally permissible under Swiss law. However, professional and official secrets are subject to additional requirements and must remain in a Swiss data center operated by a Swiss subsidiary.
Beyond cloud infrastructure, many third-party, US-based AI providers such as OpenAI also offer services on these platforms. For example, the same model that powers ChatGPT can be deployed on a European instance of Microsoft Azure without any data flows to the US. This ensures compliance with Swiss data privacy regulations while still enabling access to cutting-edge AI solutions.
However, this approach comes with two key drawbacks:
- Limited availability – Only a small fraction of US-based AI services are available on these platforms, restricting the range of AI solutions businesses can access.
- Complex Implementation – Deploying AI applications in these environments requires significant investment in time, money, and technical expertise. Businesses need capabilities in DevOps, Identity & Access Management (IAM), cybersecurity, software development, and cloud operations to set up and maintain compliant AI infrastructure.
While this route ensures data privacy compliance, businesses must weigh the trade-offs between compliance, availability, and implementation complexity when deciding whether to use AI services via European hyperscaler subsidiaries.
A more cost-effective approach is outlined in the next section.
Directly purchasing AI services from US SaaS vendors
To overcome the drawbacks of building AI services on European hyperscaler subsidiaries, some companies choose to directly purchase AI solutions from US-based SaaS (Software-as-a-Service) vendors. This approach allows businesses to access the full range of AI services that are often only available as SaaS solutions, eliminating the need for complex custom development. With user-friendly interfaces and APIs, these services offer the fastest implementation and smallest operational complexity.
As mentioned earlier, international agreements can provide a legal basis for exporting personal data, except in the case of professional and official secrets. Since September 2024, the Data Privacy Framework (DPF) has been in place, allowing certified US AI vendors to receive personal data in compliance with Swiss data protection laws. Vendors can self-certify for handling HR and non-HR data separately, ensuring businesses can transfer data securely. Swiss organisations can check which AI vendors are certified by going to DataPrivacyFramework.gov.
For non-certified companies, the disclosure of personal data is still possible through another way. This is usually done based on the EU Standard Contractual Clauses (EU SCCs), which must be supplemented with an additional clause for transfers from Switzerland plus some additional compliance work. David Rosenthal describes this in more detail here.
Where possible, directly purchasing AI services from US SaaS vendors is preferred as it offers broader AI service availability and better value for money than building in a private tenant in on a cloud platform. However, license agreements must always be carefully reviewed to ensure that no AI model training occurs on the provided data. Understanding the data processing terms of SaaS vendors is critical to maintaining compliance with Swiss data protection regulations while leveraging state-of-the-art AI solutions from the US.
Additional considerations
Regardless of the chosen AI service, businesses must carefully review license terms and Data Processing Agreements (DPAs) to ensure compliance with Swiss data protection laws. A critical aspect of this review is verifying that no training is performed on personal data. For guidance on which license agreements apply to different types of personal data for common tools, refer to this article from David Rosenthal.
Encryption is a key security measure and is recommended for all personal data, while it is mandatory for sensitive personal data as well as professional and official secrets. The more sensitive the data, the stricter the security and compliance requirements must be to protect against unauthorised access and misuse.
For professional and official secrets, data must remain within Swiss data centres operated by a Swiss company, though this company may be a subsidiary of a US hyperscaler. This ensures compliance with strict confidentiality regulations.
When exporting sensitive personal data, businesses must obtain the explicit opt-in consent of the data subject.
By addressing these considerations, businesses can responsibly leverage AI services while maintaining compliance with Swiss data protection regulations.
Summary and recommendations
Many Swiss companies wanting to leverage AI face the challenge that while personal data is stored in Switzerland, the most advanced AI services and cloud providers are located overseas. While open-source models exist, building a fully on-premises AI solution with specialised hardware is rarely advisable, as it often lacks a favourable cost-benefit ratio.
Using AI services in the cloud is feasible in nearly all scenarios but typically requires an upfront investment in compliance to ensure adherence to legal and internal requirements.
For most types of personal data—with the exception of professional and official secrets and bank customer data—storage and processing in Europe is legally permissible. Additionally, AI SaaS vendors in the US that are certified under the Data Privacy Framework (DPF) or commit to certain Standard Contractual Clauses (SCCs) can also receive Swiss personal data, provided the license terms explicitly prohibit model training on the data.
Where possible, I recommend this approach—leveraging certified US AI SaaS vendors with off-the-shelf solutions rather than custom-building an AI solution on a cloud platform—as it provides the best cost-benefit ratio while ensuring compliance with Swiss data protection laws.
Additional resources
David Rosenthal from the Swiss law firm Vischer has written numerous detailed articles and provided valuable tools to support the adoption of AI in Swiss companies. Some key highlights include:
Blog post series on compliant and ethical use of AI
Analysis of data protection in ChatGPT, M365 and Google Cloud (part of the above series)
Amts- und Berufsgeheimnis in der Cloud
Mit Berufsgeheimnissen in die Cloud: Musterklausel
Outsourcing für Finanzinstitute. Der Weg in die Cloud.
Swiss-US DPF: Daten mit und ohne in die USA übermitteln
Microsoft Cloud-Verträge: Workaround für fehlende Unterschrift
