Please enable javascript in your browser to view this site

The Swiss proposal for vendor restrictions

As debates in the EU rage on over newly proposed vendor restrictions, the Swiss Government is proposing similar requirements on its telecoms operators

The Swiss Federal Council has proposed stronger measures for network resilience and security

On 27 May 2026, the Swiss Federal Council opened a consultation on its proposed amendments to the Telecommunications Act to strengthen cybersecurity in the sector. The consultation’s main proposals focus on strengthening network resilience and security. Stronger resilience measures would require operators to diversify their equipment suppliers and the regulator, The Federal Office of Communications (OFCOM), would be given the power to block the use of certain vendors on security grounds. The consultation also proposes new measures for operators to better protect children online and prevent fraudsters from using their networks. In the Federal Council’s accompanying explanatory report, it explains that its newly proposed measures will primarily impact Switzerland’s three major operators – Swisscom, Sunrise and Salt. Stakeholders have until 17 September 2026 to respond to the consultation.

Network resilience would be strengthened by the mandated diversification of equipment suppliers

Operators would have to ensure that any critical components of their networks come from different suppliers under the consultation’s proposed Article 48b. Of these different suppliers, at least one would have to be headquartered in a country “whose legislation guarantees adequate data protection”. The Federal Council would be responsible for deciding which countries are deemed to have adequate data protection legislation. Article 48b would require operators to guarantee the “confidentiality, integrity and availability” of any of their infrastructure. The article would also enable OFCOM to identify and ban any components that may compromise these infrastructure security guarantees. Despite these proposed requirements, the Federal Council reports that most operators already pursue a multi-vendor strategy, so a large share of the cost to do so would have been incurred regardless of its proposal.

The consultation leaves a potential route to a compensation scheme for operators required to replace high-risk vendor equipment

Article 48c gives the Federal Council similar powers in relation to geopolitical risks. It would be able to block the use of network components from vendors – or vendors controlled by foreign states – deemed to present a geopolitical risk to Switzerland. The consultation states that the Federal Council would consider various economic, technological and security dependencies when deciding if vendors do present this geopolitical risk. The Federal Council would be enabled to “compel” operators to rip and replace any equipment from their networks if their vendors are deemed a geopolitical risk, but would “take into account the economic consequences” of such a process, likely to mean both the cost to operators and the wider economy. There is no indication that any compensation scheme would be established for operators (which has only been done in the US), but this consideration for the economic consequences could enable the Federal Council to explore such an option in the future. The Federal Council has cautioned that it would only intend to require a rip and replace as a last resort, recognising how it could have far-reaching consequences financially for operators and for service delivery. As a result of these perceived impacts, it suggests “sufficiently long” timeframes for any rip and replace.

The proposed amendments are derived from the EU’s 5G Security Toolbox and would take a lighter-touch approach than the CSA2

In the EU, the EC’s proposal for a revised Cybersecurity Act (CSA2) would require a rip-and-replace process of high-risk vendors in just 36 months, likely a much stricter timeframe than has been proposed in Switzerland. The Federal Council’s proposals on vendor restrictions are derived from the EU’s 5G Security Toolbox, rather than on the more recent CSA2 proposal. Its report suggests that this approach is suitable as the vast majority of operators already meet the proposal’s operational and security requirements, so the financial impact would be limited. It also forecasts that the diversification of vendors will have long-term productivity benefits as more resilient networks reduce downtime. Any rip-and-replace measures would reportedly be designed in a competition-neutral way to avoid market distortion – however, despite these positive aspects, the Federal Council assumes that the cost burden on operators will be passed on to consumers.