nFADP / revDSG — revised Federal Act on Data Protection (in force 1 Sept 2023) · vnFADP (in force 2023)
nFADP / revDSG — revised Federal Act on Data Protection (in force 1 Sept 2023)
nFADP / revDSG — revised Federal Act on Data Protection (in force 1 Sept 2023) — 100% covered.
4 requirements · 4 enforced · 0 designed · 0 advisory · 0 deferred.
Source: nFADP / revDSG — revised Federal Act on Data Protection (in force 1 Sept 2023). Switzerland is outside the EU/EEA and enacts its own GDPR-aligned data-protection statute under an EU adequacy decision; KYE maps the national deltas and edges AI/security obligations to the EU-wide frameworks where Swiss law references them.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| National statute (non-EU, adequacy) | 1 | 1 | 0 | 0 | 0 | 100% |
| Supervisory authority + accountability | 1 | 1 | 0 | 0 | 0 | 100% |
| Breach notification (national channel) | 1 | 1 | 0 | 0 | 0 | 100% |
| Cross-border transfer / adequacy (non-EU) | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
ch-nfadp.nfadp-basis |
nFADP / revDSG — revised Federal Act on Data Protection (in force 1 Sept 2023) — Switzerland’s own (GDPR-aligned, not transposing) federal data-protection statute; substantive notice / proportionality / data-subject-rights obligations | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/21-DELEGATED-AUDITABILITY.md |
ch-nfadp.supervisory-authority |
Cooperation with the national supervisory authority (the FDPIC) — records of processing and the demonstrable-accountability account an AI agent's data processing must produce on request | enforced | audit_events: kye.evidence.pack.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md, constitution/31-DATA-GOVERNANCE-PACK.md |
ch-nfadp.breach-notification |
Personal-data breach notification to the FDPIC (and affected individuals) within the GDPR Art. 33/34 window, on the national reporting channel | enforced | audit_events: kye.signal.incident.opened.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
ch-nfadp.adequacy-cross-border |
nFADP cross-border transfer regime — Switzerland is a non-EU country with an EU adequacy decision; transfers to Switzerland and onward require an adequate level of protection or appropriate safeguards | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.tool_call.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/30-AUDIT-WORM-RETENTION.md |