Alongside the 2023 revision of Swiss company law where foundations were also inevitably affected, precisely from the perspectives of insolvency and disclosure requirements, as of 2024[1] the foundation law has become more simplified in a quest to provide for more flexibility.

The applicable changes, namely in the context of Articles 84 – 86 of the Swiss Civil Code (CC), could be summarised as follows:

On the other hand, the Swiss Federal Act on Private International Law (PILA) has recently[2] undergone a partial revision from the cross-border succession law perspective with the adoption of amendments on chapter 6 of the Act by the Swiss Parliament in December 2023.

While the date of entry into force of the amendments is yet to be precisely defined, a referendum deadline has been set until 18 April 2024.

The purpose behind the revision is to primarily improve the Act’s alignment with the EU Succession Regulation of 2012, applicable in all the EU Member States as of 2015 – save for Denmark and Ireland.  

With deceased’s last place of residence still serving as the primary connecting criterion, the changes aim at cutting down conflicts of jurisdiction in cases with a cross-border angle, and increasing party autonomy as per choice of applicable law to estate planning.

The changes include:

From a practical perspective, however, the exclusion of Swiss jurisdiction as well as the choice of a national jurisdiction and applicable law must be explicitly stipulated in the testamentary disposition of a testator or testatrix.


[1] See here https://www.fedlex.admin.ch/eli/oc/2022/452/de.

[2] See here https://www.parlament.ch/centers/eparl/curia/2020/20200034/Schlussabstimmungstext%201%20NS%20D.pdf.

The EU Data Act[1] aiming to regulate fair access to and use of data has entered into force in January 2024 following its publication in the Official Journal of the European Union. The Act is set to become applicable across the bloc as of September 2025.

Setting out rules for the use, access, availability and sharing of generated personal and non-personal data, the Act targets manufacturers of connected products and providers of related services irrespective of their place of establishment – all grouped under the umbrella term of ‘data holders’ either in the form of a natural or legal person.

In this context, ‘connected product’ is defined as “an item that obtains, generates or collects data concerning its use or environment and that is able to communicate product data via an electronic communications service, physical connection or on-device access, and whose primary function is not the storing, processing or transmission of data on behalf of any party other than the user”. In addition, the term ‘related services’ refers to “a digital service, other than an electronic communications service, including software, which is connected with the product at the time of the purchase, rent or lease in such a way that its absence would prevent the connected product from performing one or more of its functions, or which is subsequently connected to the product by the manufacturer or a third party to add to, update or adapt the functions of the connected product”.

Distinguished from the term ‘user’, ‘data recipient’ means “a natural or legal person, acting for purposes which are related to that person’s trade, business, craft or profession, other than the user of a connected product or related service, to whom the data holder makes data available, including a third party following a request by the user to the data holder.”

The following elements set out in the Act carry significance:

The Data Act shall be read without prejudice to the EU GDPR, whereby those data access rights granted under the former shall be treated separately from the access rights granted to individuals under the latter.

Lastly, the Act’s inherent extraterritoriality shall carry direct consequences for manufacturers and providers outside the bloc, including Swiss based entities. In other words, any commercial activity falling under the scope of the Act with products and services being offered to the EU market, respectively any engagement in data sharing with stakeholders within the EU would need to undergo necessary due diligence within the set timeframe in order to ensure timely compliance.


[1] See here https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32023R2854&qid=1707924358044.

After over a year from the European Commission’s proposal[i] for a new Cyber Resilience Act for protection of consumers and businesses from (digital) products, which contain inadequate security features, through the introduction of mandatory requirements, a political agreement[ii] has now been reached effective as of 1 December 2023 between the other two legs of the Trilogue, namely the European Parliament and the Council.

The rather comprehensive proposal is set to cover both hardware and software products which may entail varying levels of risk and therefore requiring different security measures. As a result, the type of conformity assessment per product is set to be adapted to respective risk level.

Consequentially, manufacturers of hardware and software, developers and distributors aiming to import and offer their products on the EU market, will essentially have to implement cybersecurity measures across the entire lifecycle of their products, from design and development stages to after placement on the market. Specifically, not only those that are sold to end users and consumers, but also those used in companies for production, sourced as precursors and further processed, or those forming part of supply chains.

Notably, those products that are already covered by other existing EU legislation, such as the scope of the NIS2 Directive, will be excluded.

In this context, compliance with the proposed legislation will essentially be rendered in the form of a CE marking which is an indication confirming that the products sold on the market of the European Economic Area (EEA) have been duly assessed to meet safety, health and environmental protection requirements.

Furthermore, manufacturers will be obliged to provide consumers with a precise length by which a given product would be expected to be utilised.

Applicable to all products that are connected directly or indirectly to another device or network, the proposed legislation will now have to be formally approved and expected to enter into force following its publication on the Official Journal.

Given that the EU serves as the most important sales market for many of the industries and sectors in Switzerland, the direct impact of the proposed legislation on Swiss actors and stakeholders is undeniable. Importantly, the Swiss exporters of those products that could be classified as “critical” within the meaning of the proposed text will have to firstly prove that the related digital components do meet the set security standards and to secondly submit conformity assessments as deemed necessary.


[i] See here https://ec.europa.eu/commission/presscorner/detail/en/IP_22_5374.

[ii] See here https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6168.

The Swiss Federal Council has recently announced[1] the launch of a consultation process effective until 29 November 2023 in order to tighten the existing anti-money laundering rules.

The proposed framework particularly focuses on the identification of legal entities, whereby a mandatory federal (transparency) register is set to be introduced containing information on beneficial owners. The non-public register will be coordinated by the Federal Department of Justice and Police (FDJP) and accessible by competent authorities including financial intermediaries. Notwithstanding, a rather simplified procedure will also be put in place for certain legal forms such as sole proprietorships, foundations, associations as well as limited liability companies.

Furthermore, the monetary threshold for due diligence obligations in the context of trade in precious metals and stones will be significantly lowered from CHF 100,000 to CHF 15,000.

An all inclusive obligation for due diligence will also be introduced for cash payments in real estate business irrespective of the monetary amount involved.

By the end of the consultation period the proposal is expected to be presented at the parliament in early 2024.


[1] See here https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-97561.html.

With more than 750 member firms and 36,000 lawyers across 200+ countries, Nextlaw Referral Network[1] is considered the largest legal referral network in the world. Created by Dentons the network employs a detailed screening system to guarantee the quality of its member firms and has developed proprietary technology to allow members to identify lawyers, legal counsels and advisers at other member firms with jurisdiction-specific appropriate experience where clients need personalised consultancy.


[1] See here for more information: https://www.nextlawnetwork.com/.

The European Parliament (EP) has recently[i] voted to adopt its negotiating position in a plenary session on the Artificial Intelligence (AI) Act.

Essentially following a risk based approach, the discussions over rules span around ensuring that the developments and use of AI applications and systems in Europe would in theory comply with EU rights and values including “human oversight, safety, privacy, transparency, non-discrimination and social and environmental well-being”.

In a nutshell, next to a revised definition of an AI system in line with the OECD version, the proposed to-do list, targeting providers and deployers among other actors, contains the following:

Notably, the ban on “post” remote biometrics identification would be subject to the exception of law enforcement upon prior judicial authorisation in the context of serious crimes.

Furthermore, those generative AI systems based on foundation models, such as ChatGPT, would have to comply with transparency requirements and put in place effective safeguarding mechanisms against illegal content. In the case of use of copyrighted data for training models, detailed summaries would need to be made publicly available. Registration in the EU database will also be obligatory for foundation models.

Importantly, alongside defining responsibilities across AI value chain of various actors involved, the EP proposes the development of non-binding standard contractual clauses to regulate rights and obligations in line with each actor’s level of control in a given value chain.  

Taking into account that the AI Act is set to be also applicable to providers and users of AI systems located outside of the EU – provided that the output produced is intended to be used in the EU, these developments are pivotal for the Swiss market.


[i] See here https://www.europarl.europa.eu/pdfs/news/expert/2023/6/press_release/20230609IPR96212/20230609IPR96212_en.pdf; https://www.europarl.europa.eu/doceo/document/TA-9-2023-0236_EN.html.

The Lucerne cantonal bank (LUKB) has recently[i] joined forces with the digital asset bank Sygnum and two tech companies namely Wyden and Fireblocks for the integration of a multi-faceted solution for the trading, custody and transaction monitoring of crypto assets. 

As a result, LUKB will be able to offer crypto assets to its clients as of the end of this year.

The setup would be an add on to the LUKB’s already existing core banking system and is expected to be implemented in an effective way to enable the offering of a complete automation of the entire crypto asset lifecycle and a seamless user experience (UX). 

This strategic partnership could be seen as an example of the growing presence and active involvement of the canton of lucerne in innovative projects and developments, which in return would further facilitate a supportive environment for start-ups, in particular in the crypto industry. 


[i] See here https://www.luzern-business.ch/de/news/luzerner-kantonalbank-bietet-kuenftig-krypto-anlagen-an-9499.

Following the binding decision of the European Data Protection Board (EDPB) in April 2023[i], the Irish Data Protection Commission (DPC) has announced on 22 May[ii] a fine of EUR 1.2 bn against Meta Platforms Ireland Limited on the grounds of the company’s unlawful transfer of personal data from the EU/EEA to the USA, effectively from July 2020 to date, within the context of provision of its Facebook related services. A 6-month deadline is imposed for suspension of any future transfers, and for either deletion or moving of the already transferred data back to the EU.

The subject matter transfers have been carried out on a systematic, repetitive and continuous manner on the basis of standard contractual clauses (SCC).

The infringement essentially relates to Article 46(1) of the GDPR, whereby “…a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.”

Following the European Commission’s draft adequacy decision in December 2022, the political agenda is already put in place for a new EU – US data privacy framework which is set to enter into force by the end of 2023. In this context, the question remains as to the actual effectiveness of the DPC decision in favour of data privacy given that the set 6-month deadline could in principle be seen as a leeway for the company to delay compliance until the new framework becomes operative.


[i] See here https://edpb.europa.eu/our-work-tools/our-documents/binding-decision-board-art-65/binding-decision-12023-dispute-submitted_en.

[ii] See here https://www.dataprotection.ie/en/news-media/press-releases/Data-Protection-Commission-announces-conclusion-of-inquiry-into-Meta-Irelan

On 3 April the German Finance Ministry announced[i] plans for introducing a Future Finance Act as a stepping stone for a regulatory basis for the issuance of electronic shares on DLT registers.

With tokenisation of bonds and certain funds already made possible under the German Electronic Securities Act (eWpG), cryptographically generated and registered shares is set to be a step further in a quest to better foster and accommodate the start-up atmosphere as well as to effectively facilitate access to the capital market, among other things.

The key elements of the Act are as follows:

“i. Reduction of the minimum capital for an IPO from currently 1.25 million euros to 1 million euros;

ii. Facilitation of investments by institutional investors regarding start-up and growth companies as well as SMEs, alongside better framework conditions for modern types of transactions such as special purpose acquisition companies;

iii. Digitisation of the capital market, namely a possibility to issue shares with electronic securities;

iv. Examination of improved portability of crypto assets;

v. Introduction of shares with multiple voting rights;

vi. Greater digitisation and internationalisation of supervision and supervisory laws;

vii. Incentives to build wealth, particularly through investing in stocks, through changes in the employee savings allowance; and

viii. Tax amendment and simplification of employee capital participation.”

On the other hand, a new law, Law No 8055[ii], has recently been adopted in Luxembourg, applicable as of 23 March, encompassing a set of amendments in the context of collateral and financial instruments alongside a partial integration of the EU DLT Pilot Regime Regulation – allowing for the strengthening of the jurisdiction’s overall DLT strategy.

The new framework essentially targets the law of 2005 on financial collateral arrangements, and brings clarity to the qualification of those financial instruments booked in securities accounts which are held on DLT registers as financial instruments within the meaning of the existing law. As a consequence the collateral arrangements over such financial instruments would also equally be covered by a range of protection mechanisms within the scope of the law of 2005.

In other words, the new law stipulates eligibility within its scope of financial instruments irrespective of “whether these […] are in physical form, dematerialised, transferable by book entry, including securities accounts held within or by means of secure electronic record-keeping mechanisms, including distributed electronic ledgers or databases, or delivery, bearer or registered, endorseable or not and regardless of their governing law.”

Notably, already as of August 2021[iii] Switzerland spearheaded these innovative approaches by amending the existing federal laws in order to effectively accommodate the developments in DLT and DLT -based registers.


[i] See here https://www.bundesfinanzministerium.de/Content/DE/Downloads/Finanzmarktpolitik/2022-06-29-eckpunkte-zukunftsfinanzierungsgesetz.pdf?__blob=publicationFile&v=8.

[ii] See here https://www.chd.lu/fr/dossier/8055; https://wdocs-pub.chd.lu/docs/exped/0133/035/266359.pdf.

[iii] See here https://www.admin.ch/gov/en/start/documentation/media-releases.msg-id-84035.html.


The German Financial Supervisory Authority (BaFin) has on 8 March 2023[i] announced its general stance with respect to the classification of non-fungible token models (NFTs).

Suggesting a strictly case-by-case analysis, BaFin takes a rather conservative approach towards defining NFTs as securities primarily due to lack of immediate exchangeability. In other words, an NFT could potentially be considered a security only in cases where, for instance, a significant number of these tokens would embody identical repayment and interest claims.

Also, if an NFT embodies types of ownership rights such as a promise of distribution, the token could in principle be considered as an investment under the Asset Investments Act (VermAnIG). The mere act of speculation by token holders would, on other hand, not essentially suffice for the NFT in question to assume an investment purpose.

Notably, NFTs can in principle have a potential use in the financial sector, especially in cases where they can be transferable and tradable on the financial market, hence embedding certain security like rights i.e. membership rights or contractual claims similar to stocks and debt instruments. As stipulated by BaFin, “the transferability can be assumed as a given with the current standards […] whereas tradability requires a minimum of standardisation.”

To recap, here the nexus would be the definition of types of rights associated with a given token model alongside the potential utility of those rights after the token issuance.

Taking a stance similar to the draft EU proposal for a Regulation in Markets for Crypto Assets (MiCA), BaFin adopts the position that NFT fragmentation, which would result in fungible tokens each representing an equal share of an NFT, would in theory satisfy the interchangeability feature.

On a different note, France, with the parliamentary voting of 28 February 2023[ii], is set to introduce tighter licensing rules for new entrants to its crypto ecosystem in an attempt to harmonise its national laws in accordance with the upcoming EU laws. Under the existing rules, entities have the option to opt for simplified registration procedures with the l’Autorité des Marchés Financiers (AMF) under less disclosure requirements. Once passed, the new players will be facing stricter anti money laundering (AML) measures, namely clear segregation of customer funds, a new set of reporting guidelines and more detailed risk and conflict of interest related disclosures.

Lastly, the sudden failures and recent regulatory issues in the US financial sector surrounding the three active financial institutions in the cryptocurrency industry, namely Silicon Valley Bank (SVB), Signature Bank and Silvergate Capital, have raised confidence questions and have inevitably spawned ever more volatility in the industry. A simple bank run, where large numbers of depositors withdraw funds simultaneously in fear of potential insolvency, is so far seen as the root cause.

In the context of potential contagion risk, however, questions have also arisen as to whether the banking system in Europe has in general more effective risk management infrastructure and stronger liquidity requirements in place.


[i] See here https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Fachartikel/2023/fa_bj_2303_NFT.html.

[ii] See here https://www2.assemblee-nationale.fr/scrutins/detail/(legislature)/16/(num)/1098.