Digitalisation is the collective term applied to the ever more prevalent and indispensable use of information and communications technology in business and civil society. In the simplest scenario, this can mean the one-to-one replacement of manual or paper-based processes by electronic ones. However, the majority of digitalisation projects set out to improve or speed up existing processes, or to usher in new processes that were previously unfeasible or too complex.
Unlike their analogue predecessors, when digitally driven processes change significantly, they change the individual or cooperation-based working methods – or even the job and activity profile – of the affected users, who generally do not have specialist IT skills. The term “digital transformation” is often used in this context to denote that such projects are not purely IT-driven, but are reliant on close interaction between IT and users to define, develop, implement and operate them.
Countries such as Estonia, Latvia, Norway or Sweden have already made a lot of progress on digitalisation at national level, such that business life and administration are largely paperless. Cash has also been displaced by digital payment methods. In Switzerland, conservative public attitudes, high IT security and privacy standards, and the predominance of federalism have created a cautious, heavily phase-driven and fragmented approach, particularly on the part of the authorities and administration. Accordingly, controversy surrounds the debate on schemes such as eID, e-voting or electronic patient records.
Switzerland achieved a major milestone in 2019 when it created the post of Federal Cyber Security Delegate. Moreover, the Digital Switzerland Strategy sets out the framework for digital transformation in Switzerland and adoption is mandatory throughout the Federal Administration. For other stakeholders, such as the cantons, communes, business, science and civil society, the strategy provides guidance intended to further the goal of exploiting the opportunities afforded by digital transformation for the benefit of all. The National Cyberstrategy (NCS) and the National Cyber Security Centre (NCSC), which became a federal office on 1 January 2024, work with the structures surrounding them (Federal Intelligence Service (FIS), State Secretariat for Security Policy, Federal Office for National Economic Supply, etc.) to implement the associated requirements and checks.
It is important for stakeholders to obtain in-depth information on the subject of digitalisation well in advance so that they can contribute their own requirements, concerns and uncertainties to the ongoing debate in an informed and timely way. To avoid addressing the issue because of security concerns would be every bit as imprudent as rolling out digital services with all the serious risks created by insufficient prior reflection and inadequate safeguards.
Authorities, public administrations, etc. must particularly ensure that state and government sovereignty and the national interest are protected at all times in an increasingly competitive and globalised economic and political environment.
If this protection is in place, there are no grounds for existential concern. Failing to exploit the opportunities that digitalisation presents for business and society would be more damaging in the long term than entering into acknowledged and manageable risks in a specific, controlled way. However, the challenge will be to adequately involve all stakeholder groups in a federal environment and to use central requirements and checks to develop viable, appropriate, generally acceptable solutions that can still, if necessary, be implemented decentrally, and then test these solutions in a controlled way, improve them where the need is recognised and then gradually to implement them.
There is an urgent need for action in the following areas and in the following order of priority. We should:
Create a broad understanding, shared by all stakeholder groups, of cyber risks based on risk groups (authorities, critical infrastructure operators, emergency services, etc.), risk scenarios (data flow, service interruptions, etc.) and the interactions between them.
Hold a wide-ranging discussion and agree on a rigorous definition of the principles and limitations of maintaining state sovereignty and “national borders” in the digital space.
Create a sufficiently secure, data protection-compliant and widely accepted digital identity, including an operating organisation for natural persons and legal entities that is commensurate with state sovereignty over these identities. This would create the foundation for a broad range of e-government services provided by the Confederation, cantons and communes.
Embark on the federal-level planning and management of a portfolio of digitalisation projects in authorities and administrations and of corresponding e-government services.
Start defining, testing and managing the processes necessary for effective, widely accepted interaction between public and private-sector players in digitalisation to create and use opportunities for Switzerland as a centre of education and centre of industry.
Keep sight of the need to recognise at an early stage and to compensate for or avoid unacceptably heavy dependencies (e.g. on providers controlled by foreign states) and cumulative risks, including adequate business continuity and recovery planning.
Documents, declarations of intent and the will to adopt digitalisation and securely provide appropriate services are available in adequate measure. However, prompt and visible action is now required. In this context, the Advisory Board recommends coordinating and harmonising planned projects, despite federal framework structures, and, where projects impact the security of the public and the state, to implement the necessary accompanying measures (transparency, public discourse, controlled testing, adequate supervision and continuity planning) promptly, and to steer and monitor the associated projects accordingly.
Digital Switzerland Strategy: www.bakom.admin.ch/bakom/en/homepage/digital-switzerland-and-internet/strategie-digitale-schweiz/digitale-schweiz.html
National Cyberstrategy (NCS): https://www.ncsc.admin.ch/ncsc/en/home/strategie/cyberstrategie-ncs.html
National Cyberstrategy (NCS) implementation plan – Objectives and measures https://www.ncsc.admin.ch/ncsc/en/home/strategie/ziele-massnahmen.html
Level of digitalisation of EU countries according to the Digital Economy and Society Index (DESI) in 2022: de.statista.com/statistik/daten/studie/1243006/umfrage/digitalisierungsgrad-der-eu-laender-nach-dem-desi-index/;
Umberto Annino, Microsoft | Hannes Lubich, Board of Directors and Consultant
Endre Bangerter, BFH | Alain Beuchat, Banque Lombard Odier & Cie SA | Matthias Bossardt, KPMG | Dani Caduff, AWS | Adolf Doerig, Doerig & Partner | Stefan Frei, ETH Zurich | Roger Halbheer, Microsoft | Katja Dörlemann, Switch | Pascal Lamia, BACS | Martin Leuthold, Switch | Luka Malisa, SIX Digital Exchange | Adrian Perrig, ETH Zurich | Raphael Reischuk, Zühlke Engineering AG | Ruedi Rytz, BACS | Riccardo Sibilia, DDPS | Bernhard Tellenbach, armasuisse | Daniel Walther, Swatch Group Services | Andreas Wespi, IBM Research
