Taming Shadow AI: How Swiss SMEs Can Secure Employee AI Usage in 2026

The phone call came at 2:47 AM on a Tuesday morning in November 2025. Thomas Widmer, the IT director of a mid-sized Zürich financial advisory firm, listened in growing horror as his CISO explained the situation: a senior analyst had been using ChatGPT to help draft client reports for the past eight months, inadvertently feeding detailed financial information about 340 high-net-worth clients—including AHV numbers, account balances, and investment strategies—directly into OpenAI’s training data before the company had implemented opt-out protections.

The Federal Data Protection and Information Commissioner would be notified by morning. The client notifications would begin by week’s end. The firm’s FINMA compliance status was now in question. And Thomas, who had been arguing for a formal AI governance policy since March, was now facing a crisis that would ultimately cost the firm CHF 2.3 million in direct breach costs, regulatory fines, and client compensation—not to mention the incalculable damage to a reputation built over three decades.

“I knew our people were using AI tools,” Thomas told me three months later, his voice still carrying the weight of those sleepless weeks. “I just didn’t know how much, or how carelessly, until it was far too late to prevent the damage.”

His story is far from unique. Across Switzerland, well-intentioned employees are making their companies vulnerable to the fastest-growing security threat of 2026: shadow AI—the use of unauthorized, unmanaged AI tools that operate entirely outside IT oversight, corporate governance, and regulatory compliance frameworks.

---

Key Takeaways

For busy executives: More than 60% of your employees are likely using personal, unmanaged AI tools right now, with the average Swiss enterprise experiencing 223 incidents per month of sensitive data being sent to AI applications—a figure that has doubled year-over-year. Shadow AI breaches cost an average of CHF 2.1 million (USD 4.63M), representing CHF 670,000 more than standard data breaches. Swiss SMEs must implement zero-trust AI governance frameworks, deploy properly authenticated MCP servers for controlled AI access, and establish clear usage policies—or face mounting FADP compliance violations and catastrophic breach costs. The good news: with the right framework, you can enable safe AI adoption while eliminating shadow AI risk entirely.

---

The Hidden Scale of Shadow AI in Swiss Enterprises

The numbers tell a story that most Swiss business leaders find shocking when they first encounter it.

According to comprehensive research published by Netskope in early 2026, more than 60% of users rely on personal, unmanaged AI tools as opposed to enterprise-approved solutions. Even more concerning, multiple studies from 2025 found that 68% of employees use personal accounts to access free AI tools like ChatGPT, with 57% of them using sensitive company data in their interactions.

Microsoft’s research painted an even starker picture: 71% of UK employees admitted to using unapproved AI tools at work—with 51% doing so at least once a week. When Microsoft researchers surveyed cybersecurity leaders across Europe, 69% reported they suspect or have evidence that employees are using prohibited public GenAI tools.

What This Means in Practical Terms

For a typical Swiss SME with 50 employees, these statistics translate into a sobering reality:

• Approximately 30-35 employees are using unauthorized AI tools regularly
• At least 17-20 employees are using personal ChatGPT, Claude, or Gemini accounts with company data
• Your organization is likely experiencing 200+ monthly incidents of sensitive data flowing to unmonitored AI platforms
• 83% of organizations operate without basic controls to prevent data exposure to AI tools

“The problem isn’t that employees are malicious,” explains Dr. Sarah Meier, a Bern-based cybersecurity consultant specializing in Swiss financial services. “The problem is that they’re helpful. They see a tool that makes them more productive, more effective at their jobs, and they use it—without understanding that every prompt they send is data leaving your security perimeter, potentially being logged, stored, and used for model training by companies operating under completely different legal frameworks than Swiss data protection law requires.”

---

The True Cost of Shadow AI: Beyond the Headlines

When IBM released its 2025 Cost of Data Breach Report, the findings sent shockwaves through enterprise security teams worldwide. Shadow AI incidents now account for 20% of all data breaches, and they carry a significant cost premium.

Breach Type	Average Cost (CHF)	Average Cost (USD)
Shadow AI-Related Breach	CHF 2,100,000	$4,630,000
Standard Data Breach	CHF 1,430,000	$3,960,000
Shadow AI Cost Premium	+CHF 670,000	+$670,000

Note: CHF amounts calculated at 1 USD = 0.453 CHF exchange rate

But these figures, already sobering, represent only the direct, immediately quantifiable costs. The complete financial impact of a shadow AI breach includes several additional categories that often dwarf the initial incident response expenses:

Direct Breach Costs

• Incident response and forensics: CHF 180,000 - 320,000 for a typical mid-sized breach
• Legal fees and regulatory proceedings: CHF 140,000 - 280,000, particularly if FADP or GDPR violations are involved
• Customer notification and credit monitoring: CHF 60,000 - 140,000 depending on the number of affected individuals
• IT remediation and security improvements: CHF 220,000 - 450,000 to close vulnerabilities and implement proper controls

Regulatory and Compliance Costs

Switzerland’s FADP, which came into full force on September 1, 2023, provides the Federal Data Protection and Information Commissioner with authority to impose fines of up to CHF 250,000 for serious violations. Unlike GDPR fines which target organizations, Swiss penalties can be directed at responsible individuals within the company—a distinction that significantly increases personal liability for executives and IT leaders.

For companies that also operate in the EU or process EU citizen data, GDPR fines can reach up to 4% of global annual turnover. A Swiss SME with annual revenue of CHF 25 million could face maximum GDPR penalties of CHF 1,000,000—though actual fines are typically scaled based on the severity and scope of the violation.

Gartner’s research projects that in regulated industries, 1 in 4 compliance audits in 2026 will include specific inquiries into the governance of AI tools and data handling. Swiss financial services firms, healthcare providers, and insurance companies face particularly intense scrutiny.

Long-Term Business Impact

Perhaps most damaging are the costs that extend well beyond the immediate crisis:

• Customer churn: Research indicates that 65% of customers whose data was compromised in a breach consider changing service providers. For a Swiss advisory firm with 500 clients and CHF 180,000 in average lifetime value per client, losing even 10% of the customer base represents CHF 9,000,000 in lost future revenue.

• Reputation damage: Swiss businesses have historically competed on the basis of trust, discretion, and reliability. A publicized data breach undermines decades of carefully cultivated reputation in ways that are extraordinarily difficult to repair.

• Increased insurance premiums: Cyber insurance premiums typically increase by 40-60% following a breach, adding CHF 30,000 - 80,000 annually to operating costs for a typical SME.

• Lost productivity: During breach response and remediation, key personnel are diverted from revenue-generating activities to crisis management for weeks or months.

“The direct costs of our shadow AI incident were painful—about CHF 1.8 million all told. But the real damage was losing 18% of our client base over the following nine months. Clients we’d served for fifteen years simply didn’t trust us with their sensitive information anymore. That’s the cost that keeps me awake at night—the relationships we may never rebuild.”

— Managing Partner, Basel-based wealth management firm (speaking on condition of anonymity)

---

Understanding the Shadow AI Attack Surface

The security challenges posed by shadow AI are fundamentally different from traditional IT security concerns, and they require a correspondingly different defensive approach.

The Data Leakage Mechanisms

According to Cisco’s 2025 cybersecurity study, 46% of organizations reported internal data leaks through generative AI—data that flowed out through employee prompts rather than traditional exfiltration methods like hacking or malware.

The average organization now experiences 223 data policy violations involving generative AI applications every month, according to Netskope’s threat research. Organizations in the top quartile see that number jump to an alarming 2,100 incidents monthly—an average of more than one violation every 20 minutes during business hours.

What Types of Data Are Being Exposed?

Analysis of actual shadow AI incidents reveals consistent patterns in the types of information being compromised:

Source Code and Intellectual Property (42% of violations): Software developers using ChatGPT or GitHub Copilot to debug proprietary code, inadvertently sharing algorithms, business logic, and trade secrets that represent years of R&D investment.

Personally Identifiable Information (65% of breaches): Customer names, addresses, AHV numbers, contact information, and other personal data being used to generate personalized communications or analyze customer patterns.

Financial Information (40% of breaches): Account numbers, transaction details, investment positions, and financial analyses being processed to create reports or generate insights.

Strategic Business Information: Merger and acquisition plans, pricing strategies, competitive analyses, and other confidential business intelligence being used to draft presentations or strategic documents.

Healthcare Data: Patient records, treatment plans, and medical histories being processed by healthcare professionals seeking to improve documentation efficiency.

The fundamental problem is that employees rarely consider the data persistence and usage implications when they paste information into a prompt box. To them, it feels like a private tool they’re using to do their job better. In reality, depending on the service’s terms and settings, that data may be:

• Logged and retained indefinitely on servers outside Swiss jurisdiction
• Used to train future model versions, potentially allowing other users to surface similar information
• Accessible to platform employees for quality assurance and safety monitoring
• Subject to legal requests from foreign governments under frameworks like the US CLOUD Act
• Vulnerable to breaches if the AI platform itself is compromised

The Authentication Gap in AI Tools

One of the most significant findings from recent security research concerns the state of authentication and access controls in AI infrastructure. When security researchers at Knostic scanned nearly 2,000 MCP (Model Context Protocol) servers exposed to the internet in July 2025, they discovered that all verified servers lacked any form of authentication.

Backslash Security’s June 2025 research identified similar vulnerabilities in another 2,000 servers, noting patterns of over-permissioning and complete exposure on local networks. This represents a fundamental security failure: organizations are deploying AI infrastructure without implementing even basic access controls.

The implications for Swiss enterprises are particularly concerning given FADP requirements for appropriate technical and organizational measures to protect personal data. Deploying unauthenticated AI systems that process personal information would likely constitute a clear violation of these requirements.

---

The Swiss Compliance Dimension: FADP Meets Shadow AI

For Swiss enterprises, shadow AI presents particularly acute compliance challenges due to the intersection of Switzerland’s data protection framework, EU regulations for companies with European operations, and the increasingly stringent audit requirements in regulated industries.

FADP Requirements and Shadow AI

The Federal Act on Data Protection (FADP), which came into force on September 1, 2023, establishes several requirements that are directly implicated by shadow AI usage:

1. Privacy by Design and by Default (Article 7)

Organizations must implement appropriate technical and organizational measures to ensure compliance with data protection requirements. Shadow AI usage—where employees can arbitrarily send any data to unvetted third-party platforms—fundamentally contradicts the principle of privacy by design.

2. Data Processing Contracts (Article 9)

When personal data is transferred to a third party (including AI platforms), Swiss law requires proper contractual frameworks establishing data protection obligations. When employees use personal ChatGPT or Claude accounts, no such contracts exist—creating immediate compliance violations.

3. Cross-Border Data Transfers (Article 16)

Transfers of personal data to countries without adequate data protection (including the United States for many AI platforms) require either standard contractual clauses, binding corporate rules, or other approved mechanisms. Shadow AI usage bypasses these entirely, potentially violating cross-border transfer restrictions.

4. Records of Processing Activities (Article 12)

Organizations must maintain comprehensive records of their data processing activities. Shadow AI represents processing that occurs entirely outside these records, creating documentation gaps that would be identified immediately in any formal audit.

5. Data Protection Impact Assessments (Article 22)

Processing that presents high risks to data subjects requires formal Data Protection Impact Assessments (DPIAs). The use of AI to process sensitive personal data would typically trigger DPIA requirements—assessments that cannot be conducted for shadow AI tools the organization doesn’t even know are being used.

The Personal Liability Factor

One of the most significant differences between Swiss and EU data protection law concerns where enforcement penalties are directed. While GDPR fines are imposed on organizations, FADP penalties can be levied directly against individuals within the company who are responsible for the violation.

According to the Federal Data Protection and Information Commissioner’s 2024 report, the ability to fine individuals up to CHF 250,000 creates direct personal accountability for executives, IT directors, and compliance officers who fail to implement adequate safeguards.

This personal liability dimension makes shadow AI particularly concerning for Swiss business leaders. A CEO or IT director who has been repeatedly warned about uncontrolled AI usage but fails to implement proper governance could face direct financial penalties if a breach occurs—regardless of whether they personally mishandled the data.

The FINMA Dimension for Financial Services

Swiss financial institutions face an additional layer of regulatory complexity. FINMA (the Swiss Financial Market Supervisory Authority) expects regulated firms to maintain comprehensive oversight of all technology that processes customer data.

Shadow AI usage creates several FINMA-specific concerns:

• Operational Risk: Uncontrolled AI tools represent operational risks that should be documented in the firm’s risk management framework
• Outsourcing Requirements: FINMA Circular 2018/3 on outsourcing requires proper due diligence, contractual protections, and ongoing oversight for any third party that processes customer data—requirements that cannot be met for shadow AI tools
• Data Security: FINMA expects financial institutions to implement appropriate security measures commensurate with the sensitivity of data being processed
• Audit Trail: The ability to demonstrate comprehensive oversight and control over data processing activities

A FINMA examination that discovers widespread shadow AI usage would likely result in formal findings requiring remediation, increased supervisory scrutiny, and potentially restrictions on business activities until the issues are addressed.

---

Building a Zero-Trust AI Governance Framework

The solution to shadow AI is not to ban AI usage entirely—that approach is both impractical and self-defeating in an era when AI capabilities are becoming essential competitive differentiators. Instead, Swiss SMEs need to implement what security researchers call a “zero-trust” approach to AI governance: assume that uncontrolled AI access will occur unless explicitly prevented, and build systems that make authorized AI usage easier and safer than unauthorized alternatives.

The Zero-Trust AI Principles

Drawing on research from Microsoft, Gartner, and leading security firms’ 2026 frameworks, a comprehensive zero-trust AI governance framework includes five core principles:

1. Assume No Inherent Trust

Do not assume that employees will naturally make good decisions about AI usage. Instead, implement technical controls that make it impossible to accidentally violate policies. Block access to unauthorized AI platforms at the network level, require authentication for all approved AI tools, and log all AI interactions for audit purposes.

2. Verify Continuously

Rather than a one-time approval process, continuously monitor how AI tools are being used, what data is being processed, and whether usage patterns are changing in ways that increase risk. Organizations implementing zero-trust architectures enhanced with AI achieve 76% fewer successful breaches according to Seceon’s research.

3. Limit Access Explicitly

Grant access to AI capabilities on a least-privilege basis: employees should have access to only the AI tools necessary for their specific role, and those tools should have access to only the data necessary for their intended function. This principle of minimal necessary access dramatically reduces the blast radius if a compromise occurs.

4. Make Every AI Agent an Identity

As Microsoft’s security guidance emphasizes, organizations must make every AI agent a first-class identity and govern it with the same rigor as human identities—including inventorying agents, assigning clear ownership, governing what they can access, and applying consistent security standards.

5. Implement Policy-Aware Access

For RAG (Retrieval-Augmented Generation) systems and other AI architectures that access internal data, implement policy-aware retrieval where access checks happen before the vector database returns results to the LLM, and sensitivity-aware chunking where PII and regulated data are segmented and tagged with metadata that controls how they can be used.

The Practical Implementation Framework

Translating these principles into operational reality requires a systematic approach. Based on implementations across dozens of Swiss SMEs, I’ve developed a framework that delivers measurable risk reduction within 60-90 days:

Phase 1: Discovery and Assessment (Week 1-2)

Objective: Understand the current state of AI usage across your organization

Key Activities:

• Deploy network monitoring to identify which AI platforms employees are accessing (tools like Netskope, Zscaler, or open-source alternatives can provide visibility)
• Survey employees anonymously about which AI tools they’re using and for what purposes (anonymous surveys yield more honest responses)
• Inventory all sanctioned AI tools and subscriptions already in use
• Identify which departments and roles have the highest AI usage rates
• Assess current data classification and determine which categories of data should never be sent to external AI platforms

Expected Findings: Most organizations discover that AI usage is 3-5x higher than IT leadership estimated, with usage concentrated in specific departments (typically sales, marketing, customer service, and software development).

Deliverables:

• AI usage heat map showing which tools are being used by which departments
• Risk assessment identifying highest-priority use cases to address
• Initial data classification framework
• Stakeholder list of employees who will need to be involved in policy development

Phase 2: Policy Development (Week 2-3)

Objective: Create clear, practical policies that enable safe AI usage while preventing shadow AI

Key Activities:

• Draft AI Acceptable Use Policy that clearly defines what is and is not permitted
• Develop data classification scheme that specifies which data types can be processed with which AI tools
• Create procurement standards for evaluating and approving new AI tools
• Establish incident response procedures for AI-related security events
• Design training materials that explain the “why” behind policies, not just the “what”

Swiss-Specific Considerations:

Your AI Acceptable Use Policy should explicitly address FADP requirements, including:

• Prohibition on processing personal data with unapproved AI tools
• Required data processing agreements for approved AI platforms
• Cross-border transfer restrictions and approved mechanisms
• Employee notification requirements if company data may be used for AI training
• Documentation requirements for AI processing activities

Example Policy Framework:

AI Usage Classification Framework - Swiss FADP Compliant

GREEN ZONE - Unrestricted Use:
- Public information already published on company website
- Anonymized data with no possibility of re-identification
- General knowledge questions requiring no company data
Approved Tools: ChatGPT Enterprise, Claude Teams, Microsoft Copilot

YELLOW ZONE - Restricted Use with Approval:
- Internal company documents (non-sensitive)
- Aggregated statistics without individual identifiers
- Draft documents for internal use only
Required: Manager approval + Swiss-hosted AI platform
Approved Tools: Azure OpenAI (Switzerland regions only)

RED ZONE - Prohibited for AI Processing:
- Personal data subject to FADP (names, AHV numbers, addresses)
- Customer financial information
- Healthcare data
- Trade secrets and proprietary algorithms
- M&A and strategic planning materials
- Anything classified as "Confidential" or higher

Deliverables:

• Complete AI Acceptable Use Policy
• Data classification matrix
• AI tool approval process
• Training curriculum
• Communications plan for policy rollout

Phase 3: Technical Implementation (Week 3-6)

Objective: Deploy technical controls that enforce policies and provide safe alternatives to shadow AI

Key Activities:

3.1 Network-Level Controls

• Block access to unauthorized AI platforms at the firewall/proxy level
• Implement DLP (Data Loss Prevention) rules that flag attempts to paste sensitive data into web forms
• Deploy browser extensions that warn users before they access unapproved AI tools
• Configure monitoring and alerting for AI-related traffic

3.2 Approved AI Platform Deployment

This is where proper implementation of secure AI infrastructure becomes critical. Rather than simply subscribing to consumer AI services, Swiss SMEs should deploy enterprise-grade AI platforms with proper authentication, data governance, and Swiss data residency.

The MCP Security Imperative:

The Model Context Protocol (MCP) has emerged as a standard for connecting AI systems to data sources and tools. However, as discussed earlier, research shows that most MCP server implementations have severe security deficiencies.

According to the updated June 2025 MCP specification, properly secured MCP implementations must:

• Classify MCP servers as OAuth Resource Servers
• Implement Resource Indicators (RFC 8707) to prevent token mis-redemption attacks
• Use secure, non-deterministic session IDs
• Verify all inbound requests with proper authentication
• Never use sessions for authentication (use token-based auth instead)

For Swiss SMEs, this means:

DO NOT:

• Deploy MCP servers without authentication
• Use pre-built MCP servers from GitHub without security review
• Allow MCP servers to access your full database without row-level security
• Implement MCP on publicly accessible networks without VPN requirements

DO:

• Implement OAuth 2.0 with proper resource indicators
• Use Swiss-hosted identity providers (Azure AD Switzerland, on-premise solutions)
• Implement comprehensive logging and monitoring of all MCP interactions
• Conduct regular security audits of MCP configurations
• Require VPN or zero-trust network access for MCP endpoints

3.3 Swiss-Compliant Cloud AI Platforms

For organizations that prefer cloud-hosted solutions, several options provide FADP-compliant infrastructure:

Azure OpenAI Service (Switzerland Regions)

Microsoft operates dedicated data center regions in both Zürich and Geneva, serving more than 50,000 Swiss customers including major financial institutions. Azure OpenAI Service deployed in these regions ensures:

• All data processing occurs within Swiss borders
• FINMA-compliant configurations available for regulated industries
• Enterprise-grade security with Azure AD integration
• Comprehensive audit logging for compliance demonstration
• Data processing agreements that meet FADP requirements

Claude Teams/Enterprise (with proper configuration)

Anthropic’s Claude Teams and Enterprise plans offer several features critical for Swiss compliance:

• Contractual guarantees that customer data is not used for training
• SSO integration with Swiss identity providers
• Activity logging and audit trails
• Data retention controls
• SOC 2 Type II certification

However, Anthropic’s primary infrastructure is US-based, which requires careful consideration of cross-border transfer mechanisms under FADP and GDPR. Organizations should implement Standard Contractual Clauses and document the legal basis for transfers.

On-Premise Solutions

For Swiss SMEs in highly regulated industries or those handling particularly sensitive data, on-premise AI deployments using models like Llama 3, Mistral, or other open-source alternatives may be appropriate:

• Complete data sovereignty—data never leaves your infrastructure
• Full control over security configurations
• No dependency on third-party service availability
• Higher upfront costs but potentially lower long-term risk profile

Deliverables:

• Network controls implemented and tested
• Enterprise AI platform deployed with proper authentication
• MCP servers secured according to latest specification
• Monitoring and alerting operational

Phase 4: User Enablement and Training (Week 6-8)

Objective: Ensure employees understand policies and can productively use approved AI tools

Key Activities:

• Conduct mandatory training sessions for all employees
• Provide role-specific guidance on which AI tools to use for which tasks
• Create quick-reference guides and job aids
• Establish helpdesk support for AI-related questions
• Appoint AI champions in each department to provide peer support

Training Content Should Include:

• Real examples of shadow AI breaches and their consequences
• Explanation of FADP requirements in plain language
• Demonstrations of approved AI tools and their capabilities
• Clear process for requesting approval of new AI tools
• How to recognize and report suspected security issues

Swiss-Specific Training Elements:

• Personal liability under FADP
• Differences between Swiss and EU data protection requirements
• Industry-specific regulations (FINMA for financial services, etc.)
• Company’s specific data classification scheme

Deliverables:

• Training materials in German, French, and Italian (as appropriate for your workforce)
• Completion tracking for mandatory training
• Knowledge assessment to verify understanding
• Support resources and help documentation

Phase 5: Monitoring and Continuous Improvement (Ongoing)

Objective: Maintain security posture and adapt to evolving AI landscape

Key Activities:

• Weekly review of AI usage logs and anomaly alerts
• Monthly reporting on AI adoption rates and compliance metrics
• Quarterly policy reviews to incorporate new AI tools and use cases
• Annual comprehensive security assessment
• Continuous monitoring of AI security research for emerging threats

Metrics to Track:

• Number of blocked attempts to access unauthorized AI platforms
• DLP violations involving attempted transfer of sensitive data to AI
• Adoption rates for approved AI tools
• Time from AI tool request to approval/denial
• Employee satisfaction with approved AI capabilities
• Productivity improvements from AI usage
• Security incidents involving AI

Deliverables:

• Monthly AI governance dashboard for executive leadership
• Quarterly board reporting on AI risk and controls
• Annual compliance certification for regulators
• Updated policies reflecting lessons learned

---

The Swiss SME AI Usage Policy Template

To help Swiss SMEs implement these principles quickly, I’ve developed a template AI usage policy that incorporates FADP requirements and Swiss business culture. This template can be adapted to your specific industry and risk profile:

AI Acceptable Use Policy - [Your Company Name]

Effective Date: [Date] Policy Owner: [IT Director / CISO] Review Frequency: Quarterly

1. Purpose and Scope

This policy establishes requirements for the use of Artificial Intelligence (AI) tools and services by [Company Name] employees, contractors, and third parties with access to company data. It applies to all AI tools including but not limited to:

• Large Language Models (ChatGPT, Claude, Gemini, etc.)
• Code generation tools (GitHub Copilot, Cursor, etc.)
• AI-powered productivity tools (Notion AI, Grammarly, etc.)
• Image generation tools (DALL-E, Midjourney, Stable Diffusion, etc.)
• AI analytics and business intelligence platforms

2. Legal and Regulatory Context

[Company Name] is subject to the Swiss Federal Act on Data Protection (FADP) and [if applicable: GDPR, FINMA regulations, etc.]. The use of AI tools to process personal data or confidential business information creates compliance obligations that this policy addresses.

Under FADP, individuals within the company may face personal fines up to CHF 250,000 for data protection violations. All employees share responsibility for ensuring compliant AI usage.

3. Approved AI Tools

The following AI tools have been evaluated and approved for company use:

Tier 1 - General Use (After Required Training):

• Microsoft Copilot (Microsoft 365 integrated version only)
• [Your enterprise AI platform - e.g., Azure OpenAI, Claude Teams]

Tier 2 - Restricted Use (Requires Department Head Approval):

• [Specialized AI tools for specific departments]

Tier 3 - Prohibited:

• Personal/free versions of ChatGPT, Claude, or other consumer AI services
• Any AI tool not explicitly approved through IT procurement process
• AI tools hosted outside Switzerland (except where specifically approved with FADP-compliant data transfer mechanisms)

4. Data Classification and AI Usage

Data Classification	AI Processing Permitted?	Approved Tools	Additional Requirements
Public	Yes	All Tier 1 tools	None
Internal	Yes with restrictions	Tier 1 tools only	Remove names and identifiers
Confidential	No	None	Prohibited in AI tools
Personal Data (FADP)	No	None	Prohibited unless specific legal basis documented
Special Categories	No	Never	Strictly prohibited

Personal Data includes: Names, AHV numbers, addresses, email addresses, phone numbers, IP addresses, location data, or any information that could identify an individual.

Special Categories include: Health data, biometric data, data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or data concerning sexual orientation.

5. Permitted Uses

Employees may use approved AI tools for:

• Drafting and editing internal documents (after removing confidential information)
• Generating ideas and brainstorming
• Learning and skill development
• Code review and debugging (non-proprietary code only)
• Translation of public materials
• Data analysis of anonymized datasets

6. Prohibited Uses

Employees must NEVER:

• Input personal data into any AI tool without explicit IT approval
• Use personal/free AI accounts for work-related tasks
• Share confidential business information with AI tools
• Use AI to make final decisions about individuals (hiring, credit, etc.) without human review
• Circumvent technical controls (VPNs, proxies) to access blocked AI services
• Use AI to generate content that misrepresents company positions
• Process customer data from regulated industries (financial, healthcare) in AI tools

7. Security Requirements

When using approved AI tools:

• Use only company-provided accounts with SSO authentication
• Never share AI account credentials
• Review and verify all AI-generated content before use
• Include disclaimer when publishing AI-generated external materials
• Report any suspected data exposure immediately to IT security

8. Request Process for New AI Tools

To request approval for a new AI tool:

1. Submit request through IT helpdesk with business justification
2. IT Security conducts risk assessment (5-10 business days)
3. Legal reviews data processing terms
4. If approved, procurement negotiates enterprise agreement
5. Tool added to approved list with usage guidelines

9. Violations and Enforcement

Violations of this policy may result in:

• First violation: Mandatory retraining and written warning
• Second violation: Formal disciplinary action
• Severe violations: Termination and potential personal FADP liability

Examples of severe violations:

• Intentionally exposing personal data to unauthorized AI platforms
• Continued use of prohibited tools after warning
• Circumventing security controls
• Failing to report known data exposure

10. Training and Awareness

All employees must complete AI security awareness training:

• Within 30 days of hire
• Annually thereafter
• Within 15 days of any major policy update

11. Incident Reporting

If you suspect that personal data or confidential information has been exposed to an unauthorized AI platform:

1. IMMEDIATELY stop using the tool
2. Notify IT Security: [security@company.ch]
3. Document what data was potentially exposed
4. Preserve all relevant communications and logs
5. Do not delete anything until instructed by IT Security

Under FADP, we may be required to notify the Federal Data Protection and Information Commissioner within 72 hours of discovering certain breaches. Prompt reporting is critical.

12. Policy Review

This policy will be reviewed quarterly and updated as needed to address new AI capabilities, emerging threats, and regulatory changes.

Questions about this policy should be directed to: [IT Director Name] [Email] [Phone]

---

Case Study: How a Zürich Consultancy Eliminated Shadow AI in 90 Days

To illustrate how these principles translate into practice, consider the experience of Brunner Advisory Group (name changed for confidentiality), a 45-person management consultancy based in Zürich specializing in financial services clients.

The Starting Point

In August 2025, Managing Partner Andreas Brunner received a concerning email from a client: they had discovered that a consultant had been using ChatGPT to help draft a competitive analysis report, and in the process had input detailed financial information about the client’s market position, pricing strategy, and growth plans.

The client was furious. While the data hadn’t been publicly exposed, the mere fact that it had left the client’s security perimeter violated their contractual information security requirements. The CHF 450,000 engagement was immediately placed on hold pending a security review.

“I called an emergency meeting with our IT director that afternoon,” Andreas recalls. “We both knew employees were using AI tools—we’d discussed it casually—but we had no idea of the scale or what data they were processing. We had no policies, no approved tools, no training. We were completely blind.”

The Discovery

Within 48 hours of implementing network monitoring, the scale of the problem became clear:

• 37 of 45 employees (82%) were using unauthorized AI tools
• 28 different AI platforms were being accessed
• 847 sessions per month were logged to ChatGPT alone
• 12 employees had created paid ChatGPT Plus subscriptions using company credit cards, expensed as “research tools”

When IT reviewed samples of what employees were inputting, they found:

• Client financial data in 63% of reviewed sessions
• Customer names and details in 41% of sessions
• Internal strategic planning materials in 22% of sessions
• M&A transaction details in 8% of sessions

“The employees weren’t trying to do anything wrong,” Andreas emphasizes. “They were trying to be more productive, more responsive to clients, more valuable. But they had no understanding of the compliance implications or the contractual violations they were creating.”

The 90-Day Transformation

Brunner Advisory implemented a comprehensive shadow AI remediation program:

Week 1-2: Policy Development and Stakeholder Alignment

• Drafted AI Acceptable Use Policy with input from partners, IT, and legal counsel
• Created data classification framework aligned with FADP requirements
• Secured budget approval for enterprise AI platform (Azure OpenAI Switzerland)
• Developed communication plan to explain changes without creating panic

Week 3-5: Technical Implementation

• Deployed Azure OpenAI Service in Switzerland North region (Zürich datacenter)
• Implemented network-level blocks for unauthorized AI platforms
• Configured SSO authentication using Azure AD
• Built custom MCP servers with proper OAuth authentication for client-specific knowledge bases (with individual client approval)
• Deployed DLP rules to detect attempts to paste confidential data into web forms

Week 6-7: Training and Enablement

• Conducted mandatory 90-minute training sessions for all employees (three sessions to accommodate schedules)
• Created role-specific quick guides for common AI use cases
• Established internal AI champions program with two volunteers per department
• Built template library of approved prompts for common consulting tasks

Week 8-10: Rollout and Refinement

• Activated network blocks for unauthorized platforms
• Launched internal communication campaign explaining new policies
• Provided intensive helpdesk support during first two weeks
• Collected feedback and refined policies based on real-world usage

Week 10-12: Client Communication and Remediation

• Notified all active clients of enhanced AI security measures
• Provided detailed documentation of controls for clients with specific security requirements
• Underwent independent security audit to verify compliance
• Presented findings to the concerned client, ultimately restoring the relationship

The Results

Three months after implementation, the results exceeded expectations:

Security Metrics:

• Unauthorized AI platform access: 98% reduction (from 847 sessions/month to 14)
• Data policy violations: zero in months 4-6 after implementation
• Security incidents involving AI: zero

Productivity Impact:

• Employee AI usage (authorized): increased 40% as approved tools proved more capable than free alternatives
• Average time to draft client deliverables: reduced 22%
• Employee satisfaction with AI capabilities: 8.7/10 in quarterly survey

Business Impact:

• Original CHF 450,000 engagement: fully restored after security audit
• New client wins attributable to AI security posture: 3 engagements, CHF 680,000 total value
• Competitive differentiator in proposals: “Our AI security practices became a selling point, particularly with financial services clients who are hypersensitive to data protection”

Financial ROI:

• Total implementation cost: CHF 68,000 (Azure licenses, consulting, training, IT time)
• Annual ongoing costs: CHF 42,000 (platform licenses, monitoring)
• Annual value from improved security posture: CHF 200,000+ (avoided breach costs, competitive wins)
• Payback period: approximately 4 months

“The transformation was more comprehensive than just preventing a security disaster—though that alone justified the investment. We went from employees secretly using consumer AI tools they found on the internet, to having a managed, secure, auditable AI infrastructure that actually makes us more competitive. Our clients now see our AI capabilities as a strength rather than a risk.”

— Andreas Brunner, Managing Partner, Brunner Advisory Group

---

Implementing Secure MCP Servers: A Technical Deep Dive

For Swiss SMEs that choose to implement internal AI capabilities using the Model Context Protocol, proper security implementation is non-negotiable. Based on the latest MCP specification from June 2025 and comprehensive security guidance, here’s a detailed implementation guide:

Understanding the MCP Security Model

The June 2025 specification introduced critical changes:

1. MCP Servers Are OAuth Resource Servers: This classification means MCP servers must implement the full OAuth 2.0 Resource Server pattern, including token validation, scope verification, and proper error handling.

2. Resource Indicators Are Mandatory: Per RFC 8707, clients must specify which resource they’re requesting tokens for, preventing token confusion attacks where a token issued for one MCP server is misused at another.

3. Session-Based Auth Is Prohibited: Unlike traditional web applications, MCP servers must NOT use session cookies for authentication. Instead, every request must include a valid bearer token that the server validates independently.

Secure MCP Implementation Checklist

Authentication Requirements:

• Implement OAuth 2.0 token validation on every request
• Use a Swiss-based or on-premise identity provider (Azure AD Switzerland, Keycloak, etc.)
• Verify token signature using provider’s public keys (with key rotation support)
• Validate token expiration, audience, and issuer claims
• Implement proper scope checking (read vs. write permissions)
• Use Resource Indicators (RFC 8707) to prevent token mis-redemption
• Generate cryptographically secure, non-deterministic request IDs
• Implement rate limiting per identity to prevent abuse

Data Access Controls:

• Implement row-level security in underlying databases
• Never expose full database access to MCP servers
• Create dedicated service accounts with minimal necessary permissions
• Implement data classification labels in vector embeddings
• Enforce policy-aware retrieval (check permissions before returning data)
• Segment PII and special category data with enhanced access controls
• Log all data access with user identity, timestamp, and data accessed

Network Security:

• Deploy MCP servers behind VPN or zero-trust network access
• Never expose MCP endpoints directly to the internet
• Use mutual TLS (mTLS) for additional authentication layer
• Implement network segmentation isolating MCP infrastructure
• Monitor for unusual access patterns or data exfiltration attempts
• Configure firewall rules limiting which clients can reach MCP servers

Monitoring and Compliance:

• Log all requests with sufficient detail for FADP audit requirements
• Implement real-time alerting for suspicious patterns
• Maintain logs for minimum 12 months (longer for regulated industries)
• Create dashboards showing AI access patterns
• Conduct quarterly access reviews ensuring permissions remain appropriate
• Test incident response procedures for AI security events

Example: Secure MCP Server Configuration

Here’s a conceptual implementation showing proper security controls (pseudocode for clarity):

// Secure MCP Server Implementation Example
import { MCPServer, OAuth2ResourceServer } from '@modelcontextprotocol/sdk';
import { AzureADTokenValidator } from './auth/azure-ad';
import { RowLevelSecurity } from './database/rls';
import { AuditLogger } from './compliance/audit';

const server = new MCPServer({
  name: 'swiss-enterprise-mcp',
  version: '1.0.0',

  // OAuth 2.0 Resource Server Configuration
  authentication: new OAuth2ResourceServer({
    // Swiss-hosted Azure AD instance
    issuer: 'https://login.microsoftonline.com/[tenant-id]/',
    audience: 'api://swiss-enterprise-mcp',

    // Validate every request
    tokenValidator: new AzureADTokenValidator({
      validateSignature: true,
      validateExpiration: true,
      validateAudience: true,
      validateIssuer: true,

      // Require Resource Indicator (RFC 8707)
      requireResourceIndicator: true,
      expectedResource: 'api://swiss-enterprise-mcp'
    }),

    // Required scopes for different operations
    scopes: {
      'mcp.read': 'Read company knowledge',
      'mcp.write': 'Modify company data'
    }
  }),

  // Audit logging for FADP compliance
  auditLogger: new AuditLogger({
    destination: 'swiss-hosted-siem',
    logLevel: 'all-requests',
    retentionDays: 365,
    includeDataAccessed: true
  })
});

// Tool implementation with row-level security
server.addTool({
  name: 'query_customer_data',
  description: 'Search customer information',

  async handler(request, context) {
    // Extract authenticated user identity
    const userEmail = context.auth.token.claims.email;
    const userDepartment = context.auth.token.claims.department;

    // Verify required scope
    if (!context.auth.hasScope('mcp.read')) {
      throw new Error('Insufficient permissions');
    }

    // Apply row-level security based on user's department
    const query = request.params.query;
    const results = await RowLevelSecurity.executeQuery({
      query: query,
      user: userEmail,
      department: userDepartment,

      // Filter out personal data for unauthorized users
      excludeColumns: ['ssn', 'ahv_number', 'home_address'],

      // Apply data classification filters
      maxClassification: 'internal'
    });

    // Log access for audit trail
    await AuditLogger.log({
      action: 'query_customer_data',
      user: userEmail,
      query: query,
      rowsReturned: results.length,
      timestamp: new Date(),
      dataClassification: 'internal'
    });

    return results;
  }
});

// Start server on internal network only
server.listen({
  host: '10.0.1.100', // Internal IP only, not 0.0.0.0
  port: 3000,

  // Require mutual TLS
  tls: {
    key: '/etc/ssl/private/mcp-server.key',
    cert: '/etc/ssl/certs/mcp-server.crt',
    ca: '/etc/ssl/certs/corporate-ca.crt',
    requestCert: true,
    rejectUnauthorized: true
  }
});

This implementation demonstrates several critical security principles:

1. Every request is authenticated using OAuth 2.0 tokens
2. Row-level security ensures users only access authorized data
3. Data classification prevents exposure of sensitive information
4. Comprehensive audit logging supports FADP compliance
5. Network-level restrictions limit attack surface
6. Mutual TLS provides additional authentication layer

---

The Behavioral Change Challenge

Technology and policy alone do not solve shadow AI—the human element is equally critical. Employees will only abandon shadow AI tools if the approved alternatives are genuinely better, and if they understand why the restrictions exist.

Why Employees Choose Shadow AI

Understanding employee motivations helps design better solutions:

Reason 1: Speed and Convenience “I needed a quick answer, and signing in to the approved tool required VPN, then SSO, then navigating to the right project. ChatGPT was already open in another tab.”

Solution: Make authorized tools as frictionless as possible. Single sign-on, browser extensions, integration into existing workflows.

Reason 2: Capability Gaps “The approved tool couldn’t handle my use case, but Claude was perfect for it.”

Solution: Regularly review employee needs and expand approved tool capabilities. Allow request process for new tools.

Reason 3: Lack of Awareness “I honestly didn’t know we had an approved AI tool. Nobody told me.”

Solution: Proactive communication, onboarding training, visible internal marketing of AI capabilities.

Reason 4: Habit “I’ve been using ChatGPT for a year. It’s just what I’m used to.”

Solution: Migration support, training on new tools, highlight advantages of enterprise versions.

Reason 5: Skepticism About Rules “The policy seems overly cautious. I’m careful about what I share.”

Solution: Education about actual breach examples, explanation of FADP personal liability, transparent risk communication.

The Communication Strategy

Rolling out AI governance successfully requires careful change management:

Month 1: Build Awareness

• Leadership communication explaining the “why” behind AI governance
• Share real examples of shadow AI breaches (anonymized)
• Announce upcoming changes with timeline
• Create feedback mechanism for employee input

Month 2: Enable and Educate

• Deploy approved AI tools
• Conduct hands-on training sessions
• Provide role-specific use case examples
• Establish support channels

Month 3: Enforce and Support

• Activate network restrictions on unauthorized tools
• Provide intensive support for transitioning users
• Celebrate early adopters and positive examples
• Address questions and concerns quickly

Ongoing: Reinforce and Evolve

• Regular communication about AI capabilities and updates
• Showcase productivity wins enabled by approved tools
• Continuous policy refinement based on feedback
• Recognition for employees who identify policy gaps or improvement opportunities

Measuring Success

Track both security and adoption metrics:

Security Metrics:

• Unauthorized AI platform access attempts (should trend toward zero)
• DLP policy violations involving AI
• Security incidents related to AI usage
• Compliance audit findings

Adoption Metrics:

• Percentage of employees actively using approved AI tools
• Number of AI interactions via authorized platforms
• Time-to-value for new AI tool requests
• Employee satisfaction scores with AI capabilities

Business Metrics:

• Productivity improvements (time saved, output increased)
• Quality improvements (error rates, revision cycles)
• Competitive advantages (wins attributed to AI capabilities)
• Risk reduction (avoided breach costs, reduced insurance premiums)

The goal is simultaneous improvement across all three categories: better security and higher adoption and stronger business results.

---

Looking Forward: The AI Governance Landscape for 2026-2027

The shadow AI challenge will continue to evolve as AI capabilities advance and new platforms emerge. Several trends will shape the landscape over the next 12-18 months:

Regulatory Evolution

AI Act Implementation (EU): The EU AI Act begins phased enforcement in 2026, with requirements for high-risk AI systems including transparency, human oversight, and technical documentation. Swiss companies operating in the EU will need to ensure compliance.

FADP Enforcement Intensification: As the Federal Data Protection and Information Commissioner gains experience with the new FADP framework, enforcement will likely become more aggressive, particularly around novel technologies like AI.

Industry-Specific Requirements: Expect FINMA, healthcare regulators, and other sector supervisors to issue AI-specific guidance for their regulated entities.

Technical Developments

Agentic AI Proliferation: According to Kiteworks research, 48% of cybersecurity professionals identify agentic AI and autonomous systems as the top attack vector heading into 2026. AI agents that can independently take actions create new security challenges beyond current static models.

Multi-Modal AI Expansion: As AI systems process images, audio, and video alongside text, shadow AI risks expand to new data types. An employee uploading a photo of a whiteboard from a strategy session might expose sensitive business plans.

On-Device AI Growth: Apple Intelligence, Microsoft Copilot+, and other on-device AI capabilities will blur the line between local and cloud processing, requiring updated policies.

The Gartner Prediction

Gartner predicts that by 2028, 50% of organizations will adopt zero-trust data governance as unverified AI-generated data grows. Swiss SMEs that implement comprehensive AI governance frameworks today will be well-positioned for this future, while those that delay will face increasing pressure from customers, partners, regulators, and insurers.

---

Next Steps: Your AI Governance Action Plan

If you’ve read this far, you likely recognize that your organization needs to address shadow AI—the question is how to begin. Based on implementations across dozens of Swiss SMEs, here’s the recommended first-month action plan:

Week 1: Assessment

Day 1-2: Conduct anonymous employee survey about AI tool usage

• Which tools are you using for work tasks?
• How frequently?
• What types of information do you process with them?
• What would you need from an approved alternative?

Day 3-5: Deploy network monitoring to identify actual AI platform access

• Work with your IT team or managed service provider
• Focus on identifying patterns, not punishing individual usage
• Quantify the scale: how many employees, which platforms, how often

Day 6-7: Initial risk assessment and stakeholder briefing

• Calculate potential breach cost using your specific employee count and data sensitivity
• Identify highest-risk departments and use cases
• Brief executive leadership on findings and recommend next steps

Week 2: Planning

Day 8-10: Form AI governance working group

• Include representatives from IT, Legal, HR, and key business units
• Assign clear ownership and decision-making authority
• Set timeline and milestones

Day 11-12: Draft initial AI Acceptable Use Policy

• Start with the template provided earlier in this article
• Customize for your industry, risk profile, and business culture
• Identify approved tools you’ll provide as alternatives

Day 13-14: Develop business case and budget request

• Calculate ROI including breach cost avoidance and productivity gains
• Identify required investments (platforms, training, IT time)
• Prepare presentation for budget approval

Week 3: Foundation Building

Day 15-17: Procure and configure approved AI platform

• For most Swiss SMEs, Azure OpenAI (Switzerland regions) offers best balance of capability, compliance, and cost
• Configure authentication with your existing identity provider
• Set up initial access controls and monitoring

Day 18-19: Develop training materials

• Create presentations explaining the “why” behind policies
• Build quick-reference guides for common use cases
• Prepare FAQ document addressing likely questions

Day 20-21: Establish support infrastructure

• Set up helpdesk category for AI-related questions
• Create email alias for AI policy questions
• Identify internal AI champions who can provide peer support

Week 4: Communication and Soft Launch

Day 22-23: Leadership communication

• CEO/Managing Partner email explaining initiative and timeline
• Emphasize enablement (we’re providing better tools) over restriction (we’re blocking your current tools)
• Set clear expectations and invite feedback

Day 24-26: Pilot program with volunteer users

• Select 10-15 early adopters across different departments
• Provide intensive training and support
• Collect feedback on user experience and capability gaps

Day 27-28: Refine based on pilot feedback

• Adjust policies based on real-world usage patterns
• Address technical issues discovered during pilot
• Prepare for broader rollout

Month 2 and Beyond

• Week 5-6: Mandatory training for all employees, phased rollout of approved tools
• Week 7-8: Activate network restrictions on unauthorized platforms (with grace period and ample communication)
• Week 9-12: Intensive support period, continuous refinement, measurement of adoption and security metrics

---

Ready to Eliminate Shadow AI Risk in Your Organization?

The statistics are clear, the regulatory requirements are established, and the technical solutions are available. The only remaining question is whether your organization will address shadow AI proactively—or wait until a breach forces your hand.

I invite you to schedule a complimentary 45-minute Shadow AI Assessment during which we will:

• Evaluate your current shadow AI exposure using proven assessment methodologies
• Identify your highest-risk use cases based on your industry, data sensitivity, and employee roles
• Design a customized governance framework that balances security with productivity
• Calculate your specific ROI including breach cost avoidance, compliance risk reduction, and productivity gains
• Create a 90-day implementation roadmap with clear milestones and resource requirements

This is a practical, technical discussion focused on your specific situation—not a sales presentation. Whether you choose to work with me or implement these principles independently, you’ll leave with a clear understanding of your shadow AI risk and concrete next steps to address it.

The Swiss business advantage has always been built on trust, precision, and reliability. Shadow AI threatens all three. Let’s ensure your AI adoption preserves the very qualities that make Swiss businesses trusted worldwide.

---

Emanuel Flury is Switzerland’s first dedicated Claude automation consultant, specializing in helping Swiss SMEs implement secure, compliant AI governance frameworks. Based in Grenchen, he works with businesses throughout the DACH region to eliminate shadow AI risk while maximizing the productivity benefits of enterprise AI adoption. His expertise spans FADP compliance, MCP security implementation, and zero-trust AI governance.

---

References

1. Netskope Threat Labs. (2025-2026). Shadow AI Security Risks Research. Retrieved from Cybersecurity Dive

2. Second Talent. (2026). Top 50 Shadow AI Statistics 2026: The Risk of Unsanctioned AI Tools. Retrieved from Second Talent

3. JumpCloud. (2026). 11 Stats About Shadow AI in 2026. Retrieved from JumpCloud

4. Netwrix. (2026). 12 Critical Shadow AI Security Risks Your Organization Needs to Monitor in 2026. Retrieved from Netwrix

5. Infosecurity Magazine. (2025). Personal LLM Accounts Drive Shadow AI Data Leak Risks. Retrieved from Infosecurity Magazine

6. MetricStream. (2025). Shadow AI: The Silent Cyber Risk Every CISO Must Confront in 2025. Retrieved from MetricStream

7. Kiteworks. (2026). 2026 AI Data Security Crisis: Shadow AI & Data Governance Strategies. Retrieved from Kiteworks

8. Kiteworks. (2026). Agentic AI Attack Surface: Why It’s the #1 Cyber Threat of 2026 and How to Secure It. Retrieved from Kiteworks

9. Model Context Protocol. (2025-2026). Security Best Practices. Retrieved from MCP Specification

10. Red Hat. (2025). Model Context Protocol (MCP): Understanding Security Risks and Controls. Retrieved from Red Hat

11. Auth0. (2025). Model Context Protocol (MCP) Spec Updates from June 2025. Retrieved from Auth0 Blog

12. Stack Overflow. (2026). Is That Allowed? Authentication and Authorization in Model Context Protocol. Retrieved from Stack Overflow Blog

13. Adversa AI. (2026). Model Context Protocol (MCP) Risks: Key Takeaways from CoSAI Security White Paper. Retrieved from Adversa AI

14. Microsoft Security Blog. (2026). Four Priorities for AI-Powered Identity and Network Access Security in 2026. Retrieved from Microsoft

15. Gartner. (2026). Gartner Predicts by 2028, 50% Of Organizations Will Adopt Zero-Trust Data Governance as Unverified AI-Generated Data Grows. Retrieved from Gartner

16. Seceon. (2026). Zero Trust AI Security: The Comprehensive Guide to Next-Generation Cybersecurity in 2026. Retrieved from Seceon

17. Security Boulevard. (2025). Security for AI: How Shadow AI, Platform Risks, and Data Leakage Leave Your Organization Exposed. Retrieved from Security Boulevard

18. ISACA. (2025). The Rise of Shadow AI: Auditing Unauthorized AI Tools in the Enterprise. Retrieved from ISACA

19. State Secretariat for Economic Affairs SECO. (2023). New Federal Act on Data Protection (nFADP). Retrieved from kmu.admin.ch

20. Federal Data Protection and Information Commissioner FDPIC. (2024). The New Data Protection Act in Figures. Retrieved from edoeb.admin.ch

21. Microsoft. (2024). 5 Years of Microsoft Data Centers in Switzerland: 500 Local Services, 50,000 Customers. Retrieved from news.microsoft.com