If it has been formally decided that a country or an international body offers an adequate level of data protection, data may be sent to that country or international body without the need to ensure adequate data protection by contract or other guarantees.

Foreign adequacy decisions concerning Switzerland


The EU deemed Switzerland to provide an adequate level of data protection in a decision issued in 2000. This adequacy decision was based on the old Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This has been replaced by the GDPR. The EU is currently examining the level of data protection in Switzerland on the basis of the GDPR. In the meantime, the previous adequacy decision continues to apply.


Following Brexit, the UK also recognised Switzerland as a state that offers an adequate level of data protection.

Adequacy decisions by Switzerland

Under the revised FADP, the Federal Council is responsible for deciding whether the legislation of a country or an international body guarantees adequate protection (see Art. 16 para. 1 FADP). The states, territories, specific sectors in a country and international bodies with adequate data protection are listed in Annex 1 of the Data Protection Ordinance (O-FADP).


Further topics

International cooperation

Effective data protection must transcend borders.

Schengen / Dublin

Switzerland as a Schengen member state.

Questions on data protection

Take a look at our FAQ or call our hotline.

International legal basis

Legal basis Council of Europe and Schengen / Dublin

Last modification 24.04.2023

Top of page