Whether you’re a DeepTech innovator in the energy and cleantech sector, focus on driving artificial intelligence application, are into robotics and autonomous driving or build B2B or B2C software, knowing what’s coming is critical to staying competitive.
This overview breaks down the most relevant regulations by sector—some specific to Switzerland, others tied to the EU but relevant for Swiss companies. It explains why they matter and provides a timeline to help you prepare.
If you’re interested in the details, you can jump to the sections relevant to you here:
Timeline overview: Upcoming key deadlines
Effective from | Regulation | Relevant sectors |
January 1, 2025 | Broad updates on Swiss energy & green economy regulations: | Energy, cleantech |
January 1, 2025 | Swiss Unfair Competition Act (update regarding greenwashing) | Anyone making sustainability claims |
January 17, 2025 | Digital Operational Resilience Act (DORA) | Financial sector, incl. B2B software providers |
February 2, 2025 | EU AI Act | Everyone developing or using AI |
March 1, 2025 | Swiss Ordinance on Automated Driving | Autonomous driving & robotics |
April 17, 2025 | NIS 2 Cybersecurity Directive | B2B software providers |
June 28, 2025 | EU Accessibility Act | B2C software providers |
September 12, 2025 | EU Data Act | B2B and B2C software |
December 11, 2025 | Cyber Resilience Act | B2B software providers |
2026 (Planning) | Product Liability Directive | B2B & B2C software, autonomous driving |
1 For AI, robotics and industry 4.0 companies
1.1 The EU AI Act
Impacts you if
- You are developing, deploying, or using AI systems in the EU or targeting the EU market.
- You provide general-purpose AI models, i.e. AI models trained with a large amount of data using self-supervision, capable of performing a wide range of distinct tasks and that can be integrated in various apps and services.
Why you should care
- Understanding the various risk categories under the AI Act (and their regulation or even prohibition) is paramount prior to investing resources in developing AI systems or features.
- Larger B2B customers as well as investors will increasingly demand, and assess, your compliance with the AI Act.
What you need to do
From February 2, 2025:
- Comply with the ban on AI systems posing unacceptable risks, such as AI systems that exploit individual’s vulnerabilities due to their i.e. age, disability or social background, in order to distort their behaviour in a way that is likely to cause harm.
- Ensure adequate AI literacy among employees involved in the use and deployment of AI systems by
From August 2, 2025:
- Comply with obligations for providers of general-purpose AI models. These include drawing up the technical documentation of the model, its training and testing processes, the results of its evaluation, as well as a policy to comply with EU copyright law and a summary of the content used for training.
- Adhere to transparency requirements for general-purpose AI systems.
- Assess your legal risk exposure – be aware that provisions on penalties, including administrative fines, begin to apply.
1.2 Product Liability Directive
Impacts you if
- You are a manufacturer, importer, distributor, or online platform selling products in the European Union
- You produce or sell software, AI systems, or digital services in the EU market, especially those that have a risk of causing damage to individuals.
Why you should care
- Liability arising from product liability laws cannot be simply negotiated away. Software was so far not typically covered by product liability laws.
- Depending on the inherent risk of your software product, you may need to re-assess your business risks and take precautionary measures.
What you need to do
- The new Product Liability Directive entered into force on the 8th December 2024 and its rules are expected to apply to all products placed on the EU market or put into service after the 9th December 2026.
- In 2025, it’s recommended to assess the impact this new Directive will have on your products and services, reinforcing your risk mitigation measures. Potentially re-assess your insurance coverage.
1.3 Swiss Ordinance on Automated Driving
Impacts you if
- You are making vehicles equipped with autonomous systems available to users in Switzerland.
- You are planning to own and/or operate driverless vehicles in Switzerland.
- You are planning to operate a parking facility offering automated parking in Switzerland.
Why you should care
- The rules on autonomous driving in Switzerland are getting much more permissive.
- Adapting to new regulatory opportunities can give you a first mover advantage.
What you need to do
From March 1, 2025:
Kick off the authorization process for the operational use of driverless vehicles. Don’t expect this to be a quick thing though, not all Cantons are ready.

Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.
Book your free call with our legal experts today to:
- Get tailored advice on the regulations that matter most to your business.
- Receive a quick compliance check and identify your next steps.
- Walk away with a custom action plan—no strings attached.
2 For B2B Software Companies
2.1 EU Data Act
Impacts you if
- You manufacture or use connected products such as connected cars, medical and fitness devices, industrial or agricultural machines, and related services.
- You provide data processing compute resources as a service, including cloud services.
Why you should care
- Your clients may have the right to request access to some of the data (personal and non-personal) your product generates. Ensuring that you can fulfil your legal obligations may require you to implement product changes.
- The Data Act can offer you opportunities to access valuable data from larger companies in the value chain, which can help you improve your products and services.
What you need to do
From September 12, 2025:
- The majority of the Data Act provisions become applicable.
- Review key supplier agreements and request data access, if possible. Contract clauses restricting startups to use or monetize their own data processed by these suppliers can be deemed unfair.
- Ensure compatibility of your devices, software or platform with other available products and services.
- Be prepared to make data directly available to your customers or fulfil their requests by making their data available without undue delay if direct access is not possible.
2.2 Digital Operational Resilience Act (DORA)
Impacts you if
- You are a financial institution operating in the European Union, including banks, insurance companies, investment firms, and other financial entities; or
- You are an information and communications technology third-party service provider to financial institutions in the EU.
Why you should care
- As a financial institution, you might be faced with additional legal scrutiny and fines. Interestingly, you can be fined as an individual, since DORA imposes fines on individuals having key roles in a company.
- As a service provider to financial institutions, your customers will require you to comply with DORA and conduct assessments in this regard.
What you need to do
From January 17, 2025:
- Implement comprehensive measures for operational resilience, including ICT risk management, incident reporting, resilience testing, and third-party risk management.
- Ensure your systems and third-party providers meet DORA standards. Assess your existing contracts and update where necessary. You might also need to conduct infosec assessments.
2.3 NIS 2 Cybersecurity Directive
Impacts you if
- You are an essential or important entity as defined by NIS2, which includes infrastructure sectors such as energy, transport, health, digital infrastructure, and more.
- You are a supplier or service provider to essential or important entities.
Why you should care
- If you are a service provider to companies that are subject to NIS 2, your customers will require your compliance in order to continue to buy from you.
- Proactive cybersecurity measures not only meet regulatory demands but also safeguard your reputation and can serve as an additional sales argument.
What you need to do
By April 17, 2025:
- Strengthen cybersecurity, by introducing measures such as encryption, access control (e.g. by introducing multifactor authentication) or by implementing additional protection against malware and other cyber threats.
- Implement risk management systems by conducting regular assessments to identify vulnerabilities of your systems and operations.
- Make sure you are ready for audits by national authorities.
2.4 Cyber Resilience Act (CRA)
Impacts you if
You manufacture, import, or distribute software or hardware products with digital elements for the EU market.
Why you should care
- If your customers are subject to the CRA, your customers will assess your compliance with it.
- To remain competitive and trusted in an increasingly security-conscious market, you will need to demonstrate compliance.
What you need to do
From December 11, 2025:
Comply with technical security requirements for critical product categories. The European Commission is expected to adopt an implementing act specifying the technical description of product categories and critical products, which should be monitored.
2.5 Other changes that might interest you
- Working on a B2B2C Whitelabel product? Check out the info on the EU’s Accessibility Act too.
- Are you using sustainability claims in your marketing? Make sure you read the update on the Swiss Unfair Competition Act here.
Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.
Book your free call with our legal experts today to:
- Get tailored advice on the regulations that matter most to your business.
- Receive a quick compliance check and identify your next steps.
- Walk away with a custom action plan—no strings attached.
Hear it from our happy clients
3 B2C Software Companies
3.1 EU Accessibility Act
Impacts you if
- You are providing infrastructure or services (e.g. cloud solutions or APIs accessible to consumers, products such as computer hardware and self-service terminals, or services such as e-commerce platforms and payment services.
- You operate in the EU or target an EU audience with 10+ employees and €2M+ turnover.
Why you should care
- Accessibility opens your business to a broader audience while mitigating legal risks: Non-compliance might lead to regulatory fines.
- Especially in a white-label, B2B2C setup, your corporate customers will expect you to fulfil the accessibility obligations.
- As this might require changes in the UX of your product, the Act’s impact should be assessed early and the product roadmap amended, if needed.
What you need to do
From June 28, 2025:
Ensure products meet accessibility standards (e.g., self-service terminals, audiovisual services).



Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.
Book your free call with our legal experts today to:
- Get tailored advice on the regulations that matter most to your business.
- Receive a quick compliance check and identify your next steps.
- Walk away with a custom action plan—no strings attached.
4 For Companies in the Green Economy
4.1 Swiss Green Economy and Energy Sector Regulations
Impacts you if
You operate in the green economy or energy sector in Switzerland.
Why you should care
The revised regulatory landscape brings opportunities for existing and new players, primarily in the energy sector.
What you need to do
From January 1, 2025:
Get familiar with the new and updated Acts and identify strategic opportunities:
- The new Climate and Innovation Act is in force. The most important changes for companies are new financial aids for energetic measures in real estate and support programmes for investments in climate-friendly technologies.
- The revised Energy Security Act is in force. It concerns mainly an increase of production of renewable energy. It includes improved sharing between and access to relevant energy economic data for market players.
- The revised Energy Act is in force. It includes simplified permission and financial support processes for renewable energy generators, liberalisation measures on the wholesale market (e.g. associations for personal use).
Why it matters: Compliance enhances investor confidence and positions your company as a leader in sustainable energy.
4.2 Swiss Unfair Competition Act: Greenwashing Amendment
Impacts you if
You or your competitors are making claims about the climate impact, the eco-friendliness, or the sustainability of your company, your products, or your services either in a marketing or operational context.
Why you should care
- Transparent sustainability claims protect your reputation and align with increasing consumer demand for accountability.
- Also, under the Unfair Competition Act, competitors can easily file complaints against your company in case you are obviously non-compliant.
What you need to do
From January 1, 2025:
Ensure such claims are verifiable and backed by evidence.
Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.
Book your free call with our legal experts today to:
- Get tailored advice on the regulations that matter most to your business.
- Receive a quick compliance check and identify your next steps.
- Walk away with a custom action plan—no strings attached.