LEXR Legal BlogBlog / Guides

Regulatory updates for startups in 2025 

By Thomas Kuster

Last Updated 23/01/2025

Whether you’re a DeepTech innovator in the energy and cleantech sector, focus on driving artificial intelligence application, are into robotics and autonomous driving or build B2B or B2C software, knowing what’s coming is critical to staying competitive. 

This overview breaks down the most relevant regulations by sector—some specific to Switzerland, others tied to the EU but relevant for Swiss companies. It explains why they matter and provides a timeline to help you prepare. 

If you’re interested in the details, you can jump to the sections relevant to you here: 

Timeline overview: Upcoming key deadlines

Effective from Regulation Relevant sectors 
January 1, 2025 Broad updates on Swiss energy & green economy regulations: Energy, cleantech 
January 1, 2025 Swiss Unfair Competition Act (update regarding greenwashing) Anyone making sustainability claims 
January 17, 2025 Digital Operational Resilience Act (DORA) Financial sector, incl. B2B software providers 
February 2, 2025 EU AI ActEveryone developing or using AI 
March 1, 2025 Swiss Ordinance on Automated Driving Autonomous driving & robotics 
April 17, 2025 NIS 2 Cybersecurity Directive B2B software providers 
June 28, 2025 EU Accessibility Act B2C software providers 
September 12, 2025 EU Data Act B2B and B2C software 
December 11, 2025 Cyber Resilience Act B2B software providers 
2026 (Planning) Product Liability Directive B2B & B2C software, autonomous driving 

1 For AI, robotics and industry 4.0 companies 

1.1 The EU AI Act 

Impacts you if

  • You are developing, deploying, or using AI systems in the EU or targeting the EU market. 
  • You provide general-purpose AI models, i.e. AI models trained with a large amount of data using self-supervision, capable of performing a wide range of distinct tasks and that can be integrated in various apps and services. 

Why you should care

  • Understanding the various risk categories under the AI Act (and their regulation or even prohibition) is paramount prior to investing resources in developing AI systems or features.  
  • Larger B2B customers as well as investors will increasingly demand, and assess, your compliance with the AI Act. 

What you need to do

From February 2, 2025:  
  • Comply with the ban on AI systems posing unacceptable risks, such as AI systems that exploit individual’s vulnerabilities due to their i.e. age, disability or social background, in order to distort their behaviour in a way that is likely to cause harm. 
  • Ensure adequate AI literacy among employees involved in the use and deployment of AI systems by  conducting expert workshops, teaching them the use-cases, risks and internal guidelines of how to use the internally approved AI systems. 
From August 2, 2025:
  • Comply with obligations for providers of general-purpose AI models. These include drawing up the technical documentation of the model, its training and testing processes, the results of its evaluation, as well as a policy to comply with EU copyright law and a summary of the content used for training. 
  • Adhere to transparency requirements for general-purpose AI systems. 
  • Assess your legal risk exposure – be aware that provisions on penalties, including administrative fines, begin to apply. 


1.2 Product Liability Directive 

Impacts you if

  • You are a manufacturer, importer, distributor, or online platform selling products in the European Union  
  • You produce or sell software, AI systems, or digital services in the EU market, especially those that have a risk of causing damage to individuals. 

Why you should care

  • Liability arising from product liability laws cannot be simply negotiated away. Software was so far not typically covered by product liability laws.  
  • Depending on the inherent risk of your software product, you may need to re-assess your business risks and take precautionary measures. 

What you need to do

  • The new Product Liability Directive entered into force on the 8th December 2024 and its rules are expected to apply to all products placed on the EU market or put into service after the 9th December 2026. 
  • In 2025, it’s recommended to assess the impact this new Directive will have on your products and services, reinforcing your risk mitigation measures. Potentially re-assess your insurance coverage.   

1.3 Swiss Ordinance on Automated Driving 

Impacts you if

  • You are making vehicles equipped with autonomous systems available to users in Switzerland.  
  • You are planning to own and/or operate driverless vehicles in Switzerland. 
  • You are planning to operate a parking facility offering automated parking in Switzerland. 

Why you should care

  • The rules on autonomous driving in Switzerland are getting much more permissive. 
  • Adapting to new regulatory opportunities can give you a first mover advantage. 

What you need to do

From March 1, 2025:  

Kick off the authorization process for the operational use of driverless vehicles. Don’t expect this to be a quick thing though, not all Cantons are ready.  

Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.

Book your free call with our legal experts today to:

  • Get tailored advice on the regulations that matter most to your business.
  • Receive a quick compliance check and identify your next steps.
  • Walk away with a custom action plan—no strings attached.
Book your free call

Want back up to the overview? Click here!

2 For B2B Software Companies 

2.1 EU Data Act 

Impacts you if

  • You manufacture or use connected products such as connected cars, medical and fitness devices, industrial or agricultural machines, and related services. 
  • You provide data processing compute resources as a service, including cloud services. 

Why you should care

  • Your clients may have the right to request access to some of the data (personal and non-personal) your product generates. Ensuring that you can fulfil your legal obligations may require you to implement product changes. 
  • The Data Act can offer you opportunities to access valuable data from larger companies in the value chain, which can help you improve your products and services. 

What you need to do

From September 12, 2025: 
  • The majority of the Data Act provisions become applicable. 
  • Review key supplier agreements and request data access, if possible. Contract clauses restricting startups to use or monetize their own data processed by these suppliers can be deemed unfair. 
  • Ensure compatibility of your devices, software or platform with other available products and services. 
  • Be prepared to make data directly available to your customers or fulfil their requests by making their data available without undue delay if direct access is not possible. 

2.2 Digital Operational Resilience Act (DORA)

Impacts you if

  • You are a financial institution operating in the European Union, including banks, insurance companies, investment firms, and other financial entities; or 
  • You are an information and communications technology third-party service provider to financial institutions in the EU. 

Why you should care

  • As a financial institution, you might be faced with additional legal scrutiny and fines. Interestingly, you can be fined as an individual, since DORA imposes fines on individuals having key roles in a company.  
  • As a service provider to financial institutions, your customers will require you to comply with DORA and conduct assessments in this regard. 

What you need to do

From January 17, 2025:  
  • Implement comprehensive measures for operational resilience, including ICT risk management, incident reporting, resilience testing, and third-party risk management. 
  • Ensure your systems and third-party providers meet DORA standards. Assess your existing contracts and update where necessary. You might also need to conduct infosec assessments.  

2.3 NIS 2 Cybersecurity Directive

Impacts you if

  • You are an essential or important entity as defined by NIS2, which includes infrastructure sectors such as energy, transport, health, digital infrastructure, and more. 
  • You are a supplier or service provider to essential or important entities. 

Why you should care

  • If you are a service provider to companies that are subject to NIS 2, your customers will require your compliance in order to continue to buy from you. 
  • Proactive cybersecurity measures not only meet regulatory demands but also safeguard your reputation and can serve as an additional sales argument. 

What you need to do

By April 17, 2025:  
  • Strengthen cybersecurity, by introducing measures such as encryption, access control (e.g. by introducing multifactor authentication) or by implementing additional protection against malware and other cyber threats. 
  • Implement risk management systems by conducting regular assessments to identify vulnerabilities of your systems and operations. 
  • Make sure you are ready for audits by national authorities. 

2.4 Cyber Resilience Act (CRA)

Impacts you if

You manufacture, import, or distribute software or hardware products with digital elements for the EU market. 

Why you should care

  • If your customers are subject to the CRA, your customers will assess your compliance with it. 
  • To remain competitive and trusted in an increasingly security-conscious market, you will need to demonstrate compliance. 

What you need to do

From December 11, 2025:

Comply with technical security requirements for critical product categories. The European Commission is expected to adopt an implementing act specifying the technical description of product categories and critical products, which should be monitored.


2.5 Other changes that might interest you

  • Working on a B2B2C Whitelabel product? Check out the info on the EU’s Accessibility Act too. 
  • Are you using sustainability claims in your marketing? Make sure you read the update on the Swiss Unfair Competition Act here
Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.

Book your free call with our legal experts today to:

  • Get tailored advice on the regulations that matter most to your business.
  • Receive a quick compliance check and identify your next steps.
  • Walk away with a custom action plan—no strings attached.

Hear it from our happy clients

review us on
Best law firm we’ve worked with!
LEXR has been a fantastic partner to us at Ledgy and would undoubtedly recommend them to any start-up- and scaleup needing nimble, professional and hand-on Legal advice and support.
Wir sind äusserst zufrieden mit den Dienstleistungen von LEXR Law Switzerland AG. Besonders hervorheben möchten wir die Flexibilität und hervorragende Verfügbarkeit unserer Ansprechpartner. Die schnelle Reaktionszeit und die stets fundierte Beratung geben uns das sichere Gefühl, in besten Händen zu sein. Vielen Dank an das Team von LEXR für die professionelle und zuverlässige Unterstützung – wir können Ihre Legal Services uneingeschränkt weiterempfehlen!
LEXR is an amazing team, certainly one of the best law firm I’ve worked with.Highly recommended.
Wir haben mit verschiedenen Teams von LEXR gearbeitet und waren bisher mit der Reaktivität und der Qualität zufrieden. Danke
Die kostenlose Rechtsberatung (20min.) kann ganz bequem und einfach online gebucht werden. Nach diesem Gespräch war klar, dass ein Vertragsreview die passendste Option ist.Nach einigen Iterationen konnte der Vertrag zu meinen Gunsten abgeschlossen werden. Die Zusammenarbeit war sehr angenehm, effizient und auf Augenhöhe. LEXR hat gute Inputs eingebracht, den Hintergrund erklärt und die Entscheidung jeweils mir überlassen. Qualitativ bin ich von ihrer Arbeit sehr überzeugt. In dieser Form macht eine Zusammenarbeit Spass und führt zu zufriedenstellende Ergebnisse.MIt gutem Gewissen kann ich LEXR vollumfänglich empfehlen.
Great services. Fast & Pragmatic. Perfect for Startups
js_loader

Want back up to the overview? Click here!

3 B2C Software Companies 

3.1 EU Accessibility Act

Impacts you if

  • You are providing infrastructure or services (e.g. cloud solutions or APIs accessible to consumers, products such as computer hardware and self-service terminals, or services such as e-commerce platforms and payment services.  
  • You operate in the EU or target an EU audience with 10+ employees and €2M+ turnover. 

Why you should care

  • Accessibility opens your business to a broader audience while mitigating legal risks: Non-compliance might lead to regulatory fines.  
  • Especially in a white-label, B2B2C setup, your corporate customers will expect you to fulfil the accessibility obligations.  
  • As this might require changes in the UX of your product, the Act’s impact should be assessed early and the product roadmap amended, if needed. 

What you need to do

From June 28, 2025:

Ensure products meet accessibility standards (e.g., self-service terminals, audiovisual services). 

Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.

Book your free call with our legal experts today to: 

  • Get tailored advice on the regulations that matter most to your business. 
  • Receive a quick compliance check and identify your next steps. 
  • Walk away with a custom action plan—no strings attached. 
Book your free call

Want back up to the overview? Click here!

4 For Companies in the Green Economy 

4.1 Swiss Green Economy and Energy Sector Regulations 

Impacts you if

You operate in the green economy or energy sector in Switzerland. 

Why you should care

The revised regulatory landscape brings opportunities for existing and new players, primarily in the energy sector. 

What you need to do

From January 1, 2025:

Get familiar with the new and updated Acts and identify strategic opportunities: 

  • The new Climate and Innovation Act is in force. The most important changes for companies are new financial aids for energetic measures in real estate and support programmes for investments in climate-friendly technologies. 
  • The revised Energy Security Act is in force. It concerns mainly an increase of production of renewable energy. It includes improved sharing between and access to relevant energy economic data for market players. 
  • The revised Energy Act is in force. It includes simplified permission and financial support processes for renewable energy generators, liberalisation measures on the wholesale market (e.g. associations for personal use). 

Why it matters: Compliance enhances investor confidence and positions your company as a leader in sustainable energy. 


4.2 Swiss Unfair Competition Act: Greenwashing Amendment 

Impacts you if 

You or your competitors are making claims about the climate impact, the eco-friendliness, or the sustainability of your company, your products, or your services either in a marketing or operational context.   

Why you should care

  • Transparent sustainability claims protect your reputation and align with increasing consumer demand for accountability.  
  • Also, under the Unfair Competition Act, competitors can easily file complaints against your company in case you are obviously non-compliant.  

What you need to do

From January 1, 2025:

Ensure such claims are verifiable and backed by evidence. 


Whether you’re unsure which rules apply to your operations or need a clear plan to prepare, we’re here to help.

Book your free call with our legal experts today to:

  • Get tailored advice on the regulations that matter most to your business.
  • Receive a quick compliance check and identify your next steps.
  • Walk away with a custom action plan—no strings attached.


    Want back up to the overview? Click here!

Related

Let’s Go!

Book a free, non-binding discovery call to discuss how we can help you achieve your business goals.

Or feel free to reach us directly via email at [email protected].

Book your free call