AI Regulation Switzerland: Middle Ground on American Infrastructure

Blog (EN)

clarus.news | Analysis | April 21, 2026

The Grok case involving Federal Councillor Karin Keller-Sutter has ignited a regulatory debate that was long overdue: Who is liable when artificial intelligence goes off the rails – prompter, platform, or provider? While Brussels tightens the screws from August 2026 with the full AI Act and Germany passed the AI Market Surveillance and Innovation Promotion Act on February 11, 2026, the Federal Council is calmly preparing a consultation draft by the end of 2026. Meanwhile, Copilot runs by default on 54,000 freshly deployed Microsoft 365 workstations in the federal administration – and the in-house development Gov-GPT is based on Meta's Llama. Switzerland is regulating AI whose infrastructure it no longer controls.

The Grok Affair: Prompter, Platform, or Provider?

The case has been told in full, the legal gap has not: On March 10, 2026, a 75-year-old pensioner prompted Elon Musk's chatbot Grok on X to make vulgar, sexist insults against the Finance Minister. Keller-Sutter filed criminal charges for defamation and insult against unknown persons – explicitly with the intention of having prompter, operator, and platform examined. Criminal law professor Monika Simmler from the University of St. Gallen sees good chances of prosecuting the prompter: AI is a tool, not an excuse. However, co-responsibility of the platform can only be proven if it can be demonstrably shown that the operators knowingly accepted the legal violation.

Politically, the breadth of reaction is remarkable. FDP Co-President Susanne Vincenz-Stauffacher calls the question of attribution a test for the rule of law in digital space. Green National Councillor Gerhard Andrey – known as an advocate for digital sovereignty – describes Grok as a "grotesque AI tool that whips up society like an accelerant." SVP National Councillor Roland Rino Büchel, however, considers the charges excessive: if someone commits murder with a knife, the knife manufacturer is not to blame either. The analogy misses the point – a knife does not compose insults autonomously.

The Federal Council's Middle Path: AI Convention Instead of AI Act

On February 12, 2025, the Federal Council set its regulatory course – based on OFCOM's analysis, which examined three approaches: full adoption of the EU AI Act, ratification of the Council of Europe Convention on AI, or continuation of sectoral regulation. The middle variant was chosen in its less far-reaching sub-variant: ratification of the convention with primary requirements for the state, while the private sector remains largely unregulated. FDJP and DETEC are to prepare a consultation draft and action plan by the end of 2026 – actual legislation will follow at the earliest in 2027.

AlgorithmWatch Switzerland criticizes the decision as "timid and short-sighted": economic interests take precedence over those of the population, the resource question remains ignored, and the timeline does not meet the challenges. Economiesuisse welcomes precisely this restraint: many Swiss laws are already "AI-ready," and regulatory interventions should remain targeted. The Federal Council thus positions itself between European harmonization – which creates pressure anyway through the Switzerland-EU Mutual Recognition Agreement (MRA) – and economic policy self-restraint.

Brussels, Berlin, Paris: The Pace of Others

The contrast with the Eurozone is stark. EU Regulation 2024/1689 applies fully with exceptions from August 2, 2026; rules for high-risk AI take effect from this date, those for embedded systems from August 2027. Germany passed the AI Market Surveillance and Innovation Promotion Act (AI-MIG) on February 11, 2026 – the Federal Network Agency takes over central supervision, with an AI service desk and regulatory sandboxes supporting implementation. France simultaneously pursues industrial policy: Macron's 109-billion offensive, the Mistral data center near Paris with operations starting at the end of June 2026, a joint German-French administrative AI with SAP and Mistral.

Switzerland, meanwhile, conducted a "participatory workshop" with around 60 interest group representatives at the Federal Office of Justice on October 27, 2025. The synthesis was characterized by terms like "proportionate regulation," "transparency," and "fairness." The consultation draft will come – if everything goes according to plan – only when the EU AI Act has already been in full application for two years. Switzerland will not be a rule-setter but a rule-taker – without sitting at the negotiating table.

The Real Contradiction: Sovereignty on US Stack

The harshest irony lies not in the regulatory pace but in the infrastructure on which the Swiss AI debate takes place. At the end of 2025, the federal government completed the rollout of Microsoft 365 to around 54,000 workstations – including the recently upgraded units of DDPS and FDPIC. Microsoft activates the AI assistant Copilot by default for all licensed users, including the federal administration. Training on Copilot use: none. Political approval before activation: none. The internal audit of FDFA also found that the technical device designed to prevent classified documents from being uploaded to the cloud "currently only partially" functions.

The government-internal AI experiment Gov-GPT, which has been available to Federal Councillors and senior officials in an isolated BIT environment since November 2024, uses Meta's language model Llama 3 – an open-source model from a US corporation. The parallel-developed Swiss flagship model Apertus from ETH, EPFL, and CSCS is used by its strategic partner Swisscom primarily "internally and for testing purposes." For end-customer products, Swisscom instead relies on Claude from Anthropic and OpenAI variants – because, according to the official reasoning, no Swiss model currently meets the requirements of a consumer product of this magnitude. Federal Chancellor Viktor Rossi had described the situation bluntly at the Swiss Cyber Security Days in February 2026: the federal administration is dependent on external providers and large foreign corporations.

The Turnaround of April 18

This is exactly where something is moving. NZZ reported on April 18, 2026, that according to research, the federal government is striving for a gradual and long-term reduction of Microsoft dependency – just a few months after completing the Microsoft 365 rollout. The feasibility study on open-source alternatives, conducted by the BOSS project under the leadership of the Federal Chancellery and BIT, is to deliver recommendations by mid-2026. OpenDesk from the German Center for Digital Sovereignty (ZenDiS) is being tested. Schleswig-Holstein has already completely switched; Swiss Delegate for Digital Transformation Daniel Markwalder is in direct exchange with the federal state.

But the structural contradiction remains: Switzerland regulates AI providers who control its infrastructure. It discusses platform liability while the platforms are subject to American law. It develops Gov-GPT on the model of a corporation against whose AI Federal Councillor Keller-Sutter has just filed criminal charges. And it takes time until the end of 2026 for a consultation draft – while Mistral in Paris, openDesk in Berlin, and the AI Act in Brussels are already reality.

Conclusion: The Wrong Pace for the Right Question

The Federal Council has chosen the middle path – technology-neutral, principle-based, business-friendly. This is defensible as long as the question is primarily: How does Switzerland regulate the private sector? The question raised by the Grok case, however, goes deeper: How does a small state enforce law against platforms whose cloud contracts the Federal Chancellor publicly names as dependency?

France responds with industrial policy and an enforcement-strong DINUM. Germany with the AI-MIG and a central Federal Network Agency. The EU with 450 million consumers as leverage. Switzerland responds with workshops, feasibility studies, and a timeline that undercuts the technological development cycle twice. Gerhard Andrey showed in December 2025, together with SVP Councillor of States Werner Salzmann, that parliamentary enforcement power exists. What is missing is an executive that uses it.

Regulating AI is not the real problem. The problem is not owning the infrastructure for it.

Key Messages

  • Liability Gap: The Grok-Keller-Sutter case becomes a test case for whether Swiss law can prosecute prompters, platform operators, and AI providers – jurisprudence does not yet exist.
  • Pace Gap: Federal Council plans consultation by end of 2026; EU AI Act takes full effect from August 2026; Germany already passed implementation law in February 2026.
  • Structural Contradiction: Swiss AI regulation emerges on 54,000 newly deployed Microsoft 365 workstations with activated Copilot and a Gov-GPT based on Meta-Llama.
  • Sovereignty Turnaround: According to NZZ research from April 18, 2026, the federal government seeks gradual reduction of Microsoft dependency – months after completing the rollout.
  • Swisscom Dilemma: The strategic Apertus partner uses Anthropic and OpenAI in end-customer products because Apertus "does not fully meet the requirements."

Critical Questions

  1. (a) Evidence: What reliable data exists about how often and to what extent classified federal documents have already ended up in the Microsoft cloud, beyond the partially functioning FDFA device?

  2. (a) Source Validity: How representative was the selection of 60 participants in the FOJ workshop on October 27, 2025 – were fundamental rights organizations and civil society adequately represented in relation to the tech lobby?

  3. (b) Conflict of Interest: How does the Federal Council's business-friendly regulatory course reconcile with the simultaneous desire to strengthen digital sovereignty – don't primarily those US corporations benefit from which the federal government actually wants to break free?

  4. (b) Independence: How independently can Swiss AI oversight work when its own work environment (Microsoft 365 with Copilot) runs on US Cloud Act infrastructure?

  5. (c) Causality: Does EU harmonization actually lead to better fundamental rights protection, or does it merely shift enforcement to a level where Switzerland has no influence?

  6. (c) Counter-hypothesis: Would shifting resources from Microsoft licenses (1.1 billion CHF over ten years) toward Apertus, openDesk, and similar projects be structurally more effective than any AI regulatory proposal?

  7. (d) Enforceability: How should Switzerland enforce platform liability when the most important AI providers have no legal presence in Switzerland and US law claims precedence?

  8. (d) Side Effect: If Switzerland lags behind regulatively until the end of 2026 while the EU AI Act already applies – doesn't Switzerland face precisely the market access disadvantage it wanted to avoid with the middle path?

Bibliography

Primary Source: Political Bureau Podcast – "Artificial Intelligence and Swiss Regulation," April 2026

Supplementary Sources:

  1. Federal Council: Press Release "AI Regulation: Federal Council wants to ratify Council of Europe Convention," 12.02.2025
  2. 20min / Tamedia / SRF: Coverage of the Grok-Keller-Sutter case, April 2026
  3. NZZ: "Federal Councillor Keller-Sutter defends herself against X's chatbot," April 2026
  4. NZZ: "The federal government wants to break free from Microsoft," 18.04.2026
  5. Blick: "Data protection risk: Microsoft Copilot in the Federal Palace," February 2026
  6. NZZ: "Confidential documents as training data" – Copilot in Parliament, January 2026
  7. Tages-Anzeiger / Inside-IT: Report on Gov-GPT pilot version, March 2025
  8. ETH Zurich / EPFL / CSCS: Apertus launch, 02.09.2025
  9. NZZ: "Why Apertus doesn't take off," March 2026
  10. German Federal Government: AI Act implementation (AI-MIG), 11.02.2026
  11. Watson: "Elon Musk's AI insults Keller-Sutter," quotes Andrey / Wermuth / Vincenz-Stauffacher
  12. AlgorithmWatch Switzerland: Statement on the analysis, February 2025
  13. cyone: "Digital Sovereignty" – Swiss Cyber Security Days 2026, quote Federal Chancellor Viktor Rossi

Verification Status: ✓ 21.04.2026

This text was created with the assistance of an AI model. Editorial responsibility: clarus.news | Fact-checking: 21.04.2026

Tags: #AIRegulation #DigitalSovereignty #Grok #KellerSutter #EUAIAct #Microsoft365 #Copilot #GovGPT #Apertus #Mistral #OpenDesk #FederalAdministration #PlatformLiability

Zurück zur Übersicht