Author: VBS/DDPS
Source: vtg.admin.ch
Publication date: November 28, 2025 ⚠️ Metadata discrepancy: Originally 19.02.2024
Summary reading time: 4 minutes

Executive Summary

The Swiss Armed Forces are implementing the New Digitalization Platform (NDP) from mid-2026 onwards as a central IT infrastructure for mission-critical command systems – an ambitious project with considerable strategic and technological risks. The project digitally connects sensors, communications systems, command levels and weapon effects, but is accompanied by structural problems: multi-year development cycles while cloud technology evolves rapidly, strategic dependence on Swisscom as a partner, and high complexity with open-source components. The lack of transparency regarding costs, security architecture and exit strategies raises fundamental questions about cost-effectiveness, technological sovereignty and long-term capability to act.

Critical Guiding Questions

1. Technological Sovereignty or Strategic Dependence?
How does the Armed Forces ensure its digital capability to act when critical infrastructure is based on proprietary cloud services and a single strategic partner – and what exit strategies exist in case of price changes, geopolitical tensions or product discontinuation?

2. Innovation Despite Planning Horizon?
Can a project with multi-year development time (conception 2024, operation from 2026, target horizon mid-2030s) remain technologically competitive when cloud standards, security architectures and IT threats evolve significantly faster than military procurement cycles?

3. Transparency as Prerequisite for Accountability?
Why are key details about project costs, vendor lock-in risks, open-source components and independent security audits missing from public communication – and how can a fact-based societal debate about proportionality and efficiency be conducted without this information?

Scenario Analysis: Future Perspectives

Short-term (1 year):
Operational launch of the NDP from mid-2026 by Cyber Command with support from Swisscom. Initial stress tests in international exercises (CWIX) will show whether interoperability and scalability meet requirements. Risk: Delays in integrating mission-critical systems, initial security incidents or compatibility problems with legacy infrastructure could trigger public criticism and parliamentary inquiries.

Medium-term (5 years):
Maintenance and modernization costs increase disproportionately as cloud services, APIs and security standards evolve. Parallel projects (C2Air, passive sensors) increase complexity. Growing dependence on Swisscom limits negotiating room. Possible response: Political pressure on VBS to establish transparency and evaluate alternative providers – or budget cuts for other army projects to finance the NDP.

Long-term (10–20 years):
Technological obsolescence and structural vendor lock-in force costly redevelopments or partial migrations. Geopolitical shifts (e.g., European sovereignty debates, cyber threats from major powers) could force Switzerland to renationalize digital infrastructure or switch to European open-source alternatives. Risk of digital competence loss if know-how remains with external partners long-term instead of being built internally.

Main Summary

a) Core Topic & Context

The Swiss Armed Forces are digitalizing their command infrastructure with the NDP to operate sensors, communications systems, command and weapon effects (SNFW network) in a networked and mission-critical manner. The project responds to the need to remain capable of acting in cyber warfare and hybrid threat situations – but stands as an example of the tension between military planning security and technological dynamics.

b) Most Important Facts & Figures

  • NDP core component completed with 5 software releases by late summer 2025; automation and orchestration centrally implemented
  • Productive operation from mid-2026 by Cyber Command with strategic support from Swisscom
  • Target horizon: Capability building until mid-2030s according to "Overall Cyber Concept"
  • Functional scope: Situational awareness, data processing, joint command, self-protection in cyber and electromagnetic space (CER)
  • Project costs, security budget, open-source share: ⚠️ Not publicly communicated – to be verified
  • International test: Participation in CWIX 2025 (Coalition Warrior Interoperability eXploration) documented

c) Stakeholders & Affected Parties

  • Swiss Armed Forces (all branches and command levels)
  • Cyber Command (operation and further development)
  • Swisscom (strategic partner, personnel support, infrastructure)
  • VBS/Parliament (budget responsibility, political control)
  • Taxpayers (long-term cost bearers)
  • NATO/EU partners (interoperability in multinational operations)
  • IT security experts (threat defense, critical infrastructure)

d) Opportunities & Risks

Opportunities:

  • Modernization of command capability and response speed in crisis situations
  • Interoperability with international partners (NATO standards, CWIX)
  • Central data processing enables better situational awareness and faster decisions
  • Potential innovation driver for Swiss IT security competence and dual-use technologies

Risks:

  • Technological obsolescence upon completion: Cloud standards, security architectures and APIs evolve faster than 10-year projects
  • Vendor lock-in with Swisscom/cloud providers: Lack of transparency about exit strategies and alternative scenarios
  • High maintenance costs: Open-source components require specialized personnel and continuous updates
  • Conflict of interest: Swisscom as partner and de facto gatekeeper for critical infrastructure – pricing and roadmap not independently controlled
  • Security risks: Complex systems offer large attack surfaces; no information about independent audits published
  • Lack of transparency: Missing cost information, licensing terms and technical details make societal control difficult

e) Action Relevance

For VBS/Cyber Command:

  • Establish transparency: Publication of project costs, security concepts, open-source components and exit strategies
  • Minimize vendor lock-in: Document architectural decisions for cloud agnosticism and interoperability
  • Build internal competence: Don't completely outsource know-how to external partners

For Parliament/Oversight Bodies:

  • Critical review of cost development, dependencies and technological currency
  • Commission independent security audits and publish results (anonymized)
  • Evaluate alternative scenarios: European open-source cooperations, multi-cloud strategies

For Expert Public/Civil Society:

  • Demand public debate about digital sovereignty, cost-effectiveness and transparency in critical infrastructure
  • Comparison with international projects (e.g., French Cloud souverain, German defense cloud)

Quality Assurance & Fact-Checking

Verified Facts:

  • NDP core component completed with 5 releases by late summer 2025 (official VBS announcement)
  • Productive operation planned from mid-2026 (official roadmap)
  • Swisscom confirmed as strategic partner (communicated multiple times)
  • Participation in CWIX 2025 documented (official announcement)

⚠️ To be verified:

  • Total project costs (no public information)
  • Share of proprietary vs. open-source components
  • Details of cloud provider contracts (AWS, Azure, own data centers?)
  • Exit strategies and vendor lock-in scenarios
  • Independent security audits

Supplementary Research (Perspective Depth)

1. Federal Office for Defence Procurement (armasuisse):
Armament Program 2024 includes equipment for VBS data centers – budget information for infrastructure available, but no detailed breakdown for NDP-specific costs.

2. European Comparison Projects:
France is developing "Cloud de Confiance" (Thales, Capgemini) with explicit sovereignty strategy; Germany relies on multi-cloud approach with open-source components (Gaia-X framework). Swiss approach appears less transparently documented in comparison.

3. IT Security Research:
Studies by NIST (National Institute of Standards and Technology, USA) and ENISA (EU) recommend for critical infrastructure: regular vendor lock-in assessments, multi-cloud strategies and open-source components with active community. No public evidence that NDP meets these standards.

Source Directory

Primary Source:
New Digitalization Platform – VBS/DDPS

Supplementary Sources:

  1. Overall Cyber Concept – VBS, February 19, 2024 (PDF 2.01 MB)
  2. Armament Program 2024 – armasuisse
  3. CWIX 2025: NDP in International Field Test – VBS Announcement

Verification Status: ✅ Facts checked on November 28, 2025 (based on official VBS documents)
⚠️ Note: Key information (costs, security architecture, vendor lock-in strategies) not publicly available – critical information gap.

🧭 Journalistic Compass (Assessment)

  • 🔍 Power critically scrutinized: ✅ Lack of transparency in strategic partner selection and cost structure problematized
  • ⚖️ Freedom and Personal Responsibility: ⚠️ Digital sovereignty endangered by vendor lock-in; internal competencies unclear
  • 🕊️ Transparency: ❌ Serious information gaps regarding project costs, security audits and exit strategies
  • 💡 Food for Thought: ✅ Structural risks of long-term IT projects and conflicts of interest in public-private partnerships addressed

File Information
Version: 1.0
Author: [email protected]
License: CC-BY 4.0
Last Updated: November 28, 2025