IAPMESuisse

nFADP + AI Act Checklist for Swiss SMEs · 12 Points

Assess in 5 minutes your SME's compliance with the two main regulations applicable to AI in Switzerland in 2026: the nFADP (revised Federal Act on Data Protection, September 2023) and the EU AI Act (rollout 2025-2027). If you tick fewer than 7 out of 12 points, a free AI audit is urgent.

The 12 checklist points

  • 1

    Up-to-date register of processing activities

    Art. 12 nFADP. Written list of all personal data processing with purpose, duration, recipients.

    nFADP
  • 2

    Inventory of AI tools used (incl. shadow IT)

    Declared AND unsanctioned AI tools. Free ChatGPT with client data = Art. 8 nFADP breach.

    nFADPAI Act
  • 3

    AI Act classification of AI systems

    4 levels: unacceptable (banned), high risk, limited (transparency), minimal.

    AI Act
  • 4

    Transparent user information

    Art. 19 nFADP + AI Act. "You are interacting with an AI" notice for chatbots, generative AI.

    nFADPAI Act
  • 5

    DPO or data protection advisor appointed

    Not mandatory for all SMEs but recommended from 50 employees or risk processing.

    nFADP
  • 6

    Data Protection Impact Assessment for high-risk

    Art. 22 nFADP. Mandatory for large-scale profiling, sensitive data, biometrics.

    nFADPAI Act
  • 7

    Compliant AI processor contracts

    Microsoft, OpenAI, Anthropic, Google. Signed DPA, Art. 9 nFADP.

    nFADPAI Act
  • 8

    Data hosting: Switzerland or adequate EU

    Microsoft 365 Switzerland North, Infomaniak, OVH FR. No third-country transfer without SCCs.

    nFADP
  • 9

    Internal AI usage policy (employee charter)

    Document signed by each employee: allowed tools, permitted data, forbidden cases.

    nFADPAI Act
  • 10

    Team training (Art. 4 AI Act)

    Mandatory since 2 February 2025. 2-4h initial training + annual refresh.

    AI Act
  • 11

    72h breach notification mechanism

    Art. 24 nFADP. Written procedure, identified contacts, FDPIC notification template.

    nFADP
  • 12

    AI usage logs retained 6+ months

    Art. 12 AI Act. Usage journal for high-risk systems and traceable audits.

    AI Act

Tick fewer than 7 out of 12?

A free AI audit maps your gaps and proposes a 90-day action plan to compliance, no commitment.

Book my free audit

Go further

Tick fewer than 7 out of 12?

A free AI audit maps your gaps and proposes a 90-day action plan to compliance, no commitment.

Book my free audit