Data Protection and AI in Swiss Law Firms: nDSG Compliance in Practice
The revised Data Protection Act (nDSG) poses new challenges for law firms using AI tools. What requirements apply? What can go to the cloud? A practical guide.
Orlando Kahanek ·
Data Protection and AI in Swiss Law Firms: nDSG Compliance in Practice
Since September 1, 2023, the revised Swiss Data Protection Act (nDSG, SR 235.1) has been in force. For law firms wanting to use AI tools, the central question is: How can the use of Legal AI be reconciled with data protection and attorney-client privilege?
This question is not academic – it has concrete professional law consequences. Art. 13 BGFA (Federal Act on the Free Movement of Lawyers) obliges attorneys to maintain professional secrecy. A violation can lead to revocation of the law license.
Key nDSG Requirements for AI Use
1. Privacy by Design and Data Protection Impact Assessment
Art. 7 nDSG requires «Privacy by Design» – data protection must be considered from the design stage. For AI tools, this means:
- Data may only be stored as long as necessary for the purpose
- Technical measures must restrict access to what is necessary
- Default settings must be privacy-friendly
Art. 22 nDSG requires a Data Protection Impact Assessment (DPIA) when data processing may pose a high risk. Using AI to analyze client data typically requires a DPIA.
2. Disclosure Abroad
Art. 16-17 nDSG regulate data transfer abroad. Personal data may only be transferred to states ensuring adequate data protection. The Federal Council maintains a corresponding country list.
Practical relevance: Using an AI tool that processes data on US servers (ChatGPT, Claude, Gemini) constitutes disclosure abroad. The USA has been on the adequacy list since the Swiss-U.S. Data Privacy Framework (DPF), but only for DPF-certified companies. Verify whether your AI provider is DPF-certified. If not, additional safeguards are required – additional safeguards are required.
3. Attorney-Client Privilege and AI
Attorney-client privilege (Art. 321 SCC) protects all information entrusted to the attorney in their professional capacity. Disclosure to third parties is generally punishable – including to a cloud provider.
The Swiss Bar Association (SAV) stated in its guideline «Cloud Computing and Attorney-Client Privilege» (2022):
> The use of cloud services is compatible with attorney-client privilege, provided technical and contractual measures ensure confidentiality.
Specifically:
- Encryption: Data must be encrypted in transit and at rest (minimum AES-256)
- Access control: The cloud provider must not have access to plaintext
- Server location: Preferably Switzerland, at minimum EU/EEA with adequate data protection
- No model training: Client data must never be used for AI model training
Verification Schema for Law Firms
1. Where is data processed? (server location) 2. Is data used for model training? (exclusion criterion if yes) 3. What encryption is used? (minimum: AES-256, TLS 1.3) 4. Is there a data processing agreement? (Art. 9 nDSG) 5. Is a DPIA required? (Art. 22 nDSG – for client data: yes) 6. Is the provider on the FDPIC supervision list?
Concrete Risk Scenarios
Scenario 1: Entering Client Data in ChatGPT
Risk: HIGH
- Data processed on US servers
- OpenAI may use inputs for model training (unless disabled in Enterprise version)
- No data processing agreement in Free/Plus version
- Potential violation of Art. 321 SCC (professional secrecy)
Scenario 2: Document Analysis with Swiss-Hosted Legal AI
Risk: LOW (with correct implementation)
- Data remains in Switzerland (Azure Switzerland North)
- No model training with customer data
- Data processing agreement in place
- AES-256 encryption
- Automatic deletion after analysis
Scenario 3: E-Mail-Assistanten mit KI
Risk: MEDIUM
- Dependent on provider and their data policies
- E-mail content may contain client data
- Microsoft 365 Copilot: Data stays in tenant, no model training (but US processing possible)
Checkliste: nDSG-konforme KI-Nutzung in der Kanzlei
- [ ] DSFA durchgeführt für jeden KI-Einsatz mit Personendaten
- [ ] Auftragsbearbeitungsvertrag mit KI-Anbieter abgeschlossen
- [ ] Serverstandort Schweiz (oder angemessenes Datenschutzniveau)
- [ ] Verschlüsselung: AES-256 at Rest, TLS 1.3 in Transit
- [ ] Kein Modell-Training mit Kanzleidaten bestätigt
- [ ] Informationspflicht gegenüber Mandanten erfüllt (Art. 19 nDSG)
- [ ] Bearbeitungsverzeichnis aktualisiert (Art. 12 nDSG)
- [ ] Löschkonzept definiert und implementiert
- [ ] Mitarbeiterschulung zu KI und Datenschutz durchgeführt
Fazit: KI ja – aber mit den richtigen Leitplanken
Der Einsatz von KI in Schweizer Kanzleien ist mit dem nDSG und dem Anwaltsgeheimnis vereinbar – sofern die richtigen technischen und organisatorischen Massnahmen getroffen werden. Die wichtigsten Faktoren:
1. Datenstandort Schweiz ist der sicherste Weg 2. Kein Modell-Training mit Mandantendaten ist nicht verhandelbar 3. DSFA ist bei KI-Einsatz mit Personendaten Pflicht 4. Auftragsbearbeitungsvertrag muss die KI-spezifischen Risiken adressieren
Kanzleien, die diese Leitplanken einhalten, können KI-Tools rechtssicher einsetzen und damit ihre Effizienz steigern – ohne das Vertrauen ihrer Mandanten zu gefährden.
---
RechtsKI processes all data exclusively in Switzerland (Microsoft Azure, Switzerland North). No model training is performed with customer data. The platform is nDSG-compliant and uses AES-256 encryption.