Cloud Usage and Digital Sovereignty:
Strategic Options for Swiss Authorities.

Cloud services form an integral part of modern administrative work. At the same time, when federal, cantonal and municipal authorities outsource data processing, they must comply with data protection requirements, confidentiality obligations such as official secrecy and information security regulations, while ensuring long-term operational capacity. In the public debate – which has gained additional momentum due to current political developments in the US – the focus is currently on the use of US cloud services by Swiss authorities in the context of digital sovereignty.

This debate was intensified by the resolution published in November 2025 by privatim, the Conference of Swiss Data Protection Commissioners, which can be read as a de facto ban on the use of hyperscalers in public administration. This thrust is also already becoming concrete in procurement: for example, the FOPH’s tender for the SwissHDS infrastructure (February 2026) stipulates that all infrastructure components must not be technically or legally dependent on external jurisdictions (e.g., the US CLOUD Act).

Digital sovereignty of Swiss authorities means neither self-sufficiency nor isolation, but rather the ability to manage and control the use of external digital services independently. This briefing categorises the arguments presented, highlights areas of tension and provides orientation for the use of the cloud in administration. The analysis shows that there are no completely risk-free solutions: Every option – be it a US cloud service, a Swiss or European provider, an on-premises or open-source solution – requires case-by-case trade-offs between functionality, security, sovereignty and operational costs.