English is not an official language of the Swiss Confederation. This translation is provided for information purposes only, has no legal force and may not be relied on in legal proceedings.
Ordinance on the Proximity Tracing System for the Sars-CoV-2 coronavirus
of 24 June 2020 (Status as of 19 November 2020)
The Swiss Federal Council,
on the basis of Article 60a paragraph 7 of the Epidemics Act of 28 September 20121 (EpidA),
This Ordinance regulates the details of the organisation, operation and data processing of the Proximity Tracing System for the Sars-CoV-2 coronavirus under Article 60a EpidA (PT System).
1 The PT System comprises the following components:
- a proximity data management system (the PDM System), consisting of a software application that users install on their smartphones (the SwissCovid app), and a back end (PDM back end);
- a system for managing codes for releasing the notifications (the code management system), consisting of a web-based front end and a back end.
- 2 The PDM back end and the code management system are operated as a central server by the Federal Office of Public Health (FOPH).
1 Installation and use of the SwissCovid app are voluntary.
2 The express consent of the infected person is required before a notification is sent to app users who have potentially been exposed to the coronavirus.
The FOPH is the federal authority responsible for all components of the PT System under data protection law.
1 During basic operations, the PDM back end makes its content available online to the SwissCovid apps. The content comprises a list with the following data:
- the private keys of infected app users which were effective in the period in which other app users were potentially exposed to the coronavirus (the relevant period);
- the date of each key.
2 The SwissCovid app carries out the following functions via an interface to the mobile phone’s operating system:
- It generates a new private key at least every day that does not permit the SwissCovid app, the mobile telephone or the user to be traced.
- It exchanges a variable identification code at least every half-hour with all compatible apps within Bluetooth range; the identification code is derived from the current private key but may not be traced back to that key and does not permit the SwissCovid app, the mobile telephone or the user to be traced.
- It stores the identification codes received, details of the strength of the signal, the date and the estimated duration of the encounter.
- It periodically retrieves the list of private keys belonging to infected app users from the PDM back end and checks whether any of the identification codes it has stored locally were generated using a private key on the list.
- If it establishes that any one of the locally stored identification codes was generated using a private key on the list, and if the encounter requirements set out in the Annex number I are met, the app issues a notification; the distance of the encounter is estimated based on the strength of the signal received.
3 The operating systems’ functions used via the interface must meet the requirements of Article 60a EpidA and this Ordinance; this does not apply to the rule relating to the source code under Article 60a paragraph 5 letter e EpidA. The FOPH shall ensure that these requirements are met, in particular by obtaining related assurances.
1 If a user tests positive for the coronavirus, an authorised agency may with the consent of the infected person request a unique activation code with time-limited validity from the code management system; to do so, the agency sends the code management system the date on which the first symptoms occurred or, if the infected person has not displayed any symptoms, the date of the test.1
3 The code management back end sends confirmation to the SwissCovid app that the code entered is valid. It deducts the number of days specified in Annex number 2 from the recorded date.3 The resulting date is the start of the relevant period. The code management back end sends this date to the infected person’s SwissCovid app.
4 The infected person’s SwissCovid app sends the private keys that were effective in the relevant period to the PDM back end, together with their dates.
5 The PDM back end records the received private keys with their dates on its list.
6 After the private keys have been sent, the SwissCovid app generates a new private key. This key cannot be used to identify earlier private keys.
1 The notification contains:
- the information that the app user has potentially been exposed to the coronavirus;
- a note of the days on which exposure may have occurred;
- the information that the FOPH operates an infoline that provides advice free of charge;
- recommendations from the FOPH on what to do.
2 The PT System does not issue any instructions to app users.
1 The code management system contains the following data:
- the activation codes;
- the date on which the first symptoms occurred, or, if the infected person has not displayed any symptoms, the date of the test;
- the time when the data in accordance with letters a and b will be destroyed.
2 These data cannot be used to identify app users.
The code management system may be accessed via:
- a specialist from the authorised agency via the front end; or
- an interface between the code management system and a system operated by the authorised agency.
- cantonal medical officers;
- the Armed Forces Surgeon General;
- other staff of the cantonal medical services or of the Armed Forces medical services;
- third parties acting on behalf of the cantonal medical services or the Armed Forces medical services;
- staff at medical practices;
- staff at laboratories with authorisation under Article 16 EpidA;
- staff at the facilities specified in Article 24 paragraph 1 letter b of the COVID 19 Ordinance 3 of 19 June 20206;
- staff of the Infoline under Article 7 paragraph 1 letter c.
2 The code management system is accessed via the Federal Administration’s Central Access and Permission System for web applications. The provisions of the Ordinance of 19 October 20168 on Federal Identity Management Systems and Directory Services apply.
3 The FOPH assigns and manages access rights to the code management system. It may authorise cantonal medical officers and the Armed Forces Surgeon General or a specific member of their auxiliary personnel to grant access rights to auxiliary personnel.
1 Amended by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
2 Amended by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
3 Amended by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
4 Inserted by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
5 Inserted by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
6 SR 818.101.24
7 Inserted by No I of the O of 18 Nov. 2020, in force since 19 Nov. 2020 (AS 2020 4733).
8 SR 172.010.59
The FOPH shall enable the authorised agencies under Article 9 paragraph 1 to connect their systems via the interface to the code management system, provided the systems concerned provide an appropriate level of security.
1 The FOPH may instruct third parties to provide the SwissCovid app with online access to the list of data required for notifications.
2 It may the assign the task of granting rights of access to the code management system to third parties. The third party concerned must guarantee that the authorisation of specialists is verified reliably and in accordance with the law.
3 The third parties must be contractually required to comply with the requirements of Article 60a EpidA and of this Ordinance; this does not apply to the regulation relating to the source code under Article 60a paragraph 5 letter e EpidA. The FOPH shall verify compliance with the requirements.
1 Articles 57i–57q of the Government and Administration Organisation Act of 21 March 19971 and the Ordinance of 22 February 20122 on the Processing of Personal Data accumulated through the Use of the Confederation’s Electronic Infrastructure apply to the storing and the evaluation of the records of access to the PDM back end, the code management system and the list under Article 10 paragraph 1.
2 Apart from these records and records of encounters, the PT System does not maintain any record of the activities of the front end of the code management system and the SwissCovid app.
The FOPH shall regularly provide the Swiss Federal Statistical Office (FSO) with the latest collection of data in the two back ends in a completely anonymised form for statistical assessment.
1 The data in the PDM System shall be destroyed both on the smartphones and in the PDM back end 14 days after they are recorded.
2 The data in the code management system shall be destroyed 24 hours after they are recorded.
3 The record data of third parties assigned tasks under Article 10 paragraph 1 shall be destroyed 7 days after they are recorded.
4 In addition, the destruction of record data is governed by Article 4 paragraph 1 letter b the Ordinance of 22 February 20121 on the Processing of Personal Data accumulated through the Use of the Confederations Electronic Infrastructure.
5 The data made available to the FSO shall also be destroyed in accordance with this Article.
1 The FOPH shall publish the data that allows verification of whether the machine readable programmes of all components of the PT System have been produced using the published source code.
2 It shall also verify this itself.
1 When this Ordinance ceases to apply, the FOPH shall deactivate the SwissCovid app and instruct users of the SwissCovid app to remove the app from their mobile phones.
2 The FOPH shall submit a report to the Federal Council within six months of this Ordinance ceasing to apply.
The COVID-19 Ordinance of 13 May 20201 on the Proximity Tracing Pilot Trial is repealed.
The Federal Department of Home Affairs (FDHA) shall update the Annex to this Ordinance in accordance with the current state of the art.
This Ordinance comes into force on 25 June 2020 at 00.00 and applies until 30 June 2022.
(Art. 5 para. 2 let. e and 6 para. 3)
The epidemiological conditions for an encounter to have taken place are fulfilled if the following requirements are met:
- There has been physical proximity of 1.5 metres or less to at least one mobile phone that pertains to an infected user.
- The sum of the duration of all encounters in terms of letter a within any single day is equal to or in excess of fifteen minutes.