DuoKey logotype

Compliance

Swiss FADP (nFADP)

The revised Federal Act on Data Protection, security by design, data sovereignty and defensible technical measures.

Talk to us

Requirements

What the regulation expects

FADP requires appropriate technical and organisational measures tuned to risk (Art. 8 FADP). For many controllers, that includes encryption—especially when data is processed abroad or in multi-tenant cloud. The decisive question for auditors is often: can you show that *you* control access to plaintext, not only that the vendor says the data is encrypted? Customer-controlled keys (external KMS, XKS, Customer Key, DKE, MPC-based splits) document that separation and support transparency duties toward data subjects where security is relevant.
What the regulation expects

Customer-controlled keys under FADP

Art. 8 measures must match risk; external key control supports transparency and proportionate safeguards.

Privacy by design and default

Measures should be embedded early. Key architecture is part of that: default encryption with keys you govern reduces exposure without bolting on afterthoughts.

International disclosure and transfer risk

When data leaves Switzerland or the EEA, technical safeguards matter. Strong cryptography plus key custody in jurisdictions you choose narrows realistic access scenarios.

Processor instructions and accountability

Processors must assist with compliance. When keys are yours, the processor processes ciphertext or uses keys only under contracts and APIs you define—cleaner accountability lines.

Solutions

Relevant DuoKey products

OpenBAO + DuoKey SD-HSM

Central KMS with integration to agreed HSM or MPC infrastructure and your IAM.

Learn more
Microsoft 365 Customer Key & DKE

Hold root key material for workloads that must not rely on Microsoft administrative access alone.

Learn more
AWS XKS

Keep data keys under an endpoint you operate so AWS staff and APIs cannot silently unwrap everything.

Learn more
Tokenisation & data minimisation

Replace raw identifiers with tokens governed by your keys and policies.

Learn more

Key themes

Where customer-controlled keys fit

DuoKey supports Swiss controllers in meeting Art. 8 proportionality by ensuring that encryption key operations, access policies and logging are governed by your organisation — strengthening both technical measures and accountability toward data subjects.

Art. 8 — Technical and organisational measures

Demonstrate proportionate security including encryption and access control anchored to your organisation.

Relevant products:
OpenBAO + DuoKey SD-HSMAWS XKSM365 DKE

Transparency and data subject trust

Clear separation of roles between processor access and your key-controlled access supports honest privacy communications.

Relevant products:
Microsoft 365OpenBAO + DuoKey SD-HSM

Related links

Useful resources