Demand: Cloud migration in Switzerland. The outsourcing of sensitive personal data by public bodies to cloud solutions from international providers is inadmissible in most cases – what does this mean for your company?
The end of unlimited cloud freedom
The Conference of Swiss Data Protection Commissioners (privatim) adopted a resolution on November 24, 2025, that could spell the end for Swiss authorities and companies using common international cloud solutions. The core issue: Microsoft 365, Google Workspace, and similar SaaS solutions from international providers are practically unsuitable for processing particularly sensitive personal data .
This is not just a technical recommendation, but also a legal clarification with direct implications for the digital infrastructure of the public sector and increasingly for private sector entities as well. This is not just a Swiss issue; across the EU, various initiatives are underway to address this same issue. Why this hardline stance? And what practical alternatives already exist?
The core of the resolution: Why Microsoft 365 & Co. are no longer allowed
The loss of control dilemma
The privatim resolution identifies a fundamental contradiction: Public bodies bear a special responsibility for citizens' data. Outsourcing this data to SaaS solutions results in a massive loss of control. Globally operating corporations like Microsoft or Google do not offer sufficient transparency to ensure that:
- Contractual data protection obligations are met (technical measures, employee monitoring, subcontractor management)
- Software updates and new features must be implemented in compliance with data protection regulations (providers unilaterally change the terms and conditions).
- No uncontrolled data access by internal or external forces will take place.
Swiss authorities have no way of effectively carrying out these checks – a situation that privatim considers legally unacceptable.
The Cloud Act risk: US authorities are seizing access – including to Swiss data.
A crucial factor is the US CLOUD Act of 2018. This allows US authorities to collect customer data from American tech companies – without adhering to the rules of international legal assistance . This also applies to data stored in Swiss data centers.
This is unacceptable for authorities bound by confidentiality obligations (official or professional secrecy). The CLOUD Act effectively renders Swiss data protection laws ineffective.
The encryption gap: No end-to-end encryption without provider access.
Most available SaaS solutions (including M365, Google Workspace, and Nextcloud Standard) do not offer true end-to-end encryption that prevents providers from accessing plaintext data. This means that even if data is stored "in Switzerland," Microsoft or Google can read and analyze it—and, under the CLOUD Act, hand it over to US authorities.
The privatim solution: Client-side encryption as the only way and a cloud migration to Switzerland
The only permissible rule for public bodies:
Personal data that is particularly sensitive or subject to confidentiality obligations may only be outsourced to cloud solutions if:
- The public service encrypts the data itself (not the cloud provider).
- The cloud provider has no access to the encryption key.
In practical terms, this means that client-side encryption (encryption on the user's device before uploading) is no longer optional – it has become a requirement.
The problem: Many modern SaaS tools only work with provider-side encryption. They need to be able to "read" data to perform searches, enable real-time collaboration, or create automatic backups. Client-side encryption eliminates this functionality.
What does this mean for Swiss companies?
Authorities and public bodies: Immediate consequences
Cantonal administrations, municipalities, courts, police, and schools must review their Microsoft 365 and Google Workspace infrastructures. Specifically:
- Personal data of citizens (tax data, social benefits, court records, patient data)
- Confidential data (cantonal council documents, negotiations, internal investigations)
These should no longer reside in international public cloud solutions – unless they are protected by client-side encryption. Recommendation: Cloud Migration Switzerland
Private companies: A silent warning sign
While privatim only directly regulates public bodies, the message for private companies is unambiguous: If your company processes particularly sensitive data (personnel files, client files, financial data, patient records), the same risks apply. The resolution establishes the new standard for data protection-compliant cloud usage in Switzerland through Cloud Migration Switzerland.
Companies that fail to adapt:
- They squander the trust of their customers and employees
- Risk data protection fines (up to CHF 100,000 for private individuals, up to 6% of turnover for public authorities)
- They risk their reputation in an increasingly privacy-conscious market.
Practical alternatives: Cloud migration in Switzerland and European cloud solutions
Why cloud migration in Switzerland is now becoming a strategic necessity:
The privatim resolution indirectly formulated the following requirements for cloud providers:
| Requirement | Microsoft 365 | Swiss alternatives |
|---|---|---|
| Provider's headquarters | USA | Switzerland, EU |
| Data storage | USA + worldwide | Switzerland, EU |
| Client-side encryption | Limited/Paid | Standard or selectable |
| Transparency report | Small amount | Regularly, independently audited |
| Cloud Act protection | No | Through the Swiss legal system |
| Compliance audits | Limited visibility | Open, SOC 2, ISO 27001 |
Specific solutions that meet privatim's requirements through a cloud migration to Switzerland:
- Infomaniak (Switzerland – own data centers)
- Completely Swiss data storage
- Optional client-side encryption for confidential files
- GDPR and DSG compliant
- Regardless of US regulations
- Portfolio: kSuite Pro (email, calendar, file management, video conferencing)
- OnlyOffice (as a locally hosted suite)
- Microsoft Office-compatible functionality without cloud dependency
- Open source, self-manageable
- ProtonMail / Proton Drive (Switzerland) / Nextcloud On-Premise (Germany, Switzerland as options)
Cloud Migration Switzerland: The practical path from Microsoft and other companies to Swiss solutions
Many organizations are asking themselves: How does this work in practice? The migration from Microsoft 365 to Swiss solutions follows this pattern:
Phase 1: Analysis (2–4 weeks)
- What types of data are processed? (Particularly sensitive? Subject to confidentiality?)
- Which Microsoft services are in use? (Email, Teams, OneDrive, SharePoint, etc.)
- How many employees and licenses are affected?
Phase 2: Pilot migration (4–8 weeks)
- Selection of a pilot group (usually IT team, HR department)
- Testing Infomaniak/Proton solutions with real workflows
- Evaluation of functional gaps (e.g., Teams replacement by kConf video conferencing)
Phase 3: Full migration (2–6 months)
- Gradual conversion per department
- Parallel operation to ensure data continuity
- Employee training and change management
Phase 4: Cloud Act Security
- Implementation of client-side encryption for particularly sensitive files
- Conduct a Data Protection Impact Assessment (DPIA).
- Finalize the contract with the new provider
Your practical partner for cloud migration in Switzerland – Office2SwissCloud.ch
The theory is clear. The requirement for the private data resolution is unambiguous. But how do you implement this in practice – without jeopardizing business operations?
This is precisely where Office2SwissCloud comes in. As a specialized consultant and implementation partner, Office2SwissCloud supports organizations and individuals throughout their journey from Microsoft, Google, or Apple to secure Swiss cloud solutions at Infomaniak – with zero compromises on data protection, compliance, and independence.
What Office2SwissCloud offers:
1. Analysis of your existing environment
- Thorough evaluation of your IT infrastructure
- Classification of data types (particularly worthy of protection? Subject to confidentiality?)
- Determining the technical requirements for migration
- Advice on alternatives and suitable Swiss solutions
2. Setting up the new cloud infrastructure
- Secure and seamless migration of all data (email, files, calendar, contacts, video conferences)
- Configuring Infomaniak kSuite Pro with client-side encryption where necessary
- Integration of non-proprietary office applications (OnlyOffice)
- Secure data transmission with complete integrity
3. Commissioning and training
- Review of all migrated data
- Competent training for your employees
- Continuous Support and Optimization
- Documentation for future maintenance
4. Continuous support
- Technical support after migration
- Support with new requirements
- Compliance documentation and data protection impact assessments
- Long-term security and optimization
Why Office2SwissCloud?
- Swiss expertise : Deep understanding of Swiss data protection (GDPR, FINMA guidelines, privatim requirements)
- Proven Infomaniak expertise : certified partner with extensive experience in Infomaniak migrations
- No vendor lock-in : Open, non-proprietary solutions – your data remains under your control.
- For public authorities and private companies : Experience with public bodies, SMEs and private individuals
Cloud Migration Switzerland : Costs and Transparency
A frequently asked question: How expensive is a migration?
The good news: The initial consultation is free. Office2SwissCloud helps you understand the complexity and scope before you commit to any investments.
The cost of a migration depends on:
- Number of users
- Data volume (email archives, files, etc.)
- Complexity of integrated systems
- Training needs
Realistic example of a 20-person SME:
- Consulting & Analysis: CHF 2,000–4,000
- Migration & setup: CHF 3,000–6,000
- Training & commissioning: CHF 2,000–3,000
- Total: CHF 7,000–13,000 (one-time fee)
By comparison, long-term compliance risks, data protection fines, and forced emergency migrations can cost many times more.
Frequently Asked Questions (FAQ) – From the privatim resolution to practical implementation
Q: Does the Private Im Resolution also apply to my private company?
A: Not directly – private entities regulate public bodies. However, the requirements apply indirectly: If your company processes sensitive data (personnel files, client files, patient records), you are de facto obligated to meet the same security standards. The CLOUD Act affects everyone, not just government agencies. Office2SwissCloud can advise you on whether the resolution directly affects your organization.
Q: Can I set up Infomaniak myself, or do I need a consultant?
A: Technically, Infomaniak is user-friendly. But a professional migration has massive advantages:
- Data security : No data loss during transmission
- Compliance : Documentation for data protection audits
- Employee satisfaction : Structured training instead of self-experimentation
- Time efficiency : Expert setup vs. weeks of self-experimentation
Office2SwissCloud saves you this time and risk.
Q: How long will I be without service during the migration?
A: With a professional approach: Virtually no downtime . Office2SwissCloud operates in parallel – the old infrastructure continues to run while the new one is being built. Then a smooth switchover follows.
Q: What happens to my emails and OneDrive/Google Drive etc. files?
A: Everything will be migrated. Office2SwissCloud ensures that:
- All email archives from Gmail/Outlook will be preserved.
- All OneDrive/SharePoint files will be transferred to Infomaniak kDrive.
- Calendar, contacts and notes will be synchronized
- Permissions and releases are correctly reconstructed.
Q: Can I carry out the migration in stages?
A: Yes, absolutely. Office2SwissCloud can start with departments or even individuals – in a pilot phase. This reduces the risk and allows teams to test the new solution before a company-wide rollout.
Next steps – Your journey to independence begins with a conversation
The privatim resolution is not a vague ideal – it is a regulatory signal . Organizations that prepare today will avoid problems tomorrow.
Here's how to get started:
1. Book a free initial consultation.
Contact Office2SwissCloud for a no-obligation consultation . You will receive an honest assessment of your current situation and your migration options.
2. Get an analysis done.
Office2SwissCloud conducts a thorough analysis of your IT environment – free of charge or with minimal effort. You will then receive a concrete migration offer.
3. Start a pilot project.
Less risk with a pilot: Test the Infomaniak solution with a small team before migrating company-wide.
4. Plan the full migration.
Once the pilot is successful, plan the phased full migration – with minimal business risk.
Contact Office2SwissCloud today:
🔒 Swiss data protection. 100% independence. No Cloud Act risks.
📧 Write to us: thomas.marx@office2swissscloud.ch
📧 Visit office2swisscloud.ch for:
- Detailed information about migration services
- Customer experiences and success stories
- FAQ about Infomaniak and Swiss cloud solutions
- Book a free initial consultation
The time to act is now. The Privatim resolution shows that Swiss data protection advocates expect independence – not sometime in the future, but today. Office2SwissCloud is your partner on this path.
The economic perspective: Why cloud migration in Switzerland makes economic sense
It is often argued that "Microsoft is cheaper." This is not true – the hidden costs of the lack of data security are considerable:
Risks of Microsoft 365 for Swiss authorities:
- Potential data protection fines (resulting from CLOUD Act access)
- Reputational damage due to public data breaches
- Costs of forensic investigations and emergency communication
- Future forced migration (if regulations are tightened)
The long-term strategy: Digital sovereignty for Switzerland
The privatim resolution is part of a larger European movement . Countries like France (Gaia-X initiative), Germany (Sovereign Cloud) and now Switzerland are investing in digital independence from US platforms.
Switzerland positions itself as:
- Data protection pioneer (GDPR-like regulation since 1992)
- Safe haven for data (rule of law, political neutrality)
- Economic location for cloud innovation (Infomaniak, Proton, Nextcloud communities)
Companies that embrace this trend early on will win:
- Competitive advantage : Customers trust Swiss data processing
- Future security : No more forced migrations
- Independence : Less dependence on US corporate updates and policy changes.
Recommendations for action for 2026
For public bodies:
- ✓ Conduct an audit: What data is currently stored in Microsoft 365/Google Workspace?
- ✓ Classify: Which items are particularly worthy of protection or must be kept confidential?
- ✓ Start a pilot project: Test migration to Infomaniak kSuite or ProtonMail
- ✓ Document compliance: Conduct a Data Protection Impact Assessment (DPIA)
For private companies:
- ✓ Data protection self-check: Do I indirectly affect the requirements of the resolution?
- ✓ Compare: Evaluate Infomaniak, Proton, and Nextcloud on-premise
- ✓ Market access: Which customers expect Swiss data storage?
- ✓ Invest in the future: Swiss cloud solutions reduce compliance risks
Conclusion: The CLOUD Act forces Switzerland to take action
The PrivatIM resolution of November 24, 2025, marks a turning point. The American CLOUD Act has proven that US cloud providers do not offer sufficient control and transparency. The response is clear: Switzerland needs Swiss clouds for sensitive data.
This is technically possible – it's long overdue, both politically and economically. Infomaniak and other Swiss providers have the infrastructure and expertise to meet the demand. The CLOUD Act won't disappear, but Swiss companies can free themselves from it – through digital sovereignty.
