In May 2026, WeRide removed the front-row safety driver from its autonomous Robobus at Zurich Airport, replacing the person behind the (absent) wheel with an off-site remote operations team and a single observer in the rear seat. The Chinese-developed shuttle — running since June 2025 between the employee entrance at Gate 101 and a maintenance area, carrying up to nine passengers at speeds capped around 24 mph — became one of Europe's first driver-out passenger shuttles of its kind. It is a genuine engineering milestone. It is also the first real stress test of whether Switzerland's year-old automated-driving framework, and its separate data-protection regime, were written for the same world.
What the rules actually require
Switzerland's Ordinance on Automated Driving (OAD/VAF) took effect on 1 March 2025, built on Articles 25a–25g of the Road Traffic Act. The Federal Roads Office (FEDRO) permits three use cases: motorway systems with a takeover request, automated parking in approved zones, and driverless vehicles on cantonally approved routes under operator supervision. Two requirements matter here. First, FEDRO states plainly that "the recording of relevant system data in the vehicle is mandatory" — every automated vehicle must log activation and deactivation events, takeover requests, emergency manoeuvres, and collisions. Second, driverless vehicles must be supervised by operators who verify pre-departure checks, monitor the route, review system-proposed manoeuvres, manage passenger safety, and report accidents to police.
The Robobus satisfies the letter of all of this. Its LIDAR, radar, HD-camera and AI-navigation stack produces exactly the event log the ordinance contemplates, and a remote team performs exactly the supervisory role the OAD describes. On its own terms, the deployment is compliant innovation working as intended.
The legitimate concern
The strongest case for tighter scrutiny is not hypothetical. A driverless shuttle operating airside at critical national infrastructure continuously captures high-resolution telemetry: HD maps of restricted zones, the movement patterns of airport staff, and the precise surrounding environment of a secured perimeter. That data streams to an off-site operations function tied to a foreign operator. A regulator worried about data sovereignty is right to ask where those feeds terminate, who can access them, and whether sensor data describing a sensitive site could be aggregated into something a Swiss authority would never knowingly export. The OAD's data-recording mandate was designed for accident reconstruction and safety auditing — not for governing live cross-border streams of environmental and passenger-movement data. That is a real gap, and pretending otherwise would be a disservice to readers.
But Switzerland already has the right tool
Where we part company with the alarmist framing is on the claim that this requires a new autonomous-vehicle data-sovereignty regime. Switzerland's revised Federal Act on Data Protection already governs the part that actually raises sovereignty stakes — personal data, including the movement patterns of identifiable staff and passengers. Under Article 16 FADP, the Federal Data Protection and Information Commissioner (FDPIC/EDÖB) is explicit: "personal data may only be transmitted abroad if the destination country has an appropriate level of data protection." The Federal Council's adequacy list (Annex 1 of the Data Protection Ordinance) covers the EEA and the UK; China is not on it. So any transfer of personal data to a non-adequate jurisdiction must already be wrapped in standard contractual clauses, binding corporate rules, or FDPIC-approved specific guarantees.
In other words, the binding legal constraint already exists and applies regardless of how the shuttle is driven. The proportionate response is enforcement and clarity, not a parallel statute: FEDRO and the FDPIC should jointly specify, in operating-permit conditions, where remote-supervision and sensor data may be processed, what must remain in Switzerland, and what contractual guarantees govern any export. Permit conditions are fast, vehicle-specific, and revisable — a far better instrument than primary legislation drafted in reaction to a single nine-seat bus.
Don't conflate provenance with risk
It is worth being precise about what is and isn't a sovereignty problem. The vehicle being Chinese-developed is not, by itself, a data harm; WeRide holds driverless permits in eight countries — Switzerland, China, the UAE, Saudi Arabia, Singapore, France, Belgium and the United States — and in the Swiss Furttal region operates across a 110-kilometre area under FEDRO authorisation. The relevant question is the data flow and its legal wrapping, not the passport of the engineering team. A framework that bans or burdens vehicles by national origin rather than by demonstrated data practice would chill exactly the kind of investment that has made Zurich an early European proving ground — and would set a precedent other markets would happily use against Swiss firms abroad.
The proportionate path
Switzerland built a deliberately enabling regime in 2025, and it is paying off in real-world deployments competitors are still negotiating. The Robobus shows the framework needs one targeted upgrade, not a rewrite: data-flow transparency baked into driverless permits, FADP transfer mechanisms verified before operations at sensitive sites, and a published standard for what telemetry from critical infrastructure must stay onshore. That preserves the open, innovation-friendly posture that attracted the deployment in the first place — while answering the sovereignty question with evidence and contracts rather than with fear of where a sensor was designed.