Switzerland Switzerland BAKOM telecom regulation

Switzerland's 'Lex Huawei' Telecom Bill Picks Case-by-Case Vetting Over a Blanket Ban

Bern's draft telecom security law would force multi-vendor sourcing and let the government bar risky suppliers case by case — short of a blanket China ban.

Switzerland's Draft Telecom Security Law People of Internet Research · Switzerland May 27, 2026 Consultation opened Federal Council launched the FMG s… Sep 17, 2026 Consultation deadline Roughly a 16-week window for stake… 3 telcos Carriers must localize SOCs Swisscom, Salt and Sunrise, plus f… peopleofinternet.com
Switzerland's Draft Telecom Security L… People of Internet Research · Switzerland May 27, 2026 Consultation opened Sep 17, 2026 Consultation deadline 3 telcos Carriers must localize SOCs peopleofinternet.com

Key Takeaways

What Bern Actually Proposed

On May 27, 2026, the Federal Council opened a formal consultation on a partial revision of the Fernmeldegesetz (Telecommunications Act) focused on security, running until September 17, 2026 (UVEK; BAKOM). The draft would require telecom operators to source network equipment from multiple suppliers rather than standardizing on one vendor, give the government discretionary authority to prohibit equipment from suppliers it judges to pose a security risk — particularly if a supplier is influenced by a foreign state during a geopolitical escalation — and, at the ordinance level, require Swisscom, Salt, and Sunrise, plus any full mobile virtual network operators, to run their network operations centers and security operations centers exclusively inside Switzerland (Netzwoche). Industry press has nicknamed it "Lex Huawei" because the vendor-exclusion power concretizes a debate that has circled the Chinese equipment maker in Swiss politics for years, even though the bill names no vendor (ICTjournal).

The Case for It

The strongest argument for this bill isn't hypothetical. A telecom network built on a single vendor's core equipment is a single point of failure — for both outages and espionage. If one supplier's hardware sits in the core of Swisscom, Salt, and Sunrise's networks simultaneously, a single compromised firmware update or a single company put under adversarial state control creates a national-level vulnerability, not a company-level one. Switzerland is also unusually exposed: it hosts a disproportionate share of international diplomatic, financial, and NGO traffic relative to its population, which makes its telecom core a more attractive intelligence target than its size would suggest. And Bern isn't improvising in a vacuum — the EU's 5G Cybersecurity Toolbox already lets member states restrict "high-risk vendors," and Brussels moved in January 2026 to make exclusion of Huawei and ZTE binding across the bloc rather than advisory (TelecomTV). A Switzerland that stayed permissive while its neighbors hardened would become the weak link in a shared European network, not a neutral bystander.

Where the Design Gets the Balance Right

Judged against that backdrop, the actual mechanics of the Swiss proposal are more measured than the "Lex Huawei" label implies. The bill does not name Huawei, ZTE, or any country. It does not ban a vendor outright. Instead it creates a case-by-case executive power, triggered by a defined risk finding, reviewable and reversible as circumstances change. That is a meaningfully different instrument than the EU's January 2026 approach, which the Commission's own draft regulation designates Huawei and ZTE equipment as "high-risk" categorically, foreclosing case-specific reassessment. Switzerland's multi-vendor sourcing requirement is also a genuinely proportionate resilience measure on its own terms — diversifying supply chains reduces single-point failure risk regardless of which government is worried about which vendor, and it doesn't require Bern to make a contested geopolitical accusation to justify it.

Where It Still Overreaches

The part that deserves more scrutiny is the requirement that network and security operations centers run exclusively inside Switzerland. Modern telecom operations — threat monitoring, anomaly detection, patch orchestration — increasingly rely on shared regional or global security operations infrastructure precisely because pooling telemetry across borders improves detection of novel attacks. A hard domestic-only mandate forecloses that pooling for Switzerland's three carriers and any full MVNO, potentially making them slower, not faster, to spot the next cross-border attack campaign. It also raises real compliance costs for a market of Switzerland's size — 8.9 million people, three national carriers — that the consultation process should force regulators to justify against a specific, articulated threat rather than a generalized sovereignty preference. Multi-vendor sourcing mandates carry their own quiet cost too: forcing operators to run parallel equipment stacks from different suppliers increases integration complexity and, absent competitive alternatives to the leading vendors, may raise procurement costs that eventually reach consumers.

What Happens Next

The consultation runs through September 17, 2026, giving carriers, vendors, and civil society four months to contest specifics before the bill moves toward parliament (UVEK). That window is the right venue to push back on the SOC-localization mandate specifically — not to relitigate whether Switzerland should be able to assess supplier risk at all, which is a legitimate state function comparable to what its EU neighbors already do, but to demand the domestic-operations requirement be scoped to what genuinely improves security rather than what simply signals it.

Sources & Citations

  1. UVEK press release (Federal Department of Environment, Transport, Energy and Communications)
  2. BAKOM consultation listing
  3. Netzwoche
  4. ICTjournal
  5. TelecomTV