Autonomous Systems: Guidelines for Regulatory Questions

Symbolbild für einen autonomen Traktor

This page is available in:

The regulation and standardisation of autonomous systems are currently not keeping pace with technological developments. As a result, the legal framework in this domain is insufficiently clear to many manufacturers. The goal of the present guidelines is to clarify legal questions in relation to autonomous systems.

I. Introduction

The development of autonomous systems is advancing at an extraordinary pace and will penetrate more and more areas of life. Much of public debate today focuses on the transport of persons and goods in self-driving cars and lorries. Beyond that, there are a great many other areas where autonomous systems are in use and will increasingly come into contact with the general public. As it stands, the relevant regulatory and normative requirements are not yet sufficiently developed and remain unclear to a large number of manufacturers. In Switzerland, where many of these systems are designed and developed, the need to create clarity and offer guidance is evident. These guidelines aim to close the existing gap. Specifically, they focus on autonomous ground vehicles and systems potentially in use in public spaces. This document serves as a first point of contact for manufacturers who are looking for a clear and understandable introduction to the relevant legal questions and challenges.

Use the accordion controls to toggle the visibility of each panel (below the controls).

These guidelines are designed for companies and individuals who develop (semi)-autonomous systems (hereafter referred to as «autonomous systems»), who want to place them on the market or to market them. These guidelines do not cover medical applications and systems due to the specific regulatory requirements of the said applications and systems. The scope of these guidelines is limited to autonomous systems that meet the following conditions:

  • Ground contact: autonomous systems that operate in the air, on rails or in water are not included.
  • Commercial use: autonomous systems used exclusively for private purposes or purely for research purposes are not included.
  • Contact with public spaces: autonomous systems in operation exclusively on private property are not included.

Autonomous systems that primarily transport goods or persons on public roads are not included in these guidelines.

The autonomous systems listed below are some examples of what these guidelines include:

  • Autonomous tractors and agricultural systems
  • Autonomous lawn mowers for professional greenkeeping
  • Autonomous cleaning robots for real estate management
  • Autonomous security robots for patrolling

In the context of driving, the Swiss Automobile Association (SAVV) and the Federal Roads Office (FEDRO) refer exclusively to automation. In the document at hand, the overall systems are referred to as »autonomous”. In addition to their automated driving function, these systems perform other activities as well, such as farmland management or real estate inspecting (see glossary for more information).

From a regulatory perspective, the key focus is on ensuring the safety of the respective system. Autonomous systems must not pose any danger to humans, e.g. by colliding with and injuring pedestrians. That is why there are comprehensive provisions in place that must be observed when developing, manufacturing, and marketing products (see chapter II for more information). Additional requirements exist for when autonomous systems travel on public roads (see chapter III for more information). A further question concerns the correct handling of personal data, especially when autonomous systems are equipped with cameras (see chapter IV for more information). Finally, it is important to be aware of any impending liability and, to the extent possible, protect oneself from liability risks (see chapter V for more information).

From a regulatory perspective, the following strategic questions arise for manufacturers ― questions which are highly relevant in terms of scope and depth of the legal requirements:

  • Automated driving on private property vs. on public roads: Is it important for a manufacturer that its system can be operated in automated mode on public roads as well? Or is it sufficient for automated mobility to be limited to private property? (See chapter III for more information.)
  • Manufacturing an overall system vs. upgrading an existing device: Is a manufacturer specialised in the end-to-end development of an overall system, incl. hard- and software? Or is the manufacturer automating pre-existing machines or vehicles? (See chapter II, question 7, for more information)
  • Simple automation vs. autonomous systems: Is a manufacturer developing a system that is based on a simple input-output pattern and operating within clearly defined parameters? Or is the manufacturer producing autonomous systems that are based on advanced machine learning methods (e.g. deep neural networks) and that make decisions independently even in complex situations? (See chapter III for more information)
  • Full documentation vs. pace of product development: Does the manufacturer have the knowledge and resources needed for full documentation, quality assurance and certification of its products? Or is documentation slowing the pace of development? (See chapter II, question 11., for more information)

The regulatory requirements for manufacturers of autonomous systems are extensive and complex. Therefore, it makes good sense to have an overview of the most important action points which can be prioritised in accordance with the specific requirements of the respective system:

  • Documentation of all activities relevant from a regulatory perspective:   Documented adherence to important safety-relevant regulations, norms, directives, ordinances, and standards
  • Authorisation pursuant to the Road Traffic Act [Strassenverkehrsgesetz (SVG)]: Selection and implementation of an authorisation process, e.g. as a pilot test or in regular operation
  • External certification: Collaboration with an organisation specialised in quality assurance, risk management and inspecting complex systems [e.g. SUVA (Swiss National Accident Insurance Fund) or TÜV (Technical Inspection Association)]
  • Self-declaration: (CE) marking to indicate that an autonomous system has been assessed by the manufacturer and that it e.g. meets the health, safety, and environmental protection standards of the European Union (EU).
  • Specific agreement: Definition of the rights and duties of all parties involved, in contracts and/or in operating manuals
  • Take out insurance: Hedging of liability risks, particularly to cover personal injury and property damage
  • Participation in expert committees: Membership and active shaping through proactive collaboration in institutions responsible for regulating and/or standardisation [e.g. Swiss Association for Standardisation (SNV)]

Due to the speed of technological progress, regulatory requirements are not only extensive and complex, but often also subject to different interpretations. As part of a professional risk management, it is the responsibility of the manufacturer to ensure that the most important requirements are adhered to.

Promote responsible innovation

The purpose of these guidelines is to provide manufacturers with an overview of the most important legal bases. The content was devised within the scope of the Innovation Sandbox for Artificial Intelligence (AI). The aim of the sandbox is to contribute to clarifying regulatory questions at the interface of public administration, industry and research. This calls for interdisciplinary collaboration across different topics and institutions, as the only way to ensure and improve a regulatory environment for responsible innovation and technology development in the long term.

II. Market entry and certification

Use the accordion controls to toggle the visibility of each panel (below the controls).

In the majority of cases, autonomous systems are deemed to be products within the meaning of the Federal Law on Product Safety. The principle applies by which products only can enter the market if, under normal or reasonably foreseeable product use, the health and safety of the users are assured. Certain decrees contain specifications on how basic safety and health protection requirements must be designed. These special decrees take precedence over the Federal Law on Product Safety. Product-specific sectorial special decrees for machines can be found in the Swiss Ordinance for Machine Safety (MaschV). Special regulations also exist for chemicals, therapeutic products and foodstuffs.

In most cases, autonomous systems fall within the very broad term «machine»; consequently, the applicable regulations are likely to be the Ordinance for Machine Safety (MaschV). But in many cases, depending on domain of use, further product safety regulations must also be observed.

Specifications of applicable safety and health protection requirements can often be found in the standards of international standardisation organisations, such as CEN/CENELEC or ISO/IEC. Some of the CEN/CENELEC standards are specifications of EU legal texts, and compliance with these standards is mandatory. Compliance with the other standards is voluntary; the same applies to ISO standards which are not imperative and fall under private law.

In addition to Ordinance for Machine Safety (MaschV), the regulations governing energy efficiency pursuant to the Federal Energy Efficiency Ordinance generally apply.

The entity responsible for ensuring that the statutory provisions are observed is the person responsible for the market entry, i.e., generally the manufacturer or the importer. That person must carry out the necessary conformity assessment procedure or have it carried out by an accredited testing institute (cf. also chapter II, question 5). The specific content of the conformity assessment procedure is based on the applicable technical standards, in the case of machines pursuant to MaschV and, if need be, in accordance with relevant EN or SN standards. In the case of machines, for instance, a risk assessment must be performed, the results of which must be drawn on in the construction of the machine.

After completing the conformity assessment procedure, the person responsible for the market entry must issue a certificate of conformity which needs to be signed.

Keeping up to date with the latest standards currently presents a challenge. Relevant standards can be requested from the Swiss Association for Standardisation (SNV). Manufacturers of autonomous systems can also register to visit one of the SNV contact points to consult the entirety of standards in a public room. Relevant standards may be purchased in the online shop of SNV as needed. However, it is the responsibility of the manufacturer to assess if a standard is applicable or not, which can be fraught with difficulties.

SNV members also have access to devising new standards. There is the option of becoming actively involved in the devising process (e.g. in mirror committees at national level or in work groups at international level). The membership fee is based on the respective company size of the manufacturer.

Furthermore, keeping abreast of the publication of new standards can be challenging. The following institution regularly publishes updates on relevant standards:

In many cases, it is difficult for manufacturers to assess which standards are relevant and applicable for them. Given that the pace of technological development runs ahead of the publication of standards, it is often up to the manufacturer to find out which standards are applicable; oftentimes, suitable standards are not yet available for innovative products. In these cases, regular interaction with other manufacturers operating in the same sector and who are faced with similar regulatory questions can be of great value (e.g. company network of the Division of Business and Economic Development in the Canton of Zurich).

However, assessing whether all relevant standards have been considered is ultimately part of the risk management every manufacturer must perform.

Depending on the product, the responsibility for ensuring compliance with the rules on market entry (market control) rests with the various bodies designated by the Product Safety Ordinance (PrSV) and the Federal Department of Economic Affairs, Education and Research (EAER). In the operational domain, i.e. for products such as machines used in companies, Suva (Swiss National Accident Insurance Fund) is central in this respect.

No. An actual certificate is not mandatory. A conformity assessment is, however, necessary (cf. question 2 in chapter II). For certain products, it can be carried out by the person responsible for the market entry. Furthermore, there are several accredited conformity assessment bodies (testing institutes) that assess product conformity pursuant to the requirements of the applicable specifications and who issue a corresponding certificate. A list of accredited certification bodies for products is available on the website of the Swiss Accreditation Service. External certification is costly, but has the advantage of offering a relatively high level of certainty that the autonomous system adheres to legal requirements.

A CE conformity marking is generally not required for Switzerland. However, if sector-specific legislation stipulates the need for a conformity marking, the CE conformity marking can be affixed in lieu of the Swiss conformity marking. Anyone who wishes to place an autonomous system on the market in Switzerland and, later, in the EU as well should consider striving for CE certification from the start.

The CE marking can be affixed by the manufacturer itself. To that end, the manufacturer shall carry out a conformity assessment of its product (or shall have a conformity assessment carried out) to ensure that the product complies with all applicable requirements. That being the case, the manufacturer shall draw up a declaration of conformity and affix a CE marking to the product.

The requirements that need to be met for a product to have a CE marking are determined by the individual EU harmonisation directives. An overview of the various technical harmonisation directives is available on the website of the EU.

In principle, yes. The product safety regulations also apply to modified products, re-cycled or used products. Accordingly, any certification will need to be reassessed.

Use of already certified components will often eliminate the considerable effort that certification and conformity assessments involve. If that route is taken, the focus is more on the question as to whether the certified component (e.g. a purchased lidar sensor) is compatible with the overall system. The main disadvantage is that already certified components are standardised and can limit flexibility, particularly in relation to hardware design.

No, in the domain of machines it is generally sufficient for a product to have been lawfully placed on the market in the EU, for the product to be distributed in Switzerland as well.

Radio is the transmission of wireless signals via a specific frequency spectrum. If the system contains a radio transmitter and/or receiver, it is, from a legal perspective, a radio system. Special market access requirements apply to radio equipment (offering, selling, renting, placing on the market), e.g. with regard to safety. Furthermore, a conformity assessment must be performed. The Federal Office of Communication (OFCOM) is the supervising body and in charge of issuing operation licences.

More information is available on the OFCOM website.

No licence is required for control via Bluetooth because an open communication standard can be used for transmission. Transmission via wireless LAN is also possible without a licence.

In addition, the regulations governing electromagnetic compatibility must be observed for all types of electric and electronic products.

In principle, the person responsible for the market entry must be able to provide and keep available all required technical documents as well as the conformity assessment, from the time of the market entry and for at least ten years from the date of manufacture.

Manufacturers are often faced with conflicting priorities between having as complete as possible documentation of all technical specifications, on the one hand, and the pace of product development, on the other. Ideally, all development steps will be extensively documented and the technical documentation always up to date. It is often far more cumbersome to have to document the steps taken retroactively. What is more, technical documentation must, by law, be available in full at the latest at the time the product is placed on the market.

The declaration of conformity requires that the instruction manual (including operational manual, user manual or maintenance manual) as well as the safety information about the product are written in the Swiss official language spoken in the part of the country in which the product is expected to be used. Furthermore, the information must be easy to understand. Since it is never possible to fully eliminate all product risks, the instruction manual must include all safety-related information, i.e. the user must be informed, in particular, about the residual risks. If the residual risks can only be removed through special training, familiarisation, or personal protective equipment, this also needs to be explained and specified in the instruction manual.

In principle, the instruction manual does not need to be signed by the users. However, in cases where special (safety) requirements need to be observed when using an autonomous system, a signature may help to demonstrate that the user was informed about the correct use and had also undertaken to comply with the requirements at all times.

The Federal Law on Product Safety defines certain duties after the market entry of a product; in particular, active market monitoring of the safety aspects of the autonomous system must be carried out. The product must be monitored during the entire period of use.

III. Authorisation ― driving on public roads

Use the accordion controls to toggle the visibility of each panel (below the controls).

Use of an autonomous system on public roads requires authorisation as a motor vehicle. A separate authorisation must be obtained for non-mass-produced vehicles This can be very time- and resource-intensive. Start-ups and small manufacturers with very limited resources are faced with the question as to whether obtaining authorisation for use of autonomous systems on public roads is realistic. If automated driving is not strategically central to the business, a comprehensive cost-benefit analysis should be conducted, given that the regulatory complexity increases drastically for autonomous systems on public roads.

Public roads are traffic areas used by motor vehicles, motorless vehicles or pedestrians. They include all areas that serve for traffic or are suitable as a traffic area. In addition to actual traffic routes, this includes squares, bridges, or underpasses, even hiking and forest trails, paths in the open countryside, ski and sledging slopes or frozen bodies of water, provided they are in fact used as traffic areas, or can be used as such. Forests and meadows are also generally considered to be public areas, to the extent that they are freely accessible.

According to the Swiss Automobile Association (SAVV) and the Federal Roads Office (FEDRO), a distinction can be made between five different levels of automation. The term autonomous driving is not used by the SAVV or FEDRO. From a legal and technological perspective, levels three to five are of particular interest. At these levels, the driver hands over the responsibility for the vehicle conditionally or permanently to a »machine”. A legal basis is to be introduced within the scope of the revision of the Road Traffic Act (SVG), to make it easier to obtain authorisation for vehicles in levels 3 to 5.

Approval is necessary if the autonomous system is a motor vehicle within the meaning of the Road Traffic Act (SVG), i.e. a vehicle which is self-propelled that is in motion on the ground and does not operate on rails.

Authorisation is needed for almost all motor vehicles imported into Switzerland (exceptions: light motor-assisted bicycles, electric wheelchairs with a maximum permissible speed of 10 km/h). By virtue of the «Mutual Recognition Agreements» with the EU, vehicles that have already been authorised in an EU country will also be granted authorisation in Switzerland. The body responsible for homologation, i.e., granting authorisation for vehicles, is the Federal Roads Office.

If an authorisation exists in a non-EU state, any mutual agreement between Switzerland and the respective non-EU state needs to be observed.

Once authorisation has been obtained, the autonomous system will receive a number. There is also compulsory insurance, i.e. every vehicle in use on Swiss public roads must have third party motor vehicle liability insurance. The insurance is to be taken out and maintained by the vehicle holder – and not by the manufacturer.

Yes. If a motor vehicle has been authorised for use on roads, motor vehicle insurance companies are obligated to insure the vehicle. This also applies to vehicles that are predominantly in use on private roads.

Yes, the Road Traffic Act (SVG) provides for the possibility of a «pilot test». The Swiss Federal Council has the option of granting exemption permits to perform tests with automated vehicles that prove necessary pending statutory regulations (Art. 106 para. 5 SVG). The conditions for granting an exemption permit are as follows:

  • Generation of new insights in relation to state-of-the-art technology or use of automated vehicles or systems;
  • explanatory statement on the legal provisions that cannot be adhered to during the pilot test, and presentation of suitable measure for compensation;
  • reasonability and proportionality of the residual risk of the pilot test from the Confederation’s perspective.

The Federal Road Office has published an information sheet with more information on required vehicle technology, safety and procedures.

The law has no special provisions relating to this. If the system can also be operated manually, there is the option of driving on public roads in manual mode, e.g. travelling from one non-public area to another across a public route. This often makes it easier to obtain authorisation.

Today’s road traffic law assumes that a vehicle driver is physically present in the vehicle. However, vehicle teleoperation is not completely ruled out provided the vehicle can be acted upon without any delay. The road traffic rules stipulate that the driver must be in control of its vehicle, i.e. be able to act upon the vehicle at all times in the manner required for each case and to react without delay to any danger sufficiently quickly and purposively. If this can be ensured, remote steering is theoretically possible too.

The Road Traffic Act (SVG) does not apply to private roads. Accordingly, autonomous systems may be driven on private roads. However, for an authorised vehicle, any liability would still be in accordance with SVG; the vehicle holder would primarily be liable. If the autonomous system is on the private property of a third party, there would be the additional question as to a potential (co-)fault of the third party. In the case of non-authorised vehicles, liability is in accordance with the general principles of product liability and the Swiss Code of Obligations (OR).

In principle, pavements and walkways qualify as public roads within the meaning of the Road Traffic Act (SVG), on which no autonomous system may be operated. If your autonomous system needs to cross a walkway in order to get from one private space to another, this would, in practice, need to be done on a trailer (cf. chapter III, question 12.).

Fields and pastures used for haymaking are generally exempt from the validity of the Road Traffic Act (SVG). A normal meadow can also be removed from generally public accessibility by enclosing it with a fence, and thus exempted from the validity of SVG. Consequently, use of autonomous systems is permitted in these areas.

Under current law, there are two options: when designed as a dual mode, meaning the vehicle can also drive autonomously, it may be used on private property in autonomous mode, and subsequently be steered by a human driver to the other area of use. If the autonomous system cannot be steered by a human driver, then it must be transported on a trailer or a lorry from one area of use to the other.

If an autonomous component is installed in a pre-existing and authorised vehicle and the vehicle is to be used on public roads, the modification will need to be checked and authorised again by the Federal Road Office or the cantonal road traffic office.

In strategic terms, many manufacturers who »autonomise” existing vehicles opt to enter strategic partnerships with large, traditional producers (e.g. tractor manufacturers). This allows for technical processes to be aligned even more specifically, and for the certification process to be undergone as an overall system.

A revision of the Road Traffic Act (SVG) is underway. One of the objectives of the revision is to simplify the regulatory framework for automated driving. The Federal Council is to have the authority to determine to what extent drivers may be relieved of their duties and the extent to which autonomous vehicles (possibly with monitoring) may be operated on individual road sections. The Federal Road Office can approve or financially support tests with automated vehicles (levels 3 to 5). This authority may possibly be delegated to the cantons. The tests serve to gain new insights; they must be documented accordingly and, to the extent possible, made available to the general public.

IV. Data protection ― handling of personal data

Use the accordion controls to toggle the visibility of each panel (below the controls).

The law on data protection applies if personal data is being processed. Personal data is understood to mean information that relates to an identified or identifiable person. Classic examples of personal data are name and date of birth; however, an IP address of a person may, under certain circumstances, also qualify as personal data. In the context of autonomous systems, there are two situations in which personal data may be present: on the one hand, if an autonomous system can (additionally) be manually driven and the autonomous system records data that allows conclusions to be drawn about the driving behaviour of the driver. On the other hand ―and, in practice, this is the more problematic case― when for the purpose of environment detection autonomous systems potentially also record third parties (e.g. with a camera).

If no personal data is involved, the law on data protection does not come into play. The same applies if all personal references are subsequently removed (anonymisation). Anonymised data is no longer subject to the provisions of data protection. However, it should be noted that with today’s technical means reidentification is relatively simple and, therefore, anonymisation cannot always be assumed.

If personal data is involved, this does not mean that data processing would not be permissible. In principle, data processing is permissible in Switzerland, provided the principles for data processing (cf. chapter IV, question 2.) are obeyed.

No, different from European law, no justification reason needs to be given under Swiss law for data to be processed, provided the principles for data processing are obeyed.

The most important data processing principles are: purpose limitation which stipulates that data may only be processed for the purpose specified at the time of collection or for the purpose that is evident from the circumstances or provided for by law. If an autonomous system in use on a sports ground records data of its environment to avoid obstacles, this data may not be used to subsequently track which persons were on the sports ground at the time. The principle of data minimisation is also very important. This principle states that the only data that may be collected and processed is data that is relevant and adequate and, objectively speaking, necessary to achieve a (legitimate) goal. Once processing has been completed, the data must be destroyed immediately. The autonomous system in the above-stated example may only record data that is necessary to identify and avoid obstacles, and not the entire environment as well. Furthermore, the data may not be stored as it will no longer be needed at a later point in time. The principle of data protection is always relevant and valid: personal data must be protected from any unlawful processing with suitable organisational and technical measures. Particular attention must be paid to this principle whenever personal data is involved, as there is often a risk in this respect.

The new Federal Act on Data Protection, in effect from 1 September 2023, also includes the principles of «privacy by design» and «privacy by default» (cf. chapter IV, question 3.).

A justification reason only needs to be given if one of these principles is breached. Justification reasons are: legal requirements (e.g. in the domain of legal record retention obligations), consent of the parties involved and overriding private and public interests.

The principles of «privacy by design» and «privacy by default» require compliance with the following principles:

  1. Proactive instead of reactive: it is important to detect any potential data protection risks early. This is easier than having to eliminate detected risks at a later stage.
  2. Data protection by default: personal data is to be protected by default; if there is a choice, the option that protects data best is to be chosen («privacy by default»).
  3. Data protection as a concept: data protection is to be considered at all stages of a project and to be fully ensured from the start.
  4. End-to-end security: data security is of the highest relevance and must always be ensured. Furthermore, a procedure for possible data deletion requests must be introduced and implemented.
  5. Data residency: when possible, data is to be processed and stored in the country of the data subjects concerned, i.e. the persons to whom the data concerns.
  6. Transparency and proportionality: data processing must occur in a transparent manner vis-à-vis the persons concerned.
  7. Respecting privacy: individual data protection interests must be guaranteed by way of data protection guidelines and standards.

The principle of «privacy by design» is relatively easy to put into practice in autonomous systems as the processing of personal data is rarely an absolute necessity. Personal data is usually more likely to be a «bycatch». Suitable measures to implement «privacy by design» include use of low-resolution cameras which makes it difficult to identify people, or use of technologies such as edge computing.

(Semi-)autonomous systems are often equipped with sensors, with lidar technology as the most common technology for this. (Lidar stands for light detection and ranging or light imaging, detection and ranging.)

Although a sensor is ostensibly focused on capturing the environment and does not record images in the same way a camera does, personal data may nonetheless also be captured, e.g. if the outline or motion pattern of a person is recognisable. If personal data is recorded, the principles of data protection law must be obeyed (see above, chapter IV, question 2.).

In principle, care should be taken that the camera records little or no personal data, i.e. the level of image sharpness should render it impossible to recognise a face.

If, in exceptional cases, a camera is used (out of necessity) that allows for identification of natural persons, the data protection requirements must be obeyed. In particular, data processing must not go beyond what is necessary to e.g. monitor the autonomous system from a distance or to restart it. If such a system is in use in a publicly accessible area, it is also advisable to make passersby aware of the system by way of clearly visible signs or notices.

Some particularities apply when personal data is processed by public administration. Data processing by the state always requires a legal basis. A different legal basis applies depending on whether data is processed by a cantonal administration or by the federal administration. Cantonal data protection laws apply for data processing of cantonal authorities, which in the Canton of Zurich is the «Informations- und Datenschutzgesetz (IDG)»; for the federal authorities it is the Federal Act on Data Protection (FADP), with some special rules that need to be observed.

V. Liability – who is responsible if something happens?

Use the accordion controls to toggle the visibility of each panel (below the controls).

Different liability regimes apply depending on when and where a damage occurs. If there is a contractual relationship between the tortfeasor and the injured party, contractual liability may come into play. If an autonomous system causes damage to an external third party, the provisions of employer liability (Art. 55, Swiss Code of Obligations OR), product liability, possibly property owner liability (Art. 58, Swiss Code of Obligations OR) or secondarily general fault-based liability (Art. 41, Swiss Code of Obligations OR) generally apply. If an autonomous system authorised for use as a motor vehicle causes damage, third party motor vehicle liability may apply (Art. 58, Swiss Road Traffic Act SVG).

Contractual liability may be considered when there is a contract between the manufacturer and the person suffering damage. This is generally likely to be a contract of sale or a contract for work and services. If an autonomous system causes damage, this is generally likely to be a breach of contract. In many cases, specific conditions under which damages under a contract can be claimed are stipulated in the contract. It can be advisable for manufacturers of autonomous systems to exclude liability as far as possible.

In principle, the manufacturer is liable for damages caused by a defective product. The legal basis is set forth in the Product Liability Act [«Produktehaftpflichtgesetz (PrHG)»] which comes into use when a person is killed or injured, or when assets are damaged or destroyed that are usually for private use. Not covered by the PrHG is damage to the defective product, i.e. to the autonomous system itself, damage to commercially used assets (damage in a factory hall) and pure financial losses (sales losses, e.g. if a game of soccer cannot take place due to a defective system).

Consequently, the PrHG will only apply to the autonomous systems focused on in this document if a person is injured or there is damage caused to privately owned objects (e.g. the bicycle of a passer-by) or to an animal (see following chapter V, question 9, for more information on animals).

A product is deemed to have a defect if it does not offer the safety the users may justifiably expect under consideration of all circumstances. Key factors in this respect are the expectation of safety, the design of the product and the corresponding description, any instructions on use and hazard warnings. Liability is not applicable in the event of misuse of the product.

Note should be taken that making a claim based on the PrHG is only worth doing in the event of major damage given that the person suffering damage will have to pay a deductible of currently CHF 900.

Product liability is part of commercial liability and is usually insured.

In accordance with Art. 55 para. 1 of the Swiss Code of Obligations (OR), the employer, i.e. the responsible body for business operations, is liable for damage caused by its employees or ancillary staff in the performance of their work unless the employer can prove that it took all due care to avoid a damage of this type or that the damage would have occurred even if all due care had been taken.

By decision of the Federal Supreme Court of Switzerland, employer liability also applies when an employer manufactures a product in its business or sells it with the aid of ancillary staff. The employer can exempt itself from liability if it can prove that business operations or procedures were adequately organised. This also includes (final) checking of the products distributed by the employer and minimisation of risk of the products distributed by the employer, to exclude risks of damage as far as possible. The same also applies to autonomous systems: if the manufacturer or distributor wants to place an autonomous system on the market, the manufacturer or distributor must exclude the risks to the maximum extent possible.

Employer liability can be applied whenever a potential damage is not covered by the PrHG, e.g. damage to the product itself or damage to commercially used objects.

General fault-based liability pursuant to Art. 41 of the Swiss Code of Obligations (OR) is secondary liability which is applied when no other provisions are applicable or when there is a liability gap. A prerequisite for liability is a fault of the liable person, e.g. the liable person must have acted at least wilfully or negligently. Negligent means that the person who caused the damage did not act with its legal duty of care.

Strict liability pursuant to Art. 58 para. 1 SVG is applicable for damages caused by operating a motor vehicle, i.e. fault is not a prerequisite for liability. However, liability only applies in the event of personal injuries or damage to property of third parties. Certain pre-trial legal fees are also covered, but no other pecuniary losses.

For liability to be imposed, the vehicle must be in operation, i.e., the machine devices for motion must be in use. Put simply, the vehicle must drive (independently). If the vehicle is not in operation, Art. 58 para. 2 SVG applies. This legal norm stipulates that the vehicle holder is liable either in case of fault or if the vehicle is defective.

Damage caused by operating a motor vehicle is covered by compulsory motor vehicle insurance.

If a person causes damage by gross negligence, i.e. by not observing basic principles of prudence that any person with sound judgement in the same situation and circumstances would have followed in order to avoid foreseeable damage, the insurance company may take recourse to some degree, i.e. the insured person will be required to pay a part of the damage. The amount to be paid depends on the level of fault.

In principle, there is the possibility of exempting oneself from liability, or at least limiting liability. This is usually done by way of accordant clauses in a contract. If an autonomous system is sold, an accordant clause can be included in the contract of sale. In many cases, disclaimer clauses are included in the general terms and conditions. However, that being the case, it is advisable to explicitly draw the respective buyer’s attention to the clause as otherwise the clause may not achieve any effect.

But the law provides for various restrictions. No disclaiming of liability, i.e. no relief from liability, is possible in the case of intent or gross negligence, or in the case of liability for auxiliary persons. Disclaiming of liability for personal injuries is also deemed inadmissible.

Furthermore, there are various laws that do not allow for the disclaiming of liability, including e.g. product liability (Art. 8 PrHG) or motor vehicle owner liability (Art. 87 SVG).

In accordance with the current Swiss Animal Welfare Act that applies to vertebrates, no animal may be mistreated, neglected, unnecessarily overworked, or abused of its dignity in any other way. Otherwise, a criminal prosecution may ensue.

Under Swiss law, animals are objects. If animals are injured by an autonomous system, this basically qualifies as damage to property. However, there are certain provisions of administrative law, e.g. those governing forests, fishing or cultural heritage, that also protect animals, albeit not primarily, which may also need to be observed.

Since interactions between autonomous systems and animals constitute a relatively new phenomenon, still very few regulations exist. Some measures are thus listed in the «Recommendations» section of this document.

VI. What developments are envisaged at EU level?

Use the accordion controls to toggle the visibility of each panel (below the controls).

Various amendments are underway at EU level which could become relevant for manufacturers of autonomous systems:

Artificial Intelligence Act (AI-E) — the purpose of the proposed Artificial Intelligence Act is to regulate AI systems in general. Distinctions are made between different levels of AI systems:

  1. Prohibited AI systems (Art. 5 AI-E),
  2. High-risk systems (Art. 6–51 AI-E),
  3. Systems with low risk (Art. 52 AI-E)
  4. Systems with minimal risk (Art. 69 AI-E).

The specifications that need to be observed for high-risk systems are fairly extensive.

AI Liability Directive — the AI Liability Directive introduces rules specific to damages caused by AI systems.

Cybersecurity regulation for products with digital elements — the planned cybersecurity regulation will stipulate binding rules for products with digital elements for the entire lifecycle period.

Directive on product liability — the directive on product liability governs liability for all conceivable products, including software. Damage caused by software or AI systems is also included.

Regulation on machinery — the new regulation on machinery adopted on 22 May 2023 updates the 2006 machinery directive (2006/42/EG) and transforms it into a regulation. It includes important changes to better cover new risks of machine products within AI systems.

The effects of EU regulations on Switzerland depend on the area concerned. Due to the close relations in the domain of movement of goods it can be presumed that product-specific regulations, e.g. EU regulations governing liability, will largely be adopted by Switzerland to avoid creating obstacles to the import and export of goods. The Swiss Ordinance for Machine Safety (MaschV) makes direct reference to the directive on machinery products of the EU, which means these changes will also have an effect in Switzerland.

There is more leeway with regard to general topics, such as specifications for AI. Switzerland is likely to tread its own path in that regard, with a horizontal regulation for AI similar to the EU seeming fairly unlikely. However, since manufacturers who also want to enter the EU market must adhere to EU rules, the impact will, in effect, be considerable.

VII. Recommendations of the Sandbox team

Use the accordion controls to toggle the visibility of each panel (below the controls).

Very strict rules are currently in place for autonomous systems that travel very short distances on public grounds at low speed (e.g. when crossing walkways). Therefore, it makes sense, at present, to cross these short sections either as a dual mode vehicle steered by a vehicle holder or to load the autonomous system onto a trailer. For numerous manufacturers who are not specialised in the transport of goods or persons, these two options are not really feasible.

The Sandbox team holds the view that current legislation is too restricting for development. It would be desirable to have clearly defined options for a new permit type for autonomous systems that only travel on short and clearly defined public road sections. To protect third persons and other parties, users of autonomous systems could be made to comply with strict safety measures, e.g. to install clearly visible markings or barriers where possible.

For manufacturers, knowing which standards are relevant for their company or how to find out about new standards in a timely manner is often no easy feat. Oftentimes, this proves to be the biggest obstacle for innovative manufacturers of autonomous systems.

The Sandbox team holds the view that it would be highly beneficial if standardisation bodies were to collaborate even more closely with external inspection bodies and public authorities, to create a standardised and low-threshold service for manufacturers. A low-cost consulting service to identify relevant standards would provide great relief to the manufacturers concerned. A subscription model for manufacturers with similar questions would also be helpful, by enabling them to stay up to date and adjust their products in keeping with the latest standards. Until then, participation in corporate networks and associations is recommended, in order to learn from the experience of other companies and to share knowledge.

Access to public authorities is currently perceived as difficult by many manufacturers.

The Sandbox team holds the view that this problem could easily be resolved by introducing regular roundtable talks between public authorities and manufacturers, during which open questions could be discussed. The primary goal of the suggested roundtable talks would not be to definitively clarify manufacture-specific issues, but to have a regular institutionalised exchange and know-how transfer. In doing so, it would be important for these talks to be interdisciplinary and include interfaces across public

Many camera systems installed in autonomous systems do not depend on person-related data. However, most cameras are viewed critically by the public, regardless of their functionality.

The Sandbox team holds the view that it would make good sense to introduce a clear identification of cameras that do not capture any person-related data (e.g. due to their low resolution). This would help elevate trust in autonomous systems. A conceivable idea would be the introduction of a label to make camera systems that fulfil extensive privacy-by-design criteria recognisable.

Although the number of autonomous systems that will come into contact with animals will continue to increase, the aspect of animal welfare is rarely considered in the relevant regulations.

The Sandbox team deems it advisable that the manufacturers themselves pay heed to animal protection and adopt their own measures to that end. This could also help promote acceptance of autonomous systems among the general public. Machine-learning-supported thermographic cameras could be used in areas inhabited by large numbers of animals, to avoid hazardous situations between machines and animals. Since this may involve using cameras that record personal data, it is important to weigh up the demands for privacy of humans against the need for animal protection. Technical solutions are conceivable in this area too: optical sensors with visibility restricted to outlines could be used to identify animals without creating any personal data. Transformation of visual data on the respective camera itself would be a way to combine the need for data protection with ethically acceptable animal-machine interactions.

Moving forward, use of autonomous systems in public spaces and the frequency of their coming into contact with the general public will continue to increase. With a view to promoting understanding and acceptance of autonomous systems among the public, the Sandbox team recommends developing zones or parks in which people can interact with machines in an educational and playful manner. This will help to anticipate challenges and resistance from the general public early. Interdisciplinary teams can subsequently devise technological and regulatory solutions to address identified problems. Furthermore, basic understanding of autonomous systems could be promoted among the general public through increased integration of the topic at different levels of education.


Use the accordion controls to toggle the visibility of each panel (below the controls).

Automation is when a process is managed independently by a machine or a system. Where driving is concerned, a distinction is made between five different levels of automation by the Swiss Automobile Association (SAVV) and the Federal Roads Office (FEDRO).

Different from automation, autonomous systems can act and make decisions independently without human intervention, including in complex situations. In the context of driving, this corresponds to automation level 5. However, the ability of a system to act and make decisions independently is also relevant with a view to other activities, e.g. in farming or in real estate management.

CE stands for «conformité européenne», meaning European conformity. A CE marking indicates that a product meets the requirements of all applicable EU directives.

Conformity assessment is a procedure to assess if a product fulfils the specific technical requirements applicable to the product.

Dual mode is understood to mean an autonomous system that can act independently as well as be steered manually by a person.

EN is the abbreviation for a European standard that has been adopted by a European Standards Body (CEN/CENELEC). Switzerland is a European standardisation committee member; therefore, EN standards are adopted in the Swiss standards catalogue.

Market entry is understood to mean any form of making a product available against payment or free of charge, regardless of whether the product is new, used, recycled or has been significantly modified.

Product is understood to mean any movable object ready for use, which is used for work and/or in the private domain, even if it is merely a part of another object. It is irrelevant whether the object is new, used or modified.

In accordance with Art. 1 para. 1 of the Ordinance on Road Traffic Regulations («Verkehrsregelnverordnung»), public roads are traffic areas used by motor vehicles, motorless vehicles or pedestrians that serve for traffic or are suitable as traffic areas. This includes traffic routes, squares, bridges, or underpasses, hiking and forest trails, paths in the open countryside, ski and sledging slopes or frozen bodies of water, as well as forests and meadows

Radio stands for the transmission of wireless signals via a certain frequency spectrum.

Case studies

The companies Lonomy and Ronovatec served as case studies within the Innovation Sandbox for AI. Both organisations submitted project proposals to the Innovation Sandbox for AI in the spring of 2022 with similar regulatory questions. Lonomy specialises in developing autonomous tractors in the domain of fruit-growing and viticulture. The focus of Ronovatec is on developing autonomous lawnmowers for professional green space management. The content of these guidelines was devised between July 2022 and June 2023 based on the practical applications of these two companies.

Thank you to the following experts

  • Benno Nager – Federal Roads Office (FEDRO)
  • Dr. Christian Saerbeck – TÜV Süd
  • Prof. Dr. Oliver Bendel – University of Applied Sciences Northwestern Switzerland (FHNW)
  • Patrick Graber – Zurich Insurance
  • Prof. Dr. Thomas Probst – University of Fribourg / SAAM
  • David Schaltegger – Swiss Association for Standardization (SNV)

Autonomous Systems – Guidelines for Regulatory Questions

Autonomous Systems – Guidelines for Regulatory Questions
Autonomous Systems – Guidelines for Regulatory Questions
Kanton Zürich, Innovation Zurich, Metropolitankonferenz Zürich
Publication date
July 2023
Raphael von Thiessen, Stephanie Volz


Raphael von Thiessen

Leiter Innovation-Sandbox für KI, Standortförderung AWA Kanton Zürich

Florian Scheidegger

Researcher, IBM Research Zürich

Reto Weiss

CEO, pixmap gmbh


Dr. iur. Stephanie Volz

Managing Director ITSL University of Zurich

Raphael von Thiessen

Head of Innovation Sandbox for AI, Division of Business and Economic Development, Canton of Zurich


Amt für Wirtschaft - Standortförderung


Walchestrasse 19
8090 Zürich
Route (Google)


+41 43 259 49 92

Montag bis Freitag
8.00 bis 12.00 Uhr und
13.30 bis 17.00 Uhr


Für dieses Thema zuständig: