Regulatory and Compliance Management for Cybersecurity

Cybersecurity compliance in Switzerland is becoming increasingly complex as organisations face growing regulatory requirements across industry-specific, Swiss and European frameworks. Forvis Mazars in Switzerland supports organisations in conducting compliance assessments and implementing regulatory requirements to strengthen cyber resilience, improve regulatory readiness and reduce compliance risks. Our services cover industry-specific regulations, Swiss requirements and key EU frameworks, including FINMA, SWIFT, SIC/SNB, NIS 2, DORA, CRA, AI Act and GDPR.

Cybersecurity compliance and regulatory services

Swiss cybersecurity compliance assessments and regulatory implementation
 

We support you in carrying out comprehensive compliance assessments to evaluate compliance with key Swiss regulations. These include, amongst others, FINMA requirements, SWIFT CSP requirements and SIC/SNB regulations. Our services encompass formal regulatory assessments, gap analyses, maturity assessments including recommendations, and operational support during the implementation of processes and controls.

EU cybersecurity compliance and regulatory readiness assessments

We carry out structured assessments of compliance with relevant EU regulations, including NIS 2, the Digital Operational Resilience Act (DORA), the Cyber Resilience Act (CRA) and the AI Act. Based on an analysis of your existing governance, risk and control structures, we develop specific implementation recommendations and support you in meeting the regulatory requirements. Furthermore, we provide control attestation services for ICT providers in order to prove compliance to their B2B customers. The aim is to ensure your organisation is sustainably ‘regulatory-ready’ and to minimise compliance risks.

When do organisations seek cybersecurity compliance and regulatory support?

• Preparing for a FINMA review
• Mandatory SWIFT CSP or SIC EPS assessment
• Assessing compliance with Swiss cybersecurity and information security regulations
• Preparing for new EU regulatory requirements such as DORA, NIS2, CRA or the AI Act
• Conducting a regulatory gap analysis to identify weaknesses in governance, controls and processes
• Strengthening cyber resilience and operational resilience frameworks to meet regulatory expectations
• Reviewing third-party risk management and supplier oversight as part of compliance obligations
• Responding to changes in regulatory requirements or evolving supervisory expectations
• Improving documentation, evidence collection and control ownership ahead of regulatory assessments

We support organisations ranging from SMEs to large international groups operating in regulated environments in Switzerland and abroad. Our clients operate across banking, insurance, asset management, healthcare, manufacturing, technology, the public sector and many other industries, particularly those managing critical systems, sensitive data or complex regulatory requirements.
IT professional reviewing server infrastructure in a data centre, representing cybersecurity compliance, regulatory monitoring and risk management support.

FAQ about cybersecurity compliance and regulatory support

What are the biggest challenges organisations face with DORA, CRA, NIS2 and AI Act compliance?

One of the biggest challenges in cybersecurity compliance is translating regulatory requirements into a clear operating model with defined ownership, effective controls and reliable evidence. Many organisations also face overlapping obligations across DORA, the Cyber Resilience Act (CRA), NIS2 and the AI Act, alongside growing pressure to manage third-party risk, incident reporting and documentation across business, technology, legal and procurement teams.

How can organisations assess whether their cybersecurity posture meets regulatory requirements?

The first step is to define the scope and identify the regulatory requirements that apply to your organisation. A structured cybersecurity compliance assessment should benchmark your controls against relevant frameworks and test governance, incident response, cyber resilience, supplier oversight, recovery capabilities and the evidence supporting those controls. This helps organisations understand gaps and prioritise remediation.

How should organisations prepare for DORA and other resilience-focused cyber regulations?

The most effective approach is to build a single resilience programme that covers governance, risk management, testing, incident handling, supplier controls and evidence collection. Preparing for DORA compliance or similar resilience-focused regulations requires clear ownership, stronger controls, regular testing and up-to-date documentation that can support regulatory review and strengthen long-term cyber resilience.

Plus d’infos ?