The Swiss Guide to the EU AI Act

As Switzerland is not an EU member, many Swiss tech founders originally hoped they might escape the heavy administrative burden of the EU AI Act.

However, due to the regulation's aggressive extraterritorial reach, most Swiss AI companies are now discovering they are legally bound by Brussels’ rules.

If you are a Swiss business selling AI-powered SaaS, hosted LLM APIs, or industrial robotics into the European market, here is everything you need to know about your obligations, liabilities, and how to structure your EU presence.

Does the Act Apply to You?

The short answer is yes, if any of the following apply:

• Market Entry: You place an AI system or General Purpose AI (GPAI) model on the EU market.
• The "Output" Trigger: Your AI is hosted in Switzerland, but its output (predictions, text, or data) is used within the EU.
• Supply Chain: You act as an importer or distributor for AI products intended for EU clients.

10 Examples of Swiss AI Exports to the EU

Swiss companies are leveraging the "Swiss Vault" reputation for data privacy to sell into the EU. Common use cases include:

1. Sovereign LLM APIs: Hosting models in Swiss data centres for EU banks.
2. Secure AI Cloud: GPU-as-a-Service for sensitive EU biotech research.
3. LegalTech SaaS: Automated contract review for German or French law firms.
4. ESG RegTech: AI that automates EU Taxonomy reporting for investment funds.
5. PropTech: AI-driven real estate valuations for Dutch or Spanish portfolios.
6. Banking Co-Pilots: GPT-wrappers designed for MiFID II compliance.
7. Logistics Scanning: Computer vision for package tracking in EU fleets.
8. Quality Inspection: AI for detecting defects in Italian automotive lines.
9. Generative Engineering: Aerodynamic simulations for German OEMs.
10. Industrial Robotics: Autonomous inspection drones for North Sea energy rigs.

The Compliance Engine: ISO 42001 & NIST AI RMF

To meet the high standards of the EU AI Act, Swiss firms shouldn't reinvent the wheel. Instead, they should adopt recognised global frameworks to "presume" compliance.

ISO/IEC 42001: The Gold Standard

Implementing an AI Management System (AIMS) under ISO 42001 is the most effective way for a Swiss company to prove it meets EU requirements.

• Audit-Ready: It provides a structured approach to risk management, data quality, and transparency.
• Trust Signal: Having an ISO 42001 certification often satisfies the "Technical Documentation" requirements of the EU AI Act automatically.

NIST AI Risk Management Framework (RMF)

For Swiss companies also eyeing the US market, the NIST AI RMF is essential.

• Cross-Border Alignment: NIST focuses on "Governing, Mapping, Measuring, and Managing" AI risks.
• Practicality: It helps Swiss developers document their AI lifecycle, which is a mandatory requirement for "High-Risk" systems in the EU.

The "Legal Bridge": Subsidiaries and Representatives

To manage compliance, Swiss firms often use EU subsidiaries to handle invoicing and local liability. If you don’t have a physical EU office, you must appoint an Authorised Representative (AR).

The €35 Million Question: Who Pays?

The EU AI Act carries massive fines: up to €35 million or 7% of global annual turnover.

Under the "Single Economic Unit" doctrine, EU regulators treat a Swiss parent and its 100% subsidiary as one entity.

If the subsidiary can't pay, the EU can pursue the Swiss parent’s global assets. Swiss firms use Inter-company Agreements (ICAs) to manage this risk, using indemnity clauses to allocate the financial burden back to the entity responsible for the AI's development.

Sample Compliance Clause for Service Agreements

When selling to EU clients, your contracts should clearly define roles:

Clause [X]: AI Regulatory Compliance (EU AI Act)

X.1 Classification: The Provider represents that the Services utilise AI systems classified as [High-Risk/Limited Risk] under Regulation (EU) 2024/1689.

X.2 Standards: The Provider warrants that the AI system is developed in alignment with ISO/IEC 42001 and NIST AI RMF standards.

X.3 Authorised Representative: The Provider has appointed [Name of EU Subsidiary/AR] as its legal representative within the Union.

X.4 Customer Obligations: The Customer [EU Deployer] agrees to use the AI system strictly according to the provided "Instructions for Use."

Conclusion

Compliance is no longer optional for Swiss AI.

By adopting ISO 42001, setting up the right EU legal structures, and updating inter-company agreements, Swiss companies can turn the EU AI Act into a competitive advantage.