One Year Since Switzerland Signed the Global AI Treaty — What Has Happened Since?

A year after signing the Council of Europe's AI convention, Switzerland faces a tightening regulatory timeline, a deepfake fraud explosion, and a legislative draft due by year-end.

Council of Europe — headquarters in Strasbourg

On 27 March 2025, Switzerland signed the first legally binding international AI treaty. Twelve months on, no country has ratified it, the EU is moving faster, deepfake fraud in Switzerland has exploded, and a domestic legislative bill is due by the end of 2026. Here is what has happened — and what has not.

On 27 March 2025, Federal Councillor Albert Rösti signed the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law in Strasbourg. Switzerland — which had been instrumental in drafting the treaty — became the 15th signatory to the first legally binding international agreement on AI.

The signing was accompanied by clear commitments. The Federal Council had already decided in February 2025 to ratify the convention and to prepare the necessary amendments to Swiss law by the end of 2026. The principles were unambiguous: transparency, non-discrimination, and respect for human rights in AI systems would become enforceable obligations.

One year on, it is worth asking: what has actually happened since?

The convention: signed by many, ratified by none

As of March 2026, no country has ratified the convention. It remains signed but unratified by all parties, and entry into force requires five ratifications. The treaty exists as a statement of intent, not yet as binding law.

There is, however, momentum. On 11 March 2026, the European Parliament approved the EU’s conclusion of the convention — a significant step toward EU-level ratification, which would count toward the five needed. Canada and Japan signed at the AI Action Summit in Paris in February 2025. The community of signatories is growing, even if ratification remains slow.

Switzerland’s legislative timeline: on track, but tight

Switzerland has explicitly chosen not to adopt a comprehensive “Swiss AI Act” mirroring the EU’s approach. Instead, the Federal Council is pursuing a lean, sector-specific regulatory strategy — cross-sectoral rules only for core legal domains such as fundamental rights and data protection.

Two workstreams are under way:

  • The Federal Department of Justice and Police (FDJP), together with DETEC and the Federal Department of Foreign Affairs, is preparing a legislative bill for consultation, due by the end of 2026.
  • DETEC is separately drawing up an implementation plan for legally non-binding measures, also due by end of 2026.

No draft bill has been published yet. Given the Swiss legislative process — consultation, parliamentary debate, potential referendum — the law is unlikely to enter into force before 2029 at the earliest.

In the meantime, existing law applies. The Federal Data Protection and Information Commissioner (FDPIC) maintains that the Federal Act on Data Protection (FADP), in force since September 2023, is directly applicable to AI systems processing personal data. Organisations cannot wait for new legislation to address transparency and data protection obligations — these already exist.

The EU is not waiting

While Switzerland deliberates, the EU AI Act is already taking effect in phases — and Swiss companies operating in the EU market must comply regardless of domestic timelines.

  • February 2025: Prohibited AI practices were banned and AI literacy obligations took effect.
  • August 2025: General-purpose AI model obligations began; member states designated national competent authorities; the EU AI Office became fully operational.
  • August 2026: The majority of the Act’s rules come into force, including obligations for high-risk AI systems, transparency requirements, and full enforcement.

For Swiss financial institutions, healthcare providers, and any organisation serving EU customers, August 2026 is a harder deadline than anything in the domestic pipeline.

FINMA: guidance issued, enforcement awaited

In December 2024 — three months before the treaty signing — FINMA published Guidance 08/2024 on governance and risk management for AI in supervised financial institutions. It requires institutions to maintain an inventory of AI tools, classify their risks, ensure explainability, and provide adequate staff training.

No further AI-specific circulars or enforcement actions have been issued since. FINMA has signalled that additional guidance will follow as the landscape evolves, but for now Guidance 08/2024 remains the primary reference point for the Swiss financial sector.

Parliament: selective appetite for regulation

The Swiss Parliament has shown a cautious stance. In April 2025, the National Council rejected a motion for deepfake-specific regulation by a vote of 111 to 70. The government argued that existing criminal and civil law already covers deepfake misuse, and that broader AI regulation is in preparation.

On the intellectual property front, the Council of States adopted a motion in March 2025 calling for better protection of copyrighted works against AI training — a debate that is now proceeding to the National Council but is unlikely to produce legislation before 2027.

Meanwhile, the threats the convention was designed to address have intensified

The convention’s principles — transparency, accountability, protection against manipulation — are not abstract aspirations. They describe precisely the capabilities that are being exploited in the real world, right now, in Switzerland.

The Swiss Federal Office of Cybersecurity (BACS) documented a nearly fivefold increase in deepfake-enabled investment fraud in the first half of 2025 — from 729 to 3,485 reported cases. Deepfake videos of prominent public figures, including Federal President Karin Keller-Sutter, were used to lure victims to fraudulent platforms. Across all forms of online investment fraud, approximately CHF 250 million was stolen in Switzerland in 2025.

In January 2026, an entrepreneur in the canton of Schwyz lost several million Swiss francs to attackers who cloned a business partner’s voice using AI — a fraud sustained over two weeks of phone calls. The Swiss Bankers Association has acknowledged that fraud has entered a new era defined by AI-driven attacks.

These are not edge cases. They are the operational reality that the convention’s principles are meant to address. The gap between the treaty’s ambitions and the pace of domestic implementation is widening, and it is being filled by criminals who face no such delays.

What comes next

The next twelve months will be decisive:

  • End of 2026: The FDJP’s draft bill is due. Its scope and ambition will reveal how seriously Switzerland intends to translate the convention’s principles into enforceable law.
  • August 2026: The EU AI Act’s high-risk and transparency obligations take full effect — a de facto compliance deadline for any Swiss organisation with EU exposure.
  • July 2026: The first session of the UN Global Dialogue on AI Governance convenes in Geneva, giving Switzerland a hosting role on the international stage.
  • December 2025 report: The Federal Council’s assessment that AI amplifies existing cyber threats but does not fundamentally change the landscape will be tested by events.

Switzerland’s signing of the convention a year ago was a clear statement of intent. The question now is whether intent will translate into action at a pace that matches the threat.