The Dark Web in Switzerland: Liberal Legal Framework and Notable Cases
Switzerland occupies a relatively discreet yet distinctive position in the global dark web ecosystem. Between 10,000 and 25,000 daily Tor users, more than 400 relays hosted on its territory (including several major exit nodes), a liberal legal framework that contrasts with neighboring France, and a federal authority — the NCSC — whose stance on Tor remains balanced and pragmatic. This guide reviews the Swiss situation in 2026: what the law says, which tools citizens use, notable court cases, and official reporting procedures.
⚫ We know why you're here. This isn't that page. Tor access →The Swiss legal framework
Switzerland has a broadly liberal legal framework for anonymization technologies. Article 13 of the Federal Constitution guarantees "the right to privacy in (...) correspondence and in relations established by post and telecommunications." This constitutional foundation extends to digital communications and has not been specifically restricted regarding Tor or encryption tools.
The Swiss Criminal Code does not penalize:
- Using an anonymization tool such as Tor
- Using a VPN, even one that is undisclosed
- Encrypting one's communications or data
- Operating a Tor relay (including exit relays) on Swiss territory
What is punishable are offenses committed via Tor, exactly as on the ordinary web: drug trafficking (Art. 19 BetmG), child pornography (Art. 197), money laundering (Art. 305bis), fraud (Art. 146), etc. The tool used neither aggravates nor mitigates the sentence.
Article 143 CC: Unauthorized access to computer systems
Article 143 of the Criminal Code (revised 2018) penalizes "whoever, without authorization, has obtained for himself or for a third party data that is stored or transmitted electronically." The penalty is up to 5 years' imprisonment.
This article fully applies to malicious hacking activities, including those conducted from or toward the dark web. Federal investigators (fedpol) and cantonal police regularly cooperate with Europol on these cases, notably through the Conference of Cantonal Justice and Police Directors (KKJPD/CCDJP).
Notably: unlike some jurisdictions, Switzerland recognizes exemptions for security researchers ("security research") in the context of bug bounty programs or responsible disclosures. This tolerance encourages the local cybersecurity ecosystem (Zurich, Lausanne, Geneva).
The NCSC: Federal cyber authority
The National Cyber Security Centre (NCSC / Nationales Zentrum für Cybersicherheit) became the federal reference authority in 2024, absorbing functions previously split between MELANI (Melde- und Analysestelle Informationssicherung) and GovCERT.ch.
NCSC missions:
- Federal cybersecurity coordination
- Response to nationally significant cyber incidents
- Technical alerts and recommendations
- Collaboration with fedpol on criminal investigations
- International relations (CERT.eu, ENISA, bilateral agreements)
The NCSC regularly publishes semi-annual reports on the state of cyber threats in Switzerland. These documents mention Tor and the dark web as infrastructure elements used by journalists and NGOs as much as by cybercriminals. The official stance is balanced: no condemnation of the tool, vigilance on criminal uses.
BÜPF: Surveillance of communications
The Federal Act on the Surveillance of Postal and Telecommunications Traffic (BÜPF/LSCPT, revised in 2018) governs the authorities' lawful interception capabilities. Two main mechanisms:
- Real-time surveillance of a targeted user, on a judicial warrant, for serious offenses (listed in Art. 269 CPC)
- Metadata retention: Swiss ISPs must retain connection logs for 6 months (not content, only metadata: who communicates with whom, when, from which IP)
The BÜPF cannot compel a user to provide their encryption keys: the right not to self-incriminate is constitutional and prevails. However, in the context of an investigation, authorities can require third parties (employers, hosting providers, operators) to hand over data they hold.
Switzerland has resisted repeated attempts by certain European countries to obtain greater cooperation on mass surveillance. Reports by digitale gesellschaft (Swiss civil society) and the Federal Data Protection and Information Commissioner document this position.
Data protection (FADP 2023)
The Federal Act on Data Protection (FADP), revised in 2023, largely aligns Switzerland with the European GDPR, with some specific features. It strengthens individuals' rights over their personal data and imposes obligations on operators.
Implications for Tor users: using Tor as a privacy protection tool is fully legitimate under the FADP. Swiss companies cannot discriminate against users who protect themselves with such tools (for example, refusing to authorize a purchase solely because the user is connecting via Tor).
Who uses Tor in Switzerland
Investigative journalists
Major Swiss media organizations (RTS, Tamedia, Ringier, Le Temps) use Tor in their investigations, notably via SecureDrop to receive documents from whistleblowers. The 2022 Suisse Secrets case — a leak documenting 30,000 Credit Suisse accounts used by individuals linked to corruption and human rights abuses — involved Tor flows to secure exchanges between sources and journalists of an international consortium (OCCRP).
Financial sector and compliance
Paradoxically, Swiss banks use Tor in certain due diligence processes: monitoring the evolution of illegal marketplaces to detect potential client data leaks, tracking leaks that could concern them, etc. Threat intelligence firms (BeyondTrust, Prodaft in Zurich) regularly operate via Tor.
Researchers and universities
EPFL, ETH Zurich, and several cantonal universities have teams studying the dark web for academic purposes: marketplace sociology, cryptography, digital forensics. Several major publications in computer security come from these Swiss laboratories.
Humanitarian NGOs
NGOs based in Geneva (ICRC, HRW, Amnesty International Swiss section) use Tor to communicate with their field teams in high-risk areas. The concentration of humanitarian organizations in Switzerland makes it an important hub for the professional Tor ecosystem.
Notable court cases
AlphaBay network in French-speaking Switzerland (2019–2020)
Dismantling of a network of Swiss vendors operating via AlphaBay and its successors. Several individuals from Geneva, Lausanne, and Fribourg were identified through a combined investigation by fedpol, the Vaud cantonal police, and cooperation with Europol (Operation DisrupTor 2020). Sentences ranging from 3 to 6 years for drug trafficking.
Fake document marketplace (Zug, 2021)
Arrest of a Swiss administrator of a .onion site specializing in fake identity documents (passports, licenses, diplomas). The investigation, conducted by the Zug cantonal police with NCSC support, demonstrated a turnover of more than 2 million Swiss francs over 3 years. Sentenced to 5 years in prison in 2022, plus asset confiscation.
Credit Suisse leak (2022)
Although the leak itself came from a source inside the bank, coordination between the 47 international media in the Suisse Secrets consortium relied heavily on Tor and SecureDrop. Switzerland attempted to invoke Article 47 of the Banking Act (banking secrecy) against the Swiss journalists involved, but courts did not pursue the proceedings.
Operation Playpen Switzerland (2015–2016)
As part of the international Playpen operation, several arrests were made in Switzerland of users of a .onion child abuse site that the FBI had operated as a honeypot. Swiss investigations, conducted by the Bern cantonal police and fedpol, resulted in several convictions to heavy sentences (4 to 10 years) under Article 197 CC.
How to report illegal content
The official procedure in Switzerland:
- Federal platform: cybercrime.admin.ch (operated by fedpol and the NCSC). Anonymous reporting is possible, online form, teams available 24/7 for urgent cases.
- Cantonal police: for content with local impact, you can contact your cantonal police directly. Every canton has a cybercrime unit.
- Geneva operation: for content involving international organizations based in Geneva, contact the Geneva International Police (PIG) directly.
- Private bodies: for data leaks affecting your company or yourself, also contact the NCSC directly ([email protected]).
Your report is protected: you cannot be prosecuted for accidentally viewing illegal content if you report it immediately. This is a principle recognized by federal case law.