Standards
Standards create security and interoperability. They define the legal and technical framework within which modern IT systems must operate. Adherence to these standards is not a purely administrative task, it is a prerequisite for market access and customer trust.
This section covers the most important regulatory requirements (such as the Swiss nFADP or the EU AI Act) and technical standards (ISO 27001) in their operational context for engineering teams.
Table of Contents
- Age Verification: Age checks can satisfy youth protection duties while keeping identity data private: legal drivers, technical options and practical failure points.
- Cyber Resilience Act: Market access in the EU now includes cybersecurity duties for digital products: CRA requirements, security by design and manufacturer responsibility.
- GDPR: EU data protection stays clear of Swiss law: GDPR reach, processing principles, data subject rights and fines for Swiss firms with EU exposure.
- EMBAG: Federal IT tenders gain an open source baseline: EMBAG relevance and duties for providers working with Swiss federal authorities.
- EU AI Act: AI obligations become role-specific: EU AI Act risk classes, value-chain roles and why Swiss firms can fall within its scope.
- DORA: DORA is clearly separated from DevOps metrics: EU financial regulation for ICT resilience, reporting, testing and third-party risk.
- EU Whistleblower and Secure Cryptography: Confidential reporting stays protected by technical and organisational measures: EU whistleblower duties, anonymity rules and Swiss scope.
- GraphQL: Precise API responses with one endpoint: GraphQL explains requested data shapes, suitable use cases and limits compared with fixed REST routes.
- Green IT and Software Carbon Intensity: Lower IT emissions through efficient code, right-sized hardware and renewable data-centre energy, measured with Software Carbon Intensity.
- ISO 27001 and Compliance-as-Code: Information security becomes a managed routine: ISO 27001 links risk-based controls, organisational processes and continuous improvement.
- ISO 42001: Auditable AI governance for lasting AI operations: ISO 42001 requirements, PDCA structure and its relationship to the EU AI Act.
- MCP (Model Context Protocol): Interoperable AI agents need open tool connections: MCP links LLMs with databases, Git repositories and APIs through servers and clients.
- nFADP / DSG and Privacy by Design: Swiss privacy compliance rests on nFADP duties: personal fines, breach notification thresholds, privacy by design and access rights.
- NIS2: EU cybersecurity duties become concrete through NIS2: in-scope entities, risk management, staged incident reporting and the Swiss angle.
- Open Source Definition (OSI) and SLSA: Open source remains usable and auditable through OSI rights plus SLSA maturity levels for protected software supply-chain builds.
- Software Asset Management (SAM): Licence clarity improves audits and cost control: SAM centralises inventory, tracks usage and reconciles software with contract terms.
- SBOM (Software Bill of Materials): Software dependencies become traceable with an SBOM: libraries, affected systems and supply-chain requirements stay visible after incidents.
- SOC 2: Cloud and SaaS controls become verifiable through SOC 2: an AICPA attestation report for service providers, complementary to ISO 27001.
- US Cloud Act and Sovereign Cryptography: Sovereign cryptography strengthens data control under the US Cloud Act, while metadata, support access and lawful orders need separate assessment.
- WCAG and the European Accessibility Act: Accessible services rest on two layers: WCAG as the technical norm, EAA as legal duty, with conformance levels and the Swiss angle.
- YAML Frontmatter: Markdown pages gain machine-readable fields through YAML frontmatter: titles, publication dates, layouts, publishing state and common YAML pitfalls.
Ask AI
These links open external AI services, the conversation and its content are sent to their providers.