By 2026, Switzerland will no longer be merely an observer of global tensions, but increasingly a part of an uncertain and volatile environment itself. Espionage, disinformation, and cyberattacks are affecting companies and institutions more directly and frequently today than they did just a few years ago.

At the same time, familiar certainties are coming under pressure. International agreements and contractual regulations no longer offer the same protection in a world of «strategic uncertainty» that companies have relied on until now.

The question of data sovereignty and access control is particularly relevant here. Extraterritorial regulations, such as the US CLOUD Act, can have far-reaching consequences depending on the circumstances – even if the data is not stored in the USA.

The risk from within is also growing: infiltration by shadow AI has long been a reality in Swiss companies. Employees are using AI chatbots so naturally that conventional security measures are being bypassed, and vast amounts of data are flowing to global hyperscalers.

Where is sensitive information stored, who can access it, and how are permissions and key concepts organized? Data security today extends far beyond technical questions and has become a central strategic management task.

Featured in this newsletter

4

Data Sovereignty

How hybrid security
Sovereign architecture
reduce risks.

4

Data Sovereignty

How hybrid security
Sovereign architecture
reduce risks.

Centraya AI
Using AI Safely

The era of experimenting with AI is over. In 2026, success will no longer be determined by the number of tools tested, but by the ability to integrate artificial intelligence into existing business processes in a controlled, compliant, and productive manner. Those who treat AI merely as a technical toy or hold back entirely due to uncertainty risk competitive disadvantages.

However, true innovative strength arises not from the fastest, but from the safest adaptation. Security is not an obstacle, but rather the prerequisite for AI and productivity gains from it to be scalable within a company at all. Only an architecture that considers security from the outset («Security by Design») makes it possible to confidently exploit the full potential of global language models.

Even without its own AI law, the use of AI in Switzerland is already subject to existing regulations – particularly in data protection law, transparency requirements, or data protection impact assessments for high-risk applications. In highly regulated sectors such as finance, law, or healthcare, additional specific requirements also apply.

The crucial question, therefore, is not whether AI should be used, but under what conditions it can be deployed safely, responsibly, and with genuine business value. 

Centraya AI as a concrete solution approach

This is exactly where Centraya AI comes in. The solution enables companies to productively use modern open-cloud LLMs without exposing sensitive information outside their own control zone. As an upstream security and encryption layer, Centraya AI protects confidential content already in the prompt, thereby creating the foundation for secure, controlled, and compliance-compliant AI usage in regulated and sensitive environments.

New Service:
e3 Policy Factory

The quality of a DLP solution is not determined solely by the alerting phase, but already by the question of which information is classified as worthy of protection and how it can be reliably detected. Protection needs, classification, and appropriately tailored search patterns (policies) form the basis for effective detection, suitable responses, and resilient protection.

In practice, however, we repeatedly see that existing policy collections have grown over years, are no longer adequately maintained, or are too imprecise for today's requirements.

At the same time, developing truly resilient search patterns is challenging. Good policies require expertise, a methodical approach, and an understanding of how regulatory, organizational, and technical requirements interact. This is exactly where our Policy Factory comes in.

With this service, we bundle all relevant services for the development, revision, and optimization of DLP policies. Customers can obtain individual modules or an entire package – depending on whether existing rule sets are to be refined or a new policy collection is to be built.

E3 events:
Let's exchange ideas

How do we secure competitiveness in a world that is constantly reinventing itself? Especially in information security, it becomes clear how closely technological development, trust, and corporate capacity to act are linked today. It requires more than technology alone: it requires exchange, experience, and a shared vision of the future.

That's precisely why personal encounters and professional dialogue are so important. 

Here's where to find us

E3 guests

Sovereignty
Why Trust Isn't an IT Strategy

Data sovereignty is no longer a luxury, but a strategic prerequisite for the protection of sensitive information. In a world of increasing geopolitical instability, treaties, international agreements, and familiar securities are losing their reliability. Especially when dealing with hyperscalers, extraterritorial legal claims, and global dependencies, the question of how much control companies and institutions actually still have over their sensitive information is becoming increasingly urgent.

For government agencies as well as private sector companies, sovereignty thus becomes a strategic necessity. The crucial factor is whether data is contained, operated on sovereign infrastructures, effectively encrypted, or ultimately outsourced primarily on the basis of trust. What is clear is that in an emergency, the contract is not what counts, but technical self-control.

In our latest blog post, we analyze why the discussion surrounding cloud, control, and data sovereignty is intensifying and what options organizations realistically have today. We also show why hybrid setups are often the most pragmatic answer for remaining agile in the face of technological, regulatory, and geopolitical changes.