Switzerland moved a step closer to full participation in Europe’s security architecture after the Federal Council on 19 November approved a bilateral agreement with the European Union on the transfer of Passenger Name Record (PNR) data. The accord obliges EU airlines to send their passenger datasets to Swiss authorities and enables reciprocal sharing once Bern’s own PNR processing unit (PIU) goes live.
The deal complements the Swiss Flight Passenger Data Act (FPG), passed by Parliament in March, which grants domestic law-enforcement agencies the right to analyse PNR information to fight terrorism and serious crime. While the FPG will not enter into full force until end-2026, the government has partially activated three provisions so that the PIU’s technical build-out can proceed on schedule.
![Federal Council Approves EU Passenger-Data Deal, Paving Way for Swiss PNR System]()
For corporate travel programmes the forthcoming regime will add another compliance layer. Carriers already transmit PNR data to the EU, the United States and other jurisdictions; once Switzerland is plugged in, travel-management systems must ensure that consent disclosures, data retention policies and traveller-notification workflows reflect the Swiss rules as well. Companies moving staff through Zurich, Geneva or Basel should also expect closer scrutiny of booking patterns that deviate from usual duty-of-care profiles.
Privacy campaigners have voiced concern that bulk data retention—records may be stored for up to five years—could lead to profiling beyond the stated counter-terrorism purpose. The Federal Data Protection and Information Commissioner supports the agreement but urges strict access controls and audit trails. Parliament will ultimately have to ratify the accord, but observers see cross-party backing given that Switzerland already mirrors EU Schengen security measures.
Operational roll-out is targeted for early 2027, aligning with the EU timeline for a revamped ‘PNR 2.0’ platform. Mobility managers therefore have roughly 14 months to update vendor contracts, traveller privacy notices and incident-response plans before the first data feeds begin to flow.
The deal complements the Swiss Flight Passenger Data Act (FPG), passed by Parliament in March, which grants domestic law-enforcement agencies the right to analyse PNR information to fight terrorism and serious crime. While the FPG will not enter into full force until end-2026, the government has partially activated three provisions so that the PIU’s technical build-out can proceed on schedule.
For corporate travel programmes the forthcoming regime will add another compliance layer. Carriers already transmit PNR data to the EU, the United States and other jurisdictions; once Switzerland is plugged in, travel-management systems must ensure that consent disclosures, data retention policies and traveller-notification workflows reflect the Swiss rules as well. Companies moving staff through Zurich, Geneva or Basel should also expect closer scrutiny of booking patterns that deviate from usual duty-of-care profiles.
Privacy campaigners have voiced concern that bulk data retention—records may be stored for up to five years—could lead to profiling beyond the stated counter-terrorism purpose. The Federal Data Protection and Information Commissioner supports the agreement but urges strict access controls and audit trails. Parliament will ultimately have to ratify the accord, but observers see cross-party backing given that Switzerland already mirrors EU Schengen security measures.
Operational roll-out is targeted for early 2027, aligning with the EU timeline for a revamped ‘PNR 2.0’ platform. Mobility managers therefore have roughly 14 months to update vendor contracts, traveller privacy notices and incident-response plans before the first data feeds begin to flow.
