Email has become the main means of business communication, with more than 75% of all business exchanges taking place via electronic messaging.

Yet many Swiss companies are still unaware of their legal obligations when it comes to email archiving. What are the rules? What are the risks of non-compliance?

This comprehensive guide explains your obligations.

email archiving swiss legal obligation

What you need to know

  • Who’s concerned? All commercial companies (SA, Sàrl, sociétés en nom collectif) and sole proprietorships with sales in excess of CHF 100,000.
  • Mandatory retention period: 10 years after the end of the business year for business correspondence with accounting, legal or contractual value.
  • Authorized format: paper, electronic or equivalent medium, provided data integrity and availability are guaranteed.
  • Penalties: In the event of violation, fines of up to CHF 250,000 under the new LPD and criminal penalties under articles 166 and 325 of the Swiss Penal Code.

Legal framework: what are the legal bases?

E-mail archiving in Switzerland is governed by several complementary laws:

1. Swiss Code of Obligations (CO)

Article 958f of the Swiss Code of Obligations is the main legal basis. It requires companies to keep records for a period of 10 years:

  • Account books and vouchers
  • Management and audit reports
  • Commercial correspondence (including e-mails)

The 10-year period runs from the end of the fiscal year in which the document was drawn up or received.

2. Ordinance on the keeping and preservation of account books (Olico)

Olico specifies the technical procedures for storage:

  • Non-modifiable media (CD, DVD): authorized without additional requirements
  • Modifiable media (servers, cloud): require measures to guarantee integrity (time-stamping, traceability, documented procedures)

3. New Data Protection Act (nLPD)

Coming into force on September 1, 2023, the nLPD imposes new constraints:

  • Minimization principle: keep only the data you need
  • Defined retention periods: obligation to document criteria for determining retention periods
  • Right to erasure: data subjects may request the deletion of their personal data after the legal deadline.

4. VAT Act (LTVA)

VAT-registered companies must keep all supporting documents for 10 years, including e-mails containing information on business transactions.

5. Penal Code (PC)

Articles (violation of the obligation to keep accounts) and (non-compliance with legal requirements on accounting) provide for criminal penalties in the event of non-compliance with record-keeping obligations.

Which emails must you archive?

Not all emails need to be archived. Here’s what to keep:

✅ Emails must be archived (10 years)

Accounting communications :

  • Invoices, quotes, purchase orders sent or received by email
  • Payment confirmations, bank statements
  • Exchanges of accounting-related documents and explanations

Contractual correspondence :

  • Emails containing accepted commercial offers
  • Contract amendments and endorsements
  • Contract termination or renewal

Tax and legal documents :

  • Exchanges with tax authorities (FTA, cantonal authorities)
  • Correspondence with social insurances (AVS, SUVA)
  • Communications concerning ongoing litigation or proceedings

Important attachments :

  • PDF invoices, electronically signed contracts
  • Accounting files, financial reports
  • VAT receipts (exports, imports)

❌ Emails that can be deleted

Internal communications without legal value :

  • Team coordination emails
  • Invitations to meetings with no contractual implications
  • Newsletters and marketing communications received

Spam and advertising

Personal e-mails (subject to the employee’s explicit consent)

How can you archive your emails in compliance with the law?

The 4 fundamental legal requirements

To be compliant, your archiving system must respect these principles:

1. Data integrity. Archived emails must not be able to be modified or deleted without traceability. If you use an editable medium (server, cloud), you must :

  • Set up a tamper-proof time-stamping system
  • Document all accesses and modifications (logs)
  • Define clear management procedures

2. Legibility guaranteed. Emails must remain legible for the entire retention period:

  • Retention of metadata (date, sender, recipient)
  • Preservation of the original format or migration to a sustainable format (PDF/A)
  • Attachment accessibility

3. Permanent availability. Archives must be readily accessible in the event of tax inspections, audits or legal proceedings:

  • Efficient search by keywords, dates, senders
  • Consultation possible without undue delay
  • Export in a usable format

4. Protection of personal data. In accordance with the nLPD, you must :

  • Inform employees about archiving their work emails
  • Restrict access to archives to authorized persons only
  • Respect the principle of proportionality (keep only what’s necessary)

Manual vs. automated archiving: the limits of the DIY approach

Manual archiving (Outlook PST files, local export) presents major risks:

  • ❌ Data loss due to accidental deletion or hardware failure
  • ❌ Non-compliance: difficult to prove archive integrity and completeness
  • ❌ Tedious and time-consuming search in the event of an audit
  • ❌ Burden shifted to users who may forget or neglect archiving

A professional archiving solution solves these problems by :

  • ✅ Automatically captures all incoming and outgoing emails
  • ✅ Guaranteed inalterability thanks to WORM (Write Once Read Many) storage
  • ✅ High-performance search with full-text indexing
  • ✅ Ensuring compliance with Swiss legal requirements

Specific cases: certain regulated sectors

Financial sector (banks, insurance companies, asset managers)

Financial institutions are subject to stricter requirements:

FINMA (Swiss Financial Market Supervisory Authority) :

  • Retention of all customer communications (MiFID II, investment advice)
  • Complete traceability of investment decisions
  • Ability to reconstruct the complete history of a customer relationship

International standards :

  • SEC 17a-4 (for institutions operating on US markets)
  • FINRA (Financial Industry Regulatory Authority)

For these sectors, a certified solution like Proofpoint Archive is essential.

Health sector

Medical practices and healthcare facilities must :

  • Keep patient records in accordance with cantonal guidelines (10 to 20 years)
  • Respecting medical confidentiality when archiving communications
  • Apply enhanced security measures (encryption)

Legal sector

Lawyers and notaries must :

  • Archive all customer correspondence related to the files
  • Guarantee confidentiality (professional secrecy art. 321 CP)
  • Retain communications for longer than 10 years, depending on the duration of the proceedings

Risks and penalties: what do you risk in the event of non-compliance?

Administrative and criminal penalties

Swiss Penal Code :

  • Article 166 of the Swiss Criminal Code (violation of the obligation to keep accounts): fine
  • Article 325 StGB (failure to comply with accounting regulations): fine or custodial sentence in serious cases

New HPA :

  • Fines of up to CHF 250,000 for intentional breaches of the duty to inform, provide information or make announcements

Consequences of a tax audit or control

If you are unable to provide the supporting documents requested :

  • Taxation d’office: tax authorities can estimate your income and apply a higher tax rate
  • Disallowing deductions: unjustified expenses may be disallowed
  • Tax evasion proceedings in serious cases

Risks during legal proceedings (eDiscovery)

The absence of archives can lead to :

  • Inability to prove your allegations in a commercial dispute
  • Unfavourable presumptions: the judge may consider that the absence of evidence is unfavourable to you.
  • Fines for destruction of evidence if suppression is considered intentional

Operational and commercial impact

Beyond legal sanctions :

  • Considerable time lost in reconstructing the history of exchanges
  • Damage to reputation in the event of publicly disclosed breaches
  • Impossible to recover debts due to lack of proof of transactions.

Archiving and data protection: striking the right balance

The conservation/minimization paradox

The nLPD requires personal data to be kept only as long as necessary, while the CO obliges us to keep business correspondence for 10 years.

How can we reconcile these demands?

Guiding principle: Retention for legal reasons takes precedence over the principle of minimization. Article 6 al. 2 let. d nLPD explicitly states that data may be stored “for as long as required by law”.

Best practices :

  • Clearly distinguish between emails subject to legal archiving obligations and those that are not
  • Document sorting criteria and shelf life
  • Anonymize or pseudonymize where possible while preserving probative value
  • Systematic deletion of data after expiration of the legal deadline

Employees’ private e-mails

Frequently asked question: Is it possible to archive private emails sent from the professional mailbox?

Answer: No, except with explicit consent. The nLPD and the Civil Code (art. 328b CO) protect employees’ privacy. You must :

  • Clearly inform employees of the archiving policy
  • Allow them to flag personal emails (“private” flag)
  • Exclude these messages from automatic archiving

HR data retention period

Human resources emails follow specific rules:

  • Rejected applications: 3 to 4 months maximum (unless consent for talent pool)
  • Current employee files: for the duration of the contract + 10 years
  • Sensitive (medical) data: early deletion possible according to the principle of proportionality.

Proofpoint Archive: the solution for effortless compliance

Given the complexity of legal obligations and the risks involved, investing in a professional archiving solution is no longer an option, but a necessity.

Why choose Proofpoint Archive?

Guaranteed compliance with Swiss law

  • Automatic compliance with 10-year retention requirement
  • Olico-compliant inalterable storage
  • nLPD compliance with retention period management

Internationally recognized certifications

  • SEC 17a-4 (US financial markets)
  • FINRA-approved supplier
  • 99.9% guaranteed availability

Unified multi-channel archiving

  • Emails (Exchange, Office 365, Gmail)
  • Microsoft Teams, Slack, WhatsApp Business
  • Professional social networks

High-performance research

  • Full-text indexing of all content and attachments
  • Search millions of emails in seconds
  • Advanced filters (date, sender, keywords, attachments)

Integrated eDiscovery support

  • Easier preparation for audits and legal proceedings
  • Exports in legally recognized formats
  • Legal hold for disputes

Security and confidentiality

  • End-to-end encryption
  • Redundant data centers
  • 24/7 technical support

Case studies

SME with 50 employees – Financial services

Issue: FINMA obligation to retain all customer communications, risk of sanctions in the event of an audit.

Solution: Deploy Proofpoint Archive

  • Automatic archiving of 100% of incoming/outgoing emails
  • eDiscovery research ready for FINMA inspections
  • 40% reduction in server storage costs
  • SEC 17a-4 compliance acquired

Result: FINMA audit successfully completed, 0 non-conformities identified.

Conclusion: archiving, a strategic investment

Email archiving isn’t just a legal requirement: it’s an investment in your company’s legal security and long-term future.

In 2025, with the strengthening of data protection obligations (nLPD) and the multiplication of tax inspections and compliance audits, having a professional archiving system is no longer a luxury, but a necessity for any responsible company.

The 3 key benefits of compliant archiving :

  1. Legal certainty: evidence available immediately in the event of a dispute or audit
  2. Regulatory compliance: peace of mind in the face of CO, Olico and nLPD obligations
  3. Operational efficiency: instant search, time savings, cost reduction

Don’t wait for a tax inspection or an audit to discover that your archiving isn’t compliant. Every day without a professional archiving solution exposes you to legal and financial risks.

Proofpoint Archive gives you the peace of mind of total compliance, with rapid deployment and expert support.

PROOFPOINT ARCHIVE

La solution pour archiver en toute
conformité et sans effort

Je découvre Proofpoint Archive