Mandatory Email Archiving in Switzerland: What the Law Says and How to Comply

Email archiving requirements in Switzerland: what the law says

In Switzerland, the storage of business correspondence is not optional: it is an obligation enshrined in the Swiss Code of Obligations (CO). However, many Swiss SMEs are still not fully aware of this legal requirement, exposing themselves to significant risks in the event of disputes, tax audits or legal proceedings.

In this article, we take a detailed look at what Swiss law stipulates, why emails are among the documents that must be retained, and how to comply in a simple and secure manner.

Article 958f of the Swiss Code of Obligations

The main legal basis is Article 958f CO, which establishes a clear obligation: commercial books, accounting documents, management reports and audit reports must be retained for ten years. The retention period begins at the end of the financial year in which the documents were produced.

The crucial point for companies is that business emails with commercial or legal relevance are fully covered by the "accounting documents" and "business correspondence" referred to in the law. This includes order confirmations, contract negotiations, invoices, communications with customers and suppliers, and any message that documents a business transaction.

Which emails should be archived?

Not all business emails have the same legal relevance. However, the distinction between relevant and irrelevant emails is often difficult to draw on a daily basis. For this reason, many companies choose to archive all email, taking a cautious approach that prevents any risk of losing important data.

The categories of emails that must definitely be retained include:

• Business correspondence: offers, order confirmations, negotiations, complaints
• Accounting documents: invoices, credit notes, payment receipts
• Contractual communications: agreements, contract amendments, terminations
• Tax documentation: communications with tax authorities, VAT receipts
• HR communications: employment contracts, salary changes, official communications

The Ordinance on the Keeping of Commercial Books (Olc)

The Olc specifies the principles according to which documents must be archived. The fundamental requirement is to guarantee data integrity: archived documents must be authentic and non-falsifiable. Any changes must be detectable and traceable.

The ordinance explicitly allows storage on electronic media, provided that consistency with the original transactions and readability at all times are guaranteed. This means that a cloud-based email archiving system is fully compliant with the law, provided that it meets certain technical requirements.

Technical requirements for digital archiving

To comply with Swiss law, an email archiving system must guarantee:

• Integrity: archived emails cannot be modified or deleted
• Accessibility: every authorised person must be able to consult the documents at any time
• Legibility: documents must remain legible for the entire duration of storage
• Traceability: all activities on the archive must be recorded in a log
• Completeness: archiving must automatically capture all emails, preventing selective deletions

The new Data Protection Act (nLPD)

On 1 September 2023, the new Federal Data Protection Act (nLPD) came into force, introducing additional obligations for Swiss companies regarding the processing of personal data. This legislation, inspired by the European GDPR, has a direct impact on the management of corporate emails.

The nLPD requires companies to store personal data in a demonstrably secure manner, both physically and technologically. It also introduces a rapid notification requirement in the event of a data breach and requires the keeping of a record of processing activities.

For business emails, this means that the storage system must not only store messages, but also protect them adequately and ensure that access is restricted to authorised persons only.

Penalties

The consequences for non-compliance with the regulations are serious. On the accounting front, Article 325 of the Criminal Code provides for fines for those who fail to comply with the obligation to keep accounting records and commercial correspondence. In the event of bankruptcy, violation of the retention obligation can result in imprisonment for up to three years (Art. 166 CP).

With regard to data protection, the nLPD provides for fines of up to CHF 250,000 for individuals responsible for intentional violations. It is important to note that the penalties directly affect the managers responsible, not just the company.

The concrete risks for Swiss SMEs

Many small and medium-sized Swiss companies underestimate the risks associated with not archiving emails. Here are the most common scenarios:

Legal disputes: in the event of a dispute with a customer or supplier, emails are often the decisive piece of evidence. Without a structured archive, you may be unable to prove agreements, conditions or communications that took place. The court may interpret the lack of evidence to your disadvantage.

Tax audits: Tax authorities may request documentation of business transactions from the last ten years. If emails relating to invoices, orders or negotiations are not available, the company risks unfavourable tax assessments.

Data loss: Hardware failure, ransomware attacks or accidental deletion of emails can cause the irreversible loss of crucial documents. A simple backup is not enough, as it does not prevent messages from being deleted beforehand.

Employees leaving the company: when an employee leaves the company, their mailbox is often deleted. With an archiving system, all emails remain accessible regardless of staff turnover.

Why backup is not enough

A common mistake is to confuse email backup with archiving. These are two fundamentally different things:

Backup is a security copy that reflects the current state of the mailbox. If an employee deletes an email before the backup, the message is lost forever. Furthermore, backups are not indexed and do not allow for quick searches.

Archiving, on the other hand, captures every email as soon as it is sent or received, before anyone can modify or delete it. The archive is indexed, searchable and unalterable. This is the only approach that guarantees legal compliance.

How to comply: the MailArk solution

Complying with Swiss regulations does not have to be complicated or expensive. MailArk has been designed specifically for Swiss SMEs that need a simple, secure and legally compliant email archiving solution.

Automatic and transparent archiving

MailArk connects to your existing email accounts and automatically archives all incoming and outgoing messages. You don't have to change the way you work: archiving takes place in the background, without any manual intervention.

Guaranteed compliance

With MailArk, your company automatically complies with the requirements of Art. 958f CO and Olc:

• 10-year retention with the Professional plan
• Unlimited storage with the Business plan
• Guaranteed data integrity: archived emails cannot be modified
• Instant full-text search across the entire archive
• Complete log of all activities

Ease of use

Unlike complex and expensive enterprise solutions, MailArk is designed for those who want to be compliant without complications. Setup takes just a few minutes: simply enter your email server details and MailArk will start archiving immediately.

Affordable pricing

MailArk plans start at just £9 per month for the Professional plan (up to 5 email accounts, 10 GB of space, synchronisation every 15 minutes). For larger companies, the Business plan at £29 per month offers up to 15 accounts, 100 GB of space and unlimited storage.

There is also a free plan to try out the service with 1 email account and 90 days of storage.

Checklist: are you compliant?

Quickly check whether your company complies with Swiss email archiving regulations:

• ☐ Are company emails archived automatically?
• ☐ Is the archive protected against changes and deletions?
• ☐ Are messages retained for at least 10 years?
• ☐ Can the archive be searched?
• ☐ Is access restricted to authorised persons?
• ☐ Is there an activity log for the archive?
• ☐ Are former employees' emails still accessible?

If you answered "no" to even one of these questions, it's time to adopt a professional archiving solution.

Conclusion

Archiving business emails in Switzerland is not optional: it is a legal obligation with serious consequences for non-compliance. With the entry into force of the nLPD, security and compliance requirements have become even more stringent.

The good news is that compliance is simple and affordable. With MailArk, your company can be compliant in minutes, without exorbitant costs or technical complications.

Try MailArk for free and secure your company's correspondence.