LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the main obligations of a full telecom provider under Art. 26 BÜPF?

Deliver data (content & metadata), retain metadata for 6 months, supply necessary technical data, tolerate surveillance, and remove encryption they applied — with a possible exemption for minor services granted by the Federal Council.

A full carrier (Swisscom, Sunrise, Salt) carries the heaviest set of duties under Art. 26:

  • Deliver data — both the content of communications and the Randdaten (metadata / "edge data": who, when, how long, where).
  • Retain metadata for 6 months — the figure most worth memorising.
  • Supply the technical data needed to make a surveillance feasible.
  • Tolerate the surveillance — a duty to permit and actively cooperate.
  • Remove encryption it applied itself (with the crucial nuance below).

As a relief valve, the Federal Council may exempt services of minor importance from some of these duties.

The lighter tiers (Art. 27–29) are a deliberate step down: those parties only have to grant access to their facilities, supply necessary technical data, and hand over whatever metadata is available — there is no equivalent of the full 6-month retention duty. Obligations scale with how central the party is to the communication.

The crucial nuance is what "remove encryption" actually means. The provider must strip encryption it applied — transport encryption it controls — but this does not let it break end-to-end encryption applied by the user or by an over-the-top messenger, because the carrier never held those keys. That single distinction is the heart of the whole "going dark" debate: lawful interception can compel the carrier, yet cannot magically defeat encryption it was never party to.

Tip: Remember Art. 26 as "deliver, retain 6 months, enable, tolerate, decrypt-what-you-encrypted."

Go deeper:

From Quiz: MOBINFSEC / Mobile Forensic: Lawful Telecom Surveillance | Updated: Jul 05, 2026