The Code of Conduct Hosting (hereinafter referred to as the 'CCH') contains recommendations for Swiss hosting providers on how to handle complaints about content that customers make available to the public using their services. The CCH has been in force since 2012 and has established itself as the industry standard.
The 'notice and notice' or 'notice and take down' procedure set down in the CCH by Swico contains principles of conduct that are also specified analogously in other self-regulations adopted by European and international associations of internet service providers (ISPs) and hosting providers. When drafting the CCH, Swico also took into account regulations in other countries (in particular the US, the EU and its member states), while at the same time maintaining the principles of freedom of contract and personal responsibility that are particularly important in Swiss law.
The requirements for content and the responsibility of those involved in making it accessible are generally subject to the law of the country in which the content is made available or a related service is provided. Where Swiss hosting providers provide services to customers abroad, the law of the customer's country may apply. The requirements of the EU and its Digital Services Act (Regulation (EU) 2022/2065 of 19 October 2022, 'DSA') are likely to be particularly relevant in most cases. The CCH also considers the requirements of the DSA, although the current implementation practice in the relevant EU member state must always be taken into account in individual cases.
From the perspective of Swiss law, the CCH is a document of self-regulation. Its purpose is to help Swiss hosting providers fulfil their role as intermediaries of internet communications in a responsible manner and to show persons affected by illegal content on the internet how they can exercise their rights.
1. Subject Matter and Legal Nature
The CCH is a set of guidelines on how to deal with reports of possible illegal content. It is a document of voluntary self-regulation.
2. Addressees and Scope of Validity
The CCH is aimed at companies and individuals that operate hosting services and are subject to Swiss law.
If (a) a Swiss hosting provider has a substantial connection to the EU (e.g. a subsidiary in the EU, use of the service by a significant number of users from an EU member state as measured by that member state's population or by the targeting of the service towards one or more EU member states), and (b) the sender of a notice claims to be domiciled or resident in the EU, the requirements of the DSA also apply.
Any services offered by hosting providers that are not purely hosting services are excluded from the scope of the CCH. In particular, internet access services and services for storing and processing content and making the same accessible to third parties in an area that is not publicly accessible (e.g. cloud services) are not included.
3. Definitions
3.1 Illegal content: content that infringes third parties' rights, particularly intellectual property rights (e.g. copyrights or trademark rights), or personality rights, or that constitutes a criminal offence (particularly in the areas of pornography, the depiction of violence, racism or libel).
3.2 Hosting service: a service that allows operators of websites and applications to store and process content and make the same publicly accessible to third parties.
3.3 Customer: a customer of the hosting provider who has signed a contract regulating hosting services.
3.4 Notice: communication from a person affected by allegedly illegal content that the customer of the hosting service has made publicly accessible.
The sender of a notice must generally be affected by the alleged infringement to a greater extent than a third party or the general public. For personality right infringements and offences that must be reported, this includes the injured party (or their representative), while for intellectual property right infringements, this includes the holder of ownership or licensing rights for the content concerned (or their representative). The sender does not need to be particularly affected for offences for which proceedings are brought directly by the public prosecutor's office or where the DSA applies.
A notice must at least meet the formal and content-related requirements by including the following information:
(a) the sender's name, address, and email address (if the report concerns alleged offences relating to sexual abuse, sexual exploitation, child pornography, or contacting children for sexual purposes, the report will be considered complete even if the sender's name and address are not included);
(b) an explanation of why the sender is particularly affected (except for offences for which proceedings are brought directly by the public prosecutor's office or cases where the DSA applies);
(c) the URL of the website or web page that is the subject of the complaint;
(d) a precise description of the allegedly illegal content;
(e) a reason as to why the content is illegal;
(f) a declaration that the sender has a good faith belief in the accuracy of his/her report.
4. No Monitoring Obligations
As intermediaries on the internet, hosting providers provide an infrastructure that enables operators of websites and applications to store and process content and make the same publicly available to third parties. Hosting providers normally have no knowledge of what content their customers store, process and make accessible. Neither are they obligated to actively monitor such content. The customer alone is solely responsible for content that it stores, processes or makes accessible to third parties using the hosting services.
The hosting provider's obligations defined in the CCH are designed to make it easier for persons affected by illegal content to initiate legal proceedings against those responsible.
5. Notice and Notice
5.1 The hosting provider checks that any notices received meet the formal and content-related requirements set down in (3.4). When assessing these requirements, the hosting provider applies the benchmark of a legal layperson.
5.2 If a received notice does not meet the formal and/or content-related requirements set down in (3.4), or only meets them to a certain extent, the hosting provider shall ask the sender of the notice to provide the missing information within two working days of being prompted to do so. If the sender fails to respond before the deadline, or if the additional information supplied also does not meet the formal and/or content-related requirements set down in (3.4), or only meets them to a certain extent, the hosting provider shall not process the notice further.
5.3 If a received notice meets the formal and content-related requirements set down in (3.4) in full, the hosting provider shall write to the customer and to the sender of the notice, generally within two working days of receiving the notice.
a) In the letter to the customer, the hosting provider shall inform the customer that the notice has been received and shall forward a copy of the same. Where the DSA applies, the hosting provider is required to send the notice to the customer in anonymised form (i.e. without revealing the identity of the sender). The hosting provider may refrain from anonymisation if it is necessary to disclose the identity of the sender in order to enable the customer to verify the truth of the allegations made and to mount an appropriate defence. This will be the case in many instances (e.g. alleged infringement of intellectual property rights or personality rights). If the hosting provider forwards the notice in anonymised form, it is obligated to send the customer's response to the sender in anonymised form as well.
b) The hosting provider shall remind the customer that they (the customer) are solely responsible for content that they store, process or make accessible to third parties using the hosting services. It shall prompt the customer either (i) to remove the offending content or (ii) to explain why the content is lawful in a letter to the sender of the notice. The hosting provider shall also inform the customer that they are liable to compensate it for expenditure relating to the defence of third-party claims and for any other damage suffered. The hosting provider may demand a surety from the customer as a precautionary payment to cover such damage. In clear cases, the hosting provider may also take direct action in accordance with (6) (notice and take down).
c) In the letter to the sender of the notice, the hosting provider shall confirm receipt of the notice and inform the sender that it has written to the customer. It shall inform the sender of the notice that the customer is solely responsible for content that it stores, processes or makes accessible to third parties using the hosting services. The hosting provider shall also notify the sender that it is not allowed to disclose customer data. Instead, it shall inform the sender of possible ways in which they may uncover the identity of the owner of an internet domain (e.g. using Whois databases available online). The hosting provider shall also inform the sender of the possibility of taking legal action or recourse to the authorities to enforce the alleged claims. In clear cases, the hosting provider may also take direct action in accordance with (6) (notice and take down).
6. Notice and Take Down
6.1 If a received notice meets the formal and content-related requirements set down in (3.4) in full, and if it appears highly likely that content is illegal, or if the hosting provider itself could be criminally responsible or liable under civil law as a result of becoming aware of the notice, the hosting provider may partially or completely block access to the website affected at its own discretion until the matter has been resolved between the parties concerned or by a court or another authority.
6.2 Immediately before or after blocking, the hosting provider shall inform the customer that a notice has been received and that access to the site has been blocked. It shall inform the customer of the relevant circumstances and facts that led to the blocking and shall state the legal grounds for the blocking. The hosting provider shall inform the customer of the legal remedies available to defend themselves against the blocking.
6.3 Where the DSA applies, the hosting provider is required to send the notice to the customer in anonymised form (i.e. without revealing the identity of the sender). The hosting provider may refrain from anonymisation if it is necessary to disclose the identity of the sender in order to enable the customer to verify the truth of the allegations made and to mount an appropriate defence. This will be the case in many instances (e.g. alleged infringement of intellectual property rights or personality rights). If the hosting provider forwards the notice in anonymised form, it is obligated to send the customer's response to the sender in anonymised form as well.
6.4 At the same time, the hosting provider shall inform the sender of the notice of the website being blocked and the letter being sent to the customer. The hosting provider shall decide, at its own discretion, whether to report any criminal offences to the National Cyber Security Centre (NCSC) (NCSC Report) and/or to the criminal prosecution authorities.
6.5 When assessing whether the notice is complete, whether a website should be blocked and whether legal proceedings should be initiated, the hosting provider shall apply the benchmark of a legal layperson.
7. Contractual Safeguards Vis-à-vis the Customer
7.1 The hosting provider shall ensure that its agreements with the customer contain the following regulations and information at the very least:
a) The customer may only use the hosting services lawfully. The customer is solely responsible for content that it stores, processes or makes accessible to third parties using the hosting services.
b) The hosting provider is not obligated to monitor the hosted content. However, it shall examine content after receiving a notice, as required by the notice and take down procedure, or if ordered to do so by a court or another authority. The hosting provider reserves the right to carry out spot checks, even if a notice has not been received.
c) The hosting provider is entitled to block access to the customer's website, either in whole or in part, and to withdraw hosting services i) if the relevant requirements set down in the notice and take down procedure described in its General Terms and Conditions or in the CCH, if referred to in its General Terms and Conditions, are met; or ii) if the hosting provider is ordered to do so by a court or another authority, or could in some other way be legally responsible or held liable itself; or iii) if a spot check uncovers content that is highly likely to be illegal under (3.1).
d) The hosting provider shall describe the notice and take down procedure or the CCH in its General Terms and Conditions and shall provide easy access to the CCH on its website. The customer is responsible for finding out about the notice and take down procedure. They note and acknowledge that the hosting provider may terminate the contract with them with immediate effect if they fail to follow its instructions according to the notice and take down procedure described in the General Terms and Conditions and/or the CCH.
e) If ordered to do so by a court or another authority in writing, the hosting provider shall be entitled and obligated to reveal the customer's identity to the former or to other third parties.
f) The hosting provider is entitled to bill the customer for any expenditure incurred in relation to a notice. The customer must compensate the hosting provider for any other damage suffered as a result of asserted claims. The hosting provider may demand a surety from the customer as a precautionary payment to cover such damage. If this surety is not paid, the hosting provider may withdraw the service.
8. Internal Organisational Measures
The hosting provider shall take internal organisational measures to respond to notices quickly. It shall appoint a point of contact for illegal content and make clear on its website how and to whom notices are to be sent (using an online form, for example).
9. Sample Texts and Recommendations for Online Abuse Notices
Swico provides its members with samples of the letters mentioned in the CCH that they must send to customers and to senders of a notice, as well as samples of how to draft online abuse notices.
10. No Liability on Swico's Part
The CCH is a document of voluntary self-regulation. Swico cannot guarantee that compliance with the CCH will protect the hosting provider from criminal prosecution or civil liability under the applicable law.
11. Entry into Force
This version of the Hosting Code of Conduct enters into force on 1 April 2025 and replaces all previous versions.
Last Update 2025-04
