Public Beta Trust Infrastructure Terms of Use

Use of the public beta trust infrastructure

The FOITT collects personal data provided by users (first name, surname, email address, IP address) for the purpose of onboarding to the beta base registry and beta trust registry (public beta trust infrastructure). With the exception of the organisation name in the trust registry, the data is not stored in the registries and is not publicly viewable. As part of the public beta system, all participants with an entry in the base registry can be entered in the trust registry without verification.

By submitting their data, users consent to the processing of the personal data they submit to the Swiss Confederation, acting through the Federal Office of Information Technology, Systems and Telecommunication (FOITT), for the purposes of operating the public beta trust infrastructure. If necessary, participants may also share data on the performance of the system with the Swiss Confederation, but not data on the content of individual credentials. Users can find additional information on the data protection provisions here.

Scope of the beta trust infrastructure

The FOITT provides the registries free of charge.
The Swiss Confederation has no access whatsoever to the data processed or held by issuers, holders or verifiers, or transmitted directly between them. In particular, the Swiss Confederation does not store any content data.
Issuers are responsible for providing and operating a solution for issuing electronic credentials.
Verifiers are responsible for providing and operating solutions for verification purposes.
The information shown in the trust registry is unreviewed and does not constitute a binding statement by the Swiss Confederation.

Operation

The public beta trust infrastructure is operated on a best-efforts basis. The FOITT team processes any queries and incidents during normal office hours. There is no guarantee with respect to a maximum response time to requests or support queries, or a certain uptime.
Updates to the public beta trust infrastructure that change the existing functionality or require action on the part of participants will be communicated at least two weeks in advance. Similarly, the terms of use may be changed; this will also be done with a notice period of two weeks.
There are no plans to transfer the public beta trust infrastructure to the productive system. Consequently, there is no guarantee that the data entered in the registries will be stored permanently.
The attribute data used by issuers to realise their use cases may be fictitious or real. If personal data is involved, under no circumstances may it come from Swiss Confederation databases. Open government data may be processed.

Personal responsibility

Issuers and verifiers are personally responsible for checking and complying with legal issues, in particular regarding data protection and data security in relation to the data they process.
Issuers and verifiers are personally responsible for all duties arising from the Data Protection Act (FADP; SR 235.1). This also includes the duty to provide information to the end users/clients they involve.
Issuers ensure that only the required data is uploaded and shown in the beta base registry.
There are no restrictions with regard to use cases; productive use cases are also allowed, as long as they comply with applicable law.
In the event of misuse or violation of the terms of use, an organisation may be excluded from the public beta trust infrastructure. This is particularly the case if:

malware is introduced
use is fraudulent or deceptive (e.g. phishing)
the rights of third parties are violated, e.g. intellectual property rights or the right to privacy

Swiss Confederation disclaimer