How to Respond to a Dawn Raid in Switzerland: Immediate Steps, Sealing (CPC), Privilege & Electronic Data

Knowing how to respond to a dawn raid is one of the most time-critical compliance challenges a Swiss business can face. Investigators from the Competition Commission (COMCO), a cantonal or federal public prosecutor, or, in a supervisory capacity, FINMA may arrive unannounced at your premises, present credentials, and begin reviewing documents and electronic devices within minutes. The revised Swiss Criminal Procedure Code (CrimPC), in force since 1 January 2024, tightened the rules on sealing seized materials under Art. 248 and clarified the competence of the unsealing judge, making a current understanding of deadlines and procedures essential.

This 2026 guide provides Swiss in-house counsel, compliance officers and boards with a step-by-step playbook covering on-the-day actions, sealing timelines, privilege protection and electronic data handling.

TL;DR, Three immediate actions:

1. Call external legal counsel immediately, do not wait.
2. Preserve all documents and electronic data; instruct staff not to delete, move or alter anything.
3. Request sealing of any materials you believe may be privileged, confidential or outside the scope of the warrant.

What Is a Dawn Raid in Switzerland, Who Can Arrive and With What Powers

A dawn raid is an unannounced on-site inspection or search carried out by a Swiss enforcement authority at a company’s business premises. Dawn raids in Switzerland may be conducted by several different bodies, each operating under distinct legal bases and with different powers. Understanding which authority is at your door shapes every subsequent decision.

The principal enforcement actors are the COMCO Secretariat (also known as WEKO), acting under the Federal Act on Cartels and Other Restraints of Competition (Cartel Act); federal or cantonal public prosecutors (including the Office of the Attorney General, OAG), exercising criminal search powers under the CrimPC; and FINMA, the Swiss Financial Market Supervisory Authority, which uses supervisory enforcement tools rather than coercive criminal search powers. Police officers may accompany prosecutors or, in certain cantons, execute searches independently under prosecutorial authority.

Types of Inspections, Competition, Financial Supervision and Criminal Searches

The distinction between administrative and criminal inspections is fundamental to dawn raid rights in Switzerland.

• COMCO competition inspections. Under the Cartel Act, the COMCO Secretariat may conduct unannounced inspections of business premises to secure evidence of anti-competitive agreements or abuse of dominance. Investigators may search offices, seize documents and image electronic devices. The company has the right to request sealing of any materials it contends are privileged or outside scope.
• FINMA supervisory enforcement. FINMA deploys supervisory measures, including requests for information, on-site inspections and the appointment of investigating agents, but FINMA cannot itself carry out coercive evidence seizures equivalent to police powers. Where criminal conduct is suspected, FINMA typically files a criminal complaint and cooperates with prosecutors who then execute any search warrant.
• Criminal searches (OAG / cantonal prosecutors). Prosecutors acting under the CrimPC possess the broadest coercive powers: they may search premises, seize physical and electronic evidence, and compel witness attendance. A written search warrant must generally be obtained in advance from the compulsory measures court, except in urgent cases.

A typical COMCO dawn raid follows a recognisable sequence: investigators present credentials and a formal investigation order; they explain the scope of the inspection; they fan out across the premises with IT forensic specialists; they copy hard drives, image servers and review physical files; and they prepare a list of seized items before departing. Criminal searches follow a similar pattern but are governed by CrimPC procedural safeguards, including the right to request sealing under Art. 248.

How to Respond to a Dawn Raid, Immediate Steps on Arrival

The first sixty minutes of a dawn raid determine the trajectory of the entire investigation. A calm, structured response protects the company’s rights without risking allegations of obstruction. The following on-the-day checklist sets out what steps should be followed during a dawn raid, broken into three time phases.

Who Should Speak and Who Should Not

Only designated personnel should interact with investigators. Reception staff should be trained to greet investigators politely, request identification and credentials, and immediately contact in-house legal or the pre-designated dawn raid coordinator. A simple script for the front desk might read: “Thank you. Please take a seat while I notify our legal team. They will be with you shortly.” No employee outside the response team should volunteer information, answer substantive questions or attempt to explain documents. IT staff, custodians and department heads should be instructed to cooperate with logistical requests (such as unlocking a room) but to defer all legal questions to counsel.

Handling Warrants, What to Ask For and How to Verify Scope

Before granting full access, the response team should ask investigators for their warrant or inspection order, personal identification, the legal basis of the inspection (Cartel Act, CrimPC provision or other statute), the precise scope of the search (which premises, which categories of documents, which time periods) and confirmation of the supervising authority. If the warrant is limited to certain departments or data categories, investigators may not lawfully expand the search beyond that scope without further authorisation. Any discrepancy should be noted in writing.

Top 10 Immediate Actions

1. Greet investigators courteously; do not obstruct entry.
2. Request and photocopy the warrant or inspection order and all identification.
3. Call external legal counsel immediately.
4. Activate the internal dawn raid protocol and notify the General Counsel or CEO.
5. Assign an employee to shadow each investigator and take detailed notes of every room entered, document reviewed and device accessed.
6. Do not destroy, delete, move or conceal any documents or data.
7. Request sealing of any items you believe are privileged, confidential or outside the stated scope.
8. Instruct IT to preserve all systems, suspend automatic deletion routines and disable remote-wipe functions.
9. Log the exact time of arrival, departure and all key events.
10. Obtain a complete inventory of all items seized or copied before investigators leave.

Obstruction of a lawful search carries serious consequences under Swiss law, including criminal penalties. Cooperation is not optional, but cooperation does not mean waiving your rights. Every company employee should understand the difference between facilitating the search and volunteering information beyond what is required.

Sealing Under the Swiss Criminal Procedure Code, 2024 Revisions and Timelines

The sealing of seized documents in Switzerland is one of the most powerful procedural protections available to the subject of a dawn raid. Under Art. 248 of the CrimPC (Swiss Criminal Procedure Code sealing provisions, revised version in force since 1 January 2024), the holder of seized records or objects may request that they be sealed if the holder asserts that the materials are protected by a legally recognised interest, most commonly legal professional privilege or other confidentiality rights under Art. 264 CrimPC.

The 2024 revision of the CrimPC introduced important clarifications. The Federal Supreme Court, in judgments delivered on 15 November 2024, addressed the grounds for sealing and the competence of the unsealing judge under the revised code. Industry observers note that the Court’s reasoning narrows the circumstances in which trade secrets or banking secrecy alone, without a further recognised privilege, serve as standalone grounds for sealing. The practical effect is that companies must articulate a specific, legally recognised ground (such as attorney-client privilege) rather than relying on broad confidentiality assertions.

Step-by-Step Sealing Procedure on Site

When a holder requests sealing during a search, the following sequence applies under the revised CrimPC:

1. The holder objects to the seizure of specific items and requests that they be sealed.
2. The items are physically sealed or digitally segregated on site, investigators may not access them.
3. The criminal justice authority must formally notify the entitled party of the seizure and the sealing request within three days (Art. 248 CrimPC).
4. The authority must then apply to the compulsory measures court for an unsealing decision if it wishes to access the sealed materials.
5. The entitled party has the opportunity to file objections within the statutory window.
6. The compulsory measures court (or, in federal cases, the relevant unsealing judge) reviews the sealed materials, often with the assistance of an independent expert, and decides which items may be unsealed and which must be returned.

Key Sealing Timelines

The interplay between Art. 248 (sealing procedure) and Art. 264 (items not subject to seizure, including correspondence between the accused and their defence lawyer) is critical. Art. 264 CrimPC creates an absolute bar on seizing certain categories of privileged material, while Art. 248 provides the procedural mechanism for asserting that bar. Getting the sealing request right on the day of the raid is therefore essential: a failure to object promptly may weaken or forfeit the right to challenge seizure later.

Privilege and Privilege Review in Swiss Dawn Raids

Legal professional privilege is a cornerstone of how to respond to a dawn raid effectively. In Switzerland, the scope of privilege differs significantly depending on whether communications involve external counsel or in-house lawyers.

External counsel privilege is well established. Correspondence and work product exchanged between a company and its admitted external lawyer (registered with a Swiss cantonal bar or, in certain cases, a foreign-admitted lawyer providing equivalent services) are protected under Art. 264 CrimPC and the Federal Act on the Freedom of Movement of Lawyers. These materials may not be seized, and a sealing request will generally be upheld by the unsealing judge where the privilege is properly asserted.

In-house counsel privilege is far more limited under Swiss law. Unlike some common-law jurisdictions, Switzerland does not automatically extend full attorney-client privilege to communications with in-house lawyers. Early indications from recent practice suggest that in-house legal advice may receive limited protection under certain circumstances, but the safest course is to assume that in-house communications will not enjoy the same level of protection as external counsel correspondence. Companies with significant compliance exposure should consider routing sensitive legal advice through external counsel to preserve privilege.

Practical Steps to Protect Privilege on Site

• Identify privileged material early. Before any raid, maintain a clear filing and labelling system that distinguishes external legal advice from business correspondence.
• Assert privilege immediately. When investigators reach for a file or device that contains privileged material, state clearly that the item contains attorney-client communications and request sealing under Art. 248 CrimPC.
• Mark and segregate. Ask investigators to place the disputed material in a sealed envelope or container, labelled with the date, the names of the parties asserting privilege and a brief description of the ground for the claim.
• Do not allow preview. Once sealing is requested, investigators may not review the sealed items. If an investigator attempts to access sealed material, note the event in your contemporaneous log.
• Cross-border considerations. Where privilege review involves multi-jurisdictional communications, for example, advice from a US or UK firm, privilege analysis must account for both Swiss rules and the rules of the foreign jurisdiction. A privilege review under Swiss law does not automatically protect material that would be discoverable abroad.

Electronic Data Seizure and Handling, Forensic Practice and Defence Strategy

Electronic data seizure in Switzerland has become the dominant feature of modern dawn raids. Investigators routinely image entire servers, copy laptop hard drives, clone mobile devices and request access to cloud-hosted platforms. For the company subject to a raid, the technical response to electronic evidence seizure is as important as the legal response.

IT, Immediate Technical Steps

• Do not power off devices unless specifically instructed by your forensic adviser, powering off may destroy volatile data (RAM contents, active sessions) that could be exculpatory.
• Do not unplug network cables or disable Wi-Fi without counsel’s instruction, disrupting connectivity may be interpreted as obstruction.
• Suspend automatic deletion routines. Instruct IT to immediately disable any scheduled purges, email retention policies or backup rotation cycles.
• Disable remote-wipe capabilities on all mobile devices that may be within scope of the search.
• Preserve metadata. Ensure that file access logs, email headers and system timestamps remain intact.
• Engage a forensic vendor. An independent digital forensics firm should be contacted immediately to create verified forensic images (bit-for-bit copies) of all devices and media being seized or copied by investigators. Parallel imaging protects the company’s ability to conduct its own review.
• Log chain of custody. Record which devices were seized or imaged, by whom, at what time, and in whose presence. Photograph serial numbers and device conditions.

Remote Access and Cloud Data

Where company data resides in cloud environments, whether Swiss-hosted or foreign-hosted, investigators may serve preservation orders or request access credentials. Companies should not volunteer access to systems beyond the scope of the warrant. If the warrant covers “all electronic data accessible from the premises,” industry observers expect this will increasingly be tested in Swiss courts, particularly where data is stored on servers outside Switzerland. FINMA guidance has emphasised the importance of cyber-security and data integrity in financial institutions, and the likely practical effect is that regulated entities will face heightened scrutiny of their data preservation and access-control practices during any inspection.

For banking and financial services firms, Swiss banking secrecy adds a further layer: the revised CrimPC disclosure framework, which entered effect alongside the 2024 amendments, recalibrated the balance between secrecy obligations and prosecutorial access. The practical consequence is that banks must navigate both their duty to preserve client confidentiality and their obligation to cooperate with lawful seizures, making prompt legal advice indispensable.

How to Respond to a Dawn Raid, Regulator-Specific Notes for COMCO, FINMA and the OAG

Not all dawn raids are alike. The powers, procedures and practical expectations differ materially depending on which Swiss authority conducts the inspection.

COMCO (WEKO) conducts unannounced competition inspections under the Cartel Act. COMCO investigators may enter premises, search offices, seize business documents and image IT devices. The company may request sealing of any material it considers privileged (external counsel communications) or outside scope. COMCO’s explanatory notes confirm that correspondence with admitted external lawyers is protected, but internal business documents, even those discussing legal strategy, are generally not.

FINMA uses supervisory enforcement tools but cannot independently execute coercive searches. A FINMA dawn raid, more accurately described as a supervisory on-site inspection, does not carry the same compulsory seizure powers as a criminal search. However, FINMA may appoint an investigating agent with broad access rights, and where criminal conduct is suspected, FINMA cooperates with prosecutors who may then obtain and execute a search warrant. Companies should not assume that a FINMA visit is benign; the information gathered may form the basis for subsequent criminal proceedings.

OAG / cantonal prosecutors exercise the full range of criminal search powers under the CrimPC, including physical and electronic seizure, witness compulsion and premises search. All CrimPC safeguards, including sealing under Art. 248 and the privilege protections of Art. 264, apply.

After the Raid, Preservation, Internal Investigation, Unsealing and Litigation

Once investigators depart, the work of responding to a dawn raid enters its next critical phase. The 24 to 72 hours following the search set the foundation for every subsequent legal step.

Immediate internal review. Convene the response team within hours. Review the contemporaneous log, the inventory of seized items and the scope of the warrant. Identify any materials that were seized without a sealing request having been made and assess whether a retrospective application is viable.

File sealing objections within statutory deadlines. If the authority applies to the compulsory measures court for unsealing, the company must respond within the applicable deadline. Missing these windows can result in the unsealing of material that might otherwise have been protected.

Engage external forensic specialists. If parallel forensic images were not taken during the raid, request copies of all imaged data from the authority promptly. Commission an independent forensic review to identify the full scope of material seized and to prepare for privilege review.

When to Notify Regulators, Insurers and Boards

• Board notification. The board of directors should be informed within 24 hours. Under Swiss corporate governance principles, directors bear oversight responsibility and must be in a position to make informed decisions about cooperation, litigation and disclosure.
• Insurance notification. Review directors’ and officers’ (D&O) liability policies and professional indemnity coverage. Many policies contain strict notification windows, failure to notify promptly may jeopardize coverage.
• Regulatory notifications. Depending on the sector, disclosure obligations may arise under financial market regulations, stock exchange rules or data protection laws. Assess whether the raid triggers a duty to report to FINMA, SIX Exchange Regulation or the Federal Data Protection and Information Commissioner (FDPIC).
• Cooperation vs. litigation. A strategic decision must be made early: whether to cooperate fully with investigators (which may lead to leniency in competition cases) or to contest the scope and legality of the search. This decision should be guided by experienced external counsel.

Conclusion, Next Steps for Swiss Businesses

Knowing how to respond to a dawn raid before one occurs is the single most effective measure a Swiss company can take. The three pillars of an effective response remain constant: call experienced external counsel immediately, preserve all documents and data without exception, and exercise your statutory right to request sealing of privileged or out-of-scope materials under Art. 248 CrimPC. With the 2024 CrimPC revisions reshaping sealing procedures and enforcement activity continuing at elevated levels in 2025–2026, every Swiss company, regardless of sector, should have a written dawn raid protocol, trained reception and IT staff, and a pre-identified external legal team ready to attend on short notice. Preparation is not a luxury; it is an operational necessity.

Sources

1. Swiss Criminal Procedure Code (CrimPC), SR 312.0
2. Bär & Karrer, Federal Supreme Court Clarifies Sealing Grounds Under Revised CPC (Dec 2024)
3. COMCO / WEKO, Explanatory Notes and Press Releases
4. FINMA, Enforcement Tools
5. IFLR, Swiss Banking Secrecy Revisited: Revised Disclosure Framework
6. Lawbrary, CrimPC Art. 248 (2024 Revision)
7. DLA Piper, Legal Privilege Country Guide
8. MCE Legal, Sealing Procedure in Switzerland