News from the OA-IA office

In 2024, the OA-IA had nine staff members. One person left and was replaced by a new member of staff.

Over the course of 2024, OA-IA staff participated in numerous training and professional development courses offered by the federal government or private institutions, particularly in the areas of risk management, auditing, cybersecurity and personal development. In addition, two staff members successfully completed Certificate of Advanced Studies (CAS) courses in communication and in artificial intelligence management.

The OA-IA works on behalf of the public as part of the Federal Administration. The public has the right to know what the authorities are doing and how they are fulfilling their mandate. This gives rise to the public’s right of access to information and to the authorities’ obligation to provide it.

During the year under review, the OA-IA received 11 requests for access to information held by the OA-IA itself. In six cases access was refused, in two cases it was partially granted, and in two cases it was fully granted. In a further case, the OA-IA was asked for assistance in dealing with a request under the Federal Act of 17 December 2004 on Freedom of Information in the Administration (Freedom of Information Act, FoIA, SR 152.3), which had been addressed to another body of the Federal Administration.

During the consultation on the 2024 audit plan, the question arose as to whether the OA-IA was responsible for the audit ‘24-2 Intelligence activities of the Armed Forces Preventive Protection Service (AFPPS)’.

In 2024, the head of the DDPS informed the OA-IA that she had submitted this question to the Federal Office of Justice (FOJ), which confirmed that the OA-IA is authorised to exercise oversight over the AFPPS in three situations:

• when the AFPPS carries out a mandate from the MIS
• when the AFPPS carries out a mandate from the FIS
• when the AFPPS carries out activities that also serve to fulfil tasks pursuant to Articles 99 and 100 of the Federal Act of 3 February 1995 on the Armed Forces and Military Administration (Armed Forces Act, ArmA, SR 510.10), or when it is not possible in practice to determine whether an activity serves a task pursuant to Articles 99 and 100 ArmA.

The head of the DDPS also informed the OA-IA that the question of responsibility could be addressed when the Armed Forces Act is revised in 2029.

The OA-IA took note of the FOJ’s opinion, which was largely consistent with its own legal assessment. It concluded that the FOJ had not questioned Audit 24-2, the main objective of which was to verify the cooperation between the FIS and the AFPPS. The OA-IA stated that it would also take the FOJ’s legal opinion into account when planning future audits.

The revision of the IntelSA, which started in 2020, is on track. It is divided into two phases. The first phase mainly concerns data processing by the FIS and supervisory activities. The consultation process took place in the summer of 2022, and the Federal Council is expected to adopt the dispatch on the basic phase for submission to Parliament by the end of 2025. The OA-IA is significantly affected by this part of the revision, as it provides for the transfer of tasks from the Independent Control Authority for Radio and Cable Communications Intelligence (ICA) to the OA-IA. As part of the internal consultation process within the DDPS, the OA-IA requested that the relevant standards be amended. These amendments are intended to improve the readability of the law, to clearly define the oversight activities and to incorporate new data protection requirements.

The second phase involves adapting the provisions on the processing of cyberdata. A supplementary consultation is to take place by July 2025.