Update: Retention of business correspondence?

Business correspondence – retention obligation?

Since 1.1.2013, Swiss commercial law has applied the principle that business correspondence is no longer subject to retention. What does this mean for companies? Which cases do you consider borderline and where is there a need for explanation?

According to the OR, the following retention rules apply:

Obligation to retain “data” according to CH law 2013
Data are determined and suitable to prove a legally significant fact (=deed)?JJJJNNNNJNJNNJNJ
Did the data trigger a booking?JJJNNNNJJNNJnJJN
Can they serve to prove a posting/fact?JJNNNNJJNJJNJNJN
Can the posting/fact be tracked with this only?JNNNNJJJNJNJNJNJ
Do these data need to be archived?
YES, must be archived in any formXXXXXXXXXX
YES, must be archived in paper form
NO, do not have to be archivedX
YES, but archiving can be rejected by a risk management decisionXXX
NO, but archiving can be supported by a risk management decision.XX
Special case OR 958f para. 2
Annual report or audit report?JJJJJJJJJJJJJJJJ
Must be signed and archived in paper formXXXXXXXXXXXXXXXX

Instruction: Identify the column that matches the concrete document class or question.
Example: K7 are files/data/documents that have no direct documentary character, have not triggered a booking but are necessary for the proof of a booking. Thus, this data must be archived, although there is no formal requirement. Consequently, archiving is usually done electronically.
This information must be transferred to the taxonomy (structure of the company data).


This is the legal consideration according to OR. This does not cover special legal requirements or risk management considerations. Especially in connection with business correspondence, considerations must be made that ultimately flow into the taxonomy (functional classification) or list of retention objects.

LONG-TERM retention (archiving) of business correspondence is indicated in the following cases:

  • High risk exposure based on experience with project/product/customer/authorities, etc.
  • Required complete dossier formation on the basis of special legal regulation (e.g. for risk analyses or proof of conformity)
  • Communication of exposed persons in positions of responsibility (BoD, GL)

It is imperative to define these criteria for one’s own organization and to implement them according to uniform standards. We expressly advise against simple solutions (e.g. comprehensive e-mail archiving)!







Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more