Back to Blog
Legal

Can Teachers Legally Use AI Detectors in Switzerland? Legal Situation 2026

14 min read

The Most Common Question in the Staff Room 2026

Ever since ChatGPT arrived in classrooms, teachers across Switzerland have been asking the same question: am I allowed to use an AI detector to check student work? The answer is: yes, in principle — but only under certain conditions that many teachers don't yet know.

This article summarizes the current legal situation in Switzerland. It does not replace individual legal advice but provides a solid overview of the key legal foundations — revFADP, cantonal school law, GDPR touchpoints — and translates them into practical recommendations for everyday classroom work.

The Legal Framework at a Glance

Three areas of law touch AI detector use in schools:

  • Data protection law: The revised Federal Act on Data Protection (revFADP, in force since September 1, 2023) governs which personal data may be processed and how.
  • Cantonal school law: The school acts and ordinances of the 26 cantons govern which examination and disciplinary measures are permitted.
  • Personal rights law: Art. 28 Swiss Civil Code protects students against unlawful interference — especially where accusations threaten their educational trajectory.

Important: public schools are typically subject to cantonal data protection law, not the federal revFADP. The revFADP applies directly to private schools and indirectly to public schools where cantonal rules refer to it. The core principles, however, are mirrored almost identically in every cantonal data protection law.

Is Student Writing Personal Data?

Yes. An essay, a term paper, or an assignment by an identifiable student is personal data under data protection law — even if no name is printed on the page, as long as it can be traced back via the school. The text itself is often sensitive in content: personal reflections, family references, opinions on political or religious topics, health information.

That means every processing of this text — including uploading it to an AI detector — is relevant under data protection law.

Principle 1: Legal Basis and Purpose Limitation

Data processing requires a legal basis. For public schools, this typically derives from cantonal school law: verifying that a student's work is their own is part of the school's mandate. AI detector use can plausibly be classified as part of this verification.

But purpose limitation demands: the text may only be used for this verification purpose, not for marketing analysis, training data generation, or other purposes of the detector vendor. This point is critical — many international detector vendors explicitly reserve the right in their terms to use uploaded text for training.

Principle 2: Proportionality

Detector use must be proportionate — meaning suitable, necessary, and appropriate in the strict sense. Three consequences follow:

  1. Not prophylactic: Running every piece of coursework through a detector just because you can is data protection problematic. Use should be triggered by concrete reasons.
  2. Not as sole evidence: A detector result alone may not justify a sanction. The legal position is clear: AI detectors provide probabilities, not proof.
  3. Least intrusive means first: Before reaching for a detector, use the available non-technical means — conversation with the student, review of drafts, oral defense.

Principle 3: Transparency

Transparency is one of the core principles of data protection law. Translated to schools: students — and for minors their parents — must know that an AI detector may be used.

This transparency does not need to be established individually each time. It can take the following forms:

  • In the house rules or school regulations
  • In a written information sheet at the start of the school year
  • In the introduction to written assignments
  • In parent letters or at parent meetings

What matters is that the information is clear, accessible, and understandable. "We reserve the right to use technical means for verification" is too vague. "Submitted texts may be checked by an AI detector on a random basis or on concrete suspicion" is sufficiently specific.

Principle 4: Data Minimization and Processing on Behalf

Only as much data as necessary should be processed. In practice:

  • Where possible, names and school identifiers should not be transmitted alongside the text. Strip identifying metadata before the text reaches the detector.
  • The detector should not permanently store its results. Good vendors offer configurable retention periods.
  • The detector vendor is a processor on behalf under data protection law. The school remains responsible for compliance with the principles — including what the processor does with the data.

This creates the need for a data processing agreement (DPA) between the school and the detector vendor. Reputable Swiss vendors provide such agreements as standard.

Principle 5: Cross-Border Data Transfer

This is one of the most common pitfalls. Many well-known AI detectors (GPTZero, Turnitin, Originality.ai) process data in the US or other third countries. This is only permitted if the destination offers adequate data protection or appropriate safeguards exist.

For the US, the Swiss Federal Data Protection and Information Commissioner (FDPIC) takes a nuanced stance: the Swiss-U.S. Data Privacy Framework provides legal certainty for certified organizations — but only if the specific vendor is actually certified. Many AI tool vendors are not.

For schools, the practical implication: before deploying an AI detector, verify where processing takes place. Detectors with Swiss hosting — like AIDetector.ch — avoid the cross-border problem entirely. That's the safest path.

Case 1: Suspicion of AI Use in a Term Paper

You teach German at a gymnasium and suspect that a student's term paper may have been generated with ChatGPT. How do you proceed legally cleanly?

  1. Document the grounds for suspicion: Note in writing the concrete irregularities you observe — stylistic mismatch with prior work, atypical phrasing, missing sources.
  2. Check the transparency basis: Was the class informed at the start of the year that technical verification is possible? If not, make up for it and continue with non-technical means.
  3. Use a compliant detector: Choose one with Swiss hosting and a DPA. Strip identifying information before upload.
  4. Weigh the result: A detector result is an indication, not proof. Hold it together with your other observations.
  5. Conversation with the student: Confront the student in person first. Give them the chance to explain their writing process — before you initiate formal steps.
  6. Involve the school administration: For substantiated suspicion, inform the administration. Disciplinary action is never a single teacher's decision alone.

Case 2: Routine Screening of an Entire Class

May you, as a teacher, run every essay of a class through a detector? Legally, this is permissible in two variants:

  • Variant A — transparent routine procedure: The school has clearly communicated in its house rules or learning agreements that all written submissions are routinely subject to technical verification. Students (and for minors their parents) are informed. The detector is compliant, and a DPA is in place.
  • Variant B — anonymized screening: Texts are transmitted to the detector without identifiers (no names, no metadata). This significantly reduces the depth of interference.

Not permissible is covert screening without informing those affected. That breaches the transparency principle and can have legal consequences — including making results inadmissible in a disciplinary proceeding.

Case 3: The Student Disputes the Result

A student is confronted with a detector result flagging their work as likely AI-generated. They reject the accusation outright. Now what?

  1. Contextualize the result: Inform the student that detector results provide probabilities and never serve as sole evidence.
  2. Request process documentation: Ask the student to present drafts, research notes, or Google Docs revision histories. People who actually wrote their work typically can.
  3. Oral defense: Invite the student to a conversation where they must explain their work point by point. This conversation legally carries more weight than any detector result.
  4. Remember the burden of proof: The burden of proof for a serious accusation like cheating rests with the school, not the student. When in doubt, "in dubio pro reo" applies in schools too.

Checklist: Legally Compliant Use of an AI Detector

  • ☐ Legal basis clarified (cantonal school law, school regulations, learning contract)
  • ☐ Transparency established (parent letter, house rules, information sheet)
  • ☐ Detector with Swiss hosting or certified third country chosen
  • ☐ Data processing agreement (DPA) with vendor in place
  • ☐ Data minimization: no identifiers in the upload
  • ☐ Retention concept: results deleted after completed verification
  • ☐ Use only on concrete occasion or within a transparent routine procedure
  • ☐ No automatic sanction — detector result plus additional indications required
  • ☐ Oral opportunity to respond before any formal measure
  • ☐ Documentation of the procedure for later traceability

When to Involve the School Administration

Some situations don't belong in a single teacher's sole responsibility. Involve the administration, school board, or cantonal authority early when:

  • A serious cheating accusation threatens a student's educational future (matura work, entrance exam, diploma thesis).
  • Parents announce legal action.
  • The case could become newsworthy.
  • You're unsure whether your documentation would survive legal review.
  • Multiple students are affected simultaneously.

What the revFADP Concretely Requires: Key Articles

Particularly relevant for teachers:

  • Art. 6 revFADP (principles): Lawfulness, good faith, proportionality, purpose limitation, recognizability.
  • Art. 7 revFADP (data protection by design): Appropriate technical and organizational measures to protect personal data.
  • Art. 9 revFADP (processing on behalf): Requirements for the DPA with the detector vendor.
  • Art. 19 revFADP (duty to inform): Transparency about data processing.
  • Art. 25–27 revFADP (right of access): Students and parents have the right to know what data was processed.
  • Art. 31 revFADP (cross-border transfer): Special requirements for transfer to third countries.

What School Administrations and Cantons Should Do

Individual teachers should not be left alone with this complex legal situation. School administrations and cantonal authorities have a duty to create a framework:

  1. Central tool selection: Instead of letting every teacher decide individually, the school should centrally evaluate and provide one or a few compliant detectors.
  2. Framework agreement: A central DPA with the chosen vendor saves every individual teacher from doing their own legal review.
  3. Uniform policies: A school-wide or even cantonal regulation creates legal certainty and equal treatment.
  4. Professional development: Teachers need concrete, practical training on compliant use — not just the technology.

Conclusion: Permitted, but With Clear Rules

Using AI detectors in Swiss schools is permitted in principle. The legal requirements are high but achievable. The key keywords: transparency, proportionality, data minimization, compliant vendor selection, and no sanctions based on detector results alone.

For teachers that means: don't hastily grab a US tool because suspicion has just arisen. Instead, build the compliant structure before the first serious case hits. This article provides the framework. Concrete implementation should ideally happen in coordination with the school administration and, where appropriate, the cantonal data protection officer.

Sources

  • Federal Act on Data Protection (revFADP), SR 235.1, in force since September 1, 2023.
  • Swiss Federal Data Protection and Information Commissioner (FDPIC), guidance on data processing in education.
  • Privatim (Conference of Swiss Data Protection Commissioners), guidelines on data protection in schools.
  • swissuniversities, recommendations on AI and data protection in higher education, 2024.
  • Cantonal data protection laws (ZH, BE, BS, VD, TI as reference cantons).
  • Swiss Civil Code, Art. 28 (personal rights).

Note: This article does not constitute individual legal advice. For concrete cases, consult the cantonal data protection officer or a lawyer specializing in education and data protection law.

Related Articles

Legal

Swiss Data Protection and AI Detection Tools: What Schools Need to Know

10 min readLegal

Exam Regulations and AI: How Swiss Universities Are Updating Their Rules

13 min readTechnology

AI Text Detection: The Best AI Detectors Compared for Switzerland 2026

12 min read