Liechtenstein

Overview

The Principality of Liechtenstein is a constitutional hereditary monarchy of approximately 40,000 people and 160 km², nestled between Switzerland and Austria. It is a member of the European Economic Area (EEA) and EFTA but not the EU. It maintains a customs union with Switzerland, uses the Swiss franc, and integrates deeply with Swiss infrastructure across telecommunications, defence, and law enforcement.^[1]

Liechtenstein has no intelligence service and no military (abolished in 1868). Its police force numbers approximately 130 staff. The GDPR applies through the EEA Agreement (applicable July 20, 2018). The principality is not a member of any Eyes alliance. Its privacy landscape is defined less by domestic surveillance concerns than by two forces: its complete telecommunications dependency on Switzerland (meaning Swiss intelligence law effectively governs the surveillance exposure of anyone whose communications transit Swiss networks — which for Liechtenstein means virtually all communications), and the tension between its historical role as a banking secrecy jurisdiction and its modern transparency obligations.^[2]

The Constitution of 1921 (revised 2003) guarantees the inviolability of the home and secrecy of correspondence (Article 32) but contains no express right to data protection. All legislation requires the concurrence of the reigning Prince, who may veto any law including data protection legislation.^[3]

Privacy Framework

The Datenschutzstelle (DSS) in Vaduz is Liechtenstein’s national supervisory authority. As an EEA authority, the DSS participates in EDPB mechanisms, though disputes fall under the EFTA Court rather than the CJEU. The DSS can impose fines up to CHF 22 million or 4% of global turnover, but has imposed no significant GDPR fines since 2018, making it one of the least active DPAs in the EEA.^[4][5]

The Data Protection Act (DSG), effective January 1, 2019, implements the GDPR without major derogations. The Telecommunications Act governs data retention and lawful interception. The Cyber-Security Act (CSG) was amended in early 2025 to transpose NIS2, covering approximately 1,800–2,200 entities with registration mandatory from February 1, 2025.^[6][7]

Banking Secrecy and the LGT Scandal

For decades, Liechtenstein was one of Europe’s most prominent banking secrecy jurisdictions, with trust structures (Stiftungen and Anstalten) that allowed beneficial owners to shield assets from tax authorities.

The 2008 LGT Bank Scandal

LGT Bank — owned by the reigning House of Liechtenstein — became the centre of the largest tax evasion investigation in German history when a former employee provided the BND with data on approximately 1,400 account holders (Germany reportedly paid EUR 4.2 million for the stolen data). Investigations followed in the US, UK, Australia, France, Italy, and other countries. The US DOJ reached a $23.8 million settlement with LGT’s affiliate for facilitating tax evasion through undisclosed accounts held in Liechtenstein foundations.^[8][9]

Reforms

Under international pressure (the FATF had identified Liechtenstein alongside Andorra and Monaco as uncooperative tax havens in 2007), Liechtenstein adopted OECD tax transparency standards, implemented the Common Reporting Standard (CRS) for automatic exchange of financial data with 100+ jurisdictions, signed FATCA agreements with the United States, strengthened AML legislation under the FMA, and paid a EUR 50 million fine to Germany. The structural capacity for financial opacity through trust law remains, now subject to transparency obligations.^[10][11]

Police and Security

All security functions are handled by the Landespolizei (National Police), approximately 130 staff with over 80 officers. The force includes a Crime Intelligence Unit, Financial Crime Unit, and Border Unit with 60+ cameras. A Trilateral Agreement on Cross-Border Police Cooperation with Switzerland and Austria (June 4, 2012) enables mixed patrols, information exchange, coordinated manhunts, and cross-border hot pursuit. The Landespolizei cooperates with Europol and Interpol.^[12]

For intelligence matters, Liechtenstein effectively relies on the Swiss NDB. The customs union, shared currency, and integrated telecommunications mean Swiss security services have significant visibility into Liechtenstein’s threat environment. Liechtenstein’s security posture — including any intelligence collection affecting persons in Liechtenstein — is shaped by Swiss national security priorities and Swiss surveillance law rather than by Liechtenstein’s own minimal domestic framework.

Surveillance Exposure Through Swiss Infrastructure

Liechtenstein’s telecommunications is fully integrated with Switzerland. International internet traffic transits Swiss networks and exchanges. The Liechtenstein Internet Exchange (LI-IX) keeps some domestic traffic local, but most international peering occurs through Swiss exchanges.^[13]

The critical implication is that Liechtenstein’s communications are subject to Swiss surveillance infrastructure. The Swiss BÜPF authorises lawful interception of communications transiting Swiss networks. The Swiss NDB conducts cable reconnaissance under the NDG that can capture cross-border communications at Swiss internet exchange points. For traffic routed beyond Switzerland, Liechtenstein’s communications face additional interception exposure through Germany (BND cable monitoring) and potentially Austria (HNA).

The result: a country with no intelligence service and strong formal GDPR protections has its entire communications infrastructure running through networks operated by nations with active signals intelligence programmes. Liechtenstein has no independent capability to monitor, regulate, or detect such interception.

Encryption: Swiss Dependency

Liechtenstein has no encryption backdoor mandate, no compelled decryption law, and no lawful access legislation of its own. However, because all Liechtenstein internet traffic transits Swiss networks, Switzerland’s encryption debates directly affect Liechtenstein persons. The Swiss VÜPF expansion proposals (January 2025) would have extended surveillance obligations to VPN services, encrypted messaging apps, and email providers, with potential obligations to build encryption backdoors. Though paused after industry backlash and Proton’s CHF 100M infrastructure relocation, the proposals — if enacted — would apply to communications transiting Swiss networks, including all Liechtenstein traffic. Liechtenstein has no seat at the table in Swiss legislative debates that would determine the encryption standards applied to its own population’s communications.

Data Retention

The Telecommunications Act requires providers to retain communications metadata for law enforcement purposes, with judicial authorisation required for access. As an EEA state, Liechtenstein is bound by CJEU data retention jurisprudence as incorporated into the EEA Agreement, enforced by the EFTA Court. The restrictions from Digital Rights Ireland, Tele2/Watson, and La Quadrature du Net apply in principle.

International Data Sharing Agreements

Despite having no intelligence service and strong GDPR protections, Liechtenstein participates in multiple international data sharing frameworks and is subject to additional surveillance exposure through its Swiss infrastructure dependency.

Mutual Legal Assistance: Layered Framework

Council of Europe (50 signatory states): Liechtenstein is party to the European Convention on Mutual Assistance in Criminal Matters (1959) (in force since 1978), its Additional Protocol, and the Second Additional Protocol (ETS 182, ratified and in force January 1, 2021), which broadens the range of situations for requesting assistance and enables faster, more flexible cooperation.^[14]

Bilateral MLAT with the United States: Signed July 8, 2002, entered into force August 1, 2003. This treaty was driven in part by US concerns about Liechtenstein’s banking secrecy facilitating tax evasion and financial crime, predating the LGT scandal by five years.^[15]

Swiss channels: Given its integrated infrastructure and customs union, Liechtenstein generally operates through Swiss MLA channels for practical cooperation. The Swiss Federal Office of Justice processes many requests that touch Liechtenstein’s jurisdiction.

Schengen Information System (SIS II)

As a Schengen-associated state through the EEA, the Landespolizei has real-time access to SIS II, the EU’s largest law enforcement database, and can query and contribute alerts visible across all Schengen countries.

Trilateral Police Cooperation

The 2012 agreement with Switzerland and Austria enables operational intelligence sharing, joint patrols, coordinated manhunts, and cross-border hot pursuit, effectively extending Swiss and Austrian law enforcement capabilities into Liechtenstein.^[12]

Financial Data Sharing

Common Reporting Standard (CRS/AEOI): Automatic exchange of financial account information with 100+ jurisdictions — the most significant international data sharing regime affecting Liechtenstein, replacing its former banking secrecy with continuous cross-border flows of personal financial data.

FATCA: Intergovernmental agreement with the United States for automatic reporting of US-person accounts.

Swiss Customs Union: Extensive data sharing with Switzerland for customs, taxation, and regulatory purposes. Swiss authorities process Liechtenstein customs data, and the FMA exchanges information with Swiss FINMA.^[1]

Other Frameworks

Europol: Liechtenstein cooperates with Europol for criminal intelligence sharing. Interpol: Participates in I-24/7 global police network. Egmont Group: The Liechtenstein FIU participates in financial intelligence sharing across 164+ FIUs.

Surveillance Exposure as Data Sharing

Liechtenstein’s most significant “data sharing” is involuntary: its entire communications infrastructure transits Swiss networks subject to NDB cable reconnaissance, BND monitoring of German transit routes, and potential Austrian HNA interception. Unlike formal data sharing agreements, this exposure operates with no Liechtenstein oversight, no notification mechanism, and no ability for Liechtenstein authorities to negotiate safeguards or conditions. For Liechtenstein persons, the strongest privacy guarantees come not from domestic law but from the Swiss Federal Administrative Court’s December 2025 ruling finding NDB cable surveillance incompatible with fundamental rights — a ruling in another country’s court system over which Liechtenstein has no influence.

Sources