Dear e-voting enthusiasts and members of the e-voting community
Swiss Post’s e-voting system has been in productive use since June 2023. From then on, it has proven its worth in several cantons: votes are conducted reliably and usage is widely accepted by voters, municipalities and Swiss citizens resident abroad.
To continuously develop security, we’re conducting another a public intrusion test (PIT) in July 2026. As a new addition, the PIT+ format is being introduced to specifically enable further testing perspectives.
You can find out more about the security of the e-voting system and other news below.
Enjoy reading it, and I look forward to hearing your views.
Save-the-Date: public intrusion test (PIT+) from 6 to 24 July 2026
Since 2022, Swiss Post has subjected its fully verifiable e-voting system to an annual public intrusion test (PIT) lasting several weeks. This type of testing is also known as a penetration test or pentest for short in specialist circles. As part of the testing process, ethical hackers from all over the world try to infiltrate the e-voting infrastructure and/or the digital ballot box. A production-oriented test environment is available for this purpose, so that the entire voting process can be verified in a realistic manner.
The aim of the PIT is to identify vulnerabilities and continuously improve security. The test is part of Swiss Post’s e-voting community programme and is a legal requirement of the Confederation in trial operation. The PIT 2026 will take place from 6 to 24 July 2026. Confirmed findings will be rewarded as part of the bug bounty programme. The public intrusion tests are open to all and supplement internal and external audits with independent assessments.
In addition, a PIT+ will be carried out for the first time. This is aimed at a limited, previously registered group of security researchers and will run parallel to the PIT on the same infrastructure. Selected protective mechanisms will be specifically adapted in order to detect any vulnerabilities and gain experience with an extended test approach.
The findings from the PIT and PIT+ will be evaluated and incorporated directly into further development of the system. As in previous years, Swiss Post will publish the results in a detailed report in September.
Further details and registration for the PIT+ can be found via the Swiss Post e-voting programme on YesWeHack.
Findings statistics: number of reports and findings by the end of May 2026
In 2026, cryptographers and IT specialists once again reviewed the documents and source code for the Swiss Post’s e-voting system on an ongoing basis and submitted dozens of new reports. As at the end of May, 719 new reports have been submitted in 2026, including, 0 classified as “critical”, 0 as “high”, 1 as “medium”, 2 as “low” and 16 as “informative”. Since the start of the community programme in 2021, Swiss Post has paid out a total of over 246,500 euros in rewards for confirmed findings. To date, Swiss Post has received a total of more than 1,300 reports from ethical hackers and IT specialists. The e-voting team continuously reports on received security findings on our website https://swisspost-digital.ch/en/evoting-community/contributions. You can find an overview of all reports on GitLab.
«Balancing Security and Usability in the Swiss Post E-Voting Protocol» event
At the SheLeadsTech event held in Bern on 5 May 2026, the focus was on security and usability in the Swiss Post e-voting protocol. Two cryptography experts from the e-voting development team gave practical insights into the cryptographic protocol. Other topics discussed included current challenges, further development of the e-voting system and measures to strengthen transparency and verifiability. The presentation was interactive and the audience was regularly involved, asking questions and engaging in lively discussions. Afterwards, the participants continued to exchange ideas and network during an aperitif, rounding off an exciting evening with like-minded people from the tech and security community!
Voxxed Days Lugano, CERN and Zurich 2026, «Sharing is caring, building trust in a system through transparency: lessons from Swiss Post e-voting system»
During the Voxxed Days conferences, our security experts shared what it takes to build trust in a digital system. Based on the experiences of Swiss Post’s e-voting project, they gave practical insights into secure software development – from strict code checks and reproducible builds to the key difference between secrecy and security.
The contributions showed how Swiss Post’s e-voting team develops, checks and continuously optimizes the system to meet the highest security and quality requirements.
E-voting a recurrent theme at «BärnHäckt» 2026
From 21 to 23 August 2026, the city of Bern will once again become a hub for digital innovation and cybersecurity. The «BärnHäckt» hackathon brings together more than 100 experts from development, design, business development and IT security. In 2025, Swiss Post was involved for the first time as a topic sponsor for security in software development, and at this year’s event it will organize a team challenge. The event offers the IT security and innovation community an inspiring platform for discussion and collaboration.
Other municipalities and cantons plan to introduce e-voting in test operations
Two cantons are planning to introduce e-voting in 2026, including Lucerne from September 2026. An extension to the city of Lucerne and to people with visual impairments is planned for 2028. For Swiss Post, the integration of additional municipalities and cantons is a vote of confidence in our system.
The last vote on 8 March 2026 went smoothly with the Swiss Post’s e-voting system. What’s more, e-voting is welcomed by voters, municipalities and Swiss citizens resident abroad. The incident in the Canton of Basel-Stadt on 8 March 2026 was not related to the Swiss Post’s e-voting system, but to the handling of an external component (USB sticks). It meant we were able to rule out a system error. However, the Canton of Basel-Stadt has suspended its trial operation until the end of 2026.
If you do not wish to receive further newsletter, you can unsubscribe here with one click. Of course, this has no influence on the information you have subscribed to or otherwise received.