Legal-Updates
2026-07-09 00:00 Legal-Updates

Regulatory Update in Austria: Q4 2025

Austria';s regulatory landscape shifted meaningfully in the final quarter of the year, with notable changes across corporate compliance, employment law, data protection enforcement, and financial services regulation. For international businesses operating in or entering the Austrian market, these developments carry direct practical consequences - from revised filing obligations to updated liability frameworks. This guide surveys the most significant austria regulatory 2025 changes, explains what triggered them, and sets out the steps businesses should take in response.

Corporate law amendments and the revised GmbH framework

The Gesellschaft mit beschränkter Haftung - Austria';s standard private limited liability company - remained the entity of choice for foreign investors throughout the period, but recent amendments to the GmbH-Gesetz introduced procedural and substantive changes that practitioners must now account for.

The most consequential change concerns the digital formation pathway. Austria';s implementation of the EU Digitalisation Directive (Directive 2019/1151/EU) was extended and refined, allowing founders to complete the entire notarial deed process electronically without physical presence in Austria. In practice, however, notaries retain discretion to require in-person attendance where identity verification raises questions. Foreign founders should not assume that remote formation is automatic; they should confirm the specific notary';s approach before committing to a timeline.

A second amendment tightened the rules on beneficial ownership registration under the Wirtschaftliche Eigentümer Registergesetz (WiEReG). Entities must now update their beneficial ownership data within a shorter window following any change in the ownership structure. The register is maintained by the Austrian Federal Ministry of Finance, and non-compliance attracts administrative fines that can reach the mid-five-figure range in EUR. A common mistake among foreign-owned subsidiaries is treating the WiEReG filing as a one-time obligation rather than an ongoing maintenance task.

Practical scenario one: a German holding company acquires a 30% stake in an existing Austrian GmbH. Under the revised WiEReG rules, the Austrian entity must update its beneficial ownership record promptly after the transaction closes, not merely at the next annual review. Failure to do so exposes both the entity and its managing directors to personal liability.

Employment law: revised thresholds and new remote-work obligations

Austrian employment law saw several targeted updates that affect both domestic employers and foreign companies with staff based in Austria.

The Arbeitsvertragsrechts-Anpassungsgesetz (AVRAG) was amended to clarify the written information obligations that employers owe to employees. Employers must now provide a more detailed written statement of employment terms within the first week of employment, covering not only remuneration and working hours but also the applicable collective agreement (Kollektivvertrag), training entitlements, and the procedure for termination. Businesses that rely on standard template contracts should review those templates against the updated requirements.

Remote work arrangements received further regulatory attention. Austria';s Homeoffice-Gesetz, which governs telework, was supplemented by guidance clarifying cost-reimbursement obligations. Employers are expected to contribute to the employee';s home-office costs - including a proportionate share of internet and energy expenses - and the updated guidance specifies how those contributions interact with the tax-free allowance available under the Einkommensteuergesetz. Many employers underestimate the administrative burden of tracking and documenting these reimbursements correctly.

Minimum wage thresholds under the relevant Kollektivverträge were also adjusted upward across several sectors, including retail, hospitality, and professional services. Because Austria does not have a single statutory minimum wage but instead relies on sector-specific collective agreements, foreign employers must identify the correct Kollektivvertrag for each employee category. A common mistake is applying the wrong collective agreement to a role, which can result in underpayment claims and back-pay liability.

Practical scenario two: a technology company headquartered outside the EU establishes a small Austrian subsidiary with five software developers working primarily from home. The employer must identify the applicable IT-sector Kollektivvertrag, provide the revised written employment statements within the first week, and establish a documented cost-reimbursement process for home-office expenses - all before the first payroll run.

If you are navigating these employment obligations for the first time in Austria, we can help structure the setup correctly the first time. Contact us at info@vlolawfirm.com.

Data protection enforcement: Austrian DPA activity and key decisions

The Datenschutzbehörde (DSB) - Austria';s national data protection authority - maintained an active enforcement posture throughout the period, issuing several decisions with broad implications for businesses processing personal data in Austria.

One significant line of decisions concerned the use of US-based analytics and tracking tools on Austrian websites. Following the earlier Schrems II jurisprudence and the subsequent EU-US Data Privacy Framework, the DSB examined whether Austrian website operators had correctly updated their data transfer mechanisms. Operators who continued to rely on outdated standard contractual clauses without conducting a transfer impact assessment faced formal warnings and, in repeat cases, administrative fines under the Datenschutzgesetz (DSG) and the General Data Protection Regulation (GDPR). The DSB has consistently taken the position that Austrian law does not permit a lower standard of protection simply because a transfer mechanism exists on paper.

Cookie consent management also attracted scrutiny. The DSB issued guidance reinforcing that pre-ticked consent boxes and consent obtained through dark patterns do not satisfy the requirements of Article 7 GDPR as implemented in Austria. Businesses operating e-commerce platforms or content websites should audit their consent management platforms against this guidance.

A non-obvious requirement that surfaced in several DSB decisions is the obligation to maintain a record of processing activities (Verzeichnis der Verarbeitungstätigkeiten) that is genuinely up to date. Many companies maintain a record at the time of their initial GDPR compliance project but fail to update it when new processing activities are introduced. The DSB has treated an outdated record as evidence of systemic non-compliance rather than a minor procedural lapse.

The interplay between the DSG and the new EU AI Act also began to emerge in preliminary DSB communications. While the AI Act';s obligations are phased in over time, Austrian businesses deploying automated decision-making systems should begin mapping those systems against both the existing GDPR profiling rules and the forthcoming AI Act requirements. Early preparation avoids the compressed timelines that tend to produce compliance errors.

Financial services and AML: updated obligations for regulated entities

Austria';s financial services sector operates under the supervision of the Finanzmarktaufsicht (FMA), the national financial market authority. The final quarter brought several updates relevant to regulated entities and to businesses that interact with the financial system.

The most significant development was the transposition of the latest EU Anti-Money Laundering Directive package into Austrian law via amendments to the Finanzmarktgeldwäschegesetz (FM-GwG) and related instruments. The updated rules extend enhanced due diligence obligations to a broader category of obliged entities, including certain professional service providers and real estate intermediaries. Businesses that were previously outside the scope of AML obligations should assess whether the revised thresholds and definitions now bring them within the regulated perimeter.

Customer due diligence requirements were tightened, particularly for politically exposed persons (PEPs) and for transactions involving jurisdictions identified on the FATF grey list. Austrian banks and payment service providers have responded by updating their onboarding questionnaires and transaction monitoring parameters. Corporate clients - especially those with complex ownership structures or cross-border elements - should expect more detailed information requests and longer onboarding timelines.

The FMA also issued updated guidance on crypto-asset service providers (CASPs) in light of the EU Markets in Crypto-Assets Regulation (MiCA). Austrian entities seeking to operate as CASPs must now register with the FMA under a revised framework that aligns with MiCA';s requirements. The registration process involves demonstrating adequate governance, capital buffers, and operational resilience. Many applicants underestimate the documentation burden, particularly around the business continuity plan and the fit-and-proper assessment of key personnel.

A practical note on timing: the FMA has indicated that it will prioritise applications from entities that have already been operating under the transitional regime, but it has not committed to specific processing timelines. Applicants should build a buffer of several months into their planning assumptions.

Tax law changes: VAT, transfer pricing, and Pillar Two implementation

Austrian tax law underwent several updates with direct relevance to international businesses, covering value-added tax, transfer pricing documentation, and the implementation of the OECD Pillar Two global minimum tax framework.

On VAT, the Umsatzsteuergesetz (UStG) was amended to reflect the EU';s ViDA (VAT in the Digital Age) initiative. The changes affect e-invoicing obligations for B2B transactions and the reporting requirements for digital platform operators. Austrian businesses that act as intermediaries on digital platforms - including those in the accommodation, transport, and services sectors - must now report transaction data to the Finanzamt (tax authority) on a more frequent basis. The transition to structured e-invoicing is being phased in, but businesses should begin technical preparation now rather than waiting for the final implementation deadline.

Transfer pricing documentation requirements were reinforced through updated guidance from the Austrian Ministry of Finance, aligning Austrian practice more closely with the OECD Transfer Pricing Guidelines. Multinational groups with Austrian entities must ensure that their master file, local file, and country-by-country report are prepared in accordance with the updated standards. A common mistake is treating the Austrian local file as a translation of a document prepared for another jurisdiction rather than as a jurisdiction-specific analysis of the Austrian entity';s functions, assets, and risks.

The Mindestbesteuerungsgesetz - Austria';s implementing legislation for the OECD Pillar Two global minimum tax - entered its operational phase. Multinational enterprise groups with consolidated revenues above the EUR 750 million threshold are now subject to the qualified domestic minimum top-up tax (QDMTT) in Austria. Groups that have not yet modelled their effective tax rate in Austria should do so promptly, as the top-up tax liability can be material and the compliance obligations - including the GloBE information return - are administratively demanding.

For businesses with complex cross-border structures, we can assist with documents and filings related to these tax compliance obligations. Reach out at info@vlolawfirm.com.

Frequently asked questions

What are the main consequences of failing to update the WiEReG beneficial ownership register after a change in ownership?

Failure to update the WiEReG register within the required window exposes the Austrian entity and its managing directors to administrative fines. The fines can reach the mid-five-figure range in EUR and are imposed by the Austrian Federal Ministry of Finance. In addition, persistent non-compliance can trigger a formal compliance notice and, in serious cases, affect the entity';s standing with Austrian banks and counterparties. Foreign parent companies often overlook this obligation because their home jurisdiction may not have an equivalent requirement, but Austrian law treats it as a core corporate governance obligation rather than a formality.

How long does it typically take to register a crypto-asset service provider with the FMA under the revised MiCA-aligned framework?

The FMA has not published binding processing timelines for CASP registrations under the revised framework. In practice, applicants should plan for a process that spans several months from the submission of a complete application. Completeness is the critical variable: applications that are missing governance documentation, capital evidence, or the fit-and-proper assessments of key personnel are returned for supplementation, which resets the clock. Engaging experienced Austrian counsel before submitting the application significantly reduces the risk of a deficiency notice.

Does Austria';s Homeoffice-Gesetz apply to employees of foreign companies who work remotely from Austria?

The answer depends on the applicable law governing the employment relationship and the degree of connection to Austria. Where an employee is habitually working from Austria and Austrian law applies - either by choice or by operation of the Rome I Regulation - the Homeoffice-Gesetz and the associated cost-reimbursement rules will generally apply. Foreign employers who have staff working from Austria on a regular basis, even without a formal Austrian subsidiary, should seek advice on whether their arrangements trigger Austrian employment law obligations. The risk of inadvertently creating an Austrian permanent establishment for tax purposes runs in parallel and should be assessed at the same time.

Conclusion

The final quarter brought a concentrated set of regulatory changes across corporate, employment, data protection, financial services, and tax law in Austria. Businesses that act promptly - updating beneficial ownership records, reviewing employment contracts, auditing data processing activities, and modelling Pillar Two exposure - will be better positioned than those that defer action until a compliance deadline forces the issue.

VLO Law Firms advises international clients on regulatory compliance and legal structuring in Austria. We can assist with beneficial ownership filings, employment contract reviews, FMA registration processes, data protection audits, and Pillar Two compliance documentation. To request a consultation, contact: info@vlolawfirm.com