Austria';s regulatory landscape has shifted considerably in recent months, with new obligations affecting corporate governance, employment, taxation, and data protection. Businesses operating in Austria - whether domestic or foreign-owned - face a tightened compliance environment that demands prompt attention. This guide covers the most material developments in austria regulatory 2026, explaining what has changed, who is affected, and what practical steps are required. It addresses corporate law amendments, employment and labour updates, tax compliance changes, data protection enforcement trends, and sector-specific regulatory shifts.
The Austrian Commercial Code (Unternehmensgesetzbuch, UGB) and the Limited Liability Companies Act (GmbH-Gesetz) have both seen targeted amendments in the current legislative cycle. The most consequential change for foreign-owned entities concerns beneficial ownership reporting. The Register of Beneficial Owners (Wirtschaftliche Eigentümer Registergesetz, WiEReG) now imposes stricter verification obligations on entities that previously relied on simplified disclosure. Companies must confirm beneficial ownership data at least annually, and any change in the ownership chain must be reported within four weeks of the triggering event.
A non-obvious requirement is that the obligation extends to intermediate holding structures. If a foreign parent company holds an Austrian subsidiary through a chain of entities, each layer must be traceable to a natural person holding more than 25 percent of shares or voting rights, or exercising equivalent control. Failure to maintain accurate records exposes the entity to administrative fines, which the Financial Intelligence Unit (Geldwäsche-Meldestelle) has been enforcing with increasing regularity.
In practice, founders and directors should conduct an internal ownership audit before the next annual confirmation deadline. A common mistake is assuming that a one-time registration at formation satisfies the ongoing obligation. It does not. The WiEReG register is a living document, and the competent authority - the Federal Ministry of Finance acting through its register portal - cross-references data against commercial register entries at the Firmenbuch.
The Firmenbuch itself has introduced a digital-first submission process for certain filings, reducing the need for notarised paper documents in routine matters. However, notarisation requirements remain in place for share transfers, capital increases, and amendments to the articles of association. Foreign founders unfamiliar with the Austrian notarial system often underestimate the lead time required to engage a local notary and obtain apostilled documents from their home jurisdiction.
Austrian employment law is governed primarily by the Labour Constitution Act (Arbeitsverfassungsgesetz, ArbVG) and sector-specific collective agreements (Kollektivverträge). Recent amendments have introduced several changes that affect hiring, termination, and working-time arrangements.
The most significant development concerns the extension of anti-discrimination protections under the Equal Treatment Act (Gleichbehandlungsgesetz). The scope of protected characteristics has been clarified through recent case law from the Supreme Court (Oberster Gerichtshof, OGH), reinforcing that indirect discrimination in recruitment - including algorithmic screening tools - can give rise to liability. Employers using automated applicant-tracking systems should review their processes against the updated guidance issued by the Equal Treatment Commission (Gleichbehandlungskommission).
Working-time flexibility has also been addressed. The maximum daily working time under the Working Time Act (Arbeitszeitgesetz, AZG) remains capped at twelve hours, but the conditions under which employees may voluntarily agree to extended hours have been tightened. Employers must now document the voluntary nature of any agreement in writing, and the documentation must be retained for at least three years. Labour inspectors from the Labour Inspectorate (Arbeitsinspektion) have increased audit frequency in logistics, hospitality, and healthcare sectors.
For businesses with more than five employees, works council (Betriebsrat) consultation rights have been reinforced in the context of remote-work arrangements. Any employer wishing to introduce or substantially modify a remote-work policy must engage the works council before implementation. A common mistake among foreign-owned subsidiaries is treating remote-work arrangements as a purely contractual matter between employer and employee, bypassing the collective consultation requirement entirely.
Practical scenario one: a technology company with fifteen employees in Vienna introduces a hybrid-work policy without consulting its works council. Under the ArbVG, the works council may challenge the policy, and any unilaterally imposed arrangement may be declared void. The company would need to restart the consultation process, causing operational delay.
If you are restructuring your Austrian workforce or introducing new working arrangements, we can assist with documents and filings. Contact info@vlolawfirm.com for a consultation.
Austria';s tax framework is administered by the Federal Tax Authority (Finanzamt Österreich), which operates under the Federal Fiscal Code (Bundesabgabenordnung, BAO). Several developments in the current period are material for businesses with cross-border operations.
The Austrian VAT Act (Umsatzsteuergesetz, UStG) has been amended to align with recent EU directives on the treatment of platform economy transactions. Digital platforms facilitating short-term accommodation or passenger transport are now deemed suppliers for VAT purposes in certain circumstances, meaning they bear the VAT liability rather than the underlying service provider. Businesses operating marketplace models in Austria should reassess their VAT position and, where necessary, register for Austrian VAT or update existing registrations.
Transfer pricing documentation requirements have been strengthened. Austrian entities that are part of a multinational group must maintain a master file and local file in accordance with the OECD guidelines as transposed into Austrian law. The threshold for mandatory documentation has not changed, but the Finanzamt Österreich has signalled increased scrutiny of intra-group service charges and royalty payments. Penalties for inadequate documentation are calculated as a percentage of the underdocumented transaction value and can be substantial.
The introduction of mandatory electronic invoicing for business-to-business transactions is progressing through the legislative process. While full implementation is not yet in force for all sectors, businesses should begin preparing their accounting systems for e-invoicing compatibility. The Austrian Standards Institute (Österreichisches Normungsinstitut) has published technical specifications for the required invoice format.
Many underestimate the administrative burden of maintaining transfer pricing files that satisfy both Austrian and OECD standards simultaneously. In practice, a local file prepared solely by a foreign group tax team often lacks the Austrian-specific narrative required by the Finanzamt. Engaging local tax counsel to review and supplement group documentation is advisable before any audit cycle begins.
Practical scenario two: a German parent company charges its Austrian subsidiary a management fee equal to eight percent of revenue. Without a contemporaneous local file explaining the arm';s-length basis of the charge, the Finanzamt may disallow the deduction and impose a surcharge. The subsidiary would face both a higher tax bill and a documentation penalty.
The Austrian Data Protection Authority (Datenschutzbehörde, DSB) has been among the more active supervisory authorities in the EU in recent periods. Its enforcement activity under the General Data Protection Regulation (GDPR) has focused on three recurring themes: unlawful data transfers to third countries, insufficient legal bases for processing employee data, and inadequate responses to data subject access requests.
On third-country transfers, the DSB has continued to scrutinise the use of US-based cloud and analytics services following earlier landmark decisions. Businesses relying on standard contractual clauses (SCCs) must conduct and document a transfer impact assessment (TIA) for each relevant tool. A common mistake is treating the execution of SCCs as a complete compliance measure, without the accompanying TIA. The DSB has made clear that SCCs alone are insufficient where the legal framework of the recipient country does not provide equivalent protection.
Employee data processing deserves particular attention. Austrian labour law intersects with GDPR in ways that are not always intuitive. Consent is rarely a valid legal basis for processing employee data, because the power imbalance between employer and employee undermines the voluntariness of consent. Legitimate interest or legal obligation is typically the appropriate basis. Employers should review their records of processing activities (RoPA) to ensure that employee data processing entries reflect the correct legal basis.
Data subject access requests (DSARs) must be responded to within one month under the GDPR. The DSB has issued fines where responses were delayed or incomplete. A non-obvious requirement is that the response must be provided in a format that is intelligible to the data subject - not simply a raw data export. Businesses should have a documented DSAR procedure that includes a quality-review step before dispatch.
The DSB also monitors cookie consent practices on Austrian-facing websites. Consent banners that default to pre-ticked boxes or that make rejection more difficult than acceptance remain a target for enforcement. Businesses should audit their consent management platforms against the DSB';s published guidance.
Beyond the cross-cutting themes above, three sectors have seen particularly notable regulatory activity in the current period.
In financial services, the Austrian Financial Market Authority (Finanzmarktaufsicht, FMA) has updated its supervisory expectations for anti-money laundering (AML) compliance. Obliged entities - including banks, payment institutions, and certain professional service providers - must now conduct enhanced due diligence on customers whose beneficial ownership structures involve jurisdictions on the EU';s high-risk third-country list. The FMA has also issued guidance on the treatment of virtual asset service providers (VASPs) under the Austrian Banking Act (Bankwesengesetz, BWG) and the EU';s Markets in Crypto-Assets Regulation (MiCA). VASPs operating in Austria must assess whether their activities require authorisation under MiCA and, if so, initiate the application process without delay.
In real estate, the Austrian Real Estate Agents Act (Maklergesetz) and related consumer protection provisions have been supplemented by new disclosure requirements for energy performance. Properties marketed for sale or lease must now include an energy performance certificate (Energieausweis) in all advertising materials, not merely at the point of contract. Failure to include the certificate exposes agents and landlords to administrative sanctions from the competent district authority (Bezirksverwaltungsbehörde).
Environmental compliance has become a more prominent concern following the transposition of EU directives on corporate sustainability reporting. Austrian entities that fall within the scope of the Corporate Sustainability Reporting Directive (CSRD) - broadly, large companies and listed SMEs meeting certain thresholds - must prepare sustainability reports in accordance with the European Sustainability Reporting Standards (ESRS). The first reporting obligations apply to the largest entities, with a phased rollout for smaller in-scope companies. The Austrian Chamber of Commerce (Wirtschaftskammer Österreich, WKO) has published practical guidance to assist businesses in scoping their obligations.
We can help structure your compliance approach across these sectors correctly the first time. Reach out to info@vlolawfirm.com to discuss your specific situation.
Businesses should work through the following areas to assess their current exposure against the developments described in this guide.
Each of these areas carries its own timeline and penalty regime. Addressing them in sequence rather than simultaneously is a common mistake that leaves gaps open for longer than necessary. A structured compliance review, conducted with local counsel, is the most efficient approach.
---
What are the most immediate compliance deadlines for Austrian companies under the current regulatory changes?
The most time-sensitive obligation for most companies is the annual WiEReG beneficial ownership confirmation, which must be completed within the statutory window and updated within four weeks of any ownership change. Employment documentation - particularly working-time agreements and remote-work policies - should be reviewed before the next labour inspectorate audit cycle, which has intensified in several sectors. Transfer pricing local files should be in place before the close of the financial year to which they relate, as retroactive preparation is viewed unfavourably by the Finanzamt. Businesses with data protection gaps, particularly around third-country transfers, should prioritise transfer impact assessments given the DSB';s active enforcement posture. A phased compliance calendar, rather than a single annual review, is the most practical approach.
How significant are the financial penalties for non-compliance with the WiEReG and GDPR requirements in Austria?
WiEReG penalties are administrative in nature and are imposed by the Financial Intelligence Unit. They can reach several thousand euros per violation and may be applied repeatedly if the breach continues. GDPR fines imposed by the DSB can be substantially higher, with the regulation permitting fines of up to four percent of global annual turnover for the most serious infringements. In practice, the DSB has issued fines across a wide range, from modest amounts for procedural failures to larger sums for systemic breaches. The reputational impact of a published DSB decision can exceed the financial penalty itself, particularly for businesses that rely on customer trust. Investing in preventive compliance is consistently more cost-effective than remediation after an enforcement action.
Should a foreign company establishing a new Austrian subsidiary engage local counsel, or can group-level advisers handle Austrian compliance?
Group-level advisers can provide valuable strategic oversight, but Austrian compliance has enough jurisdiction-specific nuance to warrant local counsel involvement at key stages. The WiEReG, the ArbVG works council requirements, the Finanzamt';s local-file expectations, and the DSB';s enforcement priorities all have characteristics that differ from the equivalent frameworks in Germany, the UK, or the US. A common mistake is assuming that compliance frameworks designed for another EU jurisdiction transfer directly to Austria. Local counsel can identify gaps quickly, prepare documents in the required format, and liaise with Austrian authorities in German, which remains the language of official proceedings. For ongoing compliance, a hybrid model - group strategy with local execution - tends to work well.
---
Austria';s regulatory environment in the current period demands active management rather than passive monitoring. The convergence of stricter beneficial ownership rules, reinforced employment protections, tightened tax documentation standards, and active data protection enforcement creates a compliance workload that is material for businesses of all sizes. Sector-specific developments in financial services, real estate, and sustainability reporting add further layers for affected entities. The businesses that navigate this environment most effectively are those that treat compliance as a continuous process, supported by accurate local knowledge.
VLO Law Firms advises international clients on regulatory compliance and corporate matters in Austria. We can assist with beneficial ownership filings, employment documentation, transfer pricing reviews, data protection audits, and sector-specific regulatory assessments. To request a consultation, contact: info@vlolawfirm.com