Austria’s financial sector is experiencing significant regulatory shifts. These changes are reshaping the landscape for both domestic and foreign entities operating in the Austrian market.
Crypto-Assets
The implementation of the EU’s Markets in Crypto-Assets (MiCAR) regulation, effective since December 30, 2024, has ushered in a new era for crypto-asset service providers (CASPs) in Austria. The Financial Market Authority (FMA) now oversees this sector, providing a clear regulatory framework that enhances Austria’s attractiveness for crypto businesses.
Under MiCAR, all CASPs must obtain FMA authorization to operate legally. This requirement brings crypto services under stringent regulatory scrutiny, aligning with broader EU efforts to harmonize crypto regulations. The FMA’s comprehensive guidance on MiCAR’s application offers transparency, reducing regulatory uncertainty for market entrants. The regulation also intensifies actions against unauthorized providers and crypto-related fraud. Enhanced transparency and stricter enforcement measures aim to deter investment fraud, money laundering, and other dubious practices. Unauthorized entities operating without requisite approvals will face severe sanctions, supported by ongoing collaboration between Austrian and international supervisory authorities.
Since fall 2024, the FMA has already received several applications from foreign CASPs who see Austria as a potential entry point ino the EU market.
Digital Operational Resilience
In tandem with MiCAR, the Digital Operational Resilience Act (DORA) came into effect on January 17, 2025. This regulation enhances IT security and operational resilience for financial market participants, including CASPs. Under DORA, providers must implement advanced technical security measures, conduct regular stress tests, and maintain contingency plans to safeguard operations against cyber threats and system disruptions. Together, MiCAR and DORA aim to deliver not only greater transparency and confidence in the Austrian crypto market but also a technologically secure and resilient environment.
Capital Requirements for Third-Country Branches
Transitioning to the banking sector, Austria is preparing for the implementation of the Capital Requirements Directive VI (CRD VI), expected to be transposed into Austrian law by the fourth quarter of 2025. This directive will significantly impact how third-country companies provide core banking services in the EU and how third-country branches (TCBs) are supervised.
Foreign banks operating through branches in Austria will face stringent regulations aimed at aligning with EU prudential standards, including demonstrating effective internal controls, risk management procedures, and compliance frameworks. Any business with Austrian clients must be either unsolicited or accompanied by proper licensing, with even minor interactions potentially triggering licensing obligations.
Consumer Protection
In the realm of consumer protection, Austria is set to implement the new EU Consumer Credit Directive by November 2025. This will introduce significant changes to harmonize consumer protection across member states in credit transactions. The directive’s expanded scope reflects a response to modern market practices, including the rise of “buy now, pay later” schemes.
Conclusion
As we progress into 2025, these regulatory developments bring both challenges and opportunities for financial institutions and crypto businesses in Austria. The country’s strong regulatory framework, combined with its strategic position within the EU, continues to make it an increasingly attractive destination for foreign entities aiming to establish or expand their presence in the European financial market. Political changes in key markets worldwide are likely to influence financial market regulations, which must be carefully factored into the planning of business models and investment strategies.
For lawyers and financial professionals, keeping up with these changes is essential. The evolving regulatory landscape requires a deep understanding of both crypto and traditional banking regulations, as the boundaries between these sectors continue to blur with advancing technology and increasing regulatory alignment.
By Roman Hager, Partner, Act Legal
This article was originally published in Issue 12.2 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.
