Austria has positioned itself as one of the top EU jurisdictions for crypto-asset service providers (CASPs) and token-based protocols and projects. This is primarily due to its already existing large community. Every year in May, an updated version of the “Blockchain Landscape Austria” is released (see here). The 2024 update shows that 42 new players chose Austria as their base for EU operations. The overarching theme in the market is currently adapting to the new rules established by the EU Markets in Crypto Assets Regulation (MiCA).

Highlights of the Austrian Market

The “Blockchain Landscape Austria” map underscores the substantial size and diversity of Austria’s cryptocurrency market, featuring 230 active participants. To give some highlights, Austria is home to Europe’s largest Bitcoin ATM provider and one of the largest EU-based CASPs. It is also home to one of the largest operators of validators on Ethereum, and before the switch to proof-of-stake, the world’s largest Ether mining pool. The first security token offering approved by any EU regulator was carried out in Austria (by the author of this contribution). The world’s first and to this day most successful postal stamp with a blockchain twin was issued in Austria.

Asset Tokenisation

More than ten tokenisation providers offer their services, and there are multiple businesses already operating on the basis of asset tokenisation. Business models span a diverse range of sectors, from tokenised car sharing, energy communities, wine, precious metals, gemstones, or real estate investments. Moreover, tokenisation is not limited to tangible assets; it is also being applied to financial instruments. Tokenised securities, or security token offerings, have become increasingly common tools in Austria’s corporate finance landscape. Additionally, Austria is home to one of the few EU-regulated entities that provide security token exchange services.

Austria’s NFT Scene

Austria’s NFT scene is also very mature. Besides the above-mentioned crypto stamp, a number of NFT-based online games were developed in Austria, and the technology is used on a continuous basis to tokenise art – eg, of world-famous Austrian painter Gustav Klimt.

Mining, DAOs, DeFi

Mining companies are represented in Austria, and DAO projects show how decentralised decision-making can be achieved. A lot of protocols have chosen Austria as their operational base. Several Swiss foundations behind numerous protocols use Austria as their EU and MiCA gateway. Moreover, Austria is home to truly decentralised finance (DeFi) protocols, which operate without any regulatory supervision, as confirmed by the Austrian Financial Market Authority (FMA).

Consulting Firms, Tax and Legal Advisers

Since the community is so large, a growing number of consulting firms, tax and legal advisers have built extensive expertise. It is safe to say that anyone choosing Austria as their EU hub will find experienced advisers that can help get everything operational quickly.

Crypto-assets Are Subject to Ownership

As a civil-law jurisdiction, the primary legal source for rules on ownership, and property law in general, is codified in the Austrian General Civil Code. In contrast to other civil-law jurisdictions such as Germany, under Austrian law the concept of ownership is not limited to tangible assets. Intangible (crypto-)assets can also be subject to ownership and other property rights, provided the technology used ensures that transactions of such crypto-assets are recorded immutably and third parties have no way of disposing of one’s crypto-assets. This is the case with decentralised public blockchains such as Bitcoin or Ethereum. Property law principles are also applied to smart contract-based token protocols on public chains, again provided that third parties are excluded from disposing of one’s tokens. Centralised or permissioned DLT is treated differently, however. Those systems, and the crypto-assets based on them, are seen as software-as-a-service and are therefore not subject to property law principles.

Legal Classification of a Transaction Request

Coming back to public and decentralised DLTs, a transaction request on those systems is not viewed as a contractual offer but rather as an offer of a reward made to all miners or validators who partake in the mining/validation process. Because of this classification, users and miners/validators do not form contracts with one another but a miner/validator can still claim the reward offered alongside the transaction request if he or she is able to record the desired transaction in a block. This means that miners or validators on public blockchains do not form contracts with one another either.

Transfer of Ownership in Crypto-assets

The transfer of ownership of crypto-assets based on public and decentralised DLT (such as Bitcoin or Ether) is subject to general property law principles. Besides an agreement (eg, purchase agreement) which serves as the basis for the ownership transfer, Austrian law requires a “mode of transfer”. In its most basic form, this is a handover of the asset. In the context of blockchain this means an on-chain transaction. However, other modes of transfer are valid as well; eg, constitutum possessorium or tradition brevi-manu where ownership is transferred without any on-chain transaction occurring.

Crypto-asset, Asset-Referenced Token, E-money Token, Utility Token

Since MiCA was adopted, the terminology used in Austria has shifted somewhat. The term “crypto-asset” is now exclusively used as defined in MiCA, meaning, put simply, any DLT-based digital representation of value or rights. Besides that, MiCA introduced three additional definitions, namely “asset-referenced tokens”, “e-money tokens”, and “utility tokens”. The first two are new concepts altogether, and at their core they cover tokens which purport to maintain a stable value in relation to either an official currency (e-money tokens) or other asset (asset-referenced tokens). Unfortunately, in the case of utility tokens, the EU legislature opted not to adopt the broader market definition, namely a class of crypto-asset distinct from security tokens that covers a wide range of use cases. Instead, under the new regulations, utility tokens are narrowly defined as crypto-assets solely intended to provide access to a good or a service supplied by its issuer.

Virtual Currency, Cryptocurrency

The term crypto-asset replaces the term “virtual currency” which was introduced by the 5th Anti Money Laundering Directive. Put simply, virtual currency is a digital representation of value that is used as a means of exchange. While this term will vanish from Austrian law with MiCA’s full applicability, its meaning will continue to be used in the Austrian Income Tax Act under the name of “cryptocurrency”. Virtual currency or cryptocurrency can be viewed as a subclass of the term crypto-asset (namely digital representation of value, as opposed to digital representation of rights).

Pointer Tokens

The term “pointer token” is used in connection with real-world asset tokenisation where a custodian is involved. The pointer token then refers to a specific piece of a commodity (gold coins, gemstones, wine bottles, etc) or to a percentage of co-ownership in a commodity (cars, yachts, paintings, real estate, etc). Through the transfer of the pointer token, the custodian is instructed to hold the asset for the new token holder instead of the previous one (thereby transferring ownership in the asset; see also 2.3 Tokenised Securities).

Security Tokens

The term “security token” refers to any “transferable security” in the sense of MiFID II, which instead of a physical paper note uses the blockchain as transaction register. Note that security tokens are not regulated under MiCA but under MiFID II only (and the respective national implementation acts).

Non-fungible Tokens or NFTs

Finally, the term “non-fungible token” or “NFT” is used to describe crypto-assets which are not covered under MiCA due to their uniqueness; eg, because each single piece is linked to a specific piece of digital art.

Tokenised Securities Are Subject to MIFID II

The supervisory regime for transferable securities is harmonised by the EU Markets in Financial Instruments Directive (MiFID II). Austria implemented the regime in the Securities Supervision Act 2018. The term “transferable securities” in Austria is defined by way of reference to MiFID II. The Directive defines the term as those classes of securities that are negotiable on the capital market, with the exception of instruments of payment. MiFID II goes on to give examples, such as shares in companies, bonds or other forms of securitised debt, including depositary receipts in respect of shares or bonds.

Methods of Tokenisation

Transferable securities can be tokenised in two distinct ways. Debt claims (bonds, profit participation rights, etc) can be tokenised directly by linking the claim to the possession of a token. This is achieved simply through clauses in the security terms. As a result, the transfer of the claim requires the transfer of the token. This approach requires the application of property-law principles to the crypto-asset to which the claim is linked. If this is not the case, for example when a private permissioned blockchain is used, then this approach is not viable to create a tokenised security from an Austrian civil-law perspective.

In such cases the security can still be tokenised, however, by tokenising co-ownership in a physical global note of that security. A custodian is in possession of the global note; eg, a bank. Tokens are used to indicate to the custodian whom they should hold the global note for. On the basis of the security’s terms, any transfer of a token on the blockchain is viewed by the custodian as an instruction to now co-possess the global note for the new token holder, thereby also transferring co-ownership in the security. This method of tokenisation can be used for virtually any tangible asset.

Stablecoins Are Subject to MiCA

The supervisory regime for stablecoins is fully harmonised by MiCA. MiCA distinguishes between e-money tokens and asset-referenced tokens. E-money tokens are crypto-assets that purport to maintain a stable value by referencing the value of one official currency. Asset-referenced tokens are a type of crypto-asset that is not an e-money token and that purports to maintain a stable value by referencing another value or right or a combination thereof.

Algorithmic Stablecoins Are Subject to MiCA

Since merely purporting to maintain a stable value suffices, stablecoins with no functional peg at all are also covered by this definition. Since neither definition makes any reference to a particular mechanism of how to maintain the peg, the definitions also cover algorithmic stablecoins. Note, however, that Title III and IV MiCA lay out a number of obligations for issuers of such tokens which are in direct conflict with how an algorithmic stablecoin maintains its peg.

MiCA Does Not Cover Fully Decentralised Protocols

This does not mean that algorithmic stablecoins are completely unattainable under MiCA, however. The solution is to structure the protocol in a “fully decentralised manner” and “without any intermediary”. Such systems do not fall within the scope of MiCA (see MiCA Recital 22). However, this raises questions about the precise meaning of “without an intermediary” and “in an exclusively decentralised manner”. Put simply, a protocol that operates without the need for any party to fulfil promises qualifies under these criteria. One could also use the term “trustless” to characterise fully decentralised systems.

NFTs Are Not Covered by MiCA

Currently, crypto-assets that are unique and not fungible with other crypto-assets, including digital art and collectibles (non-fungible tokens or NFTs) are not covered by any regulatory acts in Austria. MiCA does not apply (see MiCA Recital 10 and 11) and no national laws or regulation exist.

From a legal perspective, NFTs are not characterised by the use of any particular technology. Using ERC-721 or any other technical NFT standard has therefore no bearing on the legal qualification of that token as an NFT. Instead, one must ask whether or not the tokens are sufficiently similar to essentially all represent the same use case and therefore same value. A good example in the real world is bank notes. Each note has a unique identifier printed on it – its serial number. One could argue that from a technical perspective, bank notes are therefore non-fungible. But viewed from a use-case angle, it becomes apparent that the notes are, in fact, interchangeable and therefore all represent the same value.

NFTs Are Subject to General Consumer Protection Legislation

NFTs do not exist in a legal vacuum, however. As they are typically sold to consumers or traded over the internet, the EU Consumer Rights Directive must be observed. This Directive, implemented in Austria in the Consumer Protection Act and the Distance and Off-Premises Transactions Act, provides for extensive disclosure requirements and generally a 14-day right of withdrawal from a purchase (unless an exemption applies).

Both volatile crypto-assets such as Bitcoin but also stablecoins such as Tether and others can be used as a means of exchange in Austria. In fact, a growing number of companies accept crypto as payment, in particular in cross-continent transactions.  There are no legal restrictions on the size of a crypto payment, whether large or small.

Any type of crypto-asset can be used as collateral under Austrian law. While for the transfer of ownership, an on-chain transaction is only one of multiple acceptable modes of transfer (see 2.1 Ownership), a pledge over crypto-assets is less flexible. If the crypto-assets in question are currently with the pledgor then an on-chain transaction to an address of the pledgee is required. If the crypto-assets are already in possession of the pledgee but owned by the pledgor (eg, where a CASP uses crypto-assets held for the user) for the pledge to be validly established and enforceable, the pledgor must make visible note of the pledge in its books. In effect, the same principles apply that govern the establishment of collateral arrangements over tangible assets.

It is widely accepted in Austrian legal literature that smart contracts can be used to make contractual offers, to receive such offers, and also to form contracts between two or multiple parties. Austrian courts will not follow the doctrine of “code is law”, however. Rather, they will use the legal toolkit of interpretation to decide what a reasonable party was able to expect from interacting with another party using smart contracts.

Note, this does not mean that any interaction with a smart contract must automatically be viewed in contractual terms or must result in the conclusion of a contract. It is also widely accepted that smart contracts can be used without any contracts being concluded. This is the case when a protocol is structured to operate in a fully decentralised manner and without any intermediary (see 2.4 Stablecoins).

No Current Specific Limitations to Crypto-asset Exposure

There are currently no specific limitations under Austrian law on crypto-asset exposure of regulated entities. UCITS funds could invest (within the boundaries of generally applicable limitations) into units of other funds holding crypto-assets; a direct investment is not permissible for UCITS funds. An AIF can invest (again, within the boundaries of generally applicable limitations) into regular crypto-assets (Bitcoin, Ether, etc) which are not to be classified as security tokens.

CRR III and BCBS Standard on Crypto-asset Exposure

Under the upcoming CRR III which will be directly applicable also in Austria, rules on crypto-asset exposure will be implemented for the first time. These rules are loosely based on the revised Basel Committee on Banking Supervision’s standard on the prudential treatment of crypto-asset exposures (but limited to the most restrictive aspects of the BCBS standard).

The Basel standard distinguishes between two main groups of crypto-assets: Group 1 and Group 2. Both groups are further divided into two subgroups. Group 1 crypto-assets include tokenised traditional assets (Group 1a) and crypto-assets with effective stabilisation mechanisms (Group 1b) if they meet four specific classification conditions. Group 1a instruments are also referred to in the industry as security tokens (see 2.2 Categorisation and 2.3 Tokenised Securities) and Group 1b instruments as stablecoins (see 2.4 Stablecoins). Group 1 crypto-assets are generally subject to the same capital requirements as the underlying risk positions (ie, the underlying asset for Group 1a or the reference asset for Group 1b).

Group 2 includes crypto-assets that do not fulfil all four classification conditions. In the opinion of the Basel Committee, they represent an increased risk compared to Group 1 crypto-assets and are therefore subject to a new conservative capital approach. Virtual currencies that function purely as a medium of exchange, such as Bitcoin or Ether, are always classified as Group 2 crypto-assets. Under certain conditions, hedging transactions for the respective risk position are recognised as Group 2 crypto-assets. Such crypto-assets then fall into group 2a. The risk weight and the required capital for crypto-assets in Group 2a are therefore similar to that of Group 1. Only if neither the four classification conditions, nor the requirements for the recognition of hedging transactions, are met does the crypto-asset fall into Group 2b. A risk weight of 1,250% is then applied by default.

Austria has a regulatory sandbox. It is established with the Austrian FMA and it allows start-ups and existing regulated entities alike to test innovative business models under regulatory supervision in a controlled environment.

In order to participate, applicants must provide a comprehensive description of the business model, including how it works, the technology involved, and the expected benefits. Applicants must further demonstrate a significant economic interest, showing potential benefits to the financial market or economy in Austria. Also, the business model should be ready for market testing, implying that it has moved beyond the conceptual stage and is prepared for real-world application.

An application must be filed with the Austrian FMA. The filing can also be done in English. The FMA conducts a preliminary review and hands the application over to the Regulatory Sandbox Advisory Council, consisting of representatives from the Ministry of Finance, FMA, Austrian National Bank, and other experts. This council assesses the economic interest, market readiness, and testing feasibility of the business model. Based on the council’s assessment, the FMA makes its final decision on whether to admit the applicant to the sandbox.

There is no applicable information in this jurisdiction.

In Austria, several regulatory bodies are relevant to businesses or individuals using blockchain technology. Each of these bodies has its own scope of jurisdiction and regulatory approach to blockchain and digital asset firms:

• FMA: The FMA is the primary regulator for financial markets in Austria. It oversees banks, insurance companies, pension funds, securities firms, and CASPs. The FMA’s jurisdiction includes enforcing compliance with AML regulations, supervising the financial health of institutions, and ensuring consumer protection. The FMA requires CASPs to comply with strict AML and counter-terrorist financing (CTF) regulations (see 4.1.4 Anti-money Laundering and Counter-Terrorism Financing (AML/CTF) Requirement).
• Oesterreichische Nationalbank (OeNB): The OeNB is Austria’s central bank, monitoring financial stability in Austria. While the OeNB does not directly regulate CASPs, its role in financial stability makes it an important stakeholder in the ecosystem.
• Ministry of Finance (Bundesministerium für Finanzen, BMF): The BMF oversees fiscal policy, taxation, and the overall financial regulation landscape in Austria. It plays a key role in legislative processes related to financial regulation, including the implementation of EU directives and, most recently, MiCA.

Within the Austrian Chamber of Commerce, CASPs are organised in the subdivision for financial service providers and crypto-asset service providers. This body is tasked with representing the interests of the industry in legislative proposals and serving as a single point of contact for other stakeholders. In addition, the Digital Assets Association Austria, a voluntary interest group, promotes the interests of the industry.

There is no applicable information in this jurisdiction.

There is no applicable information in this jurisdiction.

There is no applicable information in this jurisdiction.

Austria has implemented a special tax regime for crypto-assets in the Income Tax Act. In the Act, the definition of virtual currency (as introduced by the 5th Anti-Money Laundering Directive) is used to define the newly introduced term of “cryptocurrency”. Income from cryptocurrencies is classified as income from capital, subjected to a special tax rate of 27.5%. This encompasses income from staking, airdrops, bounties, and hard forks, which are taxed upon sale rather than receipt. For domestic taxpayers, capital gains from cryptocurrency transactions must be reported, and capital gains tax (KESt) must be deducted by CASPs headquartered in Austria.

Austrian law does not provide for ESG requirements. Note, however, that MiCA mandates that issuers of crypto-assets as well as CASPs must disclose the principal adverse impacts of the technology underlying a certain crypto-asset on the environment, specifically related to the consensus mechanisms used. This includes the environmental and climate-related impacts of mining or other processes used to validate transactions on the blockchain.

Blockchain-based products and services are subject to the EU General Data Protection Regulation (GDPR). In practice, the Regulation plays a role only when it comes to centralised market participants such as CASPs or token issuers. It is also relevant when a smart contract is used to provide services to others. In the case of fully decentralised systems (see 2.4 Stablecoins) and speaking from a practical perspective, the GDPR becomes a non-issue. The so-called right to be forgotten can be maintained by storing personal data on the blockchain only in encrypted form and storing a separate decryption key for every data entry stored on the blockchain. If someone exercises their right to be forgotten, this request can be complied with by simply deleting the decryption key associated with the data entry to be deleted.