Regulatory Bodies

In Austria, several regulatory bodies are relevant to businesses or individuals using blockchain technology. Each of these bodies has its own scope of jurisdiction and regulatory approach to blockchain and digital asset firms.

• FMA – The FMA is the primary regulator for financial markets in Austria. It oversees banks, insurance companies, pension funds, securities firms and CASPs. With the Austrian MiCA Implementation Act (MiCA-VVG), the FMA was designated as the competent authority concerning offerors, issuers or crypto-asset service providers. In particular, the FMA is authorised to take administrative measures and impose administrative penalties. The FMA’s jurisdiction also includes enforcing compliance with AML regulations, supervising the financial health of institutions and ensuring consumer protection.
• Austrian National Bank (Oesterreichische Nationalbank, OeNB) – The OeNB is Austria’s central bank, monitoring financial stability in Austria. While the OeNB does not directly regulate CASPs, its role in financial stability makes it an important stakeholder in the ecosystem. The OeNB is also responsible for part of the reporting system for issuers of asset-referenced tokens or issuers of e-money tokens.
• Ministry of Finance (Bundesministerium für Finanzen, BMF) – The BMF oversees fiscal policy, taxation and the overall financial regulation landscape in Austria. It plays a key role in legislative processes related to financial regulation, including the implementation of EU directives such as MiCA.

Alignment With International Regulation

Austria’s regulators have closely aligned their crypto and broader financial-market framework with international standards, mainly by promptly transposing FATF, BIS and IOSCO approaches through EU legislation (MiCA, AML package, DORA) and co-operative instruments, and then enforcing them strictly rather than creating standalone national crypto rules.

Alignment with FATF

Austria has repeatedly amended the Financial Market Anti-Money Laundering Act (FM-GwG) and related legislation to implement evolving FATF recommendations, explicitly extending obligations to crypto-asset service providers. FATF standards are largely channelled via EU law: for example, the FATF “travel rule” is implemented through the EU Funds Transfer Regulation, which Austria applies directly at national level.

Alignment with BIS/financial stability standards

OeNB and FMA implement BIS-inspired cyber-resilience and operational-risk work primarily via EU frameworks, in particular DORA and the TIBER-EU threat-led penetration testing regime. Austria has established TIBER-AT as the national implementation of TIBER-EU, including all mandatory TIBER-EU elements.

Alignment with IOSCO

The IOSCO Multilateral Memorandum of Understanding (MMoU) is recognised by the FMA as the key international benchmark for cross-border co-operation in securities supervision, and the FMA has been a signatory since 2009. Austria applies IOSCO-derived securities standards primarily through ESMA guidelines and MiFID II/MiFIR, using EU/ESMA instruments as the main transmission belt for IOSCO standards rather than developing a separate Austrian securities regime for crypto-assets.

Classification of Crypto-Assets and Applicable Regulatory Frameworks

In Austria, the regulatory classification of a token should begin by determining whether the token qualifies as a crypto-asset within the meaning of MiCA. MiCA defines crypto-asset as a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology.

If the token does not meet this definition, MiCA does not apply. If the token does meet the definition, the next step is to assess whether it is nevertheless excluded from MiCA under Article 2(4) of MiCA.

Article 2(4) of MiCA provides that MiCA does not apply to crypto-assets that qualify as certain existing regulated products under EU financial services law. These include, in particular, financial instruments, deposits, structured deposits, funds other than e-money tokens, securitisation positions, insurance or reinsurance products, and certain pension products.

Accordingly, after determining that a token is a crypto-asset, the most important practical question in Austria is often whether it also qualifies as a financial instrument within the meaning of MiFID II, as implemented in Austria primarily through the Austrian Securities Supervision Act 2018 (Wertpapieraufsichtsgesetz, WAG 2018). Where a token qualifies as a financial instrument – for example, a security token structured as a transferable security or a tokenised unit in a collective investment undertaking – it is excluded from MiCA and instead falls within the relevant MiFID II/WAG 2018 perimeter. Depending on its structure and distribution, the Prospectus Regulation, market-abuse rules, settlement or trading rules, and Austrian or EU fund legislation, including the Austrian Alternative Investment Fund Managers Act (Alternative Investmentfonds Manager-Gesetz, AIFMG) or the Austrian Investment Fund Act 2011 (Investmentfondsgesetz 2011, InvFG 2011), may also apply.

Only where the token qualifies as a crypto-asset and is not excluded under Article 2(4) MiCA does the MiCA product-classification analysis apply. Within the MiCA perimeter, the principal categories are:

• asset-referenced tokens (ARTs), which purport to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies;
• e-money tokens (EMTs), which purport to maintain a stable value by referencing the value of one official currency; and
• crypto-assets other than ARTs or EMTs, a residual category that includes many utility-token models.

Regulated Activities in Relation to Crypto-Assets

The provision of crypto-asset services under MiCA requires authorisation by the FMA. The ten regulated services under Article 3(1), (16) MiCA are:

• custody and administration of crypto-assets on behalf of clients;
• operation of a trading platform;
• exchange of crypto-assets for funds;
• exchange of crypto-assets for other crypto-assets;
• execution of orders on behalf of clients;
• placing of crypto-assets;
• reception and transmission of orders for crypto-assets on behalf of clients;
• providing advice on crypto-assets;
• providing portfolio management on crypto-assets; and
• providing transfer services for crypto-assets on behalf of clients.

Prohibited activities

There is no general prohibition of crypto-asset products or services in Austria. However, providing regulated crypto-asset services without the required authorisation, as well as conducting public offerings that do not comply with MiCA requirements – particularly with respect to white paper disclosure and conduct of business rules – is prohibited and subject to sanctions. Market abuse in relation to crypto-assets, including insider dealing, unlawful disclosure of inside information, and market manipulation, is also expressly covered by Austrian administrative penalty provisions (see also 1.1.3 Regulation of Blockchain Technology).

Distinction Between Retail and Professional Clients

Austria does not operate a separate, Austria-only retail/professional crypto regime; the key distinctions and investment protections are primarily those found in the EU MiCA framework: under MiCA, a “retail holder” is a natural person acting outside their trade, business, craft or profession. The “professional” category is therefore best understood by contrast: persons (natural or legal) acting in the course of business/investment activity are not “retail holders”, and MiCA’s most consumer-protective rules do not apply to them in the same way (eg, 14-calendar-day right of withdrawal and safeguarding obligation).

Forthcoming Developments

Further guidance and secondary measures are expected from the Austrian Financial Market Authority (FMA) to clarify supervisory expectations, in particular around dual licensing (see 6.2.2 Stablecoin Regulation). In parallel, interaction with other EU initiatives – especially the implementation of updated AML and sanctions frameworks – will increasingly shape the operational and compliance requirements of entities active in the Austrian crypto-asset market. Beyond this, no major Austria-specific primary crypto-asset legislative package is currently planned.

If Austrian investors invest into a UCITS/OGAW or AIF with crypto-asset exposure, the product sold to the investor is typically the fund unit or share, rather than the underlying crypto-asset. The investor-facing regulatory regime is therefore generally the UCITS/InvFG 2011 or AIFMG framework, including rules on:

• authorisation;
• governance;
• eligible assets and investment restrictions;
• risk management;
• valuation;
• custody/depositary arrangements; and
• disclosure and distribution.

The use of a fund wrapper does not, however, eliminate the regulatory consequences of the fund’s underlying crypto exposure. The fund manager must assess whether the relevant exposure is permitted under the applicable UCITS or AIF rules and whether additional systems, risk-management, valuation, liquidity-management, custody and disclosure arrangements are required. For regulated firms, crypto exposure may also raise prudential, organisational and conduct-of-business considerations.

MiCA will not usually apply to the fund unit itself where that unit qualifies as a financial instrument or as a fund interest excluded under Article 2(4) MiCA. However, MiCA may still be relevant at the level of the structure, manager, affiliate or service provider where there is a separate public offer or admission to trading of crypto-assets, or where regulated crypto-asset services are provided, such as custody, exchange, placing, advice, portfolio management or transfer services. In Austria, those MiCA obligations are supervised by the FMA.

In Austria there is a viable crypto-asset issuance industry that is essentially governed by the EEA-wide MiCA framework, which Austria follows.

Offer to the Public

MiCA sets out general requirements for the public offering of crypto-assets within the EU. A public offer is a communication to multiple people in any form, and by any means, presenting sufficient information on the terms of the offer and the crypto-assets to be offered so as to enable prospective buyers to decide whether to purchase those crypto-assets. Any communication, including publishing information on a website, or recommendations by influencers in video messages or at events, can constitute a public offer.

In practice, the requirements depend on the type of crypto-assets, but where a launch qualifies as an “offer to the public” in the EU, one will generally need to:

• act through a legal person;
• prepare a MiCA-compliant crypto-asset white paper;
• notify it to the competent authority (in Austria, the FMA); and
• publish it on one’s website before launch, while also complying with MiCA conduct and marketing rules.

MiCA also provides important exemptions (for example, offers to fewer than 150 persons per member state, offers not exceeding EUR1 million over 12 months, or offers made solely to qualified investors) and situations in which Title II does not apply at all, such as genuinely “free” distributions, certain mining/validation rewards, specific utility tokens and limited-network use cases. Please note that these exemptions do not extend to ARTs and EMTs.

Where a crypto-asset qualifies as an asset-referenced token (ART) or an e-money token (EMT), additional regulatory requirements may apply. These include, in particular, the following.

• Asset-referenced tokens (ARTs) – The issuer must be established within the EU, and the crypto-asset white paper requires prior approval by the competent authority. Issuers are also required to a legal opinion on the classification of the token (for further requirements see 6.2.3 Backing Assets).

• E-money tokens (EMTs) – These are subject to stricter requirements and may only be issued by authorised credit institutions or e-money institutions (see 6.2.2 Stablecoin Regulation and 6.2.3 Backing Assetsfor further details and requirements).

Additional Austria-specific reporting

For issuers of ARTs and EMTs with seat in Austria, Austria has implemented detailed reporting mechanics via the MiCAR‑Emittenten‑Meldeverordnung (MiCAR‑E‑MV) (an FMA regulation). The MiCAR‑E‑MV specifies, among other things, reporting cut‑off dates, intervals, structure, and content for reports to the Austrian National Bank (OeNB).

Within the EU, market abuse is governed by two parallel regimes: one for traditional financial instruments (MAR) and one specifically for crypto-assets (MiCA). Austria applies both frameworks and enforces them through the FMA as the competent authority.

For traditional financial instruments, the Market Abuse Regulation (MAR) prohibits three core behaviours:

• trading while in possession of inside information;
• unlawfully disclosing inside information; and
• manipulating the market (for example, by creating false or misleading signals, using wash trades or spreading misleading information).

For crypto-assets that are not classified as “financial instruments”, MiCA now applies the same three basic prohibitions. In other words, the core logic is replicated: no insider dealing, no unlawful disclosure and no market manipulation. MiCA is further specified by Commission Delegated Regulation (EU) 2025/885, which sets out technical standards on how crypto-asset service providers (CASPs) and others must prevent, detect and report market abuse, including how to escalate and report suspicious patterns.

Despite this parallel structure, there are some important differences.

• No safe harbours – MAR contains explicit “legitimate behaviour” or “safe harbour” provisions (for example, for share buy-back programmes and stabilisation measures), provided strict conditions are met. MiCA does not include an equivalent catalogue of legitimate behaviour, which makes the crypto-asset insider regime more rigid and less cushioned by predefined exceptions.
• Different real-world scenarios – The “typical cases” differ because the underlying assets and markets function differently. Under MAR, insider cases usually relate to M&A transactions, capital measures, financial results or major changes to business strategy, governance or financing. Under MiCA, insider cases are more likely to concern critical bugs or vulnerabilities in protocols or smart contracts, security incidents and hacks affecting wallets, bridges or platforms, planned hard forks or other protocol changes, or material changes to tokenomics. Given that these patterns are newer and less standardised, there are fewer settled case categories or precedents in crypto, which makes the application of the rules more uncertain in practice.

For many CASPs – particularly small and mid-sized firms – the practical impact of the MiCA market abuse regime lies less in the abstract legal prohibitions and more in the operational requirements needed to comply. MiCA and its implementing measures, as interpreted and further detailed by ESMA, expect a relatively high degree of automation and systematic surveillance, which often results in a significant financial and organisational burden for smaller CASPs.

In Austria, crypto‑asset regulation is taken seriously, and the Austrian MiCA Implementation Act (MiCA-VVG) expressly designates the FMA as the competent authority for the active enforcement under the MiCA framework.

Consequences

When firms do not comply with MiCA requirements, the FMA has several tools at its disposal. These range from administrative fines, including fines calculated by reference to gains made or losses avoided, to far-reaching interventions in the business itself, including bans on individuals holding management functions and, ultimately, the withdrawal of a firm’s authorisation. In serious cases, the FMA can restrict or even seize parts of a firm’s business: for example, by prohibiting certain services or effectively shutting down non‑compliant activities. In addition, the FMA relies on “naming and shaming”: decisions and measures are often published, which can damage the reputation of a firm far beyond the financial sanction.

From a practical perspective, market participants in Austria should assume that MiCA rules will be enforced at least as strictly as existing rules in traditional financial services. The message is that crypto‑asset services are now part of a fully regulated financial market, not an experimental side‑segment.

Cross‑Border Breaches

Crypto-asset services are often offered on a cross-border basis within the EU. In such cases, the FMA co-ordinates with other European supervisory authorities in order to avoid duplication of work and overlaps in the exercise of supervisory and investigative powers, and in the imposition of administrative sanctions or other administrative measures in cross-border cases.

Where an Austrian-licensed firm serves clients in other member states, co-operation and information exchange between authorities is the standard; the same applies where foreign firms target Austrian clients without proper passporting or authorisation. In this case, the FMA may impose direct administrative measures – for example, by issuing public warnings or restricting certain activities towards Austrian clients – while at the same time engaging with the firm’s home supervisor.

Expected Regulatory Attitude Over the Next 12 Months

Over the next 12 months, the FMA’s stance is unlikely to soften; if anything, it is more likely to tighten as MiCA becomes embedded in supervisory practice and the authority seeks to ensure a level playing field. The first wave of authorisations and early enforcement cases will be used to send clear signals to the market about what is acceptable and what is not.

Licence Requirement

Under MiCA, any legal person or undertaking that professionally provides crypto‑asset services defined under Article 3 MiCA within the EU must obtain authorisation as a CASP (see 2.2 Crypto-Asset Regulatory Frameworks, “Regulated Activities in Relation to Crypto-Assets”).

Territorial Scope

MiCA looks at where services are provided, not just where the firm is incorporated. This means that a non‑EU or non‑Austrian entity that targets EU‑based (or Austrian) clients with in‑scope crypto‑asset services will likewise be expected to obtain a MiCA authorisation (or operate via an authorised CASP) if it wants to serve those clients on a continuous, professional basis. At the same time, authorised CASPs must have a registered office and place of effective management within the EU, and the FMA requires at least one EU/EEA‑resident director when granting a CASP licence.

Grandfathering and Transitional Rules

MiCA introduced transitional (“grandfathering”) provisions for existing crypto businesses that were authorised or registered under national law before it became fully applicable. Austria made use of these options but opted for relatively strict timelines: registered virtual asset service providers (VASPs) were allowed to continue operating only until 31 December 2025 while transitioning to a full CASP licence. Firms that did not obtain MiCA authorisation by that date had to cease their business operations.

Pre-Licensing Discussions With the Austrian FMA

The Austrian FMA provides a roadmap (available here) as well as additional information (available here) for CASPs intending to set up operations in Austria. It actively encourages future applicants to reach out as early as possible for informal preliminary discussions to allow sufficient time for preparation and co-ordination. When requesting a meeting, the FMA asks that a questionnaire be completed (available here). Note that both the pre-licensing discussions as well as the whole licensing proceedings can be conducted in English.

Presence and Local Personnel Requirements Under MiCA

All CASPs wishing to file an application with the Austrian FMA must also have their registered office in Austria, from which they conduct at least part of their services, and must appoint at least one managing director who is resident in the EEA (see 3.1 Licensing Requirements, “Territorial Scope”). For the money laundering reporting officer (MLRO), the FMA typically also requires an EEA resident that is fit and proper under the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG).

Prudential Requirements

Prudential requirements depend on the type of licence and the concrete services that are intended to be provided. For a CASP, the minimum hard core capital ranges between EUR50,000 and EUR150,000, depending on the service profile, while for a payment institution it ranges between EUR20,000 and EUR125,000, and for an EMI it is EUR350,000. In addition, firms must hold ongoing own funds, calculated under the applicable regulatory methods (eg, method A based on 10% of the previous year’s fixed overheads).

Where multiple licences are required (eg, a dual licence as CASP and payment institution (see 6.2.2 Stablecoin Regulation), the initial capital and own-funds requirements apply cumulatively; in practice, this means that the minimum hard-core capital is added up (eg, EUR150,000 + EUR20,000), and the ongoing own-funds requirement is then calculated on top.

The FMA is responsible for ensuring that both the management and the (direct and indirect) beneficial owners of all supervised entities are professionally suitable and personally reliable. As a result, any person intending to acquire or increase a qualifying holding in a CASP must notify the FMA in advance of entering into a binding agreement. The legal basis for the ownership-control procedure for CASPs is Commission Delegated Regulation (EU) 2025/414.

As part of the authorisation, this CDR applies as well and detailed information and documentation must be submitted for each proposed qualifying shareholder and, where the shareholder is a legal person, also for its executive management. This typically includes:

• criminal record extracts;
• financial information;
• a list of beneficial owners;
• CVs;
• a description of business activities;
• disclosure of any links to politically exposed persons;
• a description of financial and non-financial interests;
• annual financial statements;
• certificate of good standing; and
• information on the financing structure.

Under MiCA, a CASP licence granted by the FMA in Austria is an EU-wide authorisation that can be passported to all other EU/EEA member states. The CASP may provide services cross-border or through branches without needing separate local CASP licences, relying on the freedoms to provide services and of establishment within the EEA.

In practice, this operates on a “one-stop shop” basis: one licence for all member states, with only a notification process required. To benefit from passporting, the Austrian CASP must submit a notification to the FMA indicating the host member states, the services to be provided and whether activities will be cross-border or via a branch. The FMA then forwards this information to the host authorities, after which the CASP may commence activities in those states, subject to any applicable local non-prudential requirements (eg, consumer protection and marketing rules).

Disclosure and Approval Requirements

Issuers of crypto-assets within the scope of MiCA must publish a crypto-asset white paper as detailed under 2.4 Token Issuance. If there is a public offer of a crypto-asset, no marketing may be conducted prior to the publication of the white paper. In this case, marketing communication has to be consistent with the white paper and must include references to the white paper, prescribed disclaimers and contact information. For documentation purposes, marketing communications must also be posted on the offeror’s website.

Exemptions and Reverse Solicitation

EU law and MiCA recognise a reverse‑solicitation exemption for third‑country firms: where an EU/Austrian client approaches a non‑EU service provider entirely on their own exclusive initiative, the service provider may serve that client without obtaining a CASP authorisation for that specific relationship. However, this exemption is interpreted very narrowly by regulators and by the FMA: any active marketing activities (websites tailored to Austrian investors, German‑language campaigns, Austrian influencers, geo‑targeted online ads, Austrian pricing, .at domains) are very likely to be treated as solicitation.

Marketing and Advertising of Crypto-Assets

The core rules on marketing of crypto-assets are set out in Article 7 MiCA. In addition, Article 66(2) MiCA requires that all information provided by CASPs to clients must be fair, clear and not misleading. These requirements build on long-standing capital markets standards already contained in MiFID II and the EU Prospectus Regulation (Regulation (EU) 2017/1129).

In practice, it can therefore be expected that national regulators will apply their existing prospectus-related marketing doctrines by analogy to MiCA. For Austria, this means that the advertising principles set out in the FMA’s Prospectus Supervision Circular (available in German only) are likely to be applied in a similar way to crypto-asset marketing.

The principles on marketing apply even where no crypto-asset white paper has to be published: for example, because an exemption under Article 4 MiCA is available, or where crypto-asset services within the meaning of Article 3 MiCA are offered. In other words, the general conduct-of-business and marketing standards are applicable regardless of whether a white paper is required.

Some of the key advertising principles under MiCA, which mirror those applicable to traditional securities, include the following:

• marketing communications must be clearly recognisable as such (for example, by clear labelling as “marketing communication” or “advertisement”);
• the content must be fair, clear and not misleading, with a balanced presentation of both risks and benefits;
• where a white paper is required, statements in marketing materials must not contradict the white paper or go beyond its content;
• contact details (including at least a website and means of contact such as email or telephone) must be included; and
• a prescribed statement must make clear that the marketing communication has not been reviewed or approved by any competent authority.

For ARTs and EMTs, further specific requirements must also be taken into account (see 2.4 Token Issuance).

White-label solutions are allowed in principle, provided that the licensed CASP remains the actual provider of the regulated service and assumes full responsibility.

White-label models therefore have to be set up as outsourcing or distribution by the authorised CASP, not as the unlicensed firm providing the service in its own name. The CASP must remain the client’s contracting counterparty, keep control over onboarding, compliance and risk, and ensure supervisors can obtain all necessary information, including from third-party providers.

Technology, branding or front-end support can be outsourced, but not the licence itself. If the external firm appears in substance to be the provider (own T&Cs, marketing for services, direct client relationship), it may be treated as a CASP that needs its own CASP authorisation.

Where a white-label set-up ends up with an unlicensed firm effectively providing MiCA-in-scope services into Austria, the FMA can order the activity to stop, suspend or prohibit services and take further supervisory measures. In other words: outsourcing is permitted; “licence renting” that lets an unlicensed firm run the regulated business is not.

DeFi is not prohibited in Austria. Neither Austrian law nor EU law contains a standalone regulatory framework for decentralised finance. MiCA expressly excludes crypto-asset services that are provided in a fully decentralised manner without any intermediary. The FMA applies a substance-over-form analysis on a case-by-case basis and will assess whether a protocol is genuinely decentralised or merely nominally so.

CeFi (Centralised-Finance) firms in Austria are permitted to engage with DeFi protocols and to conduct other currently unregulated activities such as staking. However, a regulated entity does not shed its regulatory obligations simply because the underlying technology is decentralised. Licensed CASPs and financial institutions must disclose all business activities to the FMA as part of the authorisation process, and the FMA actively monitors the full range of a licensed firm’s operations, whether regulated or not. Where a DeFi-related activity falls outside MiCA’s scope but involves financial instruments or triggers other regulatory touchpoints, it may nevertheless be subject to MiFID II, AML obligations under the FM-GwG, or the operational resilience requirements of DORA.

From a purely technical standpoint, a decentralised autonomous organisation (DAO) can be set up at any time by deploying smart-contract code and governance rules on a blockchain. Austrian law, however, does not recognise a dedicated corporate form for DAOs, nor does it confer legal personality on them. Where multiple persons jointly operate a DAO without adopting a formal legal structure, the prevailing view in Austrian scholarship holds that a Gesellschaft bürgerlichen Rechts (GesBR) arises by operation of law – exposing all participants to joint and several unlimited personal liability. To mitigate this risk, practitioners typically wrap the DAO in a conventional legal entity – most commonly a limited liability company (GmbH), an association (Verein) or, where the jurisdiction expressly accommodates DAO-like structures, a foreign-law entity – while using the DAO solely as the internal governance and decision-making layer. The applicable substance and capital requirements are then determined by the chosen wrapper. A notable Austrian example is onchainaustria, a non-profit association (gemeinnütziger Verein) that operates its governance entirely through a DAO: member decisions, general meetings, board elections, bookkeeping and payment flows are all executed on-chain via smart contracts and tokens, while the Verein itself furnishes the legally recognised personality needed to act in the external legal sphere.

To date, there are no publicly reported Austrian court decisions that address liability specifically for losses arising from DeFi activities, such as smart-contract failures, protocol hacks or governance exploits. In practice, where DeFi-related activity causes harm with a sufficient Austrian nexus, authorities and courts would look for any identifiable person or entity behind the protocol and treat that party as the responsible actor. This will typically be the company, foundation or identifiable team that operates the front end, promotes or markets the protocol, sets key parameters (such as fees, listings and risk settings) or participates economically in protocol revenues. Such Austria-linked entities are the natural addressees for supervisory measures, administrative sanctions, potential criminal liability (for example, fraud) and, where relevant, for civil damage claims.

Both volatile crypto-assets (such as Bitcoin) and stablecoins (such as USDC) can be used as a means of exchange in Austria, and an increasing number of businesses – particularly in cross-border commerce – accept crypto as payment. Crypto-assets are not legal tender, but private parties are generally free to agree on settlement in crypto, and there are currently no statutory limits on the size or value of a crypto payment.

From a regulatory perspective, the use of crypto-assets as a payment medium between commercial parties is largely unregulated as such. However, intermediaries that provide regulated crypto‑asset services (eg, exchange, custody, execution of orders) must be authorised under MiCA as CASPs. Where the token used for payment qualifies as an EMT or a financial instrument, the existing e‑money, payment‑services and/or securities frameworks also apply in parallel (see 6.2.2 Stablecoin Regulation).

Tokenised assets and real-world assets (RWA) crypto are generally regulated by looking first at the underlying asset or right and then at the token form. In broad terms, Austria (within the EU framework) follows a “same activity, same risk, same rules” approach.

If a token represents a traditional financial instrument (eg, shares, bonds, fund units), it is treated as a security/financial instrument regardless of the use of blockchain, and the full EU financial-markets regime applies as if the instrument were issued or held in non-tokenised form (see 2.2 Crypto-Asset Regulatory Frameworks).

Where a tokenized real‑world asset does not qualify as a financial instrument under MiFID II, MiCA becomes the primary regulatory framework, provided the token falls within its broad definition of a “crypto‑asset” (see 2.2 Crypto-Asset Regulatory Frameworks).

However, general civil law (eg, property, contract, secured transactions law) and sector-specific regimes for the underlying asset (eg, real estate registration rules, consumer credit rules) still apply independently of the token layer.