HOME/All Jurisdictions/AT

AT — Country Profile

Austria

645TOTAL
435OFFICIAL SOURCES
11TOPIC AREAS
Law / Act79
Executive Order95
Policy / Guidance3
National Strategy3
Working Paper1
Court Case5
Other459
15 APR 2026 · Other

European Commission investigation into Meta's blocking of AI business communications on WhatsApp for possible competition law breach (Case AT.41034)

On 15 April 2026, the European Commission sent a supplementary statement of objections to Meta regarding informing the company of its intention to order the reinstatement of third-party AI assistants' access to WhatsApp under conditions existing prior to 15 October 2025. The supplementary statement is part of an ongoing interim measures procedure within an investigation into whether Meta breached European Union antitrust rules by restricting the access of third-party general-purpose AI assist...

Competitionec.europa.eu ↗
03 APR 2026 · Other

Data Brokers Market Study

On 4 March 2026, the European Data Protection Board (EDPB) released the Data Brokers Market Study, commissioned by the Belgian Supervisory Authority (BE SA) through the EDPB Support Pool of Experts Programme. The study identified data brokers and data providers with a presumed main establishment in Belgium, as defined under Article 4(16)(a) of the General Data Protection Regulation (GDPR). It established a working definition of a data broker and a set of selection criteria based on Article 4(...

✓ OfficialNational Strategyedpb.europa.eu ↗
31 MAR 2026 · Other

Guidance on application of Regulation (EU) 2024/2847 (Cyber Resilience Act)

On 31 March 2026, the European Commission closes the consultation on draft guidance concerning the application of Regulation (EU) 2024/2847 (Cyber Resilience Act). The draft guidance clarifies how the Regulation should be interpreted and implemented in practice. It aims to support manufacturers, developers, and other stakeholders in understanding their obligations and to promote a consistent approach across the European Union.

National Strategyec.europa.eu ↗
30 MAR 2026 · Law / Act

Authorisation of goods or services in Digital Networks Act (2026/0013(COD))

On 30 March 2026, the Body of European Regulators for Electronic Communications (BEREC) published its early assessment of the European Commission's proposal for a Digital Networks Act (DNA). The DNA, proposed on 21 January 2026, aims to update the objectives and regulatory tools of the legislative framework for electronic communications. The assessment covers the following areas. On regulatory objectives, BEREC raises concerns that the proposed rewording of the competition objective under Art...

National Strategyberec.europa.eu ↗
30 MAR 2026 · Executive Order

Code of Practice on Transparent Generative AI Systems under Article 50 AI Act

Official source record dated 30 March 2026 for Austria concerning Code of Practice on Transparent Generative AI Systems under Article 50 AI Act. See the linked digital-strategy.ec.europa.eu source for the authoritative text, procedural context, and implementation details.

National Strategydigital-strategy.ec.europa.eu ↗
26 MAR 2026 · Other

European Commission investigation into Pornhub over minors protection and illegal content

On 26 March 2026, the European Commission issued preliminary findings that Pornhub breached the Digital Services Act (DSA) by failing to protect minors from exposure to pornographic content. The Commission found that Pornhub's risk assessment did not apply objective and thorough methodologies, disproportionately emphasising business-centric concerns over societal risks to minors. The Commission also found that self-declaration of age, page blurring, content warnings, and “restricted to adults...

Consumer Protectionec.europa.eu ↗
26 MAR 2026 · Other

European Commission investigation into XNXX over alleged breaches of minor protection requirements under Digital Services Act

On 26 March 2026, the European Commission issued preliminary findings that XNXX breached the Digital Services Act (DSA) by failing to protect minors from exposure to pornographic content. The Commission found that XNXX's risk assessment did not apply objective and thorough methodologies, disproportionately emphasising business-centric mattersover societal risks to minors, and misrepresented or did not consider its meetings with civil society organisations specialising in children's rights and...

Consumer Protectionec.europa.eu ↗
26 MAR 2026 · Law / Act

Regulation extending Interim Regulation's derogation from ePrivacy Directive until 2028 (2025/0429)

On 26 March 2026, the European Parliament rejected the proposal to extend Regulation (EU) 2021/1232 on derogation from the ePrivacy Directive until 2028. This regulation sets out interim rules on data processing for the purpose of combating online child sexual abuse material (CSAM). The regulation would have temporarily derogated from the ePrivacy Directive, enabling providers of online communication services to voluntarily detect, report, and remove CSAM. The Commission proposed extending th...

National Strategyeuroparl.europa.eu ↗
24 MAR 2026 · Other

Assessment of compliance with reporting requirements under Code of Conduct on Disinformation integrated into Digital Services Act

On 24 March 2026, the European Commission announced that signatories to the Code of Conduct on Disinformation had published their first reports in the Code’s Transparency Centre, covering the period from 1 July to 31 December 2025. The signatories include providers of Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs), as well as fact-checkers, research and civil society organisations, and representatives from the advertising industry. The reports contain dedica...

✓ OfficialContent Moderationdigital-strategy.ec.europa.eu ↗
19 MAR 2026 · Other

Lawsuit concerning access rights and limits on damage claims under General Data Protection Regulation (Brillen Rottler GmbH v TC / Case C-526/24)

On 19 March 2026, the Court of Justice of the European Union (CJEU) issued a judgment in Case C-526/24 (Brillen Rottler GmbH & Co. KG v TC) on a reference from the Local Court Arnsberg in Germany. The case arose from a request by an individual who, 13 days after subscribing to the newsletter of German optician Brillen Rottler GmbH & Co. KG and providing personal data, submitted a request for access under Article 15 of the General Data Protection Regulation (GDPR). The company refused the requ...

National Strategyeur-lex.europa.eu ↗
19 MAR 2026 · Other

European Data Protection Board Coordinated Enforcement Action for 2026 on transparency and information obligations under General Data Protection Regulation (GDPR)

On 19 March 2026, the European Data Protection Board (EDPB) launched its Coordinated Enforcement Framework (CEF) action for 2026, focusing on compliance with transparency and information obligations under the General Data Protection Regulation (GDPR). The topic was selected at the EDPB's October 2025 plenary. The action applies to data controllers across sectors in Europe and will involve 25 data protection authorities (DPAs) conducting enforcement actions and fact-finding exercises to assess...

National Strategyedpb.europa.eu ↗
17 MAR 2026 · Other

Strategy for supervising systems under Artificial Intelligence Act

Official source record dated 2026-03-17 for Austria concerning Strategy for supervising systems under Artificial Intelligence Act. See the linked edps.europa.eu source for the authoritative text, procedural context, and implementation details.

✓ OfficialNational Strategyedps.europa.eu ↗
16 MAR 2026 · Other

Validity of GDPR consent in electronic direct marketing (Case C-317/25)

On 16 May 2025, the French Council of State lodged a request for a preliminary ruling with the Court of Justice of the European Union (CJEU) in Case C-317/25. The referral originates from proceedings in which Groupe Canal + SAS sought annulment of Decision No SAN-2023-015 of 12 October 2023, by which the select panel of the National Commission for Information Technology and Civil Liberties (CNIL) imposed an administrative fine of EUR 600'000 for breaches of the General Data Protection Regulat...

National Strategyeur-lex.europa.eu ↗
04 MAR 2026 · Law / Act

Derogation of ePrivacy Directive to fight child sexual abuse

On 3 April 2026, the applicability of the Derogation from the ePrivacy Directive supporting the detection of child sexual abuse ends. The derogation was extended by Regulation (EU) 2024/1307. The extension allows providers of number-independent interpersonal communication services, such as messaging platforms, to use technologies that process personal and other data to identify, report, and remove online child sexual abuse. Providers must also ensure that information on reports submitted to a...

National Strategyeur-lex.europa.eu ↗
04 MAR 2026 · Law / Act

Regulation extending derogation from the ePrivacy Directive to support the detection of child sexual abuse

On 3 April 2026, the Regulation on the Extension of Derogation from the ePrivacy Directive for the purpose of identifying Child Sexual Abuse Material (CSAM) online expires. The extension concerns an exemption from data protection regulations, which grants providers offering number-independent interpersonal communication services, such as messaging services, the authority to use technologies for processing personal and other data to identify, report, and remove instances of online child sexua...

National Strategyeur-lex.europa.eu ↗
02 MAR 2026 · Other

European Commission European Open Digital Ecosystem Strategy

On 3 February 2026, the European Commission closes a consultation in its inquiry on setting out a new European Open Digital Ecosystem Strategy. The Strategy aims to establish a strategic approach to the EU open source sector addressing its contribution to technological sovereignty, security and competitiveness, and aiming to strengthen the use, development, and reuse of open digital assets. The Strategy also seeks to ensure that the EU is not dependent on external actors and non-transparent t...

National Strategyec.europa.eu ↗
02 MAR 2026 · Other

Lawsuit over supervisory fee applicable to Stripchat under Digital Services Act (Technius v Commission / Case T-70/26)

On 3 February 2026, Technius LTD filed an action before the General Court of the European Union against European Commission Implementing Decision C(2025) 8119 final of 26 November 2025 (Case T-70/26), which determined the annual supervisory fee applicable to Stripchat under the Digital Services Act (DSA). Technius raises 3 pleas in law, which concern the validity of the underlying designation decision, the principle of sound administration, and the duty to state reasons. Technius argues that ...

Content Moderationeur-lex.europa.eu ↗
26 FEB 2026 · Other

EU Internet Forum

On 26 February 2026, the European Commission announced the development of a new workstream within the EU Internet Forum (EUIF) to strengthen user support mechanisms and positive interventions aimed at preventing online radicalisation, as set out in the Communication “ProtectEU: Agenda to Prevent and Counter Terrorism' (COM(2026) 101 final). Launched in 2015, the EU Internet Forum is a voluntary public–private cooperation platform that brings together the ministries of EU Member States, law en...

Content Moderationhome-affairs.ec.europa.eu ↗
26 FEB 2026 · Other

European Union Online Crisis Response Framework

On 26 February 2026, the European Commission announced that the existing voluntary EU Crisis Protocol will be revised into an EU Online Crisis Response Framework and integrated under the Digital Services Act (DSA), in the Communication “ProtectEU: Agenda to prevent and counter terrorism” (COM(2026) 101). The EU Crisis Protocol currently provides a voluntary framework for cooperation between law enforcement authorities and online service providers following a terrorist attack with significant ...

Content Moderationhome-affairs.ec.europa.eu ↗
20 FEB 2026 · Other

Guidelines on calculation of reasonable compensation as set out in Article 9 of Data Act

On 20 February 2026, the European Commission closes the consultation on the draft guidelines for the calculation of reasonable compensation under Article 9 of the Data Act. The draft guidelines clarify how data holders should calculate compensation when sharing data under legal obligations imposed by the Data Act, applying fair, reasonable, and non-discriminatory principles to mandatory business-to-business data sharing across all sectors. Compensation remains optional, as data holders may ch...

National Strategydigital-strategy.ec.europa.eu ↗
19 FEB 2026 · Other

European Ombudswoman inquiry into possible discrepancies between guidelines on AI Act and AI Code of Practice

On 19 February 2026, the European Ombudswoman opened an inquiry (Case 3162/2025/MIK) into possible discrepancies between the guidelines on the AI Act and the AI Code of Practice. The inquiry follows a complaint from a Member of the European Parliament. While the AI Act mandates that providers maintain current information on energy consumption during the development of general-purpose AI models, the Code of Practice allegedly contains exemptions for certain circumstances. The complainant raise...

National Strategyombudsman.europa.eu ↗
18 FEB 2026 · Other

European Data Protection Board coordinated enforcement framework on right to erasure

On 18 February 2026, the European Data Protection Board (EDPB) published a report presenting the findings of its coordinated enforcement framework action on the right to erasure under Article 17 of the General Data Protection Regulation (GDPR). The action aimed to assess how effectively individuals can exercise their erasure rights and to evaluate compliance by controllers, including both small and medium-sized enterprises (SMEs) and large technology companies. The findings, drawn from 32 par...

National Strategyedpb.europa.eu ↗
16 FEB 2026 · Other

European Commission assessment of Shein's compliance with Digital Service Act's requirement on establishment of notice and action mechanism

On 16 February 2026, the European Commission opened formal proceedings against Shein under the Digital Services Act (DSA). The proceeding focuses on the company’s systems to limit illegal products in the European Union, including content that could constitute child sexual abuse material, such as child-like sex dolls. It also examines risks linked to addictive design features, including points or rewards for engagement, and the effectiveness of mitigation measures. In addition, the Commission ...

Content Moderationec.europa.eu ↗
13 FEB 2026 · Other

ICT Supply Chain Security Toolbox

On 13 February 2026, the NIS2 Cooperation Group, comprising European Union Member States, the European Commission, and the European Union Agency for Cybersecurity (ENISA), published the ICT Supply Chain Security Toolbox to provide a common framework for identifying, assessing, and mitigating cybersecurity risks across information and communication technology supply chains. The instrument establishes a horizontal and non-binding approach based on an all-hazards methodology, defining important ...

✓ OfficialNational Strategydigital-strategy.ec.europa.eu ↗
13 FEB 2026 · Other

Fighting online fraud action plan

On 13 February 2026, the European Commission closes the consultation on the development of an action plan on fighting online fraud. The initiative aims to address the growing prevalence of online fraud across the EU, following the increased use of behavioural manipulation, automation and artificial intelligence in fraud schemes, including industrialised models such as “crime-as-a-service.” The proposed action plan would cover fraud committed through digital technologies, including online and ...

Content Moderationec.europa.eu ↗
13 FEB 2026 · Other

Risk assessment concerning connected and automated vehicles and their supply chains

On 13 February 2026, the Network and Information Systems (NIS) Cooperation Group, in cooperation with the European Commission and the European Union Agency for Cybersecurity (ENISA), adopted a coordinated security risk assessment of connected and automated vehicles (CAVs) and their supply chains. The assessment, issued in line with Article 22 of the NIS2 Directive, provides an overview of cybersecurity risks and mitigating measures to address them. The assessment identifies 107 unique risks a...

✓ OfficialNational Strategydigital-strategy.ec.europa.eu ↗
13 FEB 2026 · Other

Risk assessment of detection equipment at border crossing points

On 13 February 2026, the Network and Information Systems (NIS) Cooperation Group, in collaboration with the European Commission and the European Union Agency for Cybersecurity (ENISA), published a coordinated security risk assessment of detection equipment used by law enforcement and security operators at border crossing points. This assessment, carried out under Article 22 of the NIS2 Directive, provides an overview of cybersecurity risks and necessary mitigating measures for equipment used ...

✓ OfficialNational Strategydigital-strategy.ec.europa.eu ↗
02 FEB 2026 · Other

Signatory Taskforce of General-Purpose AI Code of Practice

On 2 February 2026, the AI Office announced the establishment of the Signatory Taskforce of the General-Purpose AI Code of Practice, with the aim of facilitating the coherent application of the Code as a voluntary tool supporting compliance with European Union rules for general-purpose AI models under the Artificial Intelligence Act. The Taskforce is chaired by the AI Office and provides participating Signatories with a forum to exchange views relevant to implementation of the Code. It may pr...

✓ OfficialNational Strategydigital-strategy.ec.europa.eu ↗
02 FEB 2026 · Other

European Data Protection Board report on international data protection enforcement cooperation

On 2 February 2026, the European Data Protection Board (EDPB) published the Report on International Data Protection Enforcement Cooperation under the Support Pool of Experts programme. The report sets out findings on cross-border cooperation between European Economic Area (EEA) data protection authorities (DPAs) and DPAs in third countries, with a focus on jurisdictions that hold a European Union (EU) adequacy decision. It concludes that international enforcement cooperation is less developed...

✓ OfficialNational Strategyedpb.europa.eu ↗
28 JAN 2026 · Executive Order

European Commission implementing decision on adequate level of protection of personal data by Brazil

On 28 January 2026, the European Commission’s implementing decision recognising that Brazil ensures an adequate level of protection for personal data under the EU General Data Protection Regulation (GDPR) enters into force. The decision confirms that Brazil provides comparable levels of data protection, allowing personal data to be transferred freely between the two jurisdictions without additional authorisations or safeguards. In reaching its decision, the Commission assessed Brazil’s Law No...

✓ OfficialNational Strategyeur-lex.europa.eu ↗
28 JAN 2026 · Other

European Parliament resolution on copyright and generative artificial intelligence (2025/2058(INI))

On 28 January 2026, the European Parliament adopted a resolution regarding copyright and generative artificial intelligence (AI) (2025/2058(INI)) to address the use of protected works in training datasets and the status of AI-generated content. The resolution recommends that the European Commission conduct an assessment of whether the current European Union (EU) copyright framework addresses legal uncertainties and competitive effects from the use of protected works for training AI systems. T...

✓ OfficialIntellectual Propertyeuroparl.europa.eu ↗
27 JAN 2026 · Other

Data protection regulation in European Union-India Free Trade Agreement

On 27 January 2026, the European Union (EU) and India concluded negotiations for a Free Trade Agreement (FTA). The Agreement includes a digital trade chapter to facilitate trade enabled by electronic means. The chapter applies to measures affecting digital trade but excludes audio-visual services, government procurement, and most government-held data. It reaffirms that both parties retain the right to regulate to pursue legitimate policy objectives. The chapter includes provisions on privacy ...

National Strategycircabc.europa.eu ↗
26 JAN 2026 · Other

European Commission specification proceeding to support Google to comply with interoperability obligations under Digital Markets Act

On 26 January 2026, the European Commission opened a specification proceeding into Google over its alleged failure to comply with interoperability obligations under the Digital Markets Act (DMA). The proceeding addresses Article 6(7) of the DMA, which requires Google to offer third-party developers free and effective interoperability with hardware and software features within the Android operating system. The Commission intends to define how Google should provide third-party AI service provid...

National Strategyec.europa.eu ↗
26 JAN 2026 · Other

European Commission investigation into X's compliance with DSA requirements to address illegal content and disinformation

On 26 January 2026, the European Commission extended its existing investigation into X to further evaluate the platform's compliance with risk management obligations for recommender systems under the Digital Services Act (DSA). The original investigation, initiated in December 2023, is being broadened to address ongoing concerns regarding the platform's systemic risk mitigation strategies. As a designated very large online platform (VLOP), X is required to manage the potential negative impact...

Content Moderationec.europa.eu ↗
26 JAN 2026 · Other

European Commission investigation into X's compliance with obligations under Digital Services Act to carry out risk assessments and mitigate identified risks before deploying Grok's functionalities on the platform

On 26 January 2026, the European Commission opened a formal investigation into X to determine whether the company violated the Digital Services Act (DSA) during the deployment of its Grok artificial intelligence tool. The investigation focuses on whether X failed to conduct mandatory ad hoc risk assessments and mitigate systemic risks such as the dissemination of illegal content and manipulated sexually explicit images. The Commission alleges that these deployments may have serious negative c...

Content Moderationec.europa.eu ↗
22 JAN 2026 · Other

European Union Agency for Fundamental Rights' assessment of impact of EU Regulation on the dissemination of terrorist content online on fundamental rights

On 22 January 2026, the European Union Agency for Fundamental Rights (FRA) published a report on the impact of the EU Regulation on the dissemination of terrorist content online on fundamental rights. The regulation allows competent authorities to issue removal orders to social media platforms and hosting service providers (HSPs) within one hour and to require specific measures from HSPs “exposed” to terrorist content. The report highlights that the current definition of terrorist content, no...

Content Moderationfra.europa.eu ↗
21 JAN 2026 · Law / Act

User/subject rights in Digital Networks Act (2026/0013(COD))

On 21 January 2026, the European Commission adopted its proposal for the Digital Networks Act, which will be presented to the European Parliament and the Council for approval. The Act aims to simplify and harmonise rules, reinforcing competitiveness and fostering a more integrated single market. The Act would introduce provisions aimed at promoting consumer rights. Internet and voice communication service providers would be required to implement features allowing users to control expenditure ...

Consumer Protectiondigital-strategy.ec.europa.eu ↗
21 JAN 2026 · Law / Act

Quality of service requirement in Digital Networks Act (2026/0013(COD))

On 21 January 2026, the European Commission adopted its proposal for the Digital Networks Act, which will be presented to the European Parliament and the Council for approval. The Act aims to simplify and harmonise rules, reinforcing competitiveness and fostering a more integrated single market. The Act would introduce quality of service requirements for internet access and voice communications service providers by providing that all Union consumers are entitled to affordable and adequate ser...

Consumer Protectiondigital-strategy.ec.europa.eu ↗
21 JAN 2026 · Other

Data Protection Authority investigation into Microsoft over alleged violation of GDPR concerning use of tracking cookies in Microsoft 365 Education

On 21 January 2026, the Austrian Data Protection Authority upheld a complaint filed by a pupil, represented by the European Center for Digital Rights (noyb), against Microsoft regarding the use of tracking cookies in Microsoft 365 Education. The decision relates to the installation and use of non-essential cookies on the device of a minor using Microsoft 365 Education at an Austrian school. The Authority found that Microsoft had processed personal data through tracking cookies without a valid...

✓ OfficialNational Strategynoyb.eu ↗
20 JAN 2026 · Law / Act

Council Regulation on amending Council Regulation 2021/1173 as regards Artificial Intelligence gigafactories

On 20 January 2026, the Council Regulation on amending Council Regulation 2021/1173 as regards Artificial Intelligence gigafactories enters into force, one day following its publication in the Official Journal. The Council Regulation sets the framework for the activities of the EuroHPC Joint Undertaking (EuroHPC JU), as well as updates the EuroHPC JU governance structure. It aims to establish Artificial Intelligence gigafactories in Europe and establish a quantum pillar in the activities of t...

✓ OfficialConsumer Protectioneur-lex.europa.eu ↗