1. Risk Rating 
  2. AI regulation in your jurisdiction
  3. Existing Regulatory Frameworks Applicable to AI
  4. Regulatory Oversight of AI
  5. AI Guidance, Policies, and Strategic Frameworks 
  6. International AI Standards and Guidelines 
  7. Forthcoming AI Legislation 
  8. Useful links

jurisdiction

Austria
Add jurisdiction

Risk Rating 

High.

AI regulation in your jurisdiction

Austria does not have a standalone, Austria-specific AI statute. However, as an EU Member State, Austria is directly subject to the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) (“AI Act”), which constitutes the core binding AI legal framework in Austria. The AI Act establishes harmonised, risk-based rules for AI systems, including prohibitions on certain AI practices, strict obligations for high-risk AI systems, and horizontal obligations for general-purpose AI (GPAI) models.

Existing Regulatory Frameworks Applicable to AI

Although Austria has no national AI statute, AI systems are governed through a combination of the EU AI Act and existing EU legal frameworks that apply directly or via national implementation in Austria, including:

  • Data protection and fundamental rights
    • General Data Protection Regulation (GDPR), including rules on automated decision-making and profiling
    • Austrian Data Protection Act (DSG), supplementing the GDPR in certain areas
    • Law Enforcement Directive (EU) 2016/680 (as referenced by the AI Act for certain prohibited or high-risk practices)
    • EU Charter of Fundamental Rights (relevant for AI Act implementation and enforcement)
  • Product safety and liability
    • General Product Safety Regulation
    • Union harmonisation legislation listed in Annex I of the AI Act (relevant for the qualification of high-risk AI systems)
  • Cybersecurity and operational resilience
    • NIS2 Directive (as implemented in Austria)
    • Digital Operational Resilience Act (DORA) for financial institutions using AI in critical functions
  • Copyright and intellectual property
    • EU copyright framework, including text and data mining (TDM) exceptions
    • AI Act transparency and copyright-compliance obligations for GPAI providers (e.g. training data summaries)

Key sectors governed under this framework include:

  • Critical infrastructure and transport
  • Health and medical technologies (including medical devices)
  • Education and vocational training
  • Employment, recruitment, and worker management
  • Essential private and public services (including finance and insurance)
  • Biometrics and identity systems
  • Law enforcement, migration, asylum, and border control
  • Justice and democratic processes
  • Online platforms, digital services, and content moderation
  • Cross-sector deployment of general-purpose AI (GPAI)

Regulatory Oversight of AI

Supervision and enforcement in Austria operate within the EU’s dual governance structure:

  • EU level: The European AI Office, established within the European Commission, is the central authority responsible for implementation, supervision, and enforcement of the AI Act, particularly for general-purpose AI (GPAI) models. Its activities include enforcement, guidance, policy coordination, issuance of templates and codes of practice, and support for harmonised compliance across Member States.
  • National level (Austria): Austria is required to designate market surveillance authorities and notifying authorities pursuant to the AI Act. These authorities perform local oversight in coordination with the EU AI Office and other competent national bodies, including data protection authorities. At present, no specific Austrian authorities have been explicitly named or publicly designated.

Enforcement posture:

  • Prohibitions on unacceptable AI practices have applied since February 2025
  • Administrative penalties apply from August 2025
  • Fines may reach up to EUR 35,000,000 or 7% of worldwide annual turnover, with reduced caps for SMEs
  • Procedural safeguards and judicial remedies apply
  • The European Data Protection Supervisor (EDPS) remains competent for AI processing by EU institutions

AI Guidance, Policies, and Strategic Frameworks 

Austria follows EU-level soft law and implementation tools, including:

  • European Commission Guidelines on prohibited AI practices
  • Commission Guidance on the definition of an AI system
  • GPAI guidance package, including:
  • Guidelines on the scope of GPAI obligations
  • Template for public summaries of training data
  • Voluntary GPAI Code of Practice, recognised as a compliance pathway, including for models posing systemic risk
  • European Data Protection Supervisor (EDPS) Guidance on AI risk management

In addition, Austria has adopted national policy and guidance instruments, including:

These documents are non-binding but influential for interpretation, governance, and public-sector AI use in Austria.

International AI Standards and Guidelines 

Austria’s AI governance aligns with international standards through the EU framework, which both draws from and contributes to global AI norms, including:

  • OECD AI Principles
  • UNESCO Recommendation on the Ethics of Artificial Intelligence (2021)
  • Council of Europe Framework Convention on Artificial Intelligence, signed by the EU in September 2024
  • United Nations digital cooperation initiatives
  • International Telecommunication Union (ITU) technical standards relevant to AI systems

Forthcoming AI Legislation 

The AI-specific legal framework applicable to Austria is already adopted at EU level through the EU AI Act, with phased applicability pursuant to Article 113.

At national level, there are currently no plans, drafts, or public indications of a separate Austria-specific AI law.

Any future changes are expected to arise primarily from EU-level developments, including the European Commission’s proposed Digital Omnibus on AI Regulation, aimed at targeted simplification and proportionate implementation.