Austria • VASP registration • MiCA transition

Austria | Crypto License & MiCA Transition

Full country note • Based on FMA framework • Styled for CryptoWisely

Regulatory Overview

Austria is a highly reputable EU jurisdiction for regulated financial activity and fintech innovation (notably home to Bitpanda). Crypto businesses have operated under an AML-driven supervision model based on Austria’s implementation of the EU AML framework (incl. 5AMLD), primarily through the Financial Markets Anti-Money Laundering Act (FM-GwG).

The Financial Market Authority (FMA) is the competent supervisor for registered crypto service providers under the national regime and is aligning supervisory expectations with the EU-wide MiCA framework. Crypto assets are not legal tender in Austria.

Licensing Framework

To operate legally under the pre-MiCA national model, crypto firms typically register as a Virtual Currency Service Provider with the FMA (scope depending on the specific services offered). Common covered activities include:

  • Custody and wallet services (holding or transferring crypto for clients)
  • Exchange of crypto–fiat and/or crypto–crypto (depending on the business model)
  • Transmission/transfer services
  • Crypto-related services connected to issuance/offerings (as applicable)

Operational reality: Even where no explicit minimum share capital applies under the AML registration approach, Austria is documentation-heavy and expects robust governance, AML/CFT controls, and fit-and-proper management. In practice, bankability and local substance can be key gating items.

Process & Timeline (Typical)

  • 1) Documentation pack (≈ 1–3 weeks): UBO/KYC, CVs, clean criminal records, policies, risk assessment, onboarding and monitoring procedures.
  • 2) Company setup (≈ 1–4 weeks): Form an Austrian entity (commonly GmbH) and establish governance and local address/substance as required.
  • 3) Regulatory filing & review (often 6–12 months): Submission to FMA, completeness and substantive review, clarification cycles (RFI), and fit-and-proper checks.
  • 4) Banking & operational onboarding (≈ 1–3 months): Corporate account(s), payment rails, KYB completion, and safeguarding setup.

Additional Regulatory Aspects (MiCA Alignment)

  • Stablecoins under MiCA: MiCA distinguishes:
    • Asset-Referenced Tokens (ART): referencing multiple assets
    • E-Money Tokens (EMT): referencing a single fiat currency
  • Issuance vs services: ART/EMT issuance and “issuer obligations” are separate from CASP authorization and may require additional approvals and ongoing requirements.
  • Security tokens: May fall under MiFID II / securities laws (prospectus, licensing, market rules) depending on structure.
  • Staking / yield products: Classification can trigger additional financial regulation depending on how returns are generated and marketed.
  • Derivatives: Typically regulated under MiFID II / national capital markets rules.

Taxation (High-level)

  • Corporate income tax: 23% (from 2024 onward)
  • Dividends / withholding: depends on recipient type and treaty position (often cited 27.5% for individuals under certain conditions)
  • Capital gains: generally taxable upon realization (fact pattern-dependent)
  • Note: Always validate treatment for token inventory, staking yield, and cross-border tax residency with specialists.

Ongoing Obligations

  • Maintain full AML/CFT and KYC systems aligned with FM-GwG expectations
  • Continuous customer due diligence, sanctions/PEP screening, monitoring, and STR processes
  • Documented governance (roles, controls, escalation, and training)
  • Periodic internal reviews/audits as required by risk profile and supervisory expectations

Sanctions & Enforcement (Conceptual)

Enforcement outcomes depend on the breach type (AML failures, governance gaps, unregistered activity, misleading marketing). Penalties can include administrative fines, remediation orders, restrictions, and—when severe—personal liability for management.

MiCA Integration

MiCA introduces a harmonized EU regime for CASPs with passporting across member states, higher baseline governance/ICT/safeguarding expectations, and clearer rules for token issuance categories. Austria’s supervisory approach is expected to remain institutional-grade under MiCA—strong on documentation quality, governance clarity, and bankability readiness.

CryptoWisely.io Comment

Austria is a prestigious, institution-first jurisdiction in the EU — not always the fastest, but consistently aligned with bank-grade compliance standards.

Best suited for: Well-prepared exchanges, custody providers, and institutional-facing platforms prioritizing credibility and long-term EU stability.
Trade-off: Longer review cycles and stricter AML scrutiny compared to some faster EU entry points.

CryptoWisely insight: Treat Austria as a premium compliance market. Win by shipping a “production-ready” AML/ICT/safeguarding package before filing — not a draft.

Disclaimer: Informational only and not legal/tax advice. Always verify the latest FMA publications and EU MiCA implementation guidance before proceeding.