Our Expert in Austria
Austria’s criminal procedure framework has entered a new era. The sweeping amendments to the Austrian Code of Criminal Procedure (Strafprozessordnung, StPO) that entered into force on 1 January 2025 have reshaped how prosecutors and the European Public Prosecutor’s Office (EPPO) may seize digital evidence, compel data disclosure and coordinate cross-border investigations. For general counsel, compliance officers and corporate security leads operating in or through Austria, these criminal procedure Austria changes demand an immediate reassessment of internal investigation protocols, evidence-preservation workflows and engagement strategies with authorities. This guide translates the legislative text, EPPO statements and enforcement context into practical, company-facing steps, including checklists, comparison tables and a clear escalation framework, that legal teams can implement now.
The Austrian StPO amendments effective 1 January 2025 introduced revised rules on the seizure and forensic examination of data carriers, new court-authorisation requirements for accessing digital communications, and tighter procedural safeguards that affect both domestic prosecutors and the EPPO. The EPPO publicly flagged concerns that certain provisions constrain its investigative effectiveness in Austria, signalling that companies may face more complex, multi-channel enforcement requests.
Key takeaways for counsel:
Understanding the chronology of Austria’s criminal procedure changes is essential for determining which version of the StPO applies to a given investigation or enforcement action. The table below outlines the critical milestones that in-house teams need to track.
| Date | Legislative / Official Act | Practical Effect for Companies |
|---|---|---|
| June 2024 | EPPO public statement on proposed Austrian StPO amendments | EPPO raised early concerns about the potential impact on its investigative capacity in Austria, early signal for corporate compliance teams to monitor developments. |
| Late 2024 | Austrian Parliament (Nationalrat) passed the StPO amendment bill; published in the Federal Law Gazette (Bundesgesetzblatt) | Final legislative text confirmed, companies should begin gap-analysis of existing SOPs against new seizure and authorisation rules. |
| 1 January 2025 | Major Austrian StPO amendments entered into force (consolidated text available on RIS) | Broader rules on seizure of data carriers and amended court-authorisation requirements now apply to all pending and new investigations, immediate SOP updates required. |
| 23 January 2025 | EPPO public statement on Austrian amendments | EPPO formally flagged constraints on its investigative effectiveness, companies may see increased EPPO coordination requests or parallel proceedings. |
| 22 May 2026 | RIS law-list update / latest consolidated StPO text published by Federal Chancellery | Ensure all statutory citations reference the most current consolidated text when advising or responding to authorities. |
The criminal procedure changes Austria enacted through the StPO amendments address several interconnected areas. While the full consolidated text is available on the RIS legal database, the provisions most relevant to corporate operations fall into five categories.
Seizure and examination of data carriers. The amended StPO refines the legal basis for the seizure of electronic devices, including smartphones, laptops, servers and external storage media, and the subsequent forensic examination of their contents. Under the revised framework, the scope of permissible seizure is more precisely defined, and prosecutors must generally obtain judicial authorisation before conducting a forensic examination of seized data carriers. This represents a procedural safeguard that did not exist in the same form under the prior regime.
Court-authorisation thresholds. The amendments introduce or strengthen requirements for court orders in certain investigative steps that previously could be initiated by the prosecution service (Staatsanwaltschaft) alone. Industry observers expect this to slow the pace of some investigations but to provide companies with a clearer procedural basis for challenging overreach.
Obligations on intermediaries and service providers. Telecommunications and internet service providers operating in Austria now face adjusted disclosure obligations. The amendments clarify what metadata, content data and subscriber information can be demanded, under which procedural prerequisites, and within what timeframes.
Restrictions and safeguards. New provisions reinforce the proportionality principle in digital-evidence seizure. Authorities must demonstrate that the scope of a seizure order is proportionate to the suspected offence and that less intrusive alternatives have been considered. This is significant for companies holding large volumes of data, as it provides a statutory basis for narrowing overly broad requests.
Impact on prosecution powers Austria-wide. While the amendments restrict certain unilateral prosecutorial actions, they also codify and clarify powers in areas that were previously governed by case law or internal directives. The net effect is a more structured, but not necessarily weaker, prosecution framework.
| Area | Before Amendments | After Amendments (from 1 Jan 2025) |
|---|---|---|
| Forensic examination of seized mobile devices | Prosecutorial order often sufficient; judicial oversight varied | Judicial authorisation generally required before forensic examination of data carriers |
| Scope of data-carrier seizure | Broad seizure powers with limited statutory specificity | Seizure scope must be proportionate and specifically justified; narrowing requests is now supported by statute |
| Disclosure obligations for service providers | Framework existed but lacked granular procedural prerequisites | Clarified categories of data (metadata, content, subscriber info) with distinct authorisation thresholds |
| Proportionality safeguards | General constitutional proportionality principle applied | Explicit statutory proportionality requirement for digital-evidence measures; less-intrusive alternatives must be considered |
The EPPO has supranational competence to investigate and prosecute offences affecting the financial interests of the European Union, including fraud, corruption and money laundering involving EU funds. Austria is a participating Member State, meaning the EPPO can conduct investigations on Austrian territory using Austrian procedural law as the default framework.
The StPO amendments have direct implications for EPPO Austria operations. Because EPPO investigations in Austria must comply with the amended StPO, the new court-authorisation requirements and proportionality safeguards apply equally to EPPO-led proceedings. The EPPO has publicly stated, in press releases dated June 2024 and January 2025, that it considers certain amended provisions to impose constraints on its investigative effectiveness in Austria. The likely practical effect will be that EPPO investigations may require more judicial approvals and face additional procedural steps before digital evidence can be examined.
The EPPO’s public position creates a dual dynamic for companies. On one hand, the amended StPO provides additional procedural safeguards that companies can invoke when EPPO investigators seek access to data or premises. On the other hand, early indications suggest the EPPO may respond by issuing requests through multiple channels, combining its own investigation measures with coordination requests via Eurojust or bilateral mutual-assistance channels, to ensure that evidentiary needs are met despite the tighter Austrian framework.
For corporate counsel, this means:
The digital evidence seizure Austria framework under the amended StPO is the area of greatest operational impact for companies. Understanding who can seize what, and under which authorisation, is critical for preparing an effective response.
Under the amended StPO, authorities may physically seize a mobile device during a search if there are reasonable grounds to believe it contains evidence relevant to the investigation. However, the forensic examination of the device’s contents, extracting messages, emails, location data, application data and photographs, now generally requires a separate court order. This distinction between physical seizure and forensic examination is one of the most important criminal procedure Austria changes for companies to understand.
If authorities seize an employee’s work phone during an on-site visit, the company should immediately request confirmation of the legal basis for the seizure and note whether a court order for forensic examination has already been obtained or is pending. Any objection to the scope of the seizure should be recorded contemporaneously and communicated to counsel without delay.
Data stored in cloud environments presents jurisdictional challenges. Under the amended StPO, Austrian authorities may order Austrian-based service providers to disclose data stored on servers located outside Austria, provided the order complies with the relevant authorisation thresholds. For data held by non-Austrian providers, cross-border instruments, including the forthcoming EU e-evidence framework, may apply.
Companies using cloud services should verify where their data is physically stored, which service provider entity is the legal custodian, and whether existing contracts address law-enforcement data requests. A clear data-mapping exercise is an essential prerequisite for responding to any seizure or disclosure order.
The amended StPO places emphasis on the integrity of digital evidence. Forensic imaging, creating a bit-for-bit copy of a data carrier, must follow procedures that preserve the chain of custody. Companies should ensure that their IT security teams understand these requirements, as any break in the chain of custody may provide grounds for challenging the admissibility of evidence.
| Type of Data | Typical Authority Required | Practical Steps for Company |
|---|---|---|
| Subscriber information (name, address, account details) | Prosecutorial order (lower threshold) | Confirm identity of requesting authority; log the request; provide only the categories specified. |
| Traffic / metadata (connection logs, IP addresses, timestamps) | Court order required | Request a copy of the court order; verify scope; object if overbroad; preserve but do not disclose pending legal review. |
| Content data (emails, messages, stored files) | Court order required (higher threshold) | Immediately notify counsel; preserve data in forensically sound manner; do not alter or delete; respond only within scope of valid order. |
| Forensic examination of physical device | Court order required (post-seizure) | Document the seizure; note device identifiers; request confirmation of examination scope; assert privilege over identified materials. |
When Austrian authorities arrive to execute a search or seizure at company premises, the following steps should be taken immediately:
Austria sits at the intersection of multiple cross-border investigations Austria frameworks. Companies operating across EU borders must understand the distinct legal channels through which foreign authorities may seek evidence located in Austria, and the procedural protections each channel affords.
Mutual Legal Assistance Treaties (MLATs). Traditional MLATs require a formal request from one state to another, processed through central authorities (typically the Ministry of Justice). These requests are subject to dual-criminality requirements, proportionality review and domestic procedural safeguards. For companies, this means MLAT-based requests generally allow more time and procedural space to challenge scope.
European Investigation Orders (EIOs). Within the EU, the European Investigation Order framework provides a faster mechanism for obtaining evidence across borders. An EIO issued by a foreign authority and validated by an Austrian court can compel the same investigative measures available under domestic law, including data seizure under the amended StPO provisions.
EPPO direct measures. When the EPPO leads an investigation, it can direct its Austrian European Delegated Prosecutors to execute investigation measures under Austrian procedural law. This bypasses the traditional MLAT channel entirely, though the amended StPO safeguards still apply.
Companies facing cross-border investigations Austria must establish a coordination protocol between Austrian counsel, foreign counsel and the internal IT function. Key elements include:
The amended StPO requires companies conducting corporate investigations Austria to revisit their standard operating procedures for internal investigations, evidence preservation and privilege management.
Austrian law recognises legal professional privilege (Verschwiegenheitspflicht) for communications between a client and their admitted legal counsel (Rechtsanwalt). However, the scope of this privilege in the context of internal investigations is narrower than in many common-law jurisdictions. Documents created by in-house lawyers who are not admitted to the Austrian bar, or materials prepared by external consultants (accountants, forensic IT specialists), are generally not protected from seizure. Companies should structure their internal investigation protocols to ensure that genuinely privileged communications are clearly identified, separated and stored in a manner that facilitates a privilege assertion if seizure occurs.
Austrian law does not impose a general obligation on companies to self-report criminal conduct, though sector-specific obligations (e.g., anti-money-laundering reporting duties) may apply. The decision whether and when to make a voluntary disclosure is strategic and should be made in consultation with experienced criminal-defence counsel. Early engagement with prosecutors can, in some circumstances, result in more favourable treatment, but premature disclosure carries significant risks, including loss of control over the investigation narrative.
The following evidence preservation checklist should be implemented as soon as a company becomes aware of a potential investigation or receives any form of notice from authorities:
How a company engages with Austrian prosecutors or the EPPO in the early stages of an investigation can shape the entire trajectory of the proceedings. Strategic engagement is not the same as passive compliance, it requires a considered approach to communication, scope negotiation and remediation.
Effective response to criminal investigations requires preparation before the investigation begins. Companies operating in Austria should maintain the following tools in a readily accessible, regularly updated format:
To obtain these templates or discuss their adaptation to your company’s specific structure, contact a qualified Austrian criminal-defence practitioner through the Global Law Experts lawyer directory.
The Austrian StPO amendments represent one of the most significant criminal procedure Austria reforms in recent years. For companies and their advisors, the message is clear: the procedural landscape has shifted, and passive reliance on pre-2025 protocols creates unacceptable risk. The following six steps should be prioritised:
This article was produced by Global Law Experts. For specialist advice on this topic, contact Nikolaus Sauerschnig at Gheneff – Rami – Sommer – Sauerschnig Rechtsanwälte GmbH & Co KG, a member of the Global Law Experts network.
posted 23 minutes ago
posted 34 minutes ago
posted 38 minutes ago
posted 58 minutes ago
posted 2 hours ago
posted 3 hours ago
posted 5 hours ago
posted 6 hours ago
posted 6 hours ago
posted 7 hours ago
posted 7 hours ago
posted 7 hours ago
No results available
Find the right Advisory Expert for your business
Sign up for the latest advisor briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisors, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message