Licentium

AI Regulation Hub

Austria

Austria is regulated by the EU AI Act (Regulation (EU) 2024/1689). The national AI policy is built on Artificial Intelligence Mission Austria 2030 (AIM AT 2030), and Austria has created an AI Service Desk at RTR as a contact point supporting implementation of the European AI Act.

Key provisions

EU AI Act — direct application

In force

EU AI Act applies directly in Austria. AI systems must be classified as prohibited, high-risk, transparency-risk, GPAI or lower-risk AI, with corresponding obligations for providers, deployers, importers and distributors.

High-risk AI obligations

In force

Providers of high-risk AI must implement risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy, robustness, cybersecurity, conformity assessment and post-market monitoring. Deployers must use systems according to instructions, supervise them and keep logs where required.

AIM AT 2030 — national AI strategy

In force

Artificial Intelligence Mission Austria 2030 sets three central objectives: broad use of AI for the common good in line with fundamental rights and European values, positioning Austria as a research and innovation location for AI, and securing Austria's competitiveness as a technology and business location.

AI Service Desk at RTR

In force

Contact point and information hub for the general public on AI, supporting implementation of the European AI Act and providing information on the AI regulatory framework, cybersecurity, data economy and AI use in the media sector.

Detailed overview

Austria is regulated by the EU AI Act, Regulation (EU) 2024/1689. The EU AI Act applies directly in Austria and regulates AI through a risk-based framework. AI systems must first be classified as prohibited, high-risk, transparency-risk, general-purpose AI or lower-risk AI. Prohibited AI practices are banned. High-risk AI systems are allowed, but only if strict compliance duties are met.

A high-risk AI system under the EU AI Act includes AI used in sensitive areas such as employment, education, access to essential services, credit scoring, insurance risk assessment, biometric identification, critical infrastructure, law enforcement, migration, border control and administration of justice. Providers of high-risk AI must implement risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy, robustness, cybersecurity, conformity assessment and post-market monitoring. Deployers must use the system according to instructions, supervise it, keep logs where required and ensure appropriate human oversight.

Austria's national AI policy is based on Artificial Intelligence Mission Austria 2030, also known as AIM AT 2030. The Austrian Government states that the strategy has three central objectives: broad use of AI for the common good in line with fundamental rights and European values, positioning Austria as a research and innovation location for AI, and securing Austria's competitiveness as a technology and business location. The strategy also addresses trustworthy AI, data protection, equality rights and non-discrimination.

Austria has also created an AI Service Desk at RTR. The Service Desk is a point of contact and information hub for the general public on AI and supports implementation of the European AI Act. It provides information on the AI regulatory framework, cybersecurity, data economy and AI use in the media sector.

AI systems in Austria may also be subject to GDPR, Austrian data-protection rules, employment law, consumer law, financial regulation, healthcare regulation, product-safety rules and sector-specific supervision. This is especially relevant where AI processes personal data, makes or supports decisions about individuals, is used in regulated services, or affects safety and fundamental rights.

Penalties for EU AI Act breaches follow the EU framework. Breaches of prohibited AI rules may be fined up to EUR 35 million or 7% of worldwide annual turnover. Breaches of many other AI Act obligations may be fined up to EUR 15 million or 3% of worldwide annual turnover. Supplying incorrect, incomplete or misleading information to authorities may be fined up to EUR 7.5 million or 1% of worldwide annual turnover.

Practical requirements & details

Sourced from Regulation (EU) 2024/1689 (the EU AI Act) and Artificial Intelligence Mission Austria 2030 (AIM AT 2030).

EU AI Act risk classification

  • Prohibited AI — banned outright.
  • High-risk AI — allowed only with strict compliance duties.
  • Transparency-risk AI — disclosure obligations (e.g. chatbots, deepfakes).
  • GPAI models — technical documentation, transparency and copyright-policy duties.

High-risk areas

  • Employment, education, access to essential services, credit scoring, insurance risk assessment, biometric identification, critical infrastructure, law enforcement, migration, border control and administration of justice.

Provider duties

  • Risk management, data governance, technical documentation, logging, transparency, human oversight, accuracy, robustness, cybersecurity, conformity assessment and post-market monitoring.

Deployer duties

  • Use the system according to instructions, supervise it, keep logs where required and ensure appropriate human oversight.

AIM AT 2030 — national strategy

  • Broad use of AI for the common good in line with fundamental rights and European values.
  • Positioning Austria as a research and innovation location for AI.
  • Securing Austria's competitiveness as a technology and business location.

AI Service Desk at RTR

  • Contact point and information hub on AI for the general public.
  • Supports implementation of the European AI Act.
  • Provides information on the AI regulatory framework, cybersecurity, data economy and AI use in the media sector.
  • GDPR, Austrian data-protection rules, employment law, consumer law, financial regulation, healthcare regulation, product-safety rules and sector-specific supervision.

Penalties

  • EUR 35 million or 7% of worldwide annual turnover — breaches of prohibited AI rules.
  • EUR 15 million or 3% of worldwide annual turnover — breaches of many other AI Act operator obligations.
  • EUR 7.5 million or 1% of worldwide annual turnover — supplying incorrect, incomplete or misleading information to authorities.

See also the European Union entry, which covers the EU AI Act (Regulation (EU) 2024/1689) — the substantive framework that this jurisdiction implements and supervises domestically.

European Union — EU AI Act

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started