Austrian MiCA-Verordnung-Vollzugsgesetz
(MiCA-VVG)
The Austrian MiCA-Verordnung-Vollzugsgesetz (MiCA-VVG) is the federal act that activates the EU Markets in Crypto-Assets Regulation for Austria: it appoints the FMA as the single national supervisor, equips it with far-reaching investigatory, product-intervention and enforcement powers, and imposes licence, disclosure, prudential and conduct requirements on all crypto-asset issuers and service providers, backed by sanctions that can reach up to €700 000 or double the illicit gain. Start-ups already registered as virtual-asset service providers may keep operating only until 31 December 2025—or until their MiCA authorisation is granted or refused—after which full compliance with the new regime, including ongoing supervisory fees, becomes mandatory.
Financial Market Authority (FMA) as Competent Authority: The MiCA-VVG designates Austria’s Finanzmarktaufsichtsbehörde (FMA) as the national competent authority under the EU Markets in Crypto-Assets Regulation (MiCA). The FMA is empowered to carry out all tasks and powers assigned to competent authorities by MiCA, and it must supervise compliance with MiCA, this implementing act, and any related EU delegated or implementing acts. The FMA is required to consider European supervisory convergence: it should apply guidelines and recommendations issued by the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) in the MiCA domain, unless there is a justified reason (particularly a conflict with Austrian law) to diverge.
Role of Oesterreichische Nationalbank (OeNB): The OeNB (Austria’s central bank) cooperates with the FMA in specific areas. When supervising issuers of asset-referenced tokens or e-money tokens that are credit institutions or e-money institutions, the FMA and OeNB work closely together. Certain provisions of banking law are applied mutatis mutandis to define this cooperation. For issuers of asset-referenced tokens that are not banks or e-money institutions, the law likewise provides for OeNB involvement under adapted Banking Act rules. The OeNB’s separate mandate in overseeing payment systems remains unaffected.
FMA and OeNB may only exercise powers under MiCA to the extent such powers are not reserved to the European Central Bank (e.g. in its role supervising significant banks).
Crypto-Asset Whitepapers
MiCA requires that before offering crypto-assets to the public (or seeking their admission on a trading platform), the issuer must prepare a whitepaper that meets detailed content and form requirements. The MiCA-VVG enforces these obligations. Founders launching a token (other than stablecoins) must ensure their whitepaper contains all required information (as per MiCA Art. 6), follows the prescribed format, and is submitted to the FMA. Offering crypto-assets to the public without a compliant whitepaper is prohibited and punishable.
Likewise, seeking to list a token on an exchange without a whitepaper is not allowed. The FMA can direct issuers or applicants to revise their whitepapers if they are missing required disclosures. It may even require additional information to be included beyond the minimum, if necessary to protect financial stability or investors’ interests.
Once published, the whitepaper (and a summary, if applicable) must be made available to the public in a timely manner and kept accessible. The act makes it an offense to violate the obligations to publish or maintain availability of the whitepaper and related marketing materials (MiCA Art. 9, Art. 28 for stablecoins).
Issuers are also obliged to publish the results of their token offering (e.g. the amount raised and tokens sold) and the number of tokens in circulation after the offering, within set time frames (MiCA Art. 10).
If any material changes occur or mistakes are discovered, the issuer must amend the whitepaper and possibly grant investors a withdrawal right. The act enforces MiCA Art. 12, which requires notifying investors of significant changes and, for retail investors, providing a right to withdraw their commitment within a certain period. Not honoring the retail withdrawal right or not updating the whitepaper as required is an offense.
Marketing Communications
All marketing communications about a crypto-asset offering or a token’s trading admission must be fair, clear, and not misleading, and consistent with the information in the whitepaper (MiCA Art. 7 for regular tokens, Art. 29 for asset-referenced tokens, Art. 53 for e-money tokens). They also must include required disclaimers (for example, a notice that the whitepaper is not an approved prospectus). The FMA can demand changes to marketing materials that do not meet MiCA’s standards. It is an administrative offense to violate the marketing communication rules – e.g. by omitting risk warnings or making misleading statements in advertisements. The FMA has power to suspend or ban marketing communications in cases of suspected violations. It may order a provider or issuer to halt all marketing for up to 30 days if there is a credible suspicion of non-compliance.
In practice, if a startup’s promotional campaign is found to be deceptive or not in line with its whitepaper, the FMA can stop the campaign and require corrections before it resumes.
Retail Investor Protections
MiCA introduces some investor protection measures which the FMA will enforce. Notably, retail purchasers have a cooling-off right for certain token offerings: retail investors can withdraw their subscription within 14 days if the token is not yet delivered (MiCA Art. 13). Issuers must inform investors of this right, and failing to provide or honor it is punishable.
Another requirement (MiCA Art. 10(3)) is that issuers implement adequate IT security and operational policies for the public offering process. The act lists non-compliance with required security arrangements as an offense. This implies startups must ensure the integrity and cybersecurity of token sale infrastructure (to protect investor funds and data).
Crypto-asset service providers – such as exchanges, trading platforms, custodians, brokers, advisors, etc. – are subject to authorization requirements and ongoing compliance duties under MiCA, which the MiCA-VVG enforces nationally. Key obligations include:
Authorization (Licensing)
Anyone providing crypto-asset services in Austria must be authorized (licensed) under MiCA, unless they fall under a specific exemption. Operating without a license is illegal. The act makes it a punishable offense to offer crypto-asset services without the requisite MiCA authorization (MiCA Art. 59). Exchanges or custodial wallet services must obtain an FMA license and meet all licensing conditions (capital, competence, etc.).
Prudential Safeguards
CASPs must maintain certain financial safeguards. MiCA requires either minimum own funds or professional indemnity insurance (or a combination) to cover risks (Art. 67). They must also ensure the secure custody of client assets (Art. 70) – for example, by segregating customer crypto holdings and fiat funds from the firm’s own assets and by implementing robust cybersecurity for wallets. The act enforces these by penalizing breaches of prudential and custodial requirements.
Business Conduct Rules
CASPs are obliged to act honestly, fairly, and professionally in the best interest of their clients (MiCA Art. 66). This overarching duty is enforceable, and any breach (e.g., mis-selling tokens to unsuitable customers) can lead to fines. They must also avoid, manage, and disclose conflicts of interest (Art. 72) – for instance, a trading platform must have policies to handle conflicts if it trades on its own platform or issues its own token.
Organizational and Governance Requirements
MiCA mandates that CASPs have sound governance (Art. 68), including a clear organizational structure, fit and proper management, and internal control mechanisms. Changes in the management (such as new directors) must be notified to the FMA (Art. 69).
Providers must also establish complaint handling procedures for clients (Art. 71); ignoring this (not handling client complaints appropriately) can result in penalties. Additionally, if a CASP outsources critical functions, it remains responsible and must meet MiCA’s outsourcing rules (Art. 73) to ensure the third party also upholds standards.
Specific Service Requirements
Depending on the type of service, there are tailored obligations:
Trading Platforms: Platforms facilitating crypto trading must operate fairly and transparently (Art. 76). They have duties akin to an exchange, such as rules against insider trading on their venue and managing trading halts.
Brokerage and Dealing: Those conducting exchange of crypto against fiat or other crypto (Art. 77), execution of client orders (Art. 78), placing of crypto-assets (underwriting, Art. 79), or receiving & transmitting orders (Art. 80) must execute these services diligently and in clients’ best interests. For example, an exchange service must give fair rates, and a broker must seek the best execution of orders.
Advisory and Portfolio Management: Providers giving investment advice on crypto-assets or managing crypto portfolios for clients must ensure their staff have appropriate qualifications (knowledge and competence per Art. 81) and follow the duty of care to clients.
Custodial Services: CASPs providing custody or administration of crypto-assets for clients have stringent safekeeping obligations (Art. 75). They must keep custody systems resilient and are liable for loss or hacking of client assets if due to lack of proper safeguards.
Crypto Transfers: Firms offering crypto transfer services (moving crypto on behalf of clients, Art. 82) must execute transfers reliably and may need to comply with anti-money-laundering-related rules on fund transfers (“travel rule” data).
Cross-Border Operations: A CASP authorized in Austria can passport services across the EU but must notify the FMA and comply with cross-border provision rules (Art. 65). Conversely, a foreign CASP entering Austria under MiCA must follow notification procedures.
Acquisition of Qualifying Holdings: If a person or entity intends to acquire a significant stake in a CASP (e.g. >10% ownership or similar thresholds set in MiCA Art. 83), they must notify the FMA in advance and obtain no objection. Similarly, CASPs must inform FMA of changes in control.
Asset-Referenced Tokens (ART) – often understood as “stablecoins” referencing baskets of assets or commodities – are regulated under MiCA. An issuer of an ART must obtain prior authorization from the FMA (unless it is a credit institution using a streamlined process). Offering or admitting to trading an asset-referenced token without authorization is illegal. Even a credit institution issuing an ART must comply with additional requirements in MiCA Art. 17. Once authorized, an ART issuer has a host of ongoing obligations, which the MiCA-VVG enforces with penalties for non-compliance:
Whitepaper and Disclosure: The issuer must publish a whitepaper meeting the content and form requirements of MiCA Art. 19, similar to other tokens but with extra details (e.g. description of the reference assets, stabilization mechanism, governance, and rights of token holders). Non-compliance with ART whitepaper standards or failure to update the document is subject to fines. Any material changes to a published ART whitepaper must be notified and published (Art. 25).
Reserve and Custody: A core obligation is to maintain a reserve of assets that fully backs the token’s value (MiCA Art. 36). The reserve’s composition, quality, and management are regulated. The issuer must safeguard the reserve – usually by entrusting it to a custody or keeping it in segregated accounts – as per MiCA Art. 37. They also face restrictions on how the reserve can be invested (Art. 38 limits to low-risk investments). The MiCA-VVG makes it punishable to violate any of these requirements on maintaining, custodial holding, or investing the reserve.
Redemption Rights: Holders of asset-referenced tokens are typically entitled to redeem tokens for their underlying value (per MiCA Art. 39). Issuers must honor redemption requests under the conditions specified. The issuer should have clear policies for how holders can redeem tokens and must abide by them.
Prohibition on Interest: To distinguish stablecoins from bank deposits, MiCA forbids issuers from granting interest to token holders (Art. 40(1)). Likewise, crypto service providers are forbidden from offering interest on asset-referenced tokens (Art. 40(2)) – meaning no “yield” or dividends can be paid simply for holding the stablecoin.
Market Cap and Use Restrictions: MiCA imposes measures if an ART is used as a de facto currency. Art. 23 sets limits on the volume of ART in circulation when used as a means of exchange, to protect monetary stability (there are caps unless designated a “significant” token with extra oversight). The FMA has power to require an ART issuer to cap the issuance volume or set a minimum denomination for the token to curb retail use, if needed.
Own Funds and Governance: Issuers must have sufficient own funds (capital) as a buffer (Art. 35) – typically a percentage of reserve or other formula. They also must implement sound governance arrangements (Art. 34) and manage conflicts of interest (Art. 32). The law provides that breaching capital requirements or governance rules is punishable. Issuers must inform the FMA of changes in their management (Art. 33), maintain an effective complaint handling system for token holders (Art. 31), and avoid conflicts (like an issuer shouldn’t invest its reserve in a company it owns unless at market terms, etc.)Recovery and Orderly Wind-Down: ART issuers must devise a recovery plan (Art. 46) for how to stabilize or wind down the token in distress, and a redemption plan (Art. 47) to manage orderly redemption if it ceases.
Acquisition Notification: Similar to CASPs, if someone acquires a major stake in an ART issuer, MiCA (Art. 41–42) requires notification and potentially approval.E-Money Tokens (EMT) are crypto-assets that purport to maintain a stable value by referencing a single official currency (e.g. a euro stablecoin). They are treated similarly to electronic money under MiCA. In fact, only licensed credit institutions or electronic money institutions can issue e-money tokens, ensuring such tokens are issued within the existing banking/e-money regulatory perimeter. The MiCA-VVG reinforces that an unauthorized issuance of an e-money token or offering it without approval is prohibited. Issuers must either be a bank or obtain an e-money institution license in addition to complying with MiCA’s requirements for EMTs. Key obligations specific to e-money token issuers include:
Whitepaper and Authorization: An EMT issuer must draft a whitepaper with content per MiCA Art. 51 and notify it to the FMA (and receive approval if required) before issuance.
Redeemability: E-money tokens must be redeemable at par value at any time by holders (MiCA Art. 49, reflecting E-Money Directive principles). An issuer is obliged to redeem tokens in fiat (e.g. 1 token for €1) on request.
Prohibition on Interest: Similar to ARTs, no interest can be given on e-money tokens (MiCA Art. 50). Neither issuers nor service providers can reward holders with interest or any equivalent benefit for holding the tokens. The act penalizes offering interest on EMT holdings or related services.
Reserve Management: The funds received in exchange for e-money tokens must be invested in secure, low-risk assets per MiCA Art. 54 (basically the same rule as under the E-Money Directive – typically 100% in highly liquid assets). Any violation of rules on investing the reserve funds for EMT is sanctionable. The issuer must safeguard these funds (often by deposit in a central bank or insured bank accounts) and not use them for other purposes.
Marketing and Disclosure: Marketing communications for EMTs must meet the standards of Art. 53 – clear and not misleading. Violations (e.g. over-promising stability or not disclosing that the token is not government guaranteed) are subject to fines. The EMT whitepaper must be kept up to date; changes require public communication (Art. 51(11) allows technical standards on this). The law enforces technical standards for EMT whitepapers and any updates.
Governance and Safeguards: Many obligations mirror those for ART issuers. EMT issuers must have proper governance (similar to Art. 34) and manage conflicts (Art. 32), notify management changes (Art. 33), etc., as applicable. They also must create a recovery and redemption plan (Art. 55) for how they’d handle a crisis or wind-down (for instance, if the issuer goes insolvent, how will token holders be repaid). Breaching the requirement to have such plans is an offense. If an EMT is deemed significant (large user base or value in circulation), it triggers additional oversight akin to significant ARTs, and the FMA will enforce those heightened standards in coordination with EBA.
E-money token issuers, being typically already under financial regulation, face not only MiCA penalties but also the possibility of supervisory actions under banking/e-money laws. The MiCA-VVG ensures coordination: for example, the OeNB works with FMA when the issuer is a bank, and the issuer’s obligations under the national E-Money Act (such as safeguarding requirements) remain in force.
The MiCA-VVG sets out certain procedural requirements to support the supervisory regime:
Periodic Reporting to FMA
Crypto-asset service providers and issuers of ARTs and EMTs must periodically report business information to the FMA. Specifically, after each calendar half-year, they must submit updates of their basic corporate data (“Stammdaten”) as defined by FMA regulation. This includes information like the company’s name, address, directors, and (for issuers) possibly the status of token issuance. Any change in these core data (for example, change of address or ownership) must be reported without delay. Additionally, they must report other operational data quarterly (after each quarter) as specified by FMA. The exact content, format, and frequency of these reports will be set in an FMA ordinance, aligned with EU technical standards and the needs of ongoing supervision. The law indicates that FMA will avoid duplicate reporting by considering data it already has under other laws and may allow combined reporting via the OeNB for certain items. One annual data point explicitly required is the number of employees – firms must report their staff headcount at year-end (by January 31) each year. Issuers of stablecoins have additional reporting duties under MiCA Art. 22, such as regular reports on the reserve assets and token amounts.
Inside Information Reporting
As noted, if an issuer or CASP delays disclosure of insider information under MiCA’s allowances (Art. 88(2)), they must inform the FMA immediately after eventually disclosing it and provide an explanation for the delay. T
Appeals (Rechtsmittel)Decisions and orders issued by the FMA under MiCA and the MiCA-VVG can be appealed through Austria’s administrative legal system. The FMA’s decisions must be properly reasoned in writing, as required by general administrative procedure laws. If a firm or individual disagrees with an FMA decision (e.g. a sanction or a license refusal), they have the right to file a complaint (Beschwerde) to the Federal Administrative Court (Bundesverwaltungsgericht). The Administrative Court will review the decision’s legality and merits. Furthermore, if the FMA unduly delays taking a decision on an application (for instance, an application for a license or an exemption) for more than six months despite having all necessary information, the applicant can file a “Säumnisbeschwerde” (complaint for inaction) to the court.
Appeals do not automatically suspend the FMA’s decision, but one can request suspensive effect from the court. The law requires that if an appeal is lodged against a sanction decision that was published, the FMA must update the public notice to mention the appeal and later its outcome. If the court grants a stay (suspensive effect) on the sanction, the FMA also publishes that fact. And if the appeal succeeds (the decision is overturned), the FMA must correct or remove the original public notice of sanction.
Crypto providers that were already registered under existing national law prior to MiCA’s application can continue their activities temporarily. In Austria, this refers to providers registered as “Dienstleister in Bezug auf virtuelle Währungen” under the Financial Market Anti-Money Laundering Act (FM-GwG). The act specifies that firms registered before 30 December 2024 may continue their crypto-asset services until 31 December 2025, or until they obtain or are refused a MiCA license under Article 63, whichever comes first.
Article 63 MiCA sets out the process for existing providers to apply for authorization within a certain time after MiCA comes into force. This means a startup that is already legally operating a crypto service in 2024 will not have to stop on the day MiCA becomes effective. They have up to one year grace period (2025) to get a MiCA license.
However, they must apply in a timely manner – if the FMA grants them a license or denies it before end of 2025, that decision’s date will cut short the transitional period. Founders should note that during this interim period, even though they can operate, they will be expected to prepare for full MiCA compliance. Also, if a provider does not apply by the deadline, or their application is still pending as of 31 Dec 2025, they would have to stop services on 1 January 2026 until they receive authorization.
There is no explicit transitional provision in the act for existing token issuers because MiCA’s main transitional relief is for service providers. Issuers of asset-referenced tokens or e-money tokens will generally need authorization before launching, since those parts of MiCA apply shortly after the regulation enters into force (for e-money tokens and significant stablecoins, MiCA applies from June 2024, and for other crypto-assets and CASPs from December 2024).
Behind Licentium
Our Edge
Licentium is a specialized platform that connects crypto-asset issuers and service providers with an international network of lawyers, regulatory consultants, and former supervisors. Projects can map applicable rules in key jurisdictions through a single interface, obtain jurisdiction-specific launch advice, arrange the drafting of white papers and licensing applications, and schedule ongoing compliance health-checks. The platform’s curated expert pool spans financial services, data protection, and corporate law, enabling founders to address cross-border requirements—from MiCA in the EU to securities, AML, and consumer-protection regimes elsewhere—within coherent project timelines and budgets.
