[codicts-css-switcher id=”346″]

Global Law Experts Logo
criminal procedure austria

Austria's Criminal Procedure Amendments 2025–26: What Companies & Counsel Must Know

By Global Law Experts
– posted 2 hours ago

Austria’s criminal procedure framework has entered a new era. The sweeping amendments to the Austrian Code of Criminal Procedure (Strafprozessordnung, StPO) that entered into force on 1 January 2025 have reshaped how prosecutors and the European Public Prosecutor’s Office (EPPO) may seize digital evidence, compel data disclosure and coordinate cross-border investigations. For general counsel, compliance officers and corporate security leads operating in or through Austria, these criminal procedure Austria changes demand an immediate reassessment of internal investigation protocols, evidence-preservation workflows and engagement strategies with authorities. This guide translates the legislative text, EPPO statements and enforcement context into practical, company-facing steps, including checklists, comparison tables and a clear escalation framework, that legal teams can implement now.

Executive Summary: What Changed and What Companies Must Do Now

The Austrian StPO amendments effective 1 January 2025 introduced revised rules on the seizure and forensic examination of data carriers, new court-authorisation requirements for accessing digital communications, and tighter procedural safeguards that affect both domestic prosecutors and the EPPO. The EPPO publicly flagged concerns that certain provisions constrain its investigative effectiveness in Austria, signalling that companies may face more complex, multi-channel enforcement requests.

Key takeaways for counsel:

  • Update evidence-preservation SOPs immediately. The amended rules on data-carrier seizure change what authorities can demand and how quickly, your internal legal-hold procedures must reflect the new statutory framework.
  • Review digital-evidence handling. Court authorisation requirements for mobile-device and cloud-data access have been amended. Companies must know which orders require judicial approval and which can be executed by prosecutors directly.
  • Prepare for EPPO-specific requests. The EPPO operates with supranational jurisdiction and may issue investigation measures that run parallel to domestic proceedings. Establish a single point of contact for EPPO-related requests.
  • Reassess privilege protocols. Internal investigation materials are not automatically shielded from seizure. Legal-privilege boundaries under Austrian law require careful documentation and separation of legal-advice communications from operational files.
  • Coordinate cross-border IT and legal teams. Amended mutual-assistance and EPPO coordination mechanisms mean foreign counsel must be briefed on Austrian-specific requirements before any data is transferred or disclosed.
  • Document every interaction. From the moment authorities arrive at your premises, a contemporaneous log of all interactions, requests and responses is essential for protecting the company’s rights and challenging unlawful measures.

Rapid Timeline: Key Legislative and Enforcement Dates (2024–2026)

Understanding the chronology of Austria’s criminal procedure changes is essential for determining which version of the StPO applies to a given investigation or enforcement action. The table below outlines the critical milestones that in-house teams need to track.

Date Legislative / Official Act Practical Effect for Companies
June 2024 EPPO public statement on proposed Austrian StPO amendments EPPO raised early concerns about the potential impact on its investigative capacity in Austria, early signal for corporate compliance teams to monitor developments.
Late 2024 Austrian Parliament (Nationalrat) passed the StPO amendment bill; published in the Federal Law Gazette (Bundesgesetzblatt) Final legislative text confirmed, companies should begin gap-analysis of existing SOPs against new seizure and authorisation rules.
1 January 2025 Major Austrian StPO amendments entered into force (consolidated text available on RIS) Broader rules on seizure of data carriers and amended court-authorisation requirements now apply to all pending and new investigations, immediate SOP updates required.
23 January 2025 EPPO public statement on Austrian amendments EPPO formally flagged constraints on its investigative effectiveness, companies may see increased EPPO coordination requests or parallel proceedings.
22 May 2026 RIS law-list update / latest consolidated StPO text published by Federal Chancellery Ensure all statutory citations reference the most current consolidated text when advising or responding to authorities.

What the Austrian StPO Amendments Actually Changed

The criminal procedure changes Austria enacted through the StPO amendments address several interconnected areas. While the full consolidated text is available on the RIS legal database, the provisions most relevant to corporate operations fall into five categories.

Overview of Key Statutory Changes

Seizure and examination of data carriers. The amended StPO refines the legal basis for the seizure of electronic devices, including smartphones, laptops, servers and external storage media, and the subsequent forensic examination of their contents. Under the revised framework, the scope of permissible seizure is more precisely defined, and prosecutors must generally obtain judicial authorisation before conducting a forensic examination of seized data carriers. This represents a procedural safeguard that did not exist in the same form under the prior regime.

Court-authorisation thresholds. The amendments introduce or strengthen requirements for court orders in certain investigative steps that previously could be initiated by the prosecution service (Staatsanwaltschaft) alone. Industry observers expect this to slow the pace of some investigations but to provide companies with a clearer procedural basis for challenging overreach.

Obligations on intermediaries and service providers. Telecommunications and internet service providers operating in Austria now face adjusted disclosure obligations. The amendments clarify what metadata, content data and subscriber information can be demanded, under which procedural prerequisites, and within what timeframes.

Restrictions and safeguards. New provisions reinforce the proportionality principle in digital-evidence seizure. Authorities must demonstrate that the scope of a seizure order is proportionate to the suspected offence and that less intrusive alternatives have been considered. This is significant for companies holding large volumes of data, as it provides a statutory basis for narrowing overly broad requests.

Impact on prosecution powers Austria-wide. While the amendments restrict certain unilateral prosecutorial actions, they also codify and clarify powers in areas that were previously governed by case law or internal directives. The net effect is a more structured, but not necessarily weaker, prosecution framework.

Area Before Amendments After Amendments (from 1 Jan 2025)
Forensic examination of seized mobile devices Prosecutorial order often sufficient; judicial oversight varied Judicial authorisation generally required before forensic examination of data carriers
Scope of data-carrier seizure Broad seizure powers with limited statutory specificity Seizure scope must be proportionate and specifically justified; narrowing requests is now supported by statute
Disclosure obligations for service providers Framework existed but lacked granular procedural prerequisites Clarified categories of data (metadata, content, subscriber info) with distinct authorisation thresholds
Proportionality safeguards General constitutional proportionality principle applied Explicit statutory proportionality requirement for digital-evidence measures; less-intrusive alternatives must be considered

EPPO in Austria After the Amendments: Jurisdictional and Operational Impact

The EPPO has supranational competence to investigate and prosecute offences affecting the financial interests of the European Union, including fraud, corruption and money laundering involving EU funds. Austria is a participating Member State, meaning the EPPO can conduct investigations on Austrian territory using Austrian procedural law as the default framework.

The StPO amendments have direct implications for EPPO Austria operations. Because EPPO investigations in Austria must comply with the amended StPO, the new court-authorisation requirements and proportionality safeguards apply equally to EPPO-led proceedings. The EPPO has publicly stated, in press releases dated June 2024 and January 2025, that it considers certain amended provisions to impose constraints on its investigative effectiveness in Austria. The likely practical effect will be that EPPO investigations may require more judicial approvals and face additional procedural steps before digital evidence can be examined.

EPPO Statements: Timeline and Practical Takeaways

The EPPO’s public position creates a dual dynamic for companies. On one hand, the amended StPO provides additional procedural safeguards that companies can invoke when EPPO investigators seek access to data or premises. On the other hand, early indications suggest the EPPO may respond by issuing requests through multiple channels, combining its own investigation measures with coordination requests via Eurojust or bilateral mutual-assistance channels, to ensure that evidentiary needs are met despite the tighter Austrian framework.

For corporate counsel, this means:

  • Expect multi-channel requests. An EPPO investigation may generate requests from both the EPPO’s European Delegated Prosecutors in Austria and from foreign authorities cooperating with the EPPO through Eurojust or mutual legal assistance treaties (MLATs).
  • Verify the legal basis. Each request should be assessed individually: is it an EPPO investigation measure under Austrian procedural law, or a cross-border cooperation request under a different legal framework? The procedural safeguards available to the company differ accordingly.
  • Centralise your response team. Designate one internal contact, typically the general counsel or chief compliance officer, to coordinate all EPPO-related communications and ensure consistency across the company’s response.

Digital Evidence: Seizure, Court Orders and Cloud/Mobile Data

The digital evidence seizure Austria framework under the amended StPO is the area of greatest operational impact for companies. Understanding who can seize what, and under which authorisation, is critical for preparing an effective response.

Mobile Devices: Phone Seizure Process

Under the amended StPO, authorities may physically seize a mobile device during a search if there are reasonable grounds to believe it contains evidence relevant to the investigation. However, the forensic examination of the device’s contents, extracting messages, emails, location data, application data and photographs, now generally requires a separate court order. This distinction between physical seizure and forensic examination is one of the most important criminal procedure Austria changes for companies to understand.

If authorities seize an employee’s work phone during an on-site visit, the company should immediately request confirmation of the legal basis for the seizure and note whether a court order for forensic examination has already been obtained or is pending. Any objection to the scope of the seizure should be recorded contemporaneously and communicated to counsel without delay.

Cloud and Cross-Border Data Access

Data stored in cloud environments presents jurisdictional challenges. Under the amended StPO, Austrian authorities may order Austrian-based service providers to disclose data stored on servers located outside Austria, provided the order complies with the relevant authorisation thresholds. For data held by non-Austrian providers, cross-border instruments, including the forthcoming EU e-evidence framework, may apply.

Companies using cloud services should verify where their data is physically stored, which service provider entity is the legal custodian, and whether existing contracts address law-enforcement data requests. A clear data-mapping exercise is an essential prerequisite for responding to any seizure or disclosure order.

Forensics and Chain of Custody

The amended StPO places emphasis on the integrity of digital evidence. Forensic imaging, creating a bit-for-bit copy of a data carrier, must follow procedures that preserve the chain of custody. Companies should ensure that their IT security teams understand these requirements, as any break in the chain of custody may provide grounds for challenging the admissibility of evidence.

Type of Data Typical Authority Required Practical Steps for Company
Subscriber information (name, address, account details) Prosecutorial order (lower threshold) Confirm identity of requesting authority; log the request; provide only the categories specified.
Traffic / metadata (connection logs, IP addresses, timestamps) Court order required Request a copy of the court order; verify scope; object if overbroad; preserve but do not disclose pending legal review.
Content data (emails, messages, stored files) Court order required (higher threshold) Immediately notify counsel; preserve data in forensically sound manner; do not alter or delete; respond only within scope of valid order.
Forensic examination of physical device Court order required (post-seizure) Document the seizure; note device identifiers; request confirmation of examination scope; assert privilege over identified materials.

The First 24 Hours: Operational Checklist

When Austrian authorities arrive to execute a search or seizure at company premises, the following steps should be taken immediately:

  1. Verify authority identity and legal basis. Request identification and a copy of the search warrant or court order. Note the issuing court, case reference and scope of the authorised measures.
  2. Contact external counsel immediately. Counsel should be present during the execution of the search wherever possible.
  3. Assign an internal coordinator. One senior person (general counsel, compliance officer or delegated manager) should accompany the authorities throughout the search and maintain a contemporaneous log.
  4. Log everything. Record which rooms were entered, which devices were seized, which documents were copied, and any verbal statements made by authorities or employees.
  5. Restrict employee access to relevant systems. To prevent inadvertent spoliation, issue an immediate legal-hold notice to IT and relevant business units.
  6. Do not consent to voluntary disclosure beyond the order’s scope. Provide only what is specifically covered by the warrant or order. Voluntary production of additional materials may waive protections.
  7. Preserve a copy of all seized materials. Request permission to image or copy data carriers before they are removed, if the warrant permits.
  8. Notify the board and insurers. Depending on the severity of the investigation, directors’ and officers’ liability insurance and regulatory notification obligations may be triggered.

Cross-Border Investigations: MLAT, EPPO Requests and Private Data Providers

Austria sits at the intersection of multiple cross-border investigations Austria frameworks. Companies operating across EU borders must understand the distinct legal channels through which foreign authorities may seek evidence located in Austria, and the procedural protections each channel affords.

Mutual Legal Assistance Treaties (MLATs). Traditional MLATs require a formal request from one state to another, processed through central authorities (typically the Ministry of Justice). These requests are subject to dual-criminality requirements, proportionality review and domestic procedural safeguards. For companies, this means MLAT-based requests generally allow more time and procedural space to challenge scope.

European Investigation Orders (EIOs). Within the EU, the European Investigation Order framework provides a faster mechanism for obtaining evidence across borders. An EIO issued by a foreign authority and validated by an Austrian court can compel the same investigative measures available under domestic law, including data seizure under the amended StPO provisions.

EPPO direct measures. When the EPPO leads an investigation, it can direct its Austrian European Delegated Prosecutors to execute investigation measures under Austrian procedural law. This bypasses the traditional MLAT channel entirely, though the amended StPO safeguards still apply.

Coordinating with Foreign Counsel and IT

Companies facing cross-border investigations Austria must establish a coordination protocol between Austrian counsel, foreign counsel and the internal IT function. Key elements include:

  • Conflict-of-law assessment. Determine whether Austrian data-protection law (including GDPR) restricts the transfer of requested data to foreign authorities.
  • Parallel hold notices. Issue legal-hold notices simultaneously in all affected jurisdictions to prevent inconsistent preservation practices.
  • Single-source communication. All communications with authorities should flow through one designated legal contact per jurisdiction to avoid contradictory statements or inadvertent disclosures.
  • IT forensics alignment. Ensure forensic imaging standards meet the requirements of both the requesting and the responding jurisdiction.

Corporate Investigations and Internal Process Changes

The amended StPO requires companies conducting corporate investigations Austria to revisit their standard operating procedures for internal investigations, evidence preservation and privilege management.

Privilege and Internal Investigations

Austrian law recognises legal professional privilege (Verschwiegenheitspflicht) for communications between a client and their admitted legal counsel (Rechtsanwalt). However, the scope of this privilege in the context of internal investigations is narrower than in many common-law jurisdictions. Documents created by in-house lawyers who are not admitted to the Austrian bar, or materials prepared by external consultants (accountants, forensic IT specialists), are generally not protected from seizure. Companies should structure their internal investigation protocols to ensure that genuinely privileged communications are clearly identified, separated and stored in a manner that facilitates a privilege assertion if seizure occurs.

When to Notify Authorities

Austrian law does not impose a general obligation on companies to self-report criminal conduct, though sector-specific obligations (e.g., anti-money-laundering reporting duties) may apply. The decision whether and when to make a voluntary disclosure is strategic and should be made in consultation with experienced criminal-defence counsel. Early engagement with prosecutors can, in some circumstances, result in more favourable treatment, but premature disclosure carries significant risks, including loss of control over the investigation narrative.

Evidence Preservation Checklist

The following evidence preservation checklist should be implemented as soon as a company becomes aware of a potential investigation or receives any form of notice from authorities:

  • Issue an immediate legal-hold notice to all relevant custodians (employees, contractors, IT administrators) instructing them to preserve all potentially relevant documents, electronic files, communications and metadata.
  • Suspend automated deletion processes for email archives, messaging platforms, backup tapes and cloud storage systems.
  • Identify and secure key custodians’ devices, laptops, mobile phones, USB drives, to prevent data loss or alteration.
  • Engage forensic IT specialists to image critical systems and create forensically sound copies before any review or production.
  • Map data storage locations, including cloud environments, third-party hosting providers and offshore backup facilities, to anticipate cross-border disclosure issues.
  • Document the chain of custody for every item collected, copied or transferred, including timestamps, custodian identifiers and handling personnel.
  • Separate privileged materials from non-privileged files at the earliest possible stage and maintain a privilege log.
  • Brief the board and insurers on the nature and scope of the legal-hold measures and anticipated costs.

Engagement Strategy: Dealing with Prosecutors, EPPO and Voluntary Disclosure

How a company engages with Austrian prosecutors or the EPPO in the early stages of an investigation can shape the entire trajectory of the proceedings. Strategic engagement is not the same as passive compliance, it requires a considered approach to communication, scope negotiation and remediation.

Practical Dialogue Points and Document-Request Response

  • Designate a single spokesperson. Only one person, typically external counsel, should communicate with prosecutors on behalf of the company. Employees should be instructed not to make substantive statements to authorities without counsel present.
  • Assess voluntary disclosure carefully. Voluntary disclosure can demonstrate cooperation and may result in mitigation. However, it also risks waiving privilege, expanding the investigation scope and creating admissions that cannot be retracted. The decision should be made only after a thorough cost-benefit analysis with counsel.
  • Negotiate the scope of production requests. The proportionality safeguards in the amended StPO provide a statutory basis for challenging overly broad document or data requests. Counsel should engage early with the prosecution to agree on search terms, date ranges and custodian limits.
  • Request clarification of the legal basis. For every request, demand written confirmation of the statutory authority under which it is made, the court order (if applicable) and the specific categories of evidence sought.
  • Consider remediation measures. Demonstrating that the company has taken corrective action, such as disciplining responsible individuals, strengthening compliance programmes or making restitution, can influence prosecutorial discretion and potential outcomes.

Practical Tools: Templates, Quick Checklists and Escalation Matrix

Effective response to criminal investigations requires preparation before the investigation begins. Companies operating in Austria should maintain the following tools in a readily accessible, regularly updated format:

  • Evidence preservation checklist (Austria 2026): A two-page document covering legal-hold procedures, IT forensics steps and chain-of-custody requirements tailored to the amended StPO framework.
  • Search and seizure immediate-response template: A single-page quick-reference card for the reception desk, security team and on-call manager covering the first steps when authorities present a warrant.
  • Board notification template: A structured memo format for briefing the supervisory board or audit committee on the nature, scope and potential exposure of a criminal investigation.
  • Escalation matrix: A chart identifying who is notified, in what order and within what timeframe, from security and IT to general counsel, CEO, board and insurers.

To obtain these templates or discuss their adaptation to your company’s specific structure, contact a qualified Austrian criminal-defence practitioner through the Global Law Experts lawyer directory.

Conclusion and Recommended Next Steps for Counsel

The Austrian StPO amendments represent one of the most significant criminal procedure Austria reforms in recent years. For companies and their advisors, the message is clear: the procedural landscape has shifted, and passive reliance on pre-2025 protocols creates unacceptable risk. The following six steps should be prioritised:

  1. Conduct a gap analysis of current evidence-preservation and investigation-response procedures against the amended StPO requirements.
  2. Update all legal-hold templates and IT-forensics protocols to reflect the new court-authorisation thresholds for digital-evidence examination.
  3. Brief senior management and the board on the company’s exposure to EPPO and Austrian prosecutorial investigations, including the procedural rights now available under the amended framework.
  4. Establish a single point of contact for all EPPO-related and cross-border investigation requests.
  5. Review privilege protocols to ensure that genuinely protected materials are identified, separated and stored in a defensible manner.
  6. Engage Austrian criminal-defence counsel now, before an investigation begins, to stress-test your response plan and ensure it is operationally sound.

Need Legal Advice?

This article was produced by Global Law Experts. For specialist advice on this topic, contact Nikolaus Sauerschnig at Gheneff – Rami – Sommer – Sauerschnig Rechtsanwälte GmbH & Co KG, a member of the Global Law Experts network.

Sources

  1. RIS, Rechtsinformationssystem des Bundes (Austrian Federal Legal Information System)
  2. European Public Prosecutor’s Office (EPPO), Official Statements and Press Releases
  3. Austrian Parliament, Parliamentary Documents and Committee Reports
  4. Universität Wien, Department of Criminal Law (UCRIS Portal)
  5. Eurojust, Cross-Border Judicial Cooperation Resources
  6. EUR-Lex, EU Law Database

FAQs

How do Austria's StPO amendments affect EPPO investigations in Austria?
The amendments impose additional court-authorisation requirements and proportionality safeguards that apply equally to EPPO-led investigations conducted under Austrian procedural law. The EPPO has publicly stated that these provisions constrain its investigative effectiveness in Austria, which may lead to more complex, multi-channel evidence requests.
Yes, authorities can physically seize devices during a lawfully authorised search. However, under the amended StPO, the forensic examination of those devices, extracting and analysing their digital contents, generally requires a separate court order. Companies should immediately request confirmation of the legal basis and scope of any seizure.
Verify the identity and legal authority of the officers, request a copy of the warrant or court order, contact external counsel immediately, assign an internal coordinator to accompany the search team, log every action taken, issue an internal legal-hold notice and do not consent to voluntary disclosure beyond the scope of the order.
Legal professional privilege applies to communications between a client and an admitted Austrian Rechtsanwalt. However, documents prepared by non-admitted in-house lawyers, consultants or forensic specialists are generally not protected from seizure. Companies should structure internal investigations to separate privileged materials clearly and maintain a detailed privilege log.
Voluntary disclosure can demonstrate cooperation and may lead to mitigation of penalties, but it carries significant risks, including potential waiver of privilege, expansion of the investigation scope and creation of admissions. The decision should be made only after careful analysis with experienced Austrian criminal-defence counsel.
Assess the legal basis of the order (MLAT, European Investigation Order or EPPO direct measure), verify whether it has been validated by an Austrian court, issue parallel legal-hold notices in all affected jurisdictions, evaluate data-protection restrictions on cross-border transfers and coordinate the response through a single designated legal contact per jurisdiction.
In general, the costs of forensic imaging, data preservation and production in response to an investigation order are borne by the company, unless a court determines otherwise. Companies should factor potential investigation-response costs into their risk budgets and ensure that directors’ and officers’ insurance policies cover defence and compliance expenses associated with criminal investigations.
vanuatu citizenship requirements
By Jonathon Richards

posted 7 hours ago

Find the right Legal Expert for your business

The premier guide to leading legal professionals throughout the world

Specialism
Country
Practice Area
LAWYERS RECOGNIZED
0
EVALUATIONS OF LAWYERS BY THEIR PEERS
0 m+
PRACTICE AREAS
0
COUNTRIES AROUND THE WORLD
0
Join
who are already getting the benefits
0

Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Global Law Experts App

Now Available on the App & Google Play Stores.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Contact Us

Stay Informed

Join Mailing List
About Us

Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Social Posts
[wp_social_ninja id="50714" platform="instagram"]
[codicts-social-feeds platform="instagram" url="https://www.instagram.com/globallawexperts/" template="carousel" results_limit="10" header="false" column_count="1"]

See More:

Global Law Experts App

Now Available on the App & Google Play Stores.

Contact Us

Stay Informed

GLE

Lawyer Profile Page - Lead Capture
GLE-Logo-White
Lawyer Profile Page - Lead Capture

Austria's Criminal Procedure Amendments 2025–26: What Companies & Counsel Must Know

Send welcome message

Custom Message