The drafting of insurance contracts in Austria is governed by several statutory frameworks. Key sources include the Austrian General Civil Code (Allgemeines bürgerliches Gesetzbuch, ABGB), the Austrian Insurance Contract Act (Versicherungsvertragsgesetz, VersVG), the Austrian Consumer Protection Act (Konsumentenschutzgesetz, KSchG), and the Austrian Distance Financial Services Act (Fern-Finanzdienstleistungs-Gesetz, FernFinG).

The ABGB establishes the general principles of contract law, while the VersVG provides specific rules tailored to insurance contracts. These rules include both general provisions applicable across all types of insurance and specific regulations for particular classes of insurance.

In addition, the regulatory environment for insurance undertakings in Austria is primarily shaped by the Austrian Insurance Supervision Act 2016 (Versicherungsaufsichtsgesetz 2016, VAG 2016), which implements the EU Solvency II Directive (Directive 2009/138/EC). The Commission Delegated Regulation (EU) 2015/35 is directly applicable in this context. While the VAG 2016 mainly governs the supervision and organization of insurers, it also contains important provisions on distribution and pre-contractual information duties that are relevant to the conclusion of insurance contracts. The Act further sets out requirements for authorization and imposes obligations relating to corporate governance, business organization, taxation, and anti-money laundering and counter-terrorism financing on insurers operating in Austria.

Moreover, certain insurance sectors are subject to specific legislation. In particular, motor vehicle liability insurance is governed by the Austrian Motor Vehicle Liability Insurance Act 1994. In the area of retirement provision, the applicable legal framework depends on the specific structure and may include, inter alia, the Austrian Pension Fund Act (Pensionskassengesetz) or the Company Employee and Self-Employed Provision Act (Betriebliches Mitarbeiter- und Selbständigenvorsorgegesetz).

The Austrian Financial Market Authority (Finanzmarktaufsicht or FMA) is responsible for the supervision of all insurance undertakings operating in Austria, as provided for in the VAG 2016. This legislation applies to life, non-life, and reinsurance undertakings, establishing a common regulatory framework. However, it also contains differentiated provisions depending on the type of insurer, particularly with regard to solvency requirements, risk management, and specific business activities, thereby reflecting the distinct characteristics of life insurance, non-life insurance, and reinsurance business.

Generally, the Austrian legal system distinguishes between three forms of insurance distribution: insurance brokers, insurance agents, and tied intermediaries acting on behalf of an insurance undertaking. All of them must comply with the provisions of the Austrian Trade Regulation Act (Gewerbeordnung, GewO). Directive (EU) 2016/97 on insurance distribution (IDD) has primarily been implemented through the GewO and the Insurance Supervision Act 2016 (VAG 2016), which set out the general framework for insurance distribution, including conduct of business and information requirements. Insurance brokers and agents are required to obtain a licence from the competent trade authority (Gewerbebehörde). Insurance brokers are governed by the Brokers Act (Maklergesetz, MaklerG), while insurance agents are subject to the Commercial Agents Act (Handelsvertretergesetz, HVertrG). Employed sales staff are generally subject to the Salaried Employees Act (Angestelltengesetz, AngG). In certain cases, the Austrian Banking Act (Bankwesengesetz, BWG) may also be relevant.

In order to operate an insurance undertaking, prior authorization is required. The relevant requirements are set out in Sections 6 et seq. of the Austrian Insurance Supervision Act 2016 (VAG 2016). If all statutory conditions are fulfilled, authorization is granted by the Financial Market Authority (FMA), whereas applications may be refused if the requirements are not met (Section 8 VAG 2016). As a general rule, the FMA must issue a decision within six months after receipt of all necessary documentation and information. In practice, the duration of the authorization procedure depends on the completeness and quality of the application as well as any follow-up requests by the FMA.

To obtain a license, the insurance undertaking must, inter alia, be established in an eligible legal form, such as a stock corporation (Aktiengesellschaft), a mutual insurance association (Versicherungsverein auf Gegenseitigkeit) or a European company (Societas Europaea). Furthermore, its head office must be located in Austria. The applicant is required to submit a comprehensive business plan demonstrating its ability to meet future obligations towards policyholders. In addition, sufficient own funds must be available to satisfy the applicable capital requirements. Finally, the undertaking must appoint at least two members of the management board who are fit and proper, i.e. possess the necessary professional qualifications and are of good repute, among other requirements.

Sections 24 to 27 of the VAG 2016 set out the rules on ownership control. Any natural or legal person intending to acquire or increase a qualifying holding in a (re)insurance undertaking domiciled in Austria must notify the Financial Market Authority (FMA) accordingly. The (re)insurance undertaking itself is also subject to notification obligations once it becomes aware of relevant circumstances.

Upon receipt of a complete notification, the FMA must acknowledge receipt and adopt a decision within 60 working days, although this period may be extended where additional information is requested. In assessing the proposed acquisition, the FMA must consider the criteria set out in Section 26 VAG 2016. Particular emphasis is placed on the reliability and financial soundness of the proposed acquirer, as well as on ensuring that the undertaking will continue to comply with applicable legal requirements. In addition, the assessment includes checks regarding potential criminal law concerns.

The FMA is required to take appropriate measures where the assessment indicates that the proposed acquirer may exercise an influence detrimental to the sound and prudent management of the undertaking.

Furthermore, the Austrian Investment Control Act (Investitionskontrollgesetz, InvKG) may apply to acquisitions by investors from outside the EU, EEA and Switzerland. Under this regime, transactions are subject to review where they may pose a risk to security or public order, including in particular aspects of crisis management and the provision of essential services.

It is not permitted to carry out insurance or reinsurance business in Austria without prior authorization. Such authorization must be granted by the Financial Market Authority (FMA). An authorization obtained in Austria is valid throughout the European Economic Area (EEA). Accordingly, Austrian (re)insurers may also operate in other EEA Member States under the freedom to provide services or the right of establishment, subject to completion of the relevant notification procedure.

Conversely, (re)insurers authorized and headquartered in another EU/EEA Member State may operate in Austria under the single license regime without requiring a separate authorization. In such cases, notification is made to the competent home supervisory authority, which in turn informs the FMA.

In Austria, third-country (re)insurers are, in principle, required to obtain authorization, which generally entails the establishment of a branch in Austria in accordance with Section 13 VAG 2016. However, pursuant to Section 13 (4) VAG 2016, this requirement does not apply to (re)insurers domiciled in jurisdictions for which the European Commission has adopted an equivalence decision under Articles 172 (2) or (4) of the Solvency II Directive; currently, this applies in particular to Switzerland.

Furthermore, as of 22 September 2019, reinsurers domiciled in the United States may operate in Austria without establishing a branch, provided that they meet the requirements set out in Article 3 (4) and (8) of the EU–US Covered Agreement of 22 September 2017, as reflected in Section 19a VAG 2016. In this context, the FMA acts as the host supervisory authority within the meaning of Article 2 (i) of that Agreement.

Distinctions must be made between insurers operating within the European Economic Area (EEA) and those from third countries.

Insurers domiciled within the EEA may operate in Austria under the single license regime based on their home-state authorization. While they are primarily supervised by their home supervisory authority, they remain subject to certain host-state provisions in Austria, in particular with regard to conduct of business and distribution requirements under the VAG 2016.

By contrast, third-country insurance or reinsurance undertakings may conduct business in Austria only through an authorized branch and must obtain approval from the FMA. Such approval, granted pursuant to Section 13 VAG 2016, is limited to activities within Austria. A number of provisions of the VAG 2016 apply accordingly to these branches.

As third-country insurance undertakings require licensing from the FMA, branches established in Austria are subject to supervision by the FMA, broadly comparable to Austrian insurance undertakings but distinct from branches of EEA insurers.

Certain provisions of the VAG 2016 require that the business carried out through the Austrian branch be considered separately from the overall business of the third-country undertaking. This approach aims to avoid imposing disproportionate requirements on the entire undertaking, in particular with regard to Solvency II requirements, while at the same time ensuring that branches are not placed at a competitive advantage compared to EEA insurers. Where the VAG 2016 does not expressly specify the scope of application, an interpretation focusing on the activities of the branch is generally adopted.

Overseas reinsurance undertakings may be subject to a more lenient regime where they are domiciled in a jurisdiction for which the European Commission has adopted an equivalence decision under the Solvency II Directive.

According to Section 329 (1) of the Austrian Insurance Supervision Act 2016 (VAG 2016), carrying out insurance or reinsurance business without the required authorization constitutes an administrative offence. The Financial Market Authority (FMA) may impose fines of up to EUR 100,000 and order the cessation of the unauthorized activities. In addition, the FMA has the power to take further supervisory measures, including the prohibition of specific business activities and the withdrawal of authorisation where ongoing compliance failures are identified.

The Financial Market Authority (FMA) has been granted extensive additional powers following the implementation of the Solvency II Directive (2009/138/EC). It issues Circular Letters, Minimum Standards and Guidelines. While these instruments generally do not have binding legal force, in particular Circular Letters, they reflect the FMA’s supervisory expectations and may therefore create a de facto compliance obligation.

The FMA’s supervisory priorities for 2026, as outlined in its publication “Facts and Figures, Trends and Strategies 2026” and on its website, focus on resilience and stability, digitalization, AI and new business models, sustainability, consumer protection, money laundering, sanctions and modern and efficient organization. These priorities are derived from current developments and risks, including, the war in Ukraine and  Israel, and challenges in the real estate sector.

Section VIII of the Austrian Insurance Supervision Act 2016 (VAG 2016) sets out the solvency framework for (re)insurance undertakings in line with the Solvency II Directive (2009/138/EC). The Solvency II regime introduced significant changes, particularly in the area of solvency supervision by the FMA. Accordingly, (re)insurance undertakings are required to maintain eligible own funds, determined on the basis of a solvency balance sheet, to cover the solvency capital requirement (SCR). This requirement may be calculated either by applying the standard formula or by using an internal model approved by the supervisory authority. The SCR represents a threshold, the breach of which may trigger supervisory intervention.

According to Section 193 of the Austrian Insurance Supervision Act 2016 (VAG 2016), (re)insurance undertakings must maintain eligible basic own funds to cover the minimum capital requirement (MCR). The calculation of the MCR is governed by Commission Delegated Regulation (EU) 2015/35. The absolute minimum capital requirement amounts to EUR 2.7 million for non-life insurance undertakings, EUR 4 million for life insurance undertakings, and EUR 3.9 million for reinsurance undertakings; for composite undertakings, the respective amounts are combined.

There is no specific legislation exclusively dedicated to the primary protection of policyholders. Nevertheless, the Austrian Insurance Contract Act (Versicherungsvertragsgesetz, VersVG) contains numerous provisions aimed at safeguarding the interests of policyholders, many of which may only be modified to their benefit.

The Insurance Distribution Directive (IDD) imposes stricter requirements on insurance distribution, which have been implemented in various Austrian laws. Furthermore, the Distance Financial Services Act (Fern-Finanzdienstleistungs-Gesetz, FernFinG) and the Consumer Protection Act (Konsumentenschutzgesetz, KSchG) apply where the policyholder is a consumer, ensuring consumer-friendly terms and conditions, information obligations, and a 14-day right of withdrawal.

Sections 195 et seq. of the Austrian Insurance Supervision Act 2016 (VAG 2016) set out the framework for the supervision of insurance groups. These provisions require that governance requirements are applied at group level, supplemented by specific rules for group supervision, and provide detailed guidance on the calculation of group solvency. The objective of group supervision is to enable the supervisory authority, in particular the Austrian Financial Market Authority (FMA), to obtain a transparent and comprehensive assessment of the solvency position of the insurance group as a whole. The FMA is vested with extensive supervisory powers, including the conduct of review procedures and the assessment of members of the management bodies, and insurance groups are required to report significant risk concentrations and material intra-group transactions to the FMA.

As provided for in Section 120 of the Austrian Insurance Supervision Act 2016 (VAG 2016), (re)insurance undertakings must ensure that all persons who effectively run the undertaking or hold governance or other key functions possess the professional qualifications, knowledge and experience required to ensure sound and prudent management (fit) and are of good repute and integrity (proper). Compliance with these fit and proper requirements is also a prerequisite for obtaining a license. Furthermore, Section 122 VAG 2016 requires notification to the Austrian Financial Market Authority (FMA) of the proposed appointment of members of the management body and persons responsible for governance or other key functions, together with the information necessary to assess their professional qualifications and personal reliability.

Violations of regulatory requirements may result in the imposition of administrative penalties. Pursuant to Section 9 of the Austrian Administrative Penal Act (Verwaltungsstrafgesetz, VStG), the person authorized to represent the company externally is generally responsible for ensuring compliance with administrative law requirements by legal entities. In the case of insurance undertakings, this responsibility will typically rest with the members of the management board. In addition, corporate law requires members of the management board to exercise due care and act in the best interests of the company. If they fail to comply with these duties, they may be liable to compensate the company for any resulting damage. Furthermore, the Austrian Insurance Supervision Act 2016 (VAG 2016) expressly provides for administrative fines to be imposed on the persons responsible under Section 9 VStG, including under Sections 319, 322 and 326 VAG 2016.

As provided under the Austrian Insurance Supervision Act 2016 (Versicherungsaufsichtsgesetz, VAG 2016), carrying out insurance activities in Austria requires authorisation from the Austrian Financial Market Authority (FMA). Third-country insurance undertakings must obtain such authorisation and, as a rule, are required to establish a branch in Austria for this purpose.

Branches of EEA insurance and reinsurance undertakings operating in Austria are not subject to a separate licensing requirement and may rely on the passporting regime. They must notify their competent home supervisory authority, which in turn informs the FMA. Insurance activities may commence two months after the FMA has received the notification. Such branches must appoint a general representative, maintain a physical presence in Austria, and ensure that a business plan and confirmation of compliance with solvency and minimum capital requirements are submitted to the FMA by the home supervisory authority.

Section 109 of the Insurance Supervision Act 2016 (VAG 2016) regulates the outsourcing of functions or business activities by insurance and reinsurance undertakings. It mandates cooperation between service providers and the Financial Market Authority (FMA), ensuring access to data and business premises. Critical or important outsourced functions must be notified to the FMA beforehand, with prior approval required if the service provider is not an insurance or reinsurance undertaking. Outsourcing is prohibited where it significantly impacts governance quality, increases operational risk excessively, impairs compliance monitoring, or jeopardises service provision to policyholders.

In addition, the Digital Operational Resilience Act (DORA, Regulation (EU) 2022/2554), fully applicable since 17 January 2025, imposes a comprehensive ICT risk management framework with particular emphasis on ICT third-party risk management. Insurance undertakings must maintain a register of all contractual arrangements on ICT services provided by third-party service providers and report this register to the FMA. DORA sets out detailed contractual requirements for ICT service agreements, including provisions on data access, audit rights, exit strategies, and subcontracting chains. It also introduces a direct oversight framework for “critical ICT third-party service providers” designated by the European Supervisory Authorities, which may include major cloud service providers used by insurers.

The NIS2 Directive (Directive (EU) 2022/2555), transposed into Austrian law through the NISG 2024 (Netz- und Informationssystemsicherheitsgesetz 2024), introduces additional cybersecurity obligations affecting outsourcing arrangements, particularly regarding supply chain security and incident reporting.

Taken together, Section 109 VAG 2016, DORA and the NIS2 transposition create a multi-layered regulatory framework for outsourcing and operational resilience in the Austrian insurance sector.

Section 124 of the Austrian Insurance Supervision Act 2016 (VAG 2016) requires (re)insurance undertakings to invest their assets in accordance with specific principles. In particular, investments may only be made in assets and instruments whose risks can be properly identified, measured, monitored, managed and controlled, and appropriately reported, taking into account the undertaking’s overall solvency position, and must comply with the prudent person principle, ensuring the security, quality, liquidity and profitability of the portfolio as a whole, while also guaranteeing the availability and accessibility of the assets.

A key component of the business plan to be submitted in the course of the licensing procedure is the description of the undertaking’s reinsurance strategy. In this context, small insurance undertakings are required to notify the FMA of significant changes in their reinsurance arrangements pursuant to Section 87(4) VAG 2016, including an assessment of the impact of such changes on the required level of own funds. Furthermore, under Section 104 VAG 2016, insurance and reinsurance undertakings entering into financial reinsurance contracts or engaging in financial reinsurance transactions must ensure that the associated risks are properly identified, measured, monitored, managed and controlled, and appropriately reported. Reinsurance arrangements must be suitable in terms of type and scope in order to effectively mitigate the residual risks of the undertaking.

The Insurance Distribution Directive (Directive (EU) 2016/97; IDD), which entered into force in February 2016, governs the initiation and conduct of insurance distribution activities, with a particular focus on insurance mediation.

Key legislative provisions relating to insurance distribution are set out in Sections 137 to 138 of the Austrian Trade and Industry Act (Gewerbeordnung, GewO), the Austrian Insurance Contract Act (Versicherungsvertragsgesetz, VersVG), and the Austrian Insurance Supervision Act 2016 (Versicherungsaufsichtsgesetz, VAG 2016). The scope of the IDD extends beyond insurance brokers and agents to also cover employees of insurance undertakings, including direct sales. This framework ensures a level playing field across all distribution channels and provides for consistent standards of conduct, thereby enhancing consumer protection irrespective of the type of intermediary involved.

In recent years, the distribution of insurance products via websites and mobile applications has increased significantly and is often regarded as a form of direct sales. To address this development, the same legal framework applies to online distribution channels as to traditional in-person sales. Insurance undertakings authorized in another EU/EEA Member State may operate in Austria under the single license regime without requiring an additional license. They must notify their competent home supervisory authority, which subsequently informs the Austrian Financial Market Authority (FMA).

By contrast, insurers domiciled in third countries must obtain approval from the FMA in order to operate in Austria. Once authorized, such insurers may conduct business only through a branch established in Austria, the activities of which are subject to supervision by the FMA.

The Austrian legal framework provides comprehensive consumer protection in insurance matters, although there there is no single piece of legislation exclusively dedicated to this specific purpose .The provisions of the Austrian Insurance Contract Act (Versicherungsvertragsgesetz, VersVG) are primarily designed to protect policyholders and may, in many cases, only be derogated from to their benefit, irrespective of whether they qualify as consumers. The Insurance Distribution Directive (IDD), implemented in various Austrian laws, introduces enhanced conduct of business requirements, including obligations to act in the best interest of the customer, to provide suitable product recommendations, and to disclose conflicts of interest.

In addition, the Distance Financial Services Act (Fern-Finanzdienstleistungs-Gesetz, FernFinG) and the Consumer Protection Act (Konsumentenschutzgesetz, KSchG) apply where the policyholder is a consumer, ensuring, in particular, fair contractual terms, extensive pre-contractual information obligations, and a 14-day right of withdrawal.

Austrian insurance law does not impose pricing restrictions or premium regulation; insurers are free to set premiums based on actuarial principles, subject to the general prohibition of unfair commercial practices and the transparency requirements under the VersVG and the IDD.

The VAG 2016 provides specific procedures for resolving financial difficulties faced by insurance companies. Under section 309, restructuring proceedings under the Austrian Insolvency Act are not applicable to insurance firms; only the FMA has the authority to initiate insolvency proceedings. Section 316 allows insolvency proceedings to be avoided where this benefits policyholders, empowering the FMA to restrict certain payments and benefits from life insurance policies based on available assets.

Insurance companies must maintain a premium reserve fund for life and health policies, managed separately from other assets. This fund takes precedence over other claims in bankruptcy proceedings and may only be used to fulfil insurance obligations (section 312 VAG 2016).

At EU level, the Insurance Recovery and Resolution Directive (IRRD) establishes a harmonised European framework for the recovery and resolution of insurance and reinsurance undertakings. The IRRD introduces requirements for pre-emptive recovery planning by undertakings and resolution planning by designated resolution authorities. It provides resolution authorities with a comprehensive toolkit, including powers to transfer portfolios, establish bridge institutions, and write down or convert capital instruments. Policyholder protection is a primary objective of the resolution process.

Austria will need to transpose the IRRD into national law, which will require significant amendments to the existing resolution framework in the VAG 2016, including the designation of a national resolution authority – likely the FMA – and the establishment of resolution financing arrangements. The IRRD will reshape the Austrian insurance resolution landscape, moving from the current insolvency-centred approach to a more structured and proactive recovery and resolution framework.

The Austrian court system comprises district courts (Bezirksgerichte), regional courts (Landesgerichte), higher regional courts (Oberlandesgerichte), and the Supreme Court (Oberster Gerichtshof). Civil law disputes, including those relating to insurance, are generally adjudicated within this court system. In Vienna, the Austrian capital, specialized commercial courts (Handelsgerichte) exist, which are experienced in handling complex commercial claims. These courts operate as specialized divisions within the civil court system and regularly deal with high-value and complex business disputes.

While civil courts are competent to hear a broad range of matters, including commercial disputes, there are no courts in Austria specifically dedicated to insurance law cases.

Austria has a well-established system of alternative dispute resolution, supported by various arbitration bodies and statutory frameworks. A comprehensive legal regime for arbitration proceedings is in place, with the Vienna International Arbitral Centre (VIAC) acting as a leading institution for the administration of international arbitration cases.

However, in the field of insurance disputes, alternative dispute resolution mechanisms generally play a more limited role compared to other areas of commercial law.

The legal framework for portfolio transfers is set out in Sections 28 et seq. of the Austrian Insurance Supervision Act 2016 (VAG 2016). Such transfers may take place between Austrian (re)insurance undertakings, as well as between Austrian undertakings and insurers established within the European Economic Area (EEA). Transfers from an EEA insurer to an Austrian (re)insurance undertaking are also possible, provided that the risks are limited to the territory of the respective branch.

Portfolio transfers require prior approval by the Austrian Financial Market Authority (FMA). Upon approval, all rights and obligations arising from the insurance contracts included in the portfolio are transferred to the acquiring undertaking. The transfer becomes effective upon entry in the companies register or upon approval of the transfer, as provided for in Section 31(1) VAG 2016. In addition, where insurance contracts covering risks in Austria are affected, the acquiring undertaking or branch must inform the policyholders of the transfer without undue delay following approval by the FMA, in accordance with Section 31(2) VAG 2016.

In recent years, the insurance sector has been subject to increasing regulatory complexity, resulting in more stringent legal requirements and enhanced compliance obligations. This development has made it more challenging for new market entrants to navigate the regulatory environment. In addition, non-sector-specific regulations, such as the General Data Protection Regulation (GDPR), DORA, the AI-Act and NIS2 further contribute to the overall regulatory burden.

While the Austrian insurance market remains relatively stable in terms of the number of undertakings, market participants, particularly intermediaries, may increasingly seek consolidation or cooperation in order to manage rising compliance costs. Despite these challenges, the Austrian Financial Market Authority (FMA) generally adopts a cooperative approach, which may facilitate market entry for well-prepared applicants.

The COVID-19 pandemic acted as a catalyst for digital innovation in the insurance sector, prompting insurers to rapidly implement technological solutions to meet customer needs. Ongoing developments in areas such as artificial intelligence, e-mobility and cloud computing continue to drive transformation within the industry and require careful integration into existing business models. Insurers face the internal challenge of adapting to these technological changes while maintaining efficient and compliant operations.

At the same time, InsurTech companies have emerged as an important driver of innovation, with many Austrian insurers adopting digital solutions to enhance efficiency and develop more sophisticated pricing models. Insurers are also increasingly investing in digital distribution channels and customer interfaces, including comparison platforms and mobile applications. In parallel, the growing importance of cyber risks has attracted increased regulatory attention, with the Austrian Financial Market Authority (FMA) actively assessing the resilience of insurers, including through cyber stress tests and similar supervisory measures.

A Austrian Financial Market Authority (FMA) actively supports the digitization of the insurance sector. Austrian contract law primarily adheres to the principle of freedom of form, meaning that contracts concluded online are generally valid. Section 12 of the E-Commerce Act (E-Commerce-Gesetz, ECG) governs the receipt of electronic declarations, stipulating that they are deemed received when the intended party can access them under ordinary circumstances.

The Insurance Contract Act (Versicherungsvertragsgesetz, VersVG) further regulates electronic communication in sections 5a and 5b. Consent for electronic communication must be explicitly given by the policyholder and can be revoked by either party. Both parties retain the right to transmit information on paper, and policyholders have the right to request paper versions of electronically received documents.

A growing number of insurance agreements are now being conducted electronically, with communication between insurer and policyholder often occurring via digital channels. Similarly, policyholders frequently submit claims reports electronically. However, due to the limited adoption of qualified electronic signatures (as defined in the eIDAS Regulation (EU) No. 910/2014), particularly outside specific business sectors, many insurance contracts were still requiring physical signatures. The revised eIDAS Regulation (eIDAS 2.0, Regulation (EU) 2024/1183), which entered into force in 2024, introduces the European Digital Identity Wallet (EUDIW). This development has the potential to significantly reduce one of the key barriers to fully digital insurance transactions, the limited adoption of qualified electronic signatures. The EUDIW will enable citizens and businesses across the EU to identify themselves electronically in a secure and trusted manner, which may facilitate fully digital insurance contract conclusions and claims processes without the need for physical signatures.

Furthermore, the EU AI Act (Regulation (EU) 2024/1689) introduces specific requirements for AI-driven claims handling and automated decision-making processes. Where insurers deploy AI systems for claims assessment or fraud detection, these systems may be subject to enhanced transparency and human oversight requirements, particularly where they significantly affect policyholders’ rights. Insurers will need to carefully assess whether their automated claims handling processes fall within the high-risk AI system category under the regulation.

The fundamental legal framework – the principle of freedom of form, the E-Commerce Act, and sections 5a/5b VersVG – remains unchanged. However, the cumulative effect of eIDAS 2.0 and the AI Act is expected to both facilitate and regulate the further digitization of insurance sales and claims handling in Austria.

The use of customer data by insurers is primarily governed by the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz, DSG). In addition, Sections 11a et seq. of the Austrian Insurance Contract Act (Versicherungsvertragsgesetz, VersVG) contain specific provisions relating to the processing of sensitive data, in particular health data, by insurers. Given the nature of insurance business, insurers regularly process special categories of personal data within the meaning of Article 9 GDPR, including health data for life and health insurance underwriting and claims assessment.

There are no insurance-specific rules governing the cross-border transfer of customer data. Such transfers are subject to the provisions of the General Data Protection Regulation (GDPR). In particular, transfers to third countries require compliance with the conditions set out in the GDPR, including the existence of an adequacy decision by the European Commission or the implementation of appropriate safeguards.

To date, Austria has not introduced a single, standalone ESG regime specifically tailored to the insurance sector. However, ESG-related requirements form part of a broader regulatory framework, largely driven by European Union legislation and implemented or directly applicable in Austria. In addition, ESG risks have become an integral part of supervision, with the Austrian Financial Market Authority (FMA) placing particular emphasis on sustainability risks and the prevention of greenwashing.

At the European level, the Corporate Sustainability Reporting Directive (CSRD) introduces significant additional requirements for insurance undertakings. The directive expands the scope of reporting obligations, enhances the comparability of sustainability disclosures, and introduces mandatory limited assurance of reported information. Its implementation follows a phased approach, with obligations already applicable to certain undertakings and further requirements becoming applicable until 2028, depending on the size and structure of the undertaking.

Notably, in February 2025 the European Commission published its “Omnibus” simplification proposal, which aims to substantially reduce the scope and burden of CSRD reporting. If adopted, this proposal would raise the thresholds for mandatory sustainability reporting, potentially exempting a significant number of medium-sized insurance undertakings from CSRD obligations, and streamline the ESRS by reducing mandatory disclosure datapoints. The final outcome of this legislative process should be monitored carefully.

The Corporate Sustainability Reporting Directive (CSRD) has replaced the former non-financial reporting framework under Directive 2014/95/EU and section 243b(2) of the Austrian Business Code (UGB). Under the CSRD and the associated European Sustainability Reporting Standards (ESRS), reporting obligations on diversity and inclusion are significantly more detailed. In particular, ESRS requires extensive disclosures on workforce diversity, including gender representation at board and management level, pay gap information, and policies on equal treatment and opportunities.

The EU Pay Transparency Directive (Directive (EU) 2023/970) must be transposed into Austrian national law by 7 June 2026. It introduces mandatory pay transparency measures, including the right for employees to request pay level information broken down by gender, mandatory reporting on gender pay gaps for companies with more than 100 employees, and joint pay assessments where a gender pay gap exceeding 5% cannot be justified. Insurance undertakings, as typically large employers, will be directly affected.

At the national level, the Austrian Diversity Charter, launched in 2010 by the Austrian Federal Economic Chamber and the Vienna Economic Chamber, continues to operate as a voluntary initiative aimed at recognising and appreciating diversity. No specific diversity legislation targeting the insurance sector has been introduced in Austria. However, the combination of the CSRD and the Pay Transparency Directive substantially enhances the regulatory framework for diversity and inclusion applicable to (re)insurers.

Cyber insurance remains one of the most dynamic growth segments. As the landscape of cyber threats continues to evolve, demand for comprehensive cyber insurance policies and proactive risk management services is rising steadily.

The adoption of artificial intelligence across the insurance value chain is expected to accelerate significantly. The EU AI Act provides a regulatory framework that, while imposing compliance requirements, creates legal certainty for insurers deploying AI-driven solutions in underwriting, claims handling, customer service and fraud detection. Insurers that effectively leverage AI are likely to achieve competitive advantages through enhanced efficiency and customer experience.

ESG integration continues to shape the market. Insurers must enhance their integration of ESG criteria into investment strategies and product offerings, while also complying with expanding reporting obligations under the CSRD.

The overall market outlook for the Austrian insurance sector remains positive, underpinned by a stable regulatory environment, continued digital transformation, and growing demand for innovative insurance solutions addressing emerging risks.