Website Rules in Austria
Austrian websites must include an Impressum under the ECG §5 and Mediengesetz §§24-25. The DSB enforces GDPR with a focus on cookies and tracking.
Data protection authority:
Datenschutzbehörde
(DSB)
Requirements
3
country-specific rules
Guides
12
guides available
Specific requirements for Austria
Impressum (ECG §5 + Mediengesetz)
Austrian law requires website identification under ECG §5 (E-Commerce-Gesetz) and media disclosure under Mediengesetz §§24-25. Both must be accessible from every page.
DSB enforcement
The Austrian DSB was the first EU DPA to rule that Google Analytics transfers to the US violated GDPR (January 2022, noyb complaint).
Cookie consent
Austria follows the standard GDPR/ePrivacy approach to cookies. The DSB has aligned with the EDPB guidelines on valid consent.
Enforcement in Austria
The Austrian DSB made international headlines in January 2022 when it ruled — following a noyb complaint — that using Google Analytics violates GDPR because data is transferred to the US without adequate protection. This decision influenced similar rulings across France, Italy, and other EU member states. The DSB has also fined companies for using cookie banners that lacked a clear reject option.
Official resources
Guides for Austria
Impressum Rules by Country: DE, AT and Beyond
Impressum requirements differ by country. Germany, Austria and Switzerland have strict rules. Here is what you need.
EAA Penalties in Belgium: Up to €200,000 (FOD Economie)
EAA penalties in Belgium reach €200,000 or 6% of turnover under FOD Economie / SPF Économie. Wet van 5 november 2023, Brussels bilingual rules.
GDPR Fines for Small Businesses: Real Cases and Amounts
Real GDPR fines for small businesses: actual cases from 1,000 to 50,000 EUR. What triggers enforcement and how to avoid it.
GDPR Compliance Checklist for Belgian Businesses (2026)
35-point GDPR checklist for Belgian businesses. APD/GBA enforcement, Wet 30 juli 2018, KBO/BCE number, cookie consent rules, Brussels bilingual obligations.
AI-Built Website Liability Under EU Law
Cursor, Lovable and ChatGPT helped build your site. The GDPR controller is still you. What the AI Act, EDPB and 9 Dec 2026 actually change.
AI-Generated Code and Open-Source Licences
Copilot or Cursor wrote GPL code into your site. The site operator distributes it, not the AI. What Doe v. GitHub decided and what you can actually do.
AI-Generated Images on Your Business Website (EU 2026)
Article 50(4) of the AI Act applies 2 Aug 2026. The four risk layers an EU SMB should check before publishing AI-generated images on a website.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
Can you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
Product Liability Directive 2024/2853: 9 Dec 2026
Directive (EU) 2024/2853 makes software and AI 'products' for strict liability on 9 Dec 2026. What it means for SMBs, and what it does not change.
The EU AI Act for Website Owners (2026)
Article 50 applies 2 Aug 2026. For most SMB sites it creates almost no new obligations. Here's the honest checklist before the deadline.
Data Breach Reporting Under GDPR: 72-Hour Notification
Report a personal data breach under GDPR Article 33: the 72-hour clock, when notification is required, what to file and when to tell affected individuals.
Check your website for Austria requirements
Our scanner checks for Austria-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.