Cybercrime and Jurisdiction: When are Austrian authorities competent?

Cybercrime offences are among the most dynamic and fast-developing areas of criminal law. Attacks are typically cross-border in nature: perpetrators and victims are often located in different jurisdictions, and the underlying technical processes are complex. As a result, affected individuals and businesses frequently ask:

When are Austrian criminal law enforcement authorities (police and public prosecutors) entitled to take action?

  1. Territoriality as the Starting Point – “Domestic Offence”

As a general rule, Austrian criminal law is based on the principle of territoriality (Section 62 of the Austrian Criminal Code “StGB”). This means that offences fall under Austrian jurisdiction if they are committed in Austria. Whether an offence is deemed to have been committed “within Austria” is determined by Section 67 (2) StGB. According to this provision, an offence is considered to have been committed at the place where

  • the perpetrator acted (place of action), or
  • the legally relevant result occurred (place of result).

In cybercrime cases, this distinction is often problematic, as the place of action and the place of result frequently lie in different countries.

Example: A perpetrator drafts a phishing email in Germany. The victim transfers funds from Austria to a bank account in France. Whether Austrian authorities are competent in such a scenario is not always straightforward.

  1. Jurisdiction Even Without a Domestic Offence (Section 64 StGB)

In certain constellations, Austrian criminal law applies even if both the act and the result occurred entirely abroad. Section 64 StGB provides for extraterritorial jurisdiction with respect to specific criminal offences.

In the cybercrime context, the following offences are particularly relevant:

  • espionage of business or trade secrets for the benefit of a foreign state
  • participation in a criminal Organisation
  • aggravated coercion
  • money laundering

In addition, persons who contribute from abroad to an offence committed in Austria may also be prosecuted under Austrian law (Section 64 (1) no 8 StGB).

Example: A person located in Switzerland shares, likes or comments on criminal content posted on Instagram or Facebook by a perpetrator acting in Austria.

  1. Cybercrime Offences of Practical Relevance and Austrian Jurisdiction

a) Fraud (Section 146 StGB) and Extortion (Section 144 StGB)

Fraud and extortion are classic result-based offences under Austrian criminal law.

Jurisdiction is determined by the place where the financial damage occurs. This is the location where the victim loses the ability to freely dispose of the affected assets – for example, where a transfer is made to a third-party bank account held with the victim’s bank.

Until recently, Austrian jurisdiction was therefore typically established where the victim initiated the transfer from an Austrian bank account.

Supreme Court update (2025): In 2025, the Austrian Supreme Court clarified that a legally relevant intermediate result is sufficient to establish Austrian jurisdiction, even if the actual financial loss materialises only abroad. This constitutes a significant facilitation for victims of crypto fraud and investment scams, where perpetrators often exploit intermediary foreign bank accounts or crypto accounts.

b) Cyberbullying (Section 107c StGB)

Cyberbullying constitutes both a result-based offence and, potentially, an endangerment offence.

Jurisdiction depends on whether the perpetrator used telecommunications services or a computer system located in Austria to commit the offence, or whether the violation of honour is perceptible in Austria “for a longer period of time”.

Accordingly, Austrian law enforcement authorities will regularly have jurisdiction if the relevant content is accessible within Austria.

c) Hacking – Unauthorised Access (Section 118a StGB)

Hacking in the criminal law sense occurs where a perpetrator gains access to a computer system over which they have no (or no exclusive) right of control by overcoming a specific security measure.

A domestic place of offence exists where the perpetrator accesses the system from Austria (place of action) or where the attacked computer system itself is located in Austria (place of result).

d) Data Interference (Section 126a StGB)

Criminal data interference is committed where a person causes damage by altering, deleting, suppressing or otherwise rendering unusable data that are processed, transmitted or made available by automated means and over which the perpetrator has no (or no exclusive) right of control.

As Section 126a StGB requires the occurrence of damage, it constitutes a result-based offence.

Austrian jurisdiction therefore also applies where the perpetrator acts abroad, provided that the damage occurs to data located in Austria.

e) Misuse of Computer Programs (Section 126c StGB)

Section 126c StGB criminalises the manufacture of computer programs intended to unlawfully obtain access to data.

This offence frequently constitutes a preparatory act for other cybercrime offences. It is a pure conduct-based offence and does not require the occurrence of any damage.

Austrian criminal jurisdiction is established where the preparatory act is carried out within Austria.

f) Data Falsification (Section 225a StGB)

Under Section 225a StGB, criminal liability arises where a person creates false data or falsifies genuine data by entering, altering, deleting or suppressing data, with the intention that such data be used as evidence of a right or a legally relevant fact.

For the purpose of establishing Austrian jurisdiction, it is sufficient that genuine data are falsified in Austria or that false data are produced in Austria.

4. Conclusion

Whether Austrian police and public prosecutors initiate investigations depends on the specific type of offence involved and on whether it qualifies as a conduct-based or result-based offence.

Where perpetrators act from abroad, Austrian jurisdiction generally arises only in relation to result-based offences. In complex cybercrime cases, however, intermediate results or the mere perceptibility of harmful effects within Austria may already be sufficient to establish jurisdiction.

For further analysis, we refer to the specialist publication by Dr Paul Krepil, “Cybercrime and Domestic Jurisdiction” (ecolex 2025/426).

5. Legal Support in Cybercrime Matters

Cybercrime cases are both technically and legally demanding. Questions of international jurisdiction determine whether Austrian authorities may initiate proceedings or whether affected parties must pursue their claims abroad. This is relevant both for victims of cybercrime and for the defence of accused persons.

Do you require legal support? LEUKOS provides legal support, in particular, in the following areas:

  • assessment of criminal liability and jurisdiction
  • representation of victims and defence of accused persons in criminal and civil proceedings
  • international cooperation and mutual legal assistance in cross-border matters
  • tracing and recovery of misappropriated assets

Contact LEUKOS for a confidential consultation.

Managing Director Liability – Business Judgment Rule

Managing directors constantly face critical business decisions that shape the success of their companies. The economic outcome of these decisions is often uncertain by nature. Investments, strategic realignments, and everyday business operations all involve both opportunities and risks. Effective risk management and well-informed decision-making are therefore essential for sustainable business growth and long-term corporate success. Austrian corporate law recognizes this business reality and does not hold managing directors liable for every incorrect decision. Instead, it provides an important legal safeguard: the Business Judgment Rule.
This principle clarifies that liability does not depend on whether a business decision ultimately leads to economic success or failure. Rather, the decisive factor is how the decision was made.
read more

Corporate Criminal Liability: Preconditions to hold companies liable – and how to minimize risks

Companies are increasingly exposed to criminal investigations. Under Austria’s Corporate Criminal Liability Act (Verbandsverantwortlichkeitsgesetz – VbVG), criminal responsibility is no longer limited to individuals. Companies themselves may be held liable for criminal offences committed within their organization. For managing directors, shareholders and compliance officers, understanding the scope of corporate criminal liability is essential in order to manage legal, financial and reputational risks effectively.
read more
show all blog entries

Dr. Paul Krepil

Partner | Attorney at Law

Paul Krepil is an attorney at law and partner at LEUKOS Attorneys at Law. His practice focuses on litigation, white-collar crime and (international) arbitration. He has 10 years of experience acting as counsel and defense attorney in cross-border cases. In addition, he has been repeatedly recommended as a Key Lawyer by the renowned legal guide Legal500.

„Paul Krepil was incredibly well prepared and always kept everything together.” – Legal500 (2024)

 

„Paul Krepil knows the case in depth, quick and useful responses. He typically knows even minor details by heart.” – Legal500 (2023)

Professional Background

since 2025
2021 – 2025
2016 – 2021

LEUKOS Attorneys at Law
Cerha Hempel
Wolf Theiss

University of Vienna (Dr.iur. and Mag.iur.), Austria
University of Edinburgh, Scotland

  • Representing a global tech company in mass proceedings concerning alleged GDPR violations.
  • Successfully defending a real estate entrepreneur in criminal proceedings, resulting in an acquittal on all charges including aggravated fraud, fraudulent insolvency and accounting fraud.
  • Strategically resolved a mass claim litigation involving over 120 claims through a combination of successful court proceedings and favorable settlements for the client.
  • Representing a financial institution in enforcement proceedings related to an arbitration award exceeding EUR 200 million.

  • Providing legal advise in enforcement proceedings arising from a multi-million-euro investment arbitration.

  • Cybercrime und inländische Gerichtsbarkeit (ecolex 2025)
  • Schutzmaßnahmen als Haftungsminimierung für Unternehmen und ihre Organe in Brewi/Royer (Hrsg.), Praxishandbuch Cybercrime (Linde 2025)
  • Obstructing Arbitral Proceedings at Their Beginning: A Bumpy Road (Not) to Take in Austrian Yearbook on International Arbitration 2024 (Manz 2024, co-author)
  • Regular presentation and courses for the academy for law and taxes in contract law – “Einführung in das Vertragsrecht” (ARS)
  • Litigation & Dispute Resolution, 2024, 17th Edition, Austria, International Comparative Legal Guide (ICLG, 2024, Co-Autor)
  • The Banking Litigation Law Review – Austrian Chapter, 5th Edition (Law Business Research 2021; Co-Autor)
  • Class & Group Actions 2019: International Comparative Legal Guide, 11th Edition (ICLG 2019; Co-Autor)
  • Foreign Investments in Austria, ABA Section of International Law, Issue 17, August 2018 (Co-Autor)
  • Global Legal Insights – Bribery & Corruption: Austrian Chapter (GLI 2018; Co-Autor)
  • The Class Action Law Review – Austrian Chapter, 2nd Edition (Law Business Research 2017, Co-Autor)

Team

Mag. Claudia Brewi

Partner | Attorney at Law

Claudia Brewi is an attorney at law and partner at LEUKOS Attorneys at Law. Her core practice areas include white-collar crime, cybercrime, litigation and compliance. She has extensive experience as defense or victim’s counsel in complex white-collar cases as well as representing clients in civil disputes with an economic and corporate nexus. In addition, she is a founding and board member of the Austrian White Collar Crime Association (AWCCA).

Professional Background

since 2025
2021 – 2025
2017 – 2021

LEUKOS Attorneys at Law
Paulitsch Law
Wolf Theiss

University of Vienna (Mag.iur.), Austria
University of Oslo, Norway

  • Advising and representing a tax advisor in complex civil proceedings concerning alleged damages in the millions due to alleged incorrect advice; several (partly already legally binding) dismissals of claims were achieved.
  • Successful criminal defense of an entrepreneur from the real estate industry with acquittal on all charges (allegations including aggravated fraud, fraudulent insolvency and accounting fraud)
  • Representation of victims of large-scale crypto fraud cases in Austria, Germany and Switzerland.
  • Acting on behalf of an international IT company as a private party in connection with multi-million-euro in damages arising from embezzlement and money laundering.
  • Online-Presentation – Das österreichische Unternehmensstrafrecht (Verbandsverantwortlichkeitsgesetz): same same but different? (WisteV/AWCCA 2025)
  • Checklist: Aktuelle Cybercrime-Phänomene und Präventionsmaßnahmen für Unternehmen (ecolex 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: From Corruption to Laundering in Austria/Europe: Legal and Practical Responses to an Evolving Threat (IACA 2025)
  • Co-Editor and Author of Praxishandbuch Cybercrime: Cybercrime – eine Bestandsaufnahme, Online- und Krypto-Betrug, Aktuelle Entwicklungen und Ausblick (Linde 2025)
  • Ecolex Talks – Do’s and Don’ts im Strafrecht (Manz 2025)
  • The International Anti-Corruption Academy’s Annual Conference on Global Trends and Challenges in Preventing and Combating Corruption Vortrag: New trends in AML/CFT from the financial sector perspective (IACA 2024)
  • Presentation at the AML-Conference: AML- und Betrugs-Compliance (ARS Akademie 2024)
  • Strafbarkeit wegen Geldwäscherei durch Unterlassen? (ecolex, co-author)
  • Verschärfung des Korruptionsstrafrechts (ecolex, co-author)
  • Expert panel on risks in the Darkweb (SMJ partners, AWCCA and Darkowl 2023)
  • Presentation at blockchain-REAL: Crypto-Crime – Aktuelle Betrugs- und Geldwäschefälle (Linde und GEWINN 2022)
  • Linde Podcast #96 – Crypto Crime (Linde 2022)
  • The Asset Tracing and Recovery Review – Austrian Chapter, 7th and 8th Edition (Law Business Research 2019 und 2020, Co-Autorin)

Team

Inhouse Outsourced

Outsourced
Legal department

For some companies, maintaining an in-house legal department is not economically viable. Even established legal teams can quickly reach their limits during periods of increased workload or staffing shortages, particularly in legally sensitive situations. We support your business flexibly, quickly and reliably in all legal matters – so you can focus entirely on your core business.

  • Corporate Housekeeping
    Ongoing legal support for companies, from incorporation to amendments of articles of association or changes in shareholder structure.
  • Claim Management
    Coordination and handling of contentious matters including strategic and legal support in disputes and conflicts.
  • Crisis Management and Crisis Communication
    Legal assistance in critical situations as well as strategic guidance on internal and external communication.
  • Data Protection (GDPR)
    Advisory on the implementation of data protection requirements, drafting of guidelines and support during regulatory audits.
  • Contract Drafting and Contract Negotiations
    Drafting of tailor-made contracts to safeguard company interests as well as legal support during negotiations to strengthen the company’s position and minimize risks.
  • Contract Management
    Structured administration, monitoring and adaption of existing contracts including deadline management.
  • Intellectual Property Law and Unfair Competition
    Protection of intellectual property (trademark applications, etc.) and opposing unfair business practices by competitors.

Cyber and Crypto Crime

Digitalization has led to a rapid increase and evolution of crimes in the worldwide web. Cyberattacks can hit both companies and private individuals suddenly and severely. We help you assess complex online crimes from a legal perspective, minimize financial losses and assert your rights effectively.

  • Crypto and Online Fraud
    Initial legal assessment, case analysis and enforcement of claims in cases of crypto fraud, investment and trading scams, romance scams, pig butchering schemes, fake online shops, impersonation scams and similar online fraud schemes.
  • Prevention and Compliance
    Development and implementation of guidelines, trainings and preventive measures to minimize digital risks.
  • Attacks on IT systems
    Legal advice and crisis management in cases of hacking, phishing, ransomware, fraudulent data processing, misuse of access credentials, data forgery and data damage.
  • Online Harassment and Abuse
    Legal support in cases of coercion, threats, stalking, cyberbullying, hate speech and online defamation.
  • Identity Theft and Online Manipulation
    Legal support in cases involving order fraud, CEO fraud, money laundering, data protection breaches and reputational harm.
  • NIS 2 Directive and Data Breaches
    Advice on security requirements, obligations and organizational measures for affected companies. Assistance in managing data protection incidents including data-breach notifications and communication with authorities.

White-Collar Crime

Criminal risks can affect companies and individuals unexpectedly. We provide comprehensive support to handle critical situations professionally, discreetly and with legal certainty. We safeguard your rights throughout all stages of criminal proceedings, guide you through challenging situations and ensure that your position is represented effectively and strategically.

  • Economic Crimes
    Consistent representation in cases of economic and business-related offences such as fraud, fraudulent insolvency, embezzlement, breach of trust, accounting offences, money laundering, misuse of trade or business secrets, forgery and other related matters.
  • Defense in Investigations and Criminal Proceedings
    Support and advice at every stage of criminal proceedings – from initial questioning to dawn raids, seizures, asset freezes and full defense representation before the criminal court.
  • Victim Representation
    Assertion of victims’ rights and claims of private parties or private prosecution to effectively protect economic and personal interests.
  • Corruption
    Legal advice and defense in cases involving abuse of power/office, acceptance of advantages, bribery and other corruption-related offences.
  • Compliance
    Development, optimization and implementation of guidelines, training programs and preventive measures to minimize risks for employees and companies.
  • Internal Investigations
    Discreet and independent clarification of internal matters to minimize criminal liability risks including interviews, document analysis and structured reporting for internal or external use.
  • Appeals and Remedies
    Review and filing of objections, complaints and appeals against acts or decisions of investigative authorities and courts.

Disputes

We represent our clients in contentious disputes before state courts and arbitral tribunals. Our services include enforcing claims, defending against unjustified claims and guiding our clients through payment, enforcement and insolvency proceedings. We also provide strategic support outside of court through assertive correspondence as well as efficient claim and enforcement management.

  • Advising in Civil Law Matters
    Legal advice across all areas of civil law, including damages, warranty, product liability and unjust enrichment.
  • Corporate and Commercial Disputes
    Legal support in shareholder disputes, director and officer liability and matters related to the Business Judgment Rule.
  • Representation before State Courts (Litigation)
    Comprehensive legal representation before state courts in all areas of civil law (i.e. damages claims, declaratory actions and injunctions) including strategic case management and targeted litigation preparation.
  • Arbitration
    Representation in domestic and international arbitration cases under various rules (i.e. VIAC, ICC, UNCITRAL) as well as ad hoc arbitration proceedings.
  • Out-Of-Court Representation
    Preparation of targeted legal demand letters and efficient out-of-court interventions to resolve disputes.
  • (European) Payment Orders
    Supporting with asserting monetary claims including initiating payment orders and representation in objection proceedings.
  • Debt Collection
    Efficient identification, securing and recovery of assets to enforce outstanding claims.
  • Enforcement Proceedings
    Securing and satisfying claims as well as enforcing final judgments through injunctions, seizures, enforced sale of assets and other enforcement measures.
  • Recognition and Enforcement of Foreign Arbitral Awards
    Legal representation in recognition and enforcement proceedings concerning domestic and international arbitration awards.
  • Insolvency Cases
    Legal advice and support with claim submissions as well as representation in insolvency related disputes.