2026.03.21 – By Andreas Sabadello

MiCAR: A Crypto Trading Bot Can Constitute Portfolio Management of Crypto-Assets (Austrian Federal Administrative Court)

Public Law | Regulatory

Summary

In a judgment of 21 January 2026 the Austrian Federal Administrative Court (Bundesverwaltungsgericht, BVwG) confirmed that an automated trading bot operating on customer accounts at crypto-asset trading platforms can constitute portfolio management of crypto-assets within the meaning of Art. 3(1)(16)(i) of the Markets in Crypto-Assets Regulation (MiCAR, Regulation [EU] 2023/1114). The court dismissed as unfounded the appeal against a cease-and-desist order issued by the Austrian Financial Market Authority (Finanzmarktaufsichtsbehörde, FMA).

The decisive factor was not that customers initially activated the bot themselves. What mattered was that the provider's trading robots operated automatically on customer accounts, were programmed and controlled by the provider, and relied on the provider's strategies, analyses and parameters.

BVwG, judgment of 21 January 2026, W204 2324124-2/9E

Facts

An Austrian provider advertised an automated crypto-trading model on its website. Customers could register and connect their accounts at crypto-asset trading platforms (such as Binance) to the provider's trading robots via an API interface. These robots generated buy and sell signals for crypto-assets such as Bitcoin. Customers could configure their accounts so that signals were adopted automatically and transactions executed without separate individual approval.

The trading robots ran centrally on the provider's servers. The underlying algorithms, strategies and data inputs were exclusively programmed, administered and continuously updated by the provider. The provider expressly recommended that customers refrain from manual intervention, as this could impair trading performance and billing accuracy. Remuneration was structured as a share of 10% of net profits generated. The provider marketed the product as a "tailored solution" and obtained read access to customers' open positions via the API connection.

Proceedings

The proceedings were triggered by an anonymous whistleblower report dated 8 May 2025. The FMA requested the provider to submit a statement. The provider denied that it was carrying out portfolio management, characterising its business model as mere "Software/Analytics (SaaS)" — it did not manage customer funds, did not execute transactions on behalf of customers and did not provide asset management. The systems merely generated non-binding trading signals.

The FMA did not share this assessment and, by procedural order of 21 July 2025, directed the provider to restore lawful conditions. The provider did not comply and continued to offer the product essentially unchanged. On 18 September 2025 the FMA issued a cease-and-desist order pursuant to Section 11(3) MiCA-VVG in conjunction with Art. 59(1) and Art. 3(1)(16)(i) MiCAR and threatened a coercive penalty of EUR 10,000. The suspensive effect of any appeal was excluded.

It was only after service of the order on 23 September 2025 that the provider deactivated signal delivery, stopped onboarding and published a notice on its website stating that the product was "currently unavailable". The BVwG dismissed the appeal against the order.

Judgment

The Four Elements of Portfolio Management

The BVwG examined the legal definition of portfolio management of crypto-assets under Art. 3(1)(25) MiCAR on the basis of four elements and affirmed all of them:

Customer mandate on an individual client basis: The customer mandate consisted of registration, the granting of read access to the customer's exchange account and the activation of the trading function. The product was marketed as a "tailored solution" that could be activated in the respective customer's account. The provider gained access to individual customers' open positions. The trading robots were intended to "take into account the individual requirements of each individual customer". A mere "aggregate signal", as the provider claimed, was — in the court's view — not established.

Discretion: The trading robots ran centrally on the provider's servers and were administered and continuously fed with analyses and strategies by the provider. The selection and weighting of data sources were substantially influenced by the provider. Where automatic adoption was activated, there was no approval requirement for individual transactions. The provider could restructure portfolios without prior consultation with customers. In the automated trading mode, the customer did not even set the order parameters.

"How discretion is exercised is irrelevant. It may also be exercised [...] by computer algorithms."

Customer portfolio containing one or more crypto-assets: The customer accounts at trading platforms contained crypto-assets (such as Bitcoin) that were traded by the robots. This element was undisputed.

Commercial basis: The provider offered the service repeatedly and operated a publicly accessible website with a registration facility. Remuneration in the form of a share of net profits was designed to generate recurring income. According to its own statements, the provider had several customers and substantial revenues. The BVwG applied the VAT-based concept of commercial activity: an activity is commercial where it is sustainably directed at generating income.

Activation by the Customer Does Not Preclude Portfolio Management

The provider's central objection was that customers decided for themselves — they could activate or deactivate automatic execution at any time. The BVwG was not persuaded: once the automatic mode was activated, the bots traded automatically. Customers did not need to separately approve each individual transaction. The formal possibility of ending automation at any time did not eliminate the regulatory classification. Portfolio management does not lose its legal character merely because it can be initiated at short notice and equally quickly terminated.

In addition, the BVwG relied on the FATF interpretation of the concept of administration: "control" is the ability to trade, transfer or spend the crypto-asset. Such control need not be exclusive. For the purposes of administration, it is sufficient that it is possible to dispose of crypto-assets. Through the API connection and automated execution, the provider was able to do precisely that.

Not Merely SaaS or a Signal Service

The BVwG also rejected the characterisation as mere software as a service. It was not the customers who set all parameters; rather, the provider fed its analyses and strategies into the trading robots. In automated trading, the customer did not even set the order parameters.

Assessment

This judgment is the most significant Austrian decision to date on the distinction between technical trading tools and authorisation-requiring portfolio management under MiCAR.

The BVwG interprets the concept of portfolio management of crypto-assets strictly by reference to the MiCAR legal definition and by drawing on the comparable MiFID II framework (Art. 4(1) of Directive 2014/65/EU). The reasoning is clear: where the provider determines the trading logic, programs and controls the bots, selects the analytical inputs and enables automated execution in the customer's account, portfolio management exists — regardless of how the provider labels its model.

Also noteworthy is the relevant point in time for assessment: the BVwG held that only the factual situation at the time the order was issued is relevant. Changes the provider made only after service of the order were immaterial to the assessment.

Why This Matters

The decision concerns a business model that is widespread in the crypto industry. Trading bots, copy-trading systems and automated investment strategies for crypto-assets are offered by numerous providers. The BVwG makes clear that the regulatory assessment does not depend on the chosen label. Terms such as "software", "analytics", "signal", "bot" or "SaaS" do not shield a provider from classification as a crypto-asset service where the actual design goes further.

Models are particularly high-risk where customers connect a bot to their exchange account, the bot automatically triggers buy or sell orders, the provider determines the trading logic and strategies, customers no longer separately approve individual transactions, the provider is remunerated on a success basis, and the product is marketed as an automated or stress-free investment solution. In such cases, it may well be that portfolio management of crypto-assets within the meaning of MiCAR is being provided — with the consequence that authorisation under Art. 59 MiCAR is required.

About Sabadello Legal

Sabadello Legal advises companies in the crypto-asset industry, including token issuers and crypto-asset service providers. Andreas Sabadello was among the first lawyers in Europe to provide legal guidance on the preparation of crypto-asset whitepapers under MiCAR. We advise on MiCAR compliance, token structuring and classification, whitepaper preparation, and regulatory proceedings with the Austrian Financial Market Authority (FMA).

Contact

RA Mag. Andreas Sabadello
+43 1 9971037
office@sabadello.legal

Disclaimer

This article is for general information purposes only. It does not constitute individual legal advice.

Back button
NEXT NEWSNext icon