In a groundbreaking decision, an Austrian regional court has held that certain provisions of the Collective Redress Directive (Directive (EU) 2020/1828, “CRD”, sometimes also referred to as Representative Actions Directive) are directly applicable given that Austria failed to transpose the directive into national law. As a consequence, the EU’s rules on privacy, AI, and digital products will soon see increased private collective enforcement.

The CRD, adopted by the European Union in 2020, aims to facilitate collective actions (class actions) for the enforcement of consumer rights brought by representative entities (so-called “qualified entities”). The CRD specifically provides for the enforcement of damage claims and injunctive measures.

This is particularly relevant for companies active in the digital space given that the CRD does not only apply to general consumer law claims but also to claims under EU e-commerce law (e.g., the Distance Selling Directive and the E-Commerce Directive), privacy law (GDPR and ePrivacy Directive), and, once applicable, the AI Act as well as requirements for the security of software or any other products containing digital elements (the Cyber Resilience Act).

The CRD should have been transposed and made applicable in all EU Member States by 25 June 2023. However, a number of EU Member States have not transposed the CRD at all or have transposed it only partly.

As the first court in any EU Member State, the Austrian Regional Court Klagenfurt has now held that many provisions of the CRD are directly applicable where they have not been (correctly) transposed into national law. In doing so, the court relied on well-established case law of the Court of Justice of the European Union holding that provisions of an EU directive have direct effect if (i) the transposition deadline has expired, (ii) the provisions are unconditional and sufficiently clear and precise, and (iii) they grant rights to individuals.

In the case at hand, the consumer rights organization acting as a plaintiff was a “qualified entity” under the CRD and therefore had standing to bring a collective action under the CRD. Austrian law, however, did not recognize the consumer rights organization as a qualified entity. The court set Austrian law aside and granted the plaintiff organization standing to bring the collective action.

Moreover, the court specifically recognized the plaintiff organization’s right to file for injunctive relief, again directly applying the CRD. Although the lawsuit only concerned a local energy provider and was eventually dismissed on substance, it will have far-reaching effects in particular for the collective enforcement of consumer rights in the digital space.

For example, EU-wide privacy enforcement organizations have already declared publicly that they are looking to this Austrian decision as a way for them to bring collective actions under the GDPR.

What makes this decision particularly impactful is that many of the CRD’s provisions benefiting plaintiff organizations could equally have direct effect:

  • Under the CRD, plaintiff organizations cannot only seek injunctive relieve but in particular also monetary claims such as damages or reimbursement of the price paid (Article 9 CRD);
  • interruption of applicable limitation periods also for consumers who do not actively participate in the collective action (Article 16 CRD);           
  • disclosure procedure of evidence in collective actions akin to discovery proceedings in the US (Article 18 CRD).

In conclusion, while the Austrian court’s decision to affirm the direct applicability of the CRD may be seen as a victory for consumer advocates, it raises serious concerns from an EU-wide industry perspective as the CRD applies to all EU Member States. In particular, the direct applicability of these provisions leaves stakeholders with uncertainty as to the specific scope of the applicability of the other CRD provisions in EU Member States where the CRD has not been transposed yet or may not have been transposed in its entirety, such as for example in Austria and Belgium.

This situation increases the risk for abusive litigations significantly which, according to the CRD’s recitals, the CRD actually seeks to avoid.   

In Belgium, although the Belgian Economic Law Code already contains provisions on collective actions, these provisions need to be updated to comply with the directive. A draft law was approved by the Council of Ministers in October 2023, submitted to the Council of State that published its opinion on 29 January 2024, and is expected to be voted later this month, which should alleviate the above concerns, but this is not the case in all EU Member States yet.


Dr. Lukas Feiler, SSCP, CIPP/E, has more than eight years of experience in IP/IT and is a partner and head of the IP and IT team at Baker McKenzie • Diwok Hermann Petsche Rechtsanwälte LLP & Co KG in Vienna. He is a lecturer for data protection law at the University of Vienna Law School and for IT compliance at the University of Applied Science Wiener Neustadt.


Beat König is an associate of Baker McKenzie's IP and Technology Team in Vienna. Beat advises multinational and domestic clients on telecommunications law, software licensing, data protection, IT outsourcing, patent law, trademark law, copyright, cyber security, e-commerce matters and related litigation.


Elisabeth is a partner in Baker McKenzie's Brussels office. She advises clients in all fields of IT, IP and new technology law, with a special focus on data protection and privacy aspects. She regularly works with companies in the healthcare, finance and transport and logistics sectors.


Francesca Gaudino is the Head of Baker McKenzie’s Information Technology & Communications Group in Milan. She focuses on data protection and security, advising particularly on legal issues that arise in the use of cutting edge technology.


Magalie Dansac Le Clerc is a partner in Baker McKenzie's Paris office. A member of the Firm's Information Technology and Communications Practice Group, she is a Certified Information Privacy Professional (CIPP).