Enforcement Is Live
The European Accessibility Act (EAA) has been in force since 28 June 2025. For most businesses with digital touchpoints serving EU consumers — e-commerce, banking, transport, telecommunications, media — there is no transition period remaining. Obligations apply now.
Despite this, many organisations are still in gap analysis or remediation phases. This article focuses on what is actually at stake: how enforcement works, what penalties look like across key member states, and how to calculate the cost of proactive versus reactive compliance.
How EAA Enforcement Works
Unlike some EU regulations with centralised enforcement bodies, the EAA operates through a decentralised member state model. Each EU country has:
- Designated market surveillance authorities responsible for monitoring compliance with product and service requirements
- Complaint mechanisms through which individuals and organisations can report non-compliant products or services
- Enforcement powers to investigate, issue corrective orders, and impose penalties
This means there is no single EAA regulator. A complaint filed in Germany is handled by German authorities under German national law. The same product or service could face complaints in multiple member states simultaneously.
The Complaint Pathway
A user with a disability who cannot access your digital service can:
- File a complaint directly with the national market surveillance authority
- Report through a disability rights organisation (which may have standing to file on behalf of users)
- In some member states, pursue civil litigation based on the national transposition law
Authorities can then open an investigation, request documentation of your compliance efforts, inspect products, and ultimately issue enforcement notices or financial penalties.
Market Surveillance
Beyond responding to complaints, national authorities have proactive powers. They can conduct market sweeps — testing products and services for compliance and initiating enforcement without a complaint trigger. In sectors with high public interest (banking, transport, telecom), proactive surveillance is more likely.
Penalties by Member State
The EAA directive required member states to set penalties that are "effective, proportionate, and dissuasive." What that translates to in practice differs significantly.
Spain
Spain's national transposition connects EAA obligations to its existing digital services legal framework. Under the Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico (LSSICE) and the accessibility provisions in Ley 11/2023 (the national EAA transposition), violations can be classified as:
- Minor infringements: fines up to €30,000
- Serious infringements: fines from €30,001 to €150,000
- Very serious infringements: fines above €150,000
Spain's enforcement body for digital services is the Secretaría de Estado de Digitalización e Inteligencia Artificial (SEDIA). The pre-existing Real Decreto 1112/2018 framework for public sector websites provides precedent for how enforcement is likely to operate for private sector services.
Germany
Germany transposed the EAA through the Barrierefreiheitsstärkungsgesetz (BFSG), which entered into force on 28 June 2025. The BFSG empowers the relevant Marktüberwachungsbehörde (market surveillance authority) to:
- Issue corrective orders requiring companies to bring products or services into compliance
- Prohibit the placing of non-compliant products on the market
- Levy fines for persistent non-compliance
The BFSG does not set a fixed maximum penalty in the same way as some other legislation, but the powers align with the EU Market Surveillance Regulation framework, under which penalties can be substantial for repeated or wilful violations.
France
France transposed the EAA through legislation amending the existing framework around digital accessibility (initially established under the loi pour une République numérique and subsequent texts). The Direction générale de la concurrence, de la consommation et de la répression des fraudes (DGCCRF) has enforcement competence for consumer-facing digital services.
French law provides for formal notices (mises en demeure), followed by fines and potential court orders for persistent non-compliance. The reputational consequence of a DGCCRF investigation — which may be publicly disclosed — is often as significant as the financial penalty.
Italy and Other Member States
Italy's transposition (Legge n. 69/2022 and subsequent measures) aligns with the broader EU framework. Other member states have similar structures: designated national authorities, complaint mechanisms, a range from corrective orders through to financial penalties for serious or repeated violations.
Key Pattern Across the EU
While fine levels differ by country, the enforcement pattern is consistent:
- Complaint filed or proactive investigation initiated
- Authority notifies the organisation and requests compliance evidence
- Corrective order issued with a deadline
- Failure to comply → escalation to financial penalties
- Persistent non-compliance → market withdrawal orders and/or civil liability
The financial penalties are the visible risk. The less visible but often larger risk is the corrective order under time pressure — being required to remediate complex accessibility issues within weeks, at emergency cost, while under public scrutiny.
Transition Periods: What Still Applies
The EAA included transition provisions for certain existing contracts. The key rule:
Service contracts entered into before 28 June 2025 that require a natural extension of service are covered by a transition period extending to 28 June 2030. This applies to ongoing contracts, not to new products or services launched after June 2025.
What this means in practice:
- An existing SaaS contract for a customer support platform signed in 2024 may have until 2030 for full accessibility compliance.
- A new chatbot deployment, website redesign, or app feature launched after June 2025 has no transition period — it must comply immediately.
- Products placed on the market after June 2025 must meet EAA requirements with no grace period.
The transition period is not an excuse to defer remediation work. It is a recognition that long-term contracts cannot always be unwound instantly. If you are using the transition period as cover, document that the contract genuinely pre-dates June 2025 and that you are actively working toward compliance.
Proactive vs Reactive Compliance: The Real Cost Comparison
The financial case for proactive compliance is straightforward, though the numbers vary significantly by organisation and starting point.
Reactive Compliance Costs
Reactive compliance — remediating accessibility under enforcement pressure — tends to involve:
- Emergency remediation: Bringing in specialist consultants or accessibility auditors under time pressure. Rates for emergency accessibility work are significantly higher than planned project rates.
- Compressed timelines: Accessibility work done rapidly tends to produce technical debt, partial fixes, and regression risk. Rushed remediation often requires a second remediation cycle.
- Legal costs: Responding to a regulatory investigation requires legal representation. If the matter escalates to litigation, costs compound.
- Potential fines: Even if fines are relatively modest, they add to the total.
- Reputational damage: A publicly disclosed accessibility complaint against a consumer brand generates press coverage, social media attention, and potential customer trust damage that is hard to quantify but real.
Proactive Compliance Costs
Proactive compliance — building accessibility into design and development processes — involves:
- Initial audit: A thorough WCAG 2.2 gap analysis of existing products and services.
- Remediation: Fixing identified issues within a planned project timeline, without emergency premiums.
- Process integration: Updating design systems, QA processes, and vendor contracts to embed accessibility requirements. This is typically a one-time investment with ongoing maintenance costs.
- Training: Upskilling design and development teams on accessibility principles.
The ratio of proactive to reactive cost is well-established in software quality generally: finding and fixing a problem in design costs significantly less than fixing it in production, which costs significantly less than fixing it under legal pressure.
The Third Option: Choosing Accessible Vendors
For digital services that involve third-party components — chat widgets, payment UIs, booking systems — the accessibility compliance of those components is your responsibility as the integrator. Choosing vendors whose products already meet WCAG 2.2 AA eliminates a category of remediation work entirely.
This is one of the reasons accessibility compliance is increasingly a vendor selection criterion in enterprise procurement. A chatbot that ships with WCAG compliance built in costs nothing more than a non-compliant chatbot in licensing fees, but eliminates a compliance gap.
How to Start Compliance Now
Immediate actions (weeks 1-4)
- Scope your obligations: Which products and services do you offer to EU consumers that fall within EAA scope?
- Automated baseline scan: Run axe DevTools, Lighthouse, or an equivalent scanner on your primary digital touchpoints. This will surface the easiest-to-find issues quickly.
- Appoint an accessibility owner: Someone needs to own this — a named person, not a committee. Without ownership, nothing moves.
Short-term (months 1-3)
- Manual WCAG audit: Commission a manual audit against WCAG 2.2 Level AA. Automated scans miss the majority of real issues. The audit should include screen reader testing and keyboard-only testing.
- Prioritise by user impact and legal risk: Not all failures carry the same risk. Focus on barriers to core user journeys (purchasing, accessing account, contacting support) and on violations of Level A criteria.
- Review third-party components: Audit your chat widget, payment processor UI, forms library, and any other third-party component embedded in your user experience.
Medium-term (months 3-12)
- Remediate and document: Fix identified issues and document the process. This documentation is your evidence of good faith if a complaint is filed during the remediation period.
- Publish an accessibility statement: Disclose your current compliance level, known issues, and remediation roadmap. This is both a legal requirement under some national transpositions and a demonstration of transparency.
- Build into process: Add accessibility review to your design system, QA checklist, and vendor procurement requirements.
If your compliance gap includes an inaccessible chatbot or conversational AI component, AISWise provides EAA-compliant AI chat solutions designed to meet WCAG 2.2 requirements out of the box — reducing one category of compliance risk without requiring a custom remediation project.
Summary
EAA enforcement is live, decentralised across member states, and driven by both complaints and proactive market surveillance. Financial penalties vary by country but can reach six figures for serious violations — and the operational cost of a corrective order under time pressure is often higher than the fine itself.
The transition period to June 2030 applies only to pre-existing service contracts. New products and services must comply now.
The business case for proactive compliance is clear: audit costs + planned remediation are consistently lower than emergency remediation + legal costs + potential penalties. Start with scope assessment and an automated scan this week, and schedule a manual audit within the next 30 days.