EAA Enforcement in 2025: What Has Actually Happened So Far?

The European Accessibility Act’s enforcement deadline passed on 28 June 2025. For most SaaS founders serving EU markets, the months before the deadline were characterised by one of two responses: genuine compliance work, or hopeful inaction based on the assumption that enforcement would be slow, inconsistent, and easily avoided. Now that the deadline has passed and enforcement has begun across EU member states, the picture is becoming clearer. This post summarises what has actually happened since the enforcement deadline, which countries have moved first, what actions have been taken, what fines have been issued, and what the enforcement trajectory looks like for SaaS products. It is not a compliance guide. It is an honest account of the regulatory reality for SaaS founders who serve EU users and need to understand what they are actually facing.

The Enforcement Architecture: Why It Varies So Much Between Countries

The EAA itself does not set fixed fines. Article 30 of Directive (EU) 2019/882 requires each EU member state to establish penalties that are “effective, proportionate and dissuasive”, but leaves the specific amounts, enforcement mechanisms, and procedural steps to national law.

This means that a SaaS product serving users in five EU countries faces five separate enforcement regimes, each with different fine structures, different enforcement agencies, and different procedural approaches. Enforcement actions can be initiated independently in each country; there is no single penalty cap across borders.

The practical implication for SaaS founders: the risk from EAA non-compliance is not uniform across markets. A product with significant user bases in France, Germany, and the Netherlands faces materially higher aggregate exposure than the same product serving primarily markets with lighter enforcement frameworks.

Country-by-Country Enforcement: Where Things Stand

Germany

Germany transposed the EAA through the Barrierefreiheitsstärkungsgesetz (BFSG), which came into force on 28 June 2025. Enforcement is led by the Bundesnetzagentur (Federal Network Agency), with monitoring by BFIT (Federal Accessibility Monitoring Body).

The fine structure is per violation: up to €100,000 for each accessibility failure. Early enforcement activity has focused on e-commerce platforms and banking applications, sectors with the highest consumer impact. The per-violation structure is significant: a site with 15 distinct accessibility failures could theoretically face €1,500,000 in aggregate penalties. In practice, regulators apply proportionality principles, but the aggregate liability exposure is real for products with multiple accessibility gaps.

Additional fines of up to €10,000 apply specifically for failing to provide accurate accessibility information, a separate penalty from the underlying product accessibility failures.

France

France has one of the more complex enforcement structures in the EU, with multiple agencies covering different sectors: ARCOM for audiovisual and digital platforms, ARCEP for electronic communications, DGCCRF for consumer protection, and AMF and ACPR for financial services.

The base penalty is a fifth-class fine: €7,500 for legal entities per violation, doubling to €15,000 for repeat offenders. Systemic non-compliance can reach €250,000 in aggregate.

Critically, France has already moved. In late 2025, Carrefour, Auchan, and Leclerc received formal enforcement notices requiring their e-commerce platforms to be made accessible, the first significant enforcement actions under the EAA in any EU member state. France’s approach to auditing is detailed: regulators assess sites against specific WCAG 2.1 success criteria and issue separate penalties for each category of violation.

France also imposes a specific annual penalty of €25,000 for missing accessibility statements, a penalty that applies independently of the underlying product accessibility status. If your product serves French users and you have not published an accessibility statement, this exposure exists regardless of how accessible your product actually is.

The Netherlands

The Netherlands has established one of the most aggressive enforcement frameworks in the EU. The Authority for Consumers and Markets (ACM) leads enforcement with fines up to €900,000 or 10% of annual revenue, the highest ceiling in the EU for most commercial products.

The ACM has a strong track record of proactive enforcement in digital consumer protection, and the EAA enforcement framework gives it the same tools it has used effectively in other domains. The Netherlands started contacting businesses about compliance shortly after the June 2025 deadline and is expected to be among the earliest countries to issue significant fines.

Sweden and Denmark

Sweden (through the Swedish Post and Telecom Authority, PTS) and Denmark both became active in market surveillance of digital products in October 2025, approximately 3 months after the enforcement deadline. Both countries have approached enforcement with a focus on guidance and remediation before fines, consistent with their broader regulatory cultures. Sweden’s potential penalties include market bans and fines up to SEK 10 million (approximately €870,000).

Spain and Italy

Spain and Italy have turnover-based or ceiling penalties that signal serious long-term enforcement capacity. Spain’s Ministry of Social Rights oversees enforcement with variable penalties by autonomous region. Italy’s AGCOM enforces with penalties up to €100,000 per violation. Both countries have been more gradual in early enforcement activity, but the penalty structures are in place for escalation as cases develop.

Ireland

Ireland is notable as the only EU member state that provides for criminal penalties, not just administrative fines, in cases of serious EAA non-compliance. The base penalty is €7,500 per offence for legal entities, doubling for repeat violations.

The Enforcement Process: What Actually Happens

For most countries, EAA enforcement follows a similar procedural sequence:

1. Complaint or monitoring trigger. Enforcement is initiated either by a formal complaint from a user with a disability, from a disability advocacy organisation, or from a competitor, or through proactive market surveillance by the national enforcement agency.

2. Investigation. The agency assesses the product against EN 301 549 / WCAG 2.1 AA requirements. This assessment may involve automated scanning, manual testing, and assistive technology testing.

3. Formal notice. If non-compliance is found, the business receives a formal notice identifying the violations and a remediation deadline — typically 30–90 days, depending on the country. France and Germany issue detailed violation registers; some countries issue more general notices.

4. Remediation window. Many countries offer a genuine opportunity to fix issues before fines are imposed. This is not a guaranteed grace period — Spain and the Netherlands can impose immediate penalties for serious violations, but for most first-time violations in most countries, the remediation window is real and available.

5. Fine (if remediation fails). If the violations are not adequately addressed within the remediation window, fines are imposed. Per-violation structures (Germany, France) mean the aggregate penalty depends on the number and category of failures. Companies operating across multiple EU markets can face parallel enforcement actions in multiple jurisdictions.

Who Is Filing Complaints

Enforcement is being driven by two distinct groups: national regulatory agencies conducting proactive market surveillance, and disability advocacy organisations filing formal complaints against non-compliant products.

Disability organisations across the EU have invested significantly in accessibility monitoring infrastructure in anticipation of the enforcement deadline. They are actively scanning e-commerce platforms, banking applications, transportation booking systems, and SaaS products for accessibility barriers and filing formal complaints with national enforcement agencies when they find them.

This means that enforcement exposure is not purely a function of regulatory priority. A SaaS product with significant EU users that has not addressed its accessibility failures is likely to receive a complaint-triggered investigation regardless of whether it falls within a regulatory agency’s immediate enforcement priorities.

What SaaS Products Actually Need to Do

The enforcement picture confirms three things that were true before the deadline and remain true now:

First, automated testing is not enough. Automated tools detect approximately 30–40% of WCAG 2.1 violations. A product that passes automated scans may still have significant manual testing failures that enforcement agencies will find. The products that are genuinely safe from enforcement action are those that have undergone manual WCAG 2.1 AA audits, including keyboard navigation testing, screen reader testing, and cognitive accessibility review.

Second, the accessibility statement is a separate, specific obligation. France’s €25,000 annual penalty for missing accessibility statements applies independently of product accessibility status. Publishing an accurate, EAA-compliant accessibility statement is the single lowest-cost action available to reduce enforcement exposure.

Third, the remediation window is real but short. Most countries give 30–90 days to fix violations after a formal notice. For a SaaS product with significant accessibility debt, this may not be enough time to address all failures. Products that invest in compliance before receiving a formal notice are in a significantly better position than those that plan to act only after enforcement arrives.

Conclusion

EAA enforcement is active. It is not uniform, the penalty structures, enforcement agencies, and procedural approaches vary significantly between member states, but the direction is consistent: enforcement will intensify through 2026 as agencies develop capacity and advocacy organisations continue filing complaints. The countries with the most aggressive enforcement regimes (France, the Netherlands, Germany) are also among the most significant markets for SaaS products serving EU users. For SaaS founders who have deferred accessibility work on the assumption that enforcement would be slow and theoretical, the early enforcement activity in France and the proactive stance of the Netherlands and Germany should recalibrate that assessment.

→ Not sure where your product stands against WCAG 2.1 AA? Inity conducts accessibility audits and produces the documentation you need to demonstrate compliance. Book a call.