EAA Enforcement, One Year In: What’s Happened and What Comes Next

When the European Accessibility Act (EAA) deadline arrived in June 2025, many organizations treated it as a finish line. Meet the deadline, update the accessibility statement, and move on. What’s unfolded since tells a different story.

The first year of EAA enforcement has been uneven across EU Member States, but the direction is consistent. Civil society organizations have filed lawsuits. Regulators have launched market surveillance inspections and sent formal information requests to companies worldwide. Private law firms have issued warning letters. The machinery of enforcement is running, and it’s accelerating.

This article maps what has actually happened since June 2025, what’s at risk for non-compliant organizations, and what you should be doing now to reduce exposure as enforcement intensifies.

A recap: What the EAA requires and who it covers

The EAA applies to businesses with 10 or more employees or €2 million or more in annual turnover that sell covered products or services to EU consumers. Impacted sectors include e-commerce, banking, transport, telecom, and digital services. The presumptive compliance standard is EN 301 549, which references WCAG 2.1 Level AA for web and mobile. For a full breakdown of the EAA requirements, explore our guide.

Organizations had until June 2025 to bring services, as well as new products, into compliance. The deadline for legacy products and content is still on the horizon in 2030.

How enforcement has rolled out across EU Member States

Enforcement activity has varied significantly by country. Some EU Member States moved quickly into formal proceedings; others are building monitoring infrastructure ahead of active enforcement. Here are a few examples of Member States that have begun enforcing the EAA.

France: Civil society takes the lead

France has seen the most significant early enforcement activity in the EU, driven by civil society rather than regulators. On July 7, 2025, four national government organizations (NGOs) focused on disability issued formal legal notices to four major retailers—Auchan, Carrefour, E. Leclerc, and Picard—demanding that their websites and mobile applications be made accessible. When the response was considered insufficient, the organizations filed emergency injunctions on November 12, 2025.

The Auchan case was heard in May 2026 and dismissed. The court acknowledged that the Auchan e-commerce website does not conform to digital accessibility standards, which Auchan did not dispute. The judge also noted Auchan’s “lack of interest” in accessibility despite being a major online commerce player. However, the court still refused to find an obvious unlawful breach in summary proceedings, and the case was rejected. The NGOs are appealing to the Douai Court of Appeal.

Meanwhile, the Carrefour case was heard in June 2026. The Caen Judicial Court issued an order requiring Carrefour France to make its online commerce services—both the website “carrefour.fr” and the “Carrefour” mobile application—fully accessible to people with disabilities. Carrefour has six months to comply with this injunction, with a fine for each day of delay.

The company did not dispute being subject to accessibility obligations and stated that it already met 71% of the criteria in the RGAA, France’s digital accessibility standard. However, the judge was direct that partial accessibility is not sufficient for compliance—online services must be perceivable, understandable, and usable for people with disabilities. Where companies assess against the RGAA, 100% of the applicable criteria must be met.

Taken together, these decisions highlight a few key points. Not only are courts interpreting full conformance with accessibility standards as mandatory under the EAA and broader accessibility obligations, but it is also still early in the process. Authorities and courts are still trying to figure out how to enforce these laws, so we anticipate inconsistent or even conflicting decisions. This makes it vital for organizations to keep their compliance efforts on track as expectations continue to develop.

Germany: Private enforcement through competition law

Within weeks of the Barrierefreiheitsstärkungsgesetz (BFSG), Germany’s EAA transposition, taking effect, e-commerce operators began receiving private warning letters from law firms. This reflects a distinctly German enforcement dynamic: Rather than waiting for regulatory action, private parties can use non-compliance with accessibility laws as grounds for unfair competition claims. It’s a clear signal that enforcement exposure in Germany is not limited to regulators.

Sweden: Regulatory inspection and public complaints

In October 2025, the Swedish Post and Telecom Authority (PTS) opened its first regulatory cases related to e-commerce accessibility, targeting larger retailers established in Sweden. The initial review focuses on three elements of each company’s website: the homepage, a product page, and the search function. Apps are out of scope for this first round.

The PTS has also received 124 public complaints—110 concerning services, predominantly e-retail websites, and 14 concerning products such as ATMs. The volume of complaints suggests that consumers are aware of their rights under the EAA and willing to exercise them.

Netherlands: Global outreach, formal enforcement approaching

The Dutch Consumer and Market Authority (ACM) allowed voluntary self-reporting until October 15, 2025, after which reporting became mandatory. The ACM has since sent information requests to e-commerce operators worldwide—including companies headquartered outside the EU that sell to Dutch consumers. Organizations that did not respond are now under active monitoring, with formal enforcement expected in the second half of 2026.

The broader EU picture: Infrastructure is in place

Sweden, the Netherlands, France, Finland, Luxembourg, and Italy have all established direct channels for EAA non-compliance notifications. Italy has also published comprehensive national guidelines for EAA compliance. Across the EU, national authorities now have what they need to act. The focus has shifted from getting ready to following through.

National authorities have built the reporting, monitoring, and escalation mechanisms they need. The question for most organizations is no longer whether enforcement will reach them, but when.

What’s at stake: The penalty landscape

As of mid-2026, no monetary fines have been confirmed under any EAA-transposed national law. The first year has been characterized by formal notices, civil society lawsuits, regulatory monitoring, and private warning letters.

That is how EU enforcement typically begins. Regulators generally move from notification to remediation orders before imposing financial penalties, and landmark fines tend to follow persistent non-compliance rather than first violations.

However, the penalty frameworks already in place are significant:

• Germany (BFSG): Up to €100,000 per violation
• Spain: Tiered fines up to €1 million for very serious violations
• Italy: Up to €1 million
• Netherlands: Up to €900,000 or 10% of annual revenue
• Ireland: The only Member State with criminal liability, with penalties up to €60,000 and six months’ imprisonment for severe or repeat violations

What 2026 and 2027 bring

If the first year was about laying the groundwork, 2026 and 2027 are when that groundwork gets used. Authorities are moving from monitoring to action, the technical standard is changing, and new products and services are coming into scope.

• Enforcement will likely intensify as national monitoring authorities mature their processes and move from information-gathering toward formal sanctions. The mid-2026 shift in the Netherlands is the clearest near-term signal, but other authorities are on a similar trajectory.
• Emergency communications services come into scopein June 2027, and legacy products must comply by 2030. Organizations that are already managing EAA compliance for current obligations should be mapping which additional products and services will require attention.
• EN 301 549 is due for a new version in 2026, which will likely become the new technical benchmark organizations are expected to meet. Teams should prepare to meet updated conformance targets.

Organizations should also be aware that accessibility is increasingly becoming part of EU ESG frameworks. Under the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS), in-scope companies must report on material social impacts, including topics related to diversity, inclusion, non-discrimination, and accessibility. Disability inclusion is explicitly reflected across several ESRS social standards.

For organizations subject to CSRD, accessibility is both a legal compliance obligation and a sustainability reporting topic. The ESG pressure is separate from enforcement but may prove to be one of the stronger drivers of accessibility investment in the coming years.

How to position your organization for long-term EAA compliance

The first year of EAA enforcement has confirmed what most compliance leaders expected: the pace has varied by country, but the direction is consistent. The tools of enforcement are now in place across the EU. Organizations that want to get ahead of scrutiny should focus on four things.

1. Conduct or refresh a conformance audit against EN 301 549: If your last audit predates the June 2025 deadline, your conformance picture islikely out of date. Regulators and courts will ask what your organization has done since the law took effect.
2. Confirm your accessibility statement and complaint mechanism are in place and current: These are baseline EAA requirements, andtheir absence is an easy enforcement trigger.
3. Build documentation that demonstrates progress to a regulator: In the EU enforcement model, organizations that can show active remediation efforts are in a materially better position than those that cannot. A compliance record that reflects ongoing activity is not just good practice; it is protection.
4. Account for the 2030 legacy-content deadline in your roadmap: While four years may feel like a long time,the organizations that will meet this deadline confidently are already building it into their planning now.

EAA compliance is a program, not a project

The June 2025 deadline was not an endpoint. It was the start of a sustained enforcement period. Organizations that treat EAA compliance as an ongoing program rather than a project will be better positioned to respond when regulators, NGOs, or procurement teams ask for evidence of where they stand.

If you’re assessing your organization’s current position under the EAA, contact our team to discuss where to start.