European Accessibility Act: the first year in practice

Actualizado: 2026-05-03

On 28 June 2025 the substantive obligation of the European Accessibility Act kicked in, directive 2019/882 transposed by every member state between 2022 and 2024. Six months in, we have real data: the first sanction files opened in Spain, Germany, and the Netherlands; the first forced mass-remediation deployments; and enough operational lessons to tell which companies were prepared and which panicked after discovering the scope at the last moment.

Key takeaways

• The EAA applies to specific products and services sold to end consumers inside the Union: e-commerce, consumer banking, passenger transport, e-books, electronic communications, on-demand audiovisual services, and terminal hardware.
• The main technical threshold is EN 301 549, which incorporates WCAG 2.1 level AA as baseline.
• The five most frequent infringement categories in Spain (July-December 2025): inaccessible forms, multimedia without alternatives, broken keyboard navigation, inadequate contrast, and absence of published accessibility statement.
• Automatic tools detect 30-40% of problems: auditing only with axe-core answers 10% of the exam.
• Overlays (accessiBe, UserWay, EqualWeb) don’t count as compliance; they’re a complement, never a substitute.

What the EAA actually covers

Worth starting with precision. The EAA doesn’t turn the entire web into regulated space. It applies to specific products and services sold to end consumers inside the Union:

• E-commerce.
• Consumer banking.
• Passenger transport.
• E-books.
• Electronic communications including emergency call centers.
• On-demand audiovisual services.
• Terminal hardware like ATMs and telecom devices.

Companies selling exclusively to other businesses, non-commercial institutional sites, or internal applications fall outside the EAA. The main technical threshold is EN 301 549, which incorporates WCAG 2.1 level AA as baseline. For the first time it applies with force of law and with national authorities holding sanction power. In Spain the Secretaría de Estado de Digitalización y Inteligencia Artificial took the role, with a sanctions regime reaching up to one million euros per very serious infringement.

Service-providing microenterprises (fewer than ten employees, turnover under two million) are also excluded. The interpretive trend from the first sanction files is that the obligation lies with whoever markets the product to the end consumer, regardless of who physically built it.

First sanction files

In Spain between July and December 2025, around forty formal files were opened. Most concentrated on mid-size e-commerce, online banking, and transport platforms. The patterns are revealing: over seventy percent of the detected infringements group into five basic categories:

1. Forms and checkout flows with inaccessible validation — errors appearing without semantic field association, error summaries not announced to screen readers, buttons without accessible labels.
2. Multimedia content without alternatives — marketing videos with badly synced auto-captions or no captions, informational audio without transcript.
3. Broken keyboard navigation — dropdown menus that don’t respond to tab, custom components like date pickers or size selectors that trap focus or jump randomly.
4. Inadequate contrast and text size — still the error most easily detected automatically and one of the most heavily penalized precisely for that reason.
5. Complete absence of published accessibility statement — required in a visible place with compliance level, contact channels, and improvement plan. Omitting it is a formal infringement independent of actual accessibility level.

Common operational mistakes during 2025

Watching companies of every size through the second semester, four worrying patterns emerge:

1. Exclusive-automation reflex — install axe-core in CI and declare victory when no errors appear. Automatic tools detect between 30 and 40 percent of real problems, and practically nothing related to semantic coherence, content structure, or screen-reader usability. Auditing only with them answers 10% of the exam.

2. Delegating to overlays — companies like accessiBe, UserWay, or EqualWeb sold for years the promise that a script added to the page turned any site accessible. The EAA has made that lie clear: an overlay can ease visual adjustments for the user, but doesn’t fix inaccessible code. The initial interpretive position is that an overlay is a complement, never a substitute.

3. Cramming the audit into the last weeks — several teams ran remediation sprints in May and June 2025 that fixed surface problems but left structural ones intact: design systems with inaccessible custom components by construction, complex interaction flows with misused ARIA. The debt drags and appears in every subsequent audit.

4. Treating accessibility as a one-off project — digital products change constantly; every release can introduce regressions. Teams that passed a May audit and didn’t integrate continuous checks found themselves facing autumn files after new features broke the already-fixed parts.

What works

Against those mistakes, companies that entered 2026 well-postured share three recognizable patterns:

1. Accessibility in the design system at the component level — if the buttons, forms, and navigation of the design system are accessible by default, the product team inherits compliance for free by consuming the system. This saves hundreds of point reviews.

2. Regular human auditing — hiring auditors with disabilities to review critical flows quarterly catches problems no script finds. Companies that did this in 2025 have fewer open files and more effective remediations.

3. Living compliance documentation — keeping the accessibility statement as a living document with real review dates, a conformance matrix per product area, and a remediation plan with dated commitments sends a clear signal to regulators. Several files closed without sanction precisely because the company could demonstrate ongoing process.

How to prioritize

For technical teams still catching up, the practical question is where to concentrate effort. My recommendation is to start with the five categories where sanctions concentrate: forms and validation, multimedia, keyboard, contrast, published statement. That probably covers sixty percent of the sanction risk with a much smaller fraction of the total effort full WCAG 2.1 AA compliance would require.

After that, prioritize the critical product flows: user signup, purchase, account management, support contact. If these are accessible, both real risk and reputational risk are covered. The rest of the product can be remediated on a realistic calendar. Full accessibility isn’t achieved in a quarter, but meeting the critical part is.

Conclusion

After six months watching how the EAA applies in practice, the regulation has worked as expected: it moved companies from treating accessibility as a goodwill topic to treating it as an accounting obligation. It didn’t become an arbitrary sanction war, nor a full transformation of the European digital ecosystem. It raised the floor without pushing the ceiling much.

For technical teams, the practical message: integrating accessibility into normal development processes is cheaper and more effective than treating it as a recurring special project. Companies that have understood this are already saving effort and risk; those still treating it as an external annoyance will pay that overhead for years, both in sanctions and in accumulated remediation work that ends up much more expensive than doing it right from the start.