Editorial · EU regulatory requirements

The European Accessibility Act: what it actually requires of private companies

Directive (EU) 2019/882 — the European Accessibility Act, or EAA — was adopted on 17 April 2019, required Member-State transposition by 28 June 2022, and bound covered economic operators from 28 June 2025. Six years from adoption to applicability is a long runway, but the substantive obligations behind it are now in force across all 27/27 Member States. This is a requirements-side dossier — what the Directive covers, which products and services are caught, what technical standard the conformity presumption rests on (EN 301 549 V3.2.1, which incorporates WCAG 2.1 Level AA), and which two structural escape valves exist: the microenterprise carve-out for service providers under 10 staff or €2M turnover, and the disproportionate-burden defence in Article 14 with its five-year documentation requirement. Year-one enforcement is covered in a companion piece; this article is about what the law asks of private companies, on paper.

Findings · Case file EAA-REQ07 entries · derived from Directive (EU) 2019/882, EN 301 549 V3.2.1, and national transposition acts

What the EAA actually requires of private companies

  1. 016 + 8

    Six product categories and eight service categories fall inside the Directive’s substantive scope

    Products: general-purpose computers, smartphones, smart-TV consumer equipment, self-service terminals (ATMs, ticketing, check-in kiosks), consumer banking terminals, e-readers. Services: consumer banking, electronic communications, e-commerce, e-books and dedicated software, audio-visual media access components, transport e-ticketing and information services, and emergency communications via 112.

  2. 02WCAG 2.1 AA

    The harmonised technical reference is EN 301 549 V3.2.1, which incorporates WCAG 2.1 Level AA

    Annex I sets functional requirements as outcomes. Conformity with the harmonised standard creates a presumption of conformity with Annex I — it does not replace it. Annex II provides non-binding examples of how the functional requirements can be met.

  3. 0328 Jun 2025

    The substantive applicability date is 28 June 2025 — three years after transposition, six after adoption

    A grandfathering window runs to 28 June 2030 for services using products lawfully placed on the market before 2025, and to 28 June 2045 for self-service terminals already in operation at the applicability date — but only until the end of their economic life.

  4. 04< 10 / €2M

    The microenterprise exemption — services-side only — covers undertakings under 10 staff OR under €2M turnover

    Article 4(5) exempts microenterprises from the services-side requirements (Annex I Section IV). It does not extend to products. The carve-out is automatic — no application or assessment — but it is also a single-jurisdiction concept; a cross-border platform is a microenterprise nowhere as soon as it crosses either threshold.

  5. 05Art. 14 · 5 yr

    The disproportionate-burden defence in Article 14 carries the burden of proof and a five-year documentation requirement

    Operators must self-assess against the criteria in Annex VI (size and resources of the operator; estimated costs and benefits to disabled persons). Documentation must be retained for inspection for five years and updated whenever the affected product or service is materially altered.

  6. 06Art. 30

    Penalties are set by each Member State and must be “effective, proportionate and dissuasive”

    The Directive sets no harmonised floor or ceiling. In practice the published ceilings span two orders of magnitude — from €5,000 per violation in Estonia and Slovenia to approximately €1 million in Spain (Ley 11/2023), with turnover-percentage tiers up to 5% of annual turnover in Italy.

  7. 07CE

    Products require a CE marking and an EU Declaration of Conformity; services require an accessibility statement

    Annex IV sets the products-side conformity-assessment procedure (internal production control / Module A). Services-side operators do not affix a CE marking but must publish an accessibility statement covering how the service meets Annex I and how to contact the provider on accessibility matters.

SourceDirective (EU) 2019/882, OJ L 151, 7.6.2019; Annexes I, IV, VI; ETSI EN 301 549 V3.2.1; national transposition acts referenced in the body of this article.

In this dossier

What the EAA is, in one paragraph

The European Accessibility Act is a directive — not a regulation — adopted under Article 114 of the Treaty on the Functioning of the European Union, the internal-market legal basis. It harmonises Member-State accessibility requirements for a defined list of products and services placed on the EU market, so that an e-reader, a banking interface, or an e-commerce checkout designed for the German market does not have to be re-engineered for the Spanish market because the underlying accessibility obligations diverge. The legislative pose is single-market: by setting one outcome standard at EU level, the Directive removes the patchwork of national accessibility rules that had grown up around products and services since the 2000s. The accessibility benefit is the consequence; the legal mechanism is harmonisation.

The Directive’s full title is the most accurate description of what it does: Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services. Published in the Official Journal of the European Union as OJ L 151 on 7 June 2019, it required transposition into national law by 28 June 2022 and binds covered economic operators from 28 June 2025. The applicability date — not the transposition date — is the moment at which the Directive’s substantive obligations attach to private companies. For a company placing covered products on the EU market or providing covered services to EU consumers, 28 June 2025 is when the law actually starts asking questions.

One crucial framing: the Directive is a private-sector instrument. The public-sector accessibility regime — websites and mobile applications of public-sector bodies — is governed by the Web Accessibility Directive (EU) 2016/2102, which has been in force since 2018 and uses a similar but distinct technical reference. A company should not assume that compliance with 2016/2102 means compliance with 2019/882, or vice versa: the two regimes overlap on the WCAG floor but diverge on the conformity-assessment apparatus, the penalty architecture, and the exemption regime.

The six product and eight service categories

The EAA's six main scope categories — computers, ATMs, e-commerce, banking, e-readers, audio-visual media — visualised as a grid of icons.
The EAA covers six product categories and eight service categories. The grid above is the consumer-facing slice — the everyday surfaces where the Directive most often touches a private company’s product roadmap.

The Directive’s substantive scope is set in Article 2 and detailed in Article 3. The list is closed: a product or service not on the list is not covered, regardless of how interactive or consumer-facing it is. This is the first question a compliance team asks, and it is also the most-misread question in the first wave of EAA coverage. The Directive does not cover “all digital products.” It covers a specific, enumerated list.

Products in scope (Article 2(1))

  • General-purpose computer hardware systems and their operating systems, including desktop computers, laptops, and the operating-system software that ships with them.
  • Self-service terminals — payment terminals at point of sale, ATMs, ticketing machines (rail, air, road), check-in kiosks (airports, hotels) and interactive self-service kiosks providing information about covered services.
  • Consumer terminal equipment with interactive computing capability for electronic communications services — smartphones, tablets with cellular connectivity, modems, routers.
  • Consumer terminal equipment with interactive computing capability for accessing audio-visual media services — smart TVs, set-top boxes, streaming devices.
  • E-readers. Dedicated e-book reading devices, regardless of operating system.
  • Banking-services terminals. Specific consumer-banking hardware not already caught under self-service terminals (point-of-sale terminals dedicated to consumer banking transactions).

Services in scope (Article 2(2))

  • Consumer banking services, including current accounts, payment services, credit-card transactions, consumer credit, and the public-facing interfaces (online banking portals, mobile-banking apps, ATMs as a service surface) through which they are delivered.
  • Electronic communications services — internet access, voice services, messaging services, and the customer-facing interfaces used to subscribe to and manage them.
  • Services providing access to audio-visual media services, including the electronic programme guides (EPGs) and the customer-facing interfaces of streaming and broadcast platforms — but not the audio-visual content itself, which is governed by the Audiovisual Media Services Directive (EU) 2018/1808.
  • Air, bus, rail, and waterborne passenger transport services — limited to specific service elements: websites, mobile-device-based services including mobile applications, electronic ticketing, real-time travel information, and self-service terminals located within the EU territory.
  • Consumer e-commerce services. Services provided through websites or mobile applications, allowing consumers to conclude a contract with a trader for the supply of products or services. This is the scope category that catches the largest number of private companies.
  • The European single emergency number 112. Communications to and from the 112 service must be accessible.
  • E-books and dedicated software — the electronic publication file itself, the reading device’s software, and the service through which the e-book is acquired and managed.

Two categories deserve careful reading. Audio-visual media access components covers the interface to AV services — not the AV content. Whether a Netflix show ships with audio description is a question for the Audiovisual Media Services Directive; whether the Netflix app’s sign-up flow is keyboard-navigable is a question for the EAA. Transport services are covered only on their digital surfaces (websites, apps, ticketing kiosks, real-time information); the physical accessibility of stations, rolling stock, and aircraft remains governed by the relevant transport-mode regulations (Regulation (EU) 1300/2014 for rail, Regulation (EU) 181/2011 for bus, Regulation (EC) 1107/2006 for air passengers with reduced mobility).

What’s not in scope — and why it matters

The Directive’s closed list excludes large categories of digital activity. Workplace software, internal business tools, business-to-business platforms not sold to consumers, gaming, social-media platforms, search engines, and information-only websites that do not allow the user to conclude a contract — none of these are caught by the EAA. Some Member-State transposition acts have extended the national scope (the German BFSG covers a narrower scope than some had expected; the Spanish Ley 11/2023 covers approximately the Directive’s list). A business operating across the EU must check the national transposition act in each Member State of operation for scope, not the Directive alone.

The Directive applies to economic operators — manufacturers, importers, distributors, service providers — regardless of where they are established, provided they place products on the EU market or provide services to EU consumers. A US-headquartered e-commerce platform selling to French consumers through a French-language site is a “service provider” under the Directive in the same way as a Paris-headquartered retailer. The territorial question is the market, not the seat.

EN 301 549, WCAG 2.1 AA, and the presumption of conformity

The Directive itself does not contain a literal accessibility specification. Annex I sets out functional requirements as outcomes — for example, that information is provided “through more than one sensory channel,” that “the user interface elements are operable through more than one input mode,” that “user interface elements include adaptive techniques that account for assistive technology requirements.” These are outcomes a designer can engineer toward but cannot mechanically check against. The Directive’s mechanism for closing that gap is the harmonised standard: a technical specification developed by a European Standards Organisation (in this case ETSI, the European Telecommunications Standards Institute) and referenced by the European Commission via Implementing Decision.

The referenced harmonised standard is ETSI EN 301 549 V3.2.1, originally published in March 2021 and referenced by the Commission in 2024–25 for EAA conformity-assessment purposes. The standard incorporates the W3C’s Web Content Accessibility Guidelines (WCAG) 2.1 Level AA for the digital-content layer, and adds requirements covering hardware, ICT with two-way voice communication, ICT with video capabilities, web-based authoring tools, and assistive-technology compatibility for products outside the web-only scope.

The legal effect of the harmonised standard is the presumption of conformity set out in Article 15 of the Directive. A product or service that conforms to EN 301 549 V3.2.1 is presumed to conform to the Annex I functional requirements — meaning a market-surveillance authority that wants to challenge that conformity carries the burden of demonstrating that the standard does not, in fact, deliver the outcome the Annex requires. Conversely, a product or service that does not follow the harmonised standard is not automatically non-conformant: the operator may demonstrate, by another route, that the Annex I outcomes are met. The harmonised standard is a safe harbour, not a literal incorporation.

EN 301 549
Harmonised standard referenced by the Commission
V3.2.1
Current referenced version (March 2021)
WCAG 2.1 AA
Web-content layer inside V3.2.1

For most service providers in the e-commerce, banking, electronic-communications, and audio-visual-access categories, the practical compliance question reduces to: does our customer-facing website and app pass WCAG 2.1 Level AA, with the EN 301 549 additions for any hardware or two-way-communication interfaces we operate? That is the question the standard answers — and the question the first wave of national enforcement actions has implicitly asked. The Directive’s drafters were careful to keep the legal obligation pitched at the outcome level (Annex I) precisely so that the underlying technical standard could be updated without re-opening the Directive. EN 301 549 V4, incorporating WCAG 2.2, is in late-stage drafting at ETSI as of mid-2026 and is expected to be referenced by the Commission within 18 months, at which point V4 conformity becomes the relevant safe harbour.

The Directive sets functional outcomes; the harmonised standard sets the engineering. A company designs to the standard, complies with the Directive.

The 2019–2045 timeline

The Directive’s transitional architecture is more nuanced than the headline “28 June 2025” date suggests. Four dates matter to compliance teams.

0117 April 2019 — AdoptionDirective (EU) 2019/882 adopted by the Parliament and the Council, published in OJ L 151 on 7 June 2019.
0228 June 2022 — Transposition deadlineMember States must have brought into force the laws and regulations necessary to comply with the Directive.
0328 June 2025 — ApplicabilitySubstantive obligations attach to covered economic operators. Products placed on the market and services provided to consumers from this date forward must comply.
0428 June 2030 — Services grandfatherService providers may continue providing services using products lawfully used to provide similar services before 28 June 2025 until 28 June 2030. Self-service terminals lawfully used before 28 June 2025 may continue to be used until the end of their economic life — but not later than 20 years (28 June 2045).

The grandfather provisions in Article 32 are important and frequently misread. A bank that operated an ATM estate on 27 June 2025 does not have to retrofit every existing machine the next day; it may continue to use those machines until they reach the end of their economic life, up to a hard cap of 28 June 2045. Any new machine deployed from 28 June 2025 forward must be compliant. The same logic applies, on a shorter clock, to service providers using product infrastructure: legacy product infrastructure may be used in service provision until 28 June 2030, but new product infrastructure deployed from 2025 forward must be compliant from day one.

The grandfather is a one-way ratchet on the products side: it does not protect the digital surface of a covered service. A bank’s mobile app, a retailer’s checkout flow, an audio-visual platform’s sign-up page — these are services and have been bound by the substantive requirements since 28 June 2025, regardless of when the underlying codebase was first deployed. The grandfather covers the hardware estate, not the web estate.

The microenterprise carve-out

Article 4(5) of the Directive contains the most-discussed exemption: microenterprises providing services are exempt from the services-side requirements. The microenterprise definition is the standard one used across EU instruments — an undertaking employing fewer than 10 persons and with an annual turnover or annual balance-sheet total not exceeding €2 million. The thresholds are alternative on the financial side (turnover OR balance sheet) and cumulative across that and the headcount (under 10 staff AND under €2M).

The carve-out has three properties worth flagging for any company sitting near the threshold:

  • Services-side only. Article 4(5) does not extend to the products side of the Directive. A small-volume hardware manufacturer with 6 staff faces the same conformity-assessment regime — internal production control, CE marking, EU Declaration of Conformity — as a multinational. The asymmetry is a deliberate trade-off between cost-of-compliance and conformity overhead, but it surprises every small hardware company that encounters it.
  • Automatic, not declared. A microenterprise does not apply for the exemption; it simply falls outside the services-side scope. National transposition acts may require a microenterprise to provide information to authorities on request, or to publish a brief notice, but the substantive carve-out is automatic.
  • Crossing the threshold is forward-looking. Once an undertaking crosses 10 staff or €2M turnover, it becomes subject to the services-side requirements from the next financial period. The Directive does not require retrospective compliance for periods during which the undertaking was a microenterprise.
The cross-border microenterprise trap

Microenterprise status is computed at the level of the undertaking — not per Member State. A platform with 6 staff and €1.5M turnover across the EU is a microenterprise. A platform with 6 staff and €1.5M of turnover in France but €1M of turnover in Germany and €1M in Spain is not a microenterprise: total turnover is €3.5M, well above the threshold. Cross-border platforms cross the threshold faster than national platforms, and there is no per-jurisdiction relief.

The “linked enterprises” rule under Commission Recommendation 2003/361/EC also matters: an undertaking controlled by a larger group counts the group’s headcount and turnover, not just its own. A nominally small subsidiary of a multinational does not qualify for the carve-out.

The exemption has been the subject of intense small-business federation lobbying in several Member States, with proposals to raise the threshold or to broaden it to the products side. None of those proposals have, as of mid-2026, found their way into national transposition acts. The Commission’s 2030 review will revisit the carve-out — Article 33 requires the Commission to assess “the impact on microenterprises providing services” as part of the review.

The Article 14 disproportionate-burden defence

The second structural escape valve is Article 14 — the disproportionate-burden defence. Unlike the microenterprise carve-out, which is automatic and structural, Article 14 is a self-assessment route available to any covered operator. An operator may invoke the defence to argue that a specific accessibility requirement — not the whole regime — would impose a disproportionate burden, after balancing the cost of compliance against the benefit to disabled persons. The criteria for the assessment are set out in Annex VI.

Three features of the defence determine whether it is practically available to a given operator.

The burden of proof sits on the operator

An operator that invokes Article 14 must conduct the assessment, document it, and retain the documentation for inspection. The Annex VI criteria are: (a) the ratio of net costs of compliance to the overall costs (capital and operating expenditure) of manufacturing, distributing or importing the product or providing the service; (b) the estimated costs and benefits for the operator, including production processes and investments, in relation to the estimated benefit for persons with disabilities, taking into account the frequency and duration of use of the specific product or service; (c) the size, resources and nature of the operator. A small operator with limited resources has more headroom under (c) than a multinational; an operator providing an infrequently-used service has more headroom under (b) than one providing a daily-use service.

The documentation must be retained for five years

Article 14(8) requires operators to keep the disproportionate-burden assessment available for inspection by market-surveillance authorities for five years after the product was last made available on the market, or the service was last provided. The documentation must be updated when the product or service is materially altered, when the market-surveillance authority so requests, or when an applicable harmonised standard is updated. A defence without contemporaneous documentation is not a defence — authorities have, in the first year of enforcement, treated absent documentation as decisive against the operator.

It is granular, not platform-wide

Article 14 applies to specific accessibility requirements, not to whole platforms. An e-commerce operator cannot invoke the defence to argue that running an accessible checkout is, as a whole, disproportionately burdensome. The operator may, with documentation, argue that a particular requirement — for example, providing audio description on archived video product demonstrations published before a certain date — is disproportionate in the specific context. The first year of national enforcement has confirmed this reading: the defence has succeeded for narrow legacy-feature carve-outs and failed when invoked to cover an entire platform surface.

The five questions Article 14 documentation must answer

National guidance issued by the German BMAS, the Dutch RDI, and the French DGCCRF during 2025–26 converges on a five-question template for Article 14 documentation, all derived from Annex VI: (1) Which specific accessibility requirement is being assessed? (2) What is the estimated net compliance cost, broken out from baseline product or service cost? (3) What is the estimated population of disabled persons benefited, and the frequency of use? (4) What is the cost-to-benefit ratio relative to the operator’s size and resources? (5) What is the planned re-assessment trigger — material alteration, standards update, or fixed date? Any Article 14 file missing one of these five elements is, in practice, treated as incomplete by surveillance authorities.

One important interaction: Article 14 cannot be used to claim a disproportionate burden when the operator receives external funding for accessibility improvements from sources other than its own (EU, public, or private accessibility-improvement funds). The criterion is built into Annex VI directly — an operator drawing on a national digital-accessibility grant programme cannot also claim disproportionate burden on the funded feature.

National penalty regimes

Article 30 of the Directive sets the penalty principle — penalties must be “effective, proportionate and dissuasive” — and leaves the absolute architecture to Member-State legislatures. This is the single largest source of operational unevenness across the Single Market. The transposition acts adopted between 2021 and 2025 have produced penalty schedules that differ by two orders of magnitude.

Top per-violation penalty ceilings under selected Member-State EAA transposition acts, mid-2026.
Member StateTransposition actTop per-violation ceiling
GermanyBarrierefreiheitsstärkungsgesetz (BFSG, 2021)€100,000
FranceLoi n° 2005-102, RGAA implementing decrees (2023)approx. €75,000
NetherlandsImplementatiewet toegankelijkheidsvoorschriften (2022)approx. €87,000
SpainLey 11/2023up to €1,000,000
ItalyD.lgs. n. 82/2022 (Stanca Law extension)up to 5% of turnover
EstoniaToodete ja teenuste ligipääsetavuse seadus (2022)€5,000–€32,000
SloveniaZakon o dostopnosti proizvodov in storitev (2022)€10,000–€40,000

The spread matters for at least three reasons. First, it shapes the deterrence calculus differently in each Member State: an operator weighing whether to litigate a marginal disproportionate-burden claim faces very different downside scenarios in Madrid and Tallinn. Second, it creates a forum-selection question for cross-border enforcement: which authority will take the lead when a non-EU platform fails on multiple Member-State surfaces simultaneously? Third, it is itself a single-market problem the Commission’s 2030 review is expected to address — Article 33 explicitly requires the Commission to assess “the effectiveness, proportionality and dissuasiveness” of national penalty regimes.

For requirements-side compliance planning, the practical implication is that an operator cannot model a uniform EU compliance budget against a single penalty ceiling. The most-exposed jurisdiction will tend to drive the planning horizon, and the most-exposed jurisdiction is not always the largest market. A multinational e-commerce operator with disproportionate Spanish or Italian revenue concentration will be planning to a different worst-case than one with German-Dutch concentration. (For a complete first-year enforcement picture — penalty resolutions issued, scan-rate trajectories, cross-border action — see our companion piece, EAA first year: enforcement, penalties, and the compliance-rate trajectory across the EU 27.)

What private companies must actually do

The Directive distinguishes four classes of economic operator and assigns each a distinct set of obligations. A single company can be more than one of these at once.

A
Manufacturers (Art. 7)
B
Importers (Art. 9)
C
Distributors (Art. 10)
D
Service providers (Art. 13)

Manufacturers (Article 7) must design and manufacture products in accordance with Annex I, draw up the technical documentation set out in Annex IV, carry out the internal-production-control conformity-assessment procedure (Annex IV again — Module A), draw up an EU Declaration of Conformity, affix the CE marking, and indicate their name and contact address on the product. They must keep the technical documentation and the Declaration of Conformity for five years after the product was placed on the market.

Importers (Article 9) must verify before placing a product on the market that the manufacturer has carried out the conformity-assessment procedure, that the technical documentation has been drawn up, that the product bears the CE marking, that it is accompanied by the required documents, and that the manufacturer has complied with the labelling requirements. Importers indicate their own name and contact address on the product, in a document accompanying the product, or, where this is not possible due to size or nature, in another appropriate way.

Distributors (Article 10) must verify that the product bears the CE marking, is accompanied by the required documents, and that the manufacturer and importer (if any) have complied with the identification requirements. Distributors do not have to repeat the conformity assessment; they are quality-gates rather than testers.

Service providers (Article 13) are the largest cohort. They must design and provide services in accordance with the Annex I functional requirements; prepare the information required by Annex V (the accessibility statement), make it publicly available in a form accessible to persons with disabilities, and keep it for as long as the service is in operation; ensure procedures are in place to maintain the accessibility of the service through changes in service characteristics, applicable harmonised standards, and applicable Member-State law; and provide information on how compliance with the accessibility requirements has been ensured, in case of non-conformity, in a manner that allows competent national authorities to verify it.

Directive (EU) 2019/882, Article 13(2)
“Service providers shall prepare the necessary information in accordance with Annex V and shall explain how the services meet the applicable accessibility requirements. The information shall be made available to the public in written and oral format, including in a manner which is accessible to persons with disabilities.”
— OJ L 151, 7.6.2019, p. 96

The most under-attended duty in the first year of compliance has been the accessibility statement. Annex V requires service providers to publish a document that describes the service’s general accessibility characteristics, the accessibility requirements it meets, and — where Article 14 has been invoked — the specific requirement that has been judged disproportionately burdensome and the assessment supporting that judgment. The accessibility statement is the operator’s public-facing position on its EAA compliance. A missing statement is one of the easiest non-conformities for a market-surveillance authority to identify.

What the Directive is asking of private capital

Read end to end, the EAA is a single-market instrument that takes accessibility seriously as a competition matter. The case the Directive’s drafters made in 2019 — and which the recitals lay out at length — is that fragmented national accessibility rules were imposing a deadweight cost on cross-border trade in consumer products and services, and that a harmonised outcome standard removes that cost without compromising the substantive accessibility benefit. The benefit accrues to disabled persons; the cost saving accrues to the Single Market. Both are real, and the Directive’s design assumes they reinforce one another.

For private companies, the operational reading is more grounded. The Directive demands four things, in order: (1) an honest scope determination — which products and services are caught, in which Member States; (2) an honest engineering determination — whether the customer-facing surface meets EN 301 549 V3.2.1 today, and whether it will meet V4 (WCAG 2.2) when that becomes the reference (a free WCAG 2.2 scan is the cheapest way to establish that baseline); (3) a documentation discipline — an accessibility statement under Annex V for services, technical documentation under Annex IV for products, and an Article 14 file for any feature where the defence is invoked; and (4) a maintenance commitment — accessibility is not a one-time conformity event, it is a property of the platform that must be preserved through every release cycle.

The Directive’s mechanism is deliberately undramatic. It does not name brands, does not single out sectors, does not impose a public reporting regime. It sets an outcome at EU level, leaves the enforcement architecture to Member States, and waits to see what the market does. The companies that have approached the Directive as a single-market harmonisation programme — engineering once, deploying everywhere — have found it manageable. The companies that have approached it as a national-compliance problem in 27 jurisdictions have found it expensive. The Directive’s drafters bet that, over time, the first reading will prevail. The first year of applicability suggests they were right.

For teams putting an EAA-conformant posture into practice: the step-by-step WCAG 2.2 compliance playbook covers audit, remediation and ongoing monitoring; the accessibility monitoring buyer’s guide compares the platforms organisations use to maintain that posture; the manual-audit guide covers the human-review layer Article 14 effectively presumes; and the accessibility compliance explainer routes between EAA, ADA and the rest of the regulatory map.

Methodology and data: This article is a requirements-side primer derived from the consolidated text of Directive (EU) 2019/882, the published transposition acts of the Member States cited, the harmonised standard EN 301 549 V3.2.1, and Commission guidance issued during 2023–2026. Enforcement statistics referenced in passing are drawn from the consolidated automated-scan dataset and national market-surveillance bulletins covered in the companion year-one enforcement report.

Legal context: Directive (EU) 2019/882 (European Accessibility Act), OJ L 151, 7.6.2019, with Annexes I (functional accessibility requirements), II (non-binding examples), III (built-environment requirements where Member States have extended scope), IV (conformity-assessment procedure for products — Module A), V (information on services), VI (criteria for the disproportionate-burden assessment). Harmonised standard: ETSI EN 301 549 V3.2.1 (March 2021), referenced by Commission Implementing Decision for EAA purposes; V4 in late-stage drafting incorporating WCAG 2.2. W3C Web Content Accessibility Guidelines 2.1 (June 2018) and 2.2 (October 2023). Related EU instruments: Web Accessibility Directive (EU) 2016/2102 (public-sector scope); Audiovisual Media Services Directive (EU) 2018/1808 (AV content); Regulation (EU) 2019/1020 on market surveillance. Microenterprise definition: Commission Recommendation 2003/361/EC. National transposition acts cited: Barrierefreiheitsstärkungsgesetz (BFSG, 2021, Germany); Loi n° 2005-102 with 2023 implementing decrees (France); Ley 11/2023 (Spain); D.lgs. 27 maggio 2022, n. 82 (Italy); Implementatiewet toegankelijkheidsvoorschriften (2022, Netherlands); Toodete ja teenuste ligipääsetavuse seadus (2022, Estonia); Zakon o dostopnosti proizvodov in storitev (2022, Slovenia).

What this article is not: This is a regulation primer, not legal advice. National penalty schedules, designated market-surveillance authorities, and operational guidance evolve quarterly; covered operators should consult qualified counsel for jurisdiction-specific compliance questions and should not rely on this article in place of either the Directive’s official text or the relevant national transposition act.