European Accessibility Act Compliance by Sector: GDPR Lessons and What to Expect in 2025

In 2018, GDPR forced companies to change how they handled personal data. The regulation set a new standard for privacy and introduced penalties that caught many businesses off guard. Today, the European Accessibility Act (EAA) is on a similar path—only this time, the focus is on accessibility.

From June 28, 2025, the EAA is taking full effect. This New Directive aims to ensure that digital products and services, such as websites, apps, documents, and ticketing systems, are accessible to people with disabilities across the EU. For many businesses, this will mean redesigning websites, rethinking digital communications, and ensuring that customer-facing services meet accessibility standards like WCAG and PDF/UA. In practice, the parallels to GDPR are clear: a sweeping EU regulation, broad applicability, and the potential for significant fines for non-compliance.

Yet few organizations have a clear plan in place to meet the upcoming requirements.

High-Exposure Sectors: Who Will Feel the European Accessibility Act First?

Industries that rely heavily on digital customer interaction are the first in line. This includes finance, where online banking and digital onboarding are core to the customer journey; retail, where e-commerce platforms and checkout systems must be accessible by default; and transportation, where digital ticketing and self-check-in are now standard. Public services such as healthcare portals and government sites are also squarely within scope, especially given the public-sector accessibility precedents already in place.

In these sectors, the risks often take the shape of inaccessible platforms, customer documents, or service workflows, each of which may soon be considered a legal liability under national enforcement laws. 

What raises the stakes even further is visibility. The more essentially a service is to daily life, the more likely it is to be scrutinized, and the less tolerance regulators will have for inaccessible touchpoints.

One Directive, 27 Penalty Systems

Just like with the GDPR, the EAA leaves enforcement in the hands of EU Member States. This means companies must pay close attention to the specific penalties and compliance expectations in each country where they operate.

Some countries have already outlined substantial fines. In Spain, Ley 11/2023 introduces penalties of up to €1 million per infringement, explicitly covering electronic documents like PDFs. Germany’s Barrierefreiheitsstärkungsgesetz allows for fines of up to €500,000, and in severe cases, non-compliant digital products or services can even be removed from the market.

Elsewhere in the EU, the landscape remains just as serious. France imposes fines of up to €300,000, Czechia up to €400,000, and Hungary has set penalties as high as €1.26 million or 5% of annual net turnover. In Italy, fines can reach €40,000, or up to 5% of turnover under the Stanca Law for private entities.

Enforcement isn’t uniform, and that’s the point. While the EAA sets a harmonized baseline, the risks vary dramatically by jurisdiction. Businesses with operations or customers across multiple countries must be proactive in tracking national developments to avoid falling foul of country-specific enforcement actions. 

For a quick overview of the already established EAA penalties across EU markets, see the table below.

From Privacy to Accessibility: How GDPR Prepared Us for the European Accessibility Act

The GDPR era taught businesses several hard-earned lessons. Some of them can be directly applied to the EAA:

✅ Compliance is a continuous process, not a single deadline

✅ User expectations evolve, and meeting them consistently builds trust

✅ Regulatory alignment can become a competitive advantage

✅ One-size-fits-all solutions rarely work in complex, multi-market operations

✅ Technology alone isn’t enough – internal processes and policy need to support it

Perhaps most importantly, GDPR showed us that EU legislation doesn’t stay theoretical for long. Once enforcement begins, regulators act – especially where clear obligations have been set and ignored.

Like GDPR, the EAA will likely follow a similar trajectory. Companies that treat accessibility as a long-term priority, and can demonstrate visible progress, will be in a much stronger position than those that scramble to catch up. Building capability early helps reduce risk, avoid reputational damage, and respond confidently as national enforcement frameworks mature.

EAA Day One: What Happens After June 2025?

On June 28, 2025, the EAA becomes enforceable, but that date doesn’t mark the end of the road. Instead, it signals the beginning of active enforcement and greater scrutiny. Regulators won’t judge compliance by a single audit on that day, but by how well your organization demonstrates progress, intent, and structure.

Just as with GDPR, regulators are unlikely to expect flawless implementation on day one. What they will expect is a demonstrable plan – evidence that your company understands its obligations and is actively working to meet them. That includes documented audits, defined roles and responsibilities, and timelines for remediating accessibility gaps.

Resilient companies will treat this moment not as a finish line, but as the launch of a permanent compliance phase. Over time, laws will evolve, interpretations will shift, and enforcement will become more consistent. To keep pace, organizations should establish regular review cycles, track country-level legislation, and integrate accessibility into procurement and development processes.

June 2025 isn’t the point where you need to have everything perfect. It’s the point where you need to have a credible, visible path forward – and the ability to prove that accessibility is already part of how your organization operates.

Set the Standard, Don’t Chase It

If GDPR taught us anything, it’s that the cost of inaction grows fast. The companies that took early, practical steps toward compliance were the ones that avoided penalties and earned long-term trust. The same holds true for the EAA.

At Quertum, we can help you take those early, practical steps, by making your digital communications accessible, efficiently and at scale. Whether you need support implementing PDF/UA standards or ensuring your customer-facing content meets EAA requirements, we’re here to help you get it right from the start.

Accessibility doesn’t have to be overwhelming.

Quertum helps make it manageable. See how we can support your accessibility implementation.

Summary

The shift from GDPR to the European Accessibility Act (EAA) marks a new phase in EU regulation, this time focused on digital accessibility. Unlike GDPR, the EAA combines broad scope with serious penalties, yet many organizations remain unprepared. Industries that depend on digital customer interaction—finance, retail, transport, and public services—are especially exposed. When a service is both essential and highly visible, the risk of regulatory scrutiny increases.

While the EAA provides a shared EU framework, each Member State sets its own penalties, resulting in varied enforcement across countries. This variation is intentional, which makes staying informed about local requirements essential. A key lesson from the GDPR still holds true: compliance is not a one-time task. Companies that take early steps toward accessibility will be better equipped to manage risk and build long-term trust. June 2025 is not the point when everything must be perfect, but the moment when meaningful progress must be visible.