Accessibility Tools

Web Accessibility plugin by DJ-Extensions.com
Skip to main content

Tag: EU regulations

A presentation slide from a company named Quertum titled "How European Accessibility Act Affects Nordic Businesses." The slide features a green map of the Nordic countries (Norway, Sweden, Finland, and Denmark) with each country's flag and an accessibility icon over the map. The background is a dark blue-purple gradient with light green grid lines.

EU Accessibility Act in the Nordics: Consistent, Contextual, and Culturally Anchored

Written by Kateryna Klynovska on . Posted in EEA.

In our previous articles, we outlined how countries like France, Poland, Germany, and the Netherlands have implemented the Accessibility Directive, so it’s time to have a closed view to European Accessibility Act in the Nordics region. Sweden, Denmark, Finland, and Norway stand out for its long-standing digital accessibility culture. These countries are not starting from scratch: accessibility is already a legal and social expectation.

In this article, we examine how the European Accessibility Act applies across the Nordics and what companies need to prepare for, whether they operate locally or cross-border.

How the European Accessibility Act Affects Nordic Businesses?

The Nordic approach to the EAA is marked by integration rather than reinvention. Instead of building entirely new frameworks, each country has chosen to embed the EAA into existing national legislation. This reflects the region’s long tradition of treating accessibility as both a legal right and a cultural norm.

  • Sweden has incorporated the EAA into Lag (2023:254), broadening its existing accessibility framework to cover sectors such as banking, e-commerce, transport, and telecom. Oversight is shared between the Swedish Consumer Agency (Konsumentverket) and the Agency for Digital Government (DIGG).
  • Denmark enforces accessibility through Act no. 801 of 07/06/2022, with a strong emphasis on consumer protection. The Danish Business Authority (Erhvervsstyrelsen) is the lead body, taking a guidance-led approach while retaining the power to issue fines and corrective measures.
  • Finland aligns the EAA with Government Decrees 179/2023 and 180/2023, building on the accessibility requirements already established under the Act on the Provision of Digital Services. Compliance is supervised by the Finnish Transport and Communications Agency (Traficom).
  • Norway, while not an EU member, implements equivalent rules via the Anti-Discrimination and Accessibility Act and related ICT regulations. Enforcement is handled by the Agency for Public Management and eGovernment (Digdir), ensuring alignment with the EEA Agreement.

For businesses, this creates continuity with national traditions but also complexity: obligations are consistent in principle, yet enforcement models and regulatory expectations differ across the region. Multinationals must be prepared to navigate these nuances while ensuring compliance with a baseline set of EAA requirements.

What the European Accessibility Act in the Nordics Requires?

The baseline obligations are the same across all Nordic countries, as they derive from the EU Directive:

  • Digital content must comply with WCAG 2.1 AA (websites, apps, PDFs)
  • Products and services must be compatible with assistive technologies
  • Accessibility statements, documentation, and feedback mechanisms are mandatory
  • Labels, instructions, and user interfaces must be legible, perceivable, and understandable
  • Identification, security, and payment functions must meet POUR principles

Banking and e-commerce services carry extra requirements:

  • Identification methods, e-signatures, and payment services must be perceivable, operable, understandable, and robust
  • Financial information must be written at B2 language level or lower, ensuring clarity
  • E-commerce operators must provide information about the accessibility of products and services where available

This mirrors the approach in the Netherlands and highlights how financial services are under special scrutiny across the EU, including the Nordics.

Exemptions and Exceptions for European Accessibility Act in the Nordics

The Nordic countries follow the general EAA exemptions:

  • Microenterprises: Fewer than 10 employees and turnover/balance sheet below €2M are exempt. Regulators in Sweden, Denmark, and Finland nevertheless encourage voluntary compliance to remain competitive in the digital single market.
  • Disproportionate burden: Businesses may be exempt if compliance would create costs disproportionate to the accessibility benefit, based on Annex VI of the Directive. Lack of time or knowledge is not a valid reason.
  • Fundamental alteration: When accessibility requirements would alter the service so substantially that it becomes a different service.
  • B2B services: The EAA applies only to business-to-consumer services, not pure B2B contexts.

Timeline and Transition Rules

The enforcement date is consistent across the EU and the EEA:

  • 28 June 2025: All new services and modified contracts must comply with the EAA
  • Existing contracts signed before this date may run until expiry, but no longer than five years, meaning by 28 June 2030 all must comply
  • Physical products used in service delivery (e.g., payment terminals, e-ID devices) have the same five-year transition period. Products placed on the market before June 2030 may be used temporarily, but must be upgraded or replaced to meet the new requirements

What Penalties for Non-Compliance in the Nordic Region?

The penalty framework varies slightly across Nordic countries, but follows similar patterns:

  • Administrative fines are the main tool, with amounts depending on turnover and severity
  • Regulators may impose recurring penalties until compliance is achieved
  • In serious cases, providers may face suspension of services or public disclosure of violations

Sweden’s model is considered stricter, with higher fines and stronger inspection powers, while Denmark and Finland lean on consumer law enforcement traditions.

Key Differences at a Glance for Nordic Countries

To make the national differences clearer, the table below outlines how each Nordic country has embedded the EAA into its legal framework, who supervises compliance, and what businesses should be aware of in terms of scope and enforcement.

CountryMain Law / FrameworkSupervisory AuthoritySpecial FeaturesPenalties & Enforcement
SwedenLag (2023:254)Swedish Consumer Agency (Konsumentverket) and Agency for Digital Government (DIGG)Broad scope, covering banking, e-commerce, transport, and telecom; one of the earliest comprehensive accessibility laws in Europe.Fines, corrective orders, and strong inspection powers; considered among the strictest in the EU. Fines range up to EUR 200 000.
DenmarkAct no. 801 of 07/06/2022Danish Business Authority (Erhvervsstyrelsen)Strong consumer protection focus; guidance-led enforcement with emphasis on business accountability.Administrative fines, warnings, and recurring penalties until compliance is achieved. Fines range up to EUR 10 000 for initial non-compliance.
FinlandGovernment Decrees 179/2023 & 180/2023Finnish Transport and Communications Agency (Traficom)  Builds on existing Digital Services Act (2019), where WCAG 2.1 AA was already mandatory for public bodies.Fines and corrective measures, applied proportionately to scale and impact. Fines range up to EUR 150 000.
Norway (EEA country)Anti-Discrimination and Accessibility Act + ICT regulationsAgency for Public Management and eGovernment (Digdir)Applies to both public and private services despite Norway being outside the EU; aligns with EEA obligations.Administrative penalties and corrective measures, supported by Norway’s strong ICT audit tradition.

Summary

The Nordics are well-positioned to implement the EAA thanks to their strong pre-existing accessibility laws. For businesses, this means compliance is not just about meeting EU standards but aligning with national frameworks that often go further.

From Sweden’s early adoption of a broad accessibility act, to Norway’s strict ICT obligations, the Nordic region sets high expectations. Companies operating here must take accessibility seriously, integrate it into product and service design from the outset, and prepare for close scrutiny by multiple regulators.

European Accessibility Act in the Nordics region is treated as integral to society, law, and commerce, rather than as a formal obligation alone.

Accessibility logo with human in the circle surrounded by EU yellow stars. All on planet background

European Accessibility Act Compliance by Sector: GDPR Lessons and What to Expect in 2025

Written by IT Administrator on . Posted in EEA, GDPR, Quertum News, Uncategorized.

In 2018, GDPR forced companies to change how they handled personal data. The regulation set a new standard for privacy and introduced penalties that caught many businesses off guard. Today, the European Accessibility Act (EAA) is on a similar path—only this time, the focus is on accessibility.

From June 28, 2025, the EAA is taking full effect. This New Directive aims to ensure that digital products and services, such as websites, apps, documents, and ticketing systems, are accessible to people with disabilities across the EU. For many businesses, this will mean redesigning websites, rethinking digital communications, and ensuring that customer-facing services meet accessibility standards like WCAG and PDF/UA. In practice, the parallels to GDPR are clear: a sweeping EU regulation, broad applicability, and the potential for significant fines for non-compliance.

Yet few organizations have a clear plan in place to meet the upcoming requirements.

High-Exposure Sectors: Who Will Feel the European Accessibility Act First?

Industries that rely heavily on digital customer interaction are the first in line. This includes finance, where online banking and digital onboarding are core to the customer journey; retail, where e-commerce platforms and checkout systems must be accessible by default; and transportation, where digital ticketing and self-check-in are now standard. Public services such as healthcare portals and government sites are also squarely within scope, especially given the public-sector accessibility precedents already in place.

In these sectors, the risks often take the shape of inaccessible platforms, customer documents, or service workflows, each of which may soon be considered a legal liability under national enforcement laws

What raises the stakes even further is visibility. The more essentially a service is to daily life, the more likely it is to be scrutinized, and the less tolerance regulators will have for inaccessible touchpoints.

One Directive, 27 Penalty Systems

Just like with the GDPR, the EAA leaves enforcement in the hands of EU Member States. This means companies must pay close attention to the specific penalties and compliance expectations in each country where they operate.

Some countries have already outlined substantial fines. In Spain, Ley 11/2023 introduces penalties of up to €1 million per infringement, explicitly covering electronic documents like PDFs. Germany’s Barrierefreiheitsstärkungsgesetz allows for fines of up to €500,000, and in severe cases, non-compliant digital products or services can even be removed from the market.

Elsewhere in the EU, the landscape remains just as serious. France imposes fines of up to €300,000, Czechia up to €400,000, and Hungary has set penalties as high as €1.26 million or 5% of annual net turnover. In Italy, fines can reach €40,000, or up to 5% of turnover under the Stanca Law for private entities.

Enforcement isn’t uniform, and that’s the point. While the EAA sets a harmonized baseline, the risks vary dramatically by jurisdiction. Businesses with operations or customers across multiple countries must be proactive in tracking national developments to avoid falling foul of country-specific enforcement actions. 

For a quick overview of the already established EAA penalties across EU markets, see the table below.

CountryFines
AustriaFines range up to EUR 80 000
CzechiaFines range up to EUR 400 000
FranceFines range up to EUR 300 000
GermanyFines range up to EUR 500 000
HungaryFines range up to EUR 1 261 164 or 5% of the annual net turnover
ItalyFines range up to EUR 40 000 or, for private entities that fall within the scope of the Stanca Law, up to 5% of turnover
The NetherlandsFines range up to EUR 103 000
SlovakiaFines range up to EUR 200 000
SpainFines range up to EUR 1 000 000

From Privacy to Accessibility: How GDPR Prepared Us for the European Accessibility Act

The GDPR era taught businesses several hard-earned lessons. Some of them can be directly applied to the EAA:

✅ Compliance is a continuous process, not a single deadline

✅ User expectations evolve, and meeting them consistently builds trust

✅ Regulatory alignment can become a competitive advantage

✅ One-size-fits-all solutions rarely work in complex, multi-market operations

✅ Technology alone isn’t enough – internal processes and policy need to support it

Perhaps most importantly, GDPR showed us that EU legislation doesn’t stay theoretical for long. Once enforcement begins, regulators act – especially where clear obligations have been set and ignored.

Like GDPR, the EAA will likely follow a similar trajectory. Companies that treat accessibility as a long-term priority, and can demonstrate visible progress, will be in a much stronger position than those that scramble to catch up. Building capability early helps reduce risk, avoid reputational damage, and respond confidently as national enforcement frameworks mature.

EAA Day One: What Happens After June 2025?

On June 28, 2025, the EAA becomes enforceable, but that date doesn’t mark the end of the road. Instead, it signals the beginning of active enforcement and greater scrutiny. Regulators won’t judge compliance by a single audit on that day, but by how well your organization demonstrates progress, intent, and structure.

Just as with GDPR, regulators are unlikely to expect flawless implementation on day one. What they will expect is a demonstrable plan – evidence that your company understands its obligations and is actively working to meet them. That includes documented audits, defined roles and responsibilities, and timelines for remediating accessibility gaps.

Resilient companies will treat this moment not as a finish line, but as the launch of a permanent compliance phase. Over time, laws will evolve, interpretations will shift, and enforcement will become more consistent. To keep pace, organizations should establish regular review cycles, track country-level legislation, and integrate accessibility into procurement and development processes.

June 2025 isn’t the point where you need to have everything perfect. It’s the point where you need to have a credible, visible path forward – and the ability to prove that accessibility is already part of how your organization operates.

Set the Standard, Don’t Chase It

If GDPR taught us anything, it’s that the cost of inaction grows fast. The companies that took early, practical steps toward compliance were the ones that avoided penalties and earned long-term trust. The same holds true for the EAA.

At Quertum, we can help you take those early, practical steps, by making your digital communications accessible, efficiently and at scale. Whether you need support implementing PDF/UA standards or ensuring your customer-facing content meets EAA requirements, we’re here to help you get it right from the start.

Accessibility doesn’t have to be overwhelming.

Quertum helps make it manageable. See how we can support your accessibility implementation.

Summary

The shift from GDPR to the European Accessibility Act (EAA) marks a new phase in EU regulation, this time focused on digital accessibility. Unlike GDPR, the EAA combines broad scope with serious penalties, yet many organizations remain unprepared. Industries that depend on digital customer interaction—finance, retail, transport, and public services—are especially exposed. When a service is both essential and highly visible, the risk of regulatory scrutiny increases.

While the EAA provides a shared EU framework, each Member State sets its own penalties, resulting in varied enforcement across countries. This variation is intentional, which makes staying informed about local requirements essential. A key lesson from the GDPR still holds true: compliance is not a one-time task. Companies that take early steps toward accessibility will be better equipped to manage risk and build long-term trust. June 2025 is not the point when everything must be perfect, but the moment when meaningful progress must be visible.

Image with text 'PDF Accessibility for EAA: How to Start, Where You Stand, and Why It Matters'. On the right side are icons representing WCAG 2, ISO 14289 (PDF/UA), a PDF document with a checkmark, and a universal accessibility symbol, emphasizing compliance and accessibility standards for digital documents under the European Accessibility Act.

PDF Accessibility and EAA: Guide for Compliance

Written by Kateryna Klynovska on . Posted in EEA.

We rarely stop to think about how seamless our digital lives are. But with the PDF Accessibility and European Accessibility Act (EAA) deadline approaching in June 2025, organizations must act now to ensure digital equality — and legal compliance.

We scroll, shop, book, and bank without ever questioning whether the platforms we use are built for us. For the roughly 80 million Europeans living with a disability, though, the digital experience often looks very different, marked by limitations or outright exclusion.

That’s where the European Accessibility Act (EAA) comes in. From 28 June 2025, businesses offering digital services or selling certain products in the EU will need to meet strict accessibility standards. It’s a major step toward creating a more inclusive digital economy, and it’s going to impact everything — e-commerce platforms, e-books, insurance documents, ticket machines, shopping platforms, banking statements and apps. You can read more on our previous blog about how enterprises are preparing to EAA in different European countries.

The directive has been in motion for years, but many organizations still haven’t taken real steps to prepare. Meanwhile, industry leaders are quietly doing the work and positioning themselves to gain compliance and a competitive edge.

If you’re not there yet, you’re not alone. However, you are now at a decision point – move forward or fall further behind?

All Starts from Growth Mindset

There’s a tendency to frame accessibility in regulatory terms, as a box to tick, a deadline to meet, or a risk to avoid. Yet, for businesses that want to squeeze more from opportunity and lead, not just comply, the EAA offers something far more valuable. Namely, a clear reason to improve the user experience for everyone. 

Early adopters are already seeing the benefits. Some retailers, for instance, report up to a 35% increase in conversions after making their digital platforms more accessible. That’s because accessibility improvements often go hand-in-hand with better usability – not just for people with disabilities, but for everyone. We’re talking about cleaner interfaces, clearer navigation, consistent content structures, features that make digital experiences more intuitive. They reduce friction, spark innovation, build trust, and keep customers coming back. 

Essentially, being EAA-ready doesn’t only protect you from fines and sanctions, it also positions you as a business that understands where the market is going – and is prepared to lead in the right direction. 

First Steps to Get Accessibility

So what does it look like to get serious about accessibility when you may be starting a little later than others? 

The first step is very simple: figure out where you stand. That means inspecting your website, apps, service platforms and internal tools, not merely for obvious issues like missing alt texts or contrast failures, but for structural barriers that affect real user journeys. 

  • Can a customer complete a purchase without using a mouse? 
  • Is your chatbot accessible by screen reader? 
  • Do your mobile experiences meet the same standards as desktop?

Of course, these aren’t questions for a single compliance officer to answer. Accessibility touches product, design, development, customer service, and legal operations, which means it has become a shared priority, not a siloed task.

Don’t know where to start EAA preparations? For the first touchpoint, you can download our WCAG 2.1 and PDF Accessibility guides for free (no email address is required). Those guides are created for: 

  • Better understanding of your PDF/UA and WCAG compliance situation
  • What makes PDF documents and site accessible
  • Understanding on how to fix first accessibility red flags.
Download a WCAG 2.1 Guideline
Download a PDF Accessibility Guideline

These guides could be your roadmap to EAA preparations and how to be compliant with PDF/UA (ISO 14289), EN 301 549, and WCAG 2.1. By the way, both of those PDFs are accessible and PDF/UA compliant 🙂

Closing the Gap Without Falling Behind

When time is short and pressure is high, it’s tempting to search for shortcuts. But accessibility isn’t something you can just add on at the end of the process. Real progress means building a roadmap that accounts for both short-term fixes and long-term change.

Yes, some updates are straightforward: adjusting colors, labelling buttons, adding keyboard support. These can and should be addressed quickly. However, other work, such as redesigning navigation flows, integrating with assistive tech, or rethinking your content strategy, takes more time, more collaboration, and more care. 

This doesn’t have to mean halting business as usual – accessibility can be integrated into agile workflows and existing development cycles. In fact, some of the most effective efforts happen incrementally. The key is to start, and to treat accessibility not as a project with an end date, but as a part of how you build and maintain digital services going forward.

Don’t Stop on Alt Text Only

It’s easy to fall into the trap of performative accessibility, making a few quick, visible changes like adding alt text or tweaking colors, and assuming the job is done. However, real accessibility is more than mere appearances, it is also about outcomes: can users with diverse needs actually complete tasks, access information, and engage with your service without barriers?

While alternative text is an essential part of accessibility, it’s only one piece of the puzzle. A truly accessible PDF requires correct tagging structure, proper reading order, logical headings, usable tables, form field labeling, color contrast checks, and more.

Passing an audit once doesn’t guarantee long-term compliance — especially under the European Accessibility Act, where consistency and future updates matter. That’s why accessibility must be systemic, not superficial.

The truth is, accessibility is only meaningful when it works for real people navigating real challenges. That means going beyond checklists to understand how users actually experience your site or service – and whether they’re truly able to use it. 

Even a website that passes today’s audit may fail tomorrow if updates are made without accessibility in mind. Regular testing, feedback from users with disabilities, and iterative improvements are what separate superficial fixes from sustainable progress.

Additionally, there’s value in openness. Letting your customers know you’re working on accessibility,  even if you’re not there yet, can earn you credibility. It signals that you care, that you’re listening, and that you’re committed to building a better digital experience. 

Why PDF Accessibility Demands More Than Automation

Making your PDFs truly accessible isn’t as simple as running an auto-check or pressing a “Make Accessible” button in Adobe. While tools can help flag issues, they rarely deliver fully compliant, user-friendly results on their own — especially when it comes to complex layouts, interactive forms, or branded documents that rely heavily on custom styling.

The challenge? Maintaining visual consistency and brand integrity while ensuring that every element — from tables and infographics to reading order and form fields — works seamlessly with assistive technologies. Automated fixes often flatten design, strip meaning, or miss key accessibility gaps altogether. Worse, they can create a false sense of security while leaving you exposed to compliance risks.

This is not something most internal teams are equipped to handle alone — especially under time pressure. That’s why many organizations partner with accessibility experts who not only understand the technical requirements (PDF/UA, EN 301 549, WCAG 2.1), but also know how to preserve design and user experience throughout the process.

It’s Not Too Late, But It Is Time

This is your chance to step back and ask: How do users move through our services? Where do they get stuck, frustrated, or excluded? What would it look like to make every touchpoint intuitive, inclusive, and seamless?

Accessibility doesn’t sit in a vacuum. It intersects with your ESG goals, your DEI commitments, and your customer experience ambitions. Leading companies are already drawing these lines, and using them to futureproof their strategies. 

So yes, the clock is ticking, but getting serious about accessibility now puts you in a position to lead, not scramble to catch up later. 

Summary

With the European Accessibility Act deadline approaching on 28 June 2025, industry leaders are already working toward compliance and gaining a competitive edge in the process. However, even if you’re behind now, it’s not too late to start. Accessibility isn’t only about ticking boxes. Done well, it improves the experience for everyone, and early adopters are already seeing the benefits. The first step is understanding where you stand and recognizing that accessibility touches every part of your organization. It’s not a one-off project, but an ongoing commitment. Avoid the trap of quick fixes that don’t serve real users. Instead, use this moment to rethink how your digital experiences can be more inclusive and take the first step now. 

DORA word surrounded by EU flag stars, all on planned background

Uncover the DORA Support from Quertum Service

Written by Kateryna Klynovska on . Posted in GDPR.

Understanding DORA 

The Digital Operational Resilience Act (DORA) is an EU regulation that strengthens digital resilience in the financial sector. It applies to banks, insurers, investment firms, and other organisations. They must manage ICT risks, secure operations, and ensure continuity against cyber threats and IT failures.

DORA is primarily focused on the Information Communication Technology (ICT) tools, systems, and third-party services used by the financial sector. Organisations must assess and mitigate ICT risks across their entire operations, including external technology providers.

With DORA becoming fully applicable on January 17, 2025, financial institutions must ensure they comply with a range of risk management, incident reporting, and resilience testing requirements.

Quertum Service in Digital Operational Resilience Act Context

While Quertum is not directly subject to DORA. In the same time, we recognise the importance of this regulation for our customers, including those who are directly impacted and those serving DORA-regulated clients.

As a provider of secure document management and customer communication management, we actively support our customers in aligning with DORA requirements. Our solutions help organisations strengthen their digital resilience, improve data security, and ensure compliance with regulatory standards.

Should your Financial Institution Trust Quertum in DORA Landscape?

At Quertum, we understand that financial institutions must ensure compliance with DORA while maintaining operational efficiency and security.

Therefore, we provide peace of mind and confidence by taking a range of actions associated with the 5 pillars of DORA regulations:


✅IT Risk Management. Institutions must establish a comprehensive IT risk management frameworks. With ISO 27001:2022, certification, we review risks carefully and take all needed actions to mitigate or remove them.

✅IT Incident Reporting. Companies must promptly report any significant ICT-related incidents to their respective regulators. We’ve got this covered too via the development of a range of Incident Management documents. Our approach to these requirements supports a coordinated response mechanism for incidents.

✅ Digital Operational Resilience Testing. We regularly test Quertum systems for business continuity, disaster recovery, and vulnerabilities. These checks future-proof our resilience against IT disruptions.

✅ IT Third-Party Risk Management and Oversight. This is a real differentiating factor for us. Moreover, we do not outsource any development activities or engage third-party IT providers.

✅ Information and intelligence sharing. Sharing information about cyber threats with different financial entities helps improve overall robustness within the industry. We are committed to sharing security awareness threads & trends with all interested parties. We also keep our team up to date with regular awareness training and source best practice advice from a range of trustworthy sources.

Get Ready for DORA Compliance with Quertum

Although Quertum is not directly subject to DORA, we still recognise the importance of this regulation for our customers and their extended networks. That’s why we’ve created a DORA-readiness overview—outlining our key commitments and actions to support financial institutions in achieving compliance.

Industries such as finance, banking, insurance ace significant challenges in an increasingly dynamic security landscape. We’re always here to answer any questions that may arise as you search for the right solution to meet your needs.