Accessibility Tools

Web Accessibility plugin by DJ-Extensions.com
Skip to main content

Tag: European Union regulation

Accessibility logo with human in the circle surrounded by EU yellow stars. All on planet background

European Accessibility Act Compliance by Sector: GDPR Lessons and What to Expect in 2025

Written by IT Administrator on . Posted in EEA, GDPR, Quertum News, Uncategorized.

When the GDPR came into force in 2018, companies had to adapt how they handled personal data. It set a new standard for privacy and introduced penalties that many businesses were unprepared for. Now, the European Accessibility Act (EAA) is following a similar trajectory – only this time, the focus is on accessibility.

The EAA takes full effect on June 28, 2025. The new Directive aims to ensure that digital products and services, such as websites, apps, documents, and ticketing systems, are accessible to people with disabilities across the EU. For many businesses, this will mean redesigning websites, rethinking digital communications, and ensuring that customer-facing services meet accessibility standards like WCAG and PDF/UA. The parallels to GDPR are clear: a sweeping EU regulation, broad applicability, and the potential for significant fines for non-compliance.

Yet few organizations have a clear plan in place to meet the upcoming requirements.

High-Exposure Sectors: Who Will Feel the EAA First?

Industries that rely heavily on digital customer interaction are the first in line. This includes finance, where online banking and digital onboarding are core to the customer journey; retail, where e-commerce platforms and checkout systems must be accessible by default; and transportation, where digital ticketing and self-check-in are now standard. Public services such as healthcare portals and government sites are also squarely within scope, especially given the public-sector accessibility precedents already in place.

In these sectors, the risks often take the shape of inaccessible platforms, customer documents, or service workflows, each of which may soon be considered a legal liability under national enforcement laws

What raises the stakes even further is visibility. The more essentially a service is to daily life, the more likely it is to be scrutinized, and the less tolerance regulators will have for inaccessible touchpoints.

One Directive, 27 Penalty Systems

Just like with the GDPR, the EAA leaves enforcement in the hands of EU Member States. This means companies must pay close attention to the specific penalties and compliance expectations in each country where they operate.

Some countries have already outlined substantial fines. In Spain, Ley 11/2023 introduces penalties of up to €1 million per infringement, explicitly covering electronic documents like PDFs. Germany’s Barrierefreiheitsstärkungsgesetz allows for fines of up to €500,000, and in severe cases, non-compliant digital products or services can even be removed from the market.

Elsewhere in the EU, the landscape remains just as serious. France imposes fines of up to €300,000, Czechia up to €400,000, and Hungary has set penalties as high as €1.26 million or 5% of annual net turnover. In Italy, fines can reach €40,000, or up to 5% of turnover under the Stanca Law for private entities.

Enforcement isn’t uniform, and that’s the point. While the EAA sets a harmonized baseline, the risks vary dramatically by jurisdiction. Businesses with operations or customers across multiple countries must be proactive in tracking national developments to avoid falling foul of country-specific enforcement actions. 

For a quick overview of the already established EAA penalties across EU markets, see the table below.

CountryFines
AustriaFines range up to EUR 80 000
CzechiaFines range up to EUR 400 000
FranceFines range up to EUR 300 000
GermanyFines range up to EUR 500 000
HungaryFines range up to EUR 1 261 164 or 5% of the annual net turnover
ItalyFines range up to EUR 40 000 or, for private entities that fall within the scope of the Stanca Law, up to 5% of turnover
The NetherlandsFines range up to EUR 103 000
SlovakiaFines range up to EUR 200 000
SpainFines range up to EUR 1 000 000

From Privacy to Accessibility: How GDPR Prepared Us for the EAA

The GDPR era taught businesses several hard-earned lessons. Some of them can be directly applied to the EAA:

✅ Compliance is a continuous process, not a single deadline

✅ User expectations evolve, and meeting them consistently builds trust

✅ Regulatory alignment can become a competitive advantage

✅ One-size-fits-all solutions rarely work in complex, multi-market operations

✅ Technology alone isn’t enough – internal processes and policy need to support it

Perhaps most importantly, GDPR showed us that EU legislation doesn’t stay theoretical for long. Once enforcement begins, regulators act – especially where clear obligations have been set and ignored.

The EAA will likely follow a similar trajectory. Companies that treat accessibility as a long-term priority, and can demonstrate visible progress, will be in a much stronger position than those that scramble to catch up. Building capability early helps reduce risk, avoid reputational damage, and respond confidently as national enforcement frameworks mature.

EAA Day One: What Happens After June 2025?

The EAA becomes enforceable on June 28, 2025 – but that date doesn’t mark the end of the road. It marks the beginning of active enforcement and increased scrutiny. Compliance won’t be measured by a single audit on that day, but by how well your organization is prepared to show progress, intent, and structure.

Just as with GDPR, regulators are unlikely to expect flawless implementation on day one. What they will expect is a demonstrable plan – evidence that your company understands its obligations and is actively working to meet them. That includes documented audits, defined roles and responsibilities, and timelines for remediating accessibility gaps.

The most resilient companies will treat this moment not as a finish line, but as the launch of a more permanent phase of compliance. Laws will evolve, interpretations will shift, and enforcement will likely become more consistent over time. Establishing regular review cycles, tracking relevant country-level legislation, and integrating accessibility into procurement and development processes will be essential to keeping pace.

June 2025 isn’t the point where you need to have everything perfect. It’s the point where you need to have a credible, visible path forward – and the ability to prove that accessibility is already part of how your organization operates.

Set the Standard, Don’t Chase It

If GDPR taught us anything, it’s that the cost of inaction grows fast. The companies that took early, practical steps toward compliance were the ones that avoided penalties and earned long-term trust. The same holds true for the EAA.

At Quertum, we can help you take those early, practical steps, by making your digital communications accessible, efficiently and at scale. Whether you need support implementing PDF/UA standards or ensuring your customer-facing content meets EAA requirements, we’re here to help you get it right from the start.

Accessibility doesn’t have to be overwhelming.

Quertum helps make it manageable. See how we can support your accessibility implementation.

Summary

The shift from GDPR to the European Accessibility Act (EAA) marks a new phase in EU regulation, this time focused on digital accessibility. Like the GDPR, the EAA has a broad scope and serious penalties, yet many organizations remain unprepared. Industries that depend on digital customer interaction, including finance, retail, transport, and public services, are especially exposed. The more essential and visible the service, the greater the risk of regulatory scrutiny. While the EAA provides a shared EU framework, each Member State sets its own penalties, resulting in varied enforcement across countries. This variation is intentional, which makes staying informed about local requirements essential. A key lesson from the GDPR still holds true: compliance is not a one-time task. Companies that take early steps toward accessibility will be better equipped to manage risk and build long-term trust. June 2025 is not the point when everything must be perfect, but the moment when meaningful progress must be visible.

Image with text 'PDF Accessibility for EAA: How to Start, Where You Stand, and Why It Matters'. On the right side are icons representing WCAG 2, ISO 14289 (PDF/UA), a PDF document with a checkmark, and a universal accessibility symbol, emphasizing compliance and accessibility standards for digital documents under the European Accessibility Act.

PDF Accessibility and EAA: How to Start, Where You Stand and Why It Matters

Written by Kateryna Klynovska on . Posted in EEA.

We rarely stop to think about how seamless our digital lives are. But with the PDF Accessibility and European Accessibility Act (EAA) deadline approaching in June 2025, organizations must act now to ensure digital equality — and legal compliance.

We scroll, shop, book, and bank without ever questioning whether the platforms we use are built for us. For the roughly 80 million Europeans living with a disability, though, the digital experience often looks very different, marked by limitations or outright exclusion.

That’s where the European Accessibility Act (EAA) comes in. From 28 June 2025, businesses offering digital services or selling certain products in the EU will need to meet strict accessibility standards. It’s a major step toward creating a more inclusive digital economy, and it’s going to impact everything — e-commerce platforms, e-books, insurance documents, ticket machines, shopping platforms, banking statements and apps. You can read more on our previous blog about how enterprises are preparing to EAA in different European countries.

The directive has been in motion for years, but many organizations still haven’t taken real steps to prepare. Meanwhile, industry leaders are quietly doing the work and positioning themselves to gain compliance and a competitive edge.

If you’re not there yet, you’re not alone. However, you are now at a decision point – move forward or fall further behind?

All Starts from Growth Mindset

There’s a tendency to frame accessibility in regulatory terms, as a box to tick, a deadline to meet, or a risk to avoid. Yet, for businesses that want to squeeze more from opportunity and lead, not just comply, the EAA offers something far more valuable. Namely, a clear reason to improve the user experience for everyone. 

Early adopters are already seeing the benefits. Some retailers, for instance, report up to a 35% increase in conversions after making their digital platforms more accessible. That’s because accessibility improvements often go hand-in-hand with better usability – not just for people with disabilities, but for everyone. We’re talking about cleaner interfaces, clearer navigation, consistent content structures, features that make digital experiences more intuitive. They reduce friction, spark innovation, build trust, and keep customers coming back. 

Essentially, being EAA-ready doesn’t only protect you from fines and sanctions, it also positions you as a business that understands where the market is going – and is prepared to lead in the right direction. 

First Steps to Get Accessibility

So what does it look like to get serious about accessibility when you may be starting a little later than others? 

The first step is very simple: figure out where you stand. That means inspecting your website, apps, service platforms and internal tools, not merely for obvious issues like missing alt texts or contrast failures, but for structural barriers that affect real user journeys. 

  • Can a customer complete a purchase without using a mouse? 
  • Is your chatbot accessible by screen reader? 
  • Do your mobile experiences meet the same standards as desktop?

Of course, these aren’t questions for a single compliance officer to answer. Accessibility touches product, design, development, customer service, and legal operations, which means it has become a shared priority, not a siloed task.

Don’t know where to start EAA preparations? For the first touchpoint, you can download our WCAG 2.1 and PDF Accessibility guides for free (no email address is required). Those guides are created for: 

  • Better understanding of your PDF/UA and WCAG compliance situation
  • What makes PDF documents and site accessible
  • Understanding on how to fix first accessibility red flags.
Download a WCAG 2.1 Guideline
Download a PDF Accessibility Guideline

These guides could be your roadmap to EAA preparations and how to be compliant with PDF/UA (ISO 14289), EN 301 549, and WCAG 2.1. By the way, both of those PDFs are accessible and PDF/UA compliant 🙂

Closing the Gap Without Falling Behind

When time is short and pressure is high, it’s tempting to search for shortcuts. But accessibility isn’t something you can just add on at the end of the process. Real progress means building a roadmap that accounts for both short-term fixes and long-term change.

Yes, some updates are straightforward: adjusting colors, labelling buttons, adding keyboard support. These can and should be addressed quickly. However, other work, such as redesigning navigation flows, integrating with assistive tech, or rethinking your content strategy, takes more time, more collaboration, and more care. 

This doesn’t have to mean halting business as usual – accessibility can be integrated into agile workflows and existing development cycles. In fact, some of the most effective efforts happen incrementally. The key is to start, and to treat accessibility not as a project with an end date, but as a part of how you build and maintain digital services going forward.

Don’t Stop on Alt Text Only

It’s easy to fall into the trap of performative accessibility, making a few quick, visible changes like adding alt text or tweaking colors, and assuming the job is done. However, real accessibility is more than mere appearances, it is also about outcomes: can users with diverse needs actually complete tasks, access information, and engage with your service without barriers?

While alternative text is an essential part of accessibility, it’s only one piece of the puzzle. A truly accessible PDF requires correct tagging structure, proper reading order, logical headings, usable tables, form field labeling, color contrast checks, and more.

Passing an audit once doesn’t guarantee long-term compliance — especially under the European Accessibility Act, where consistency and future updates matter. That’s why accessibility must be systemic, not superficial.

The truth is, accessibility is only meaningful when it works for real people navigating real challenges. That means going beyond checklists to understand how users actually experience your site or service – and whether they’re truly able to use it. 

Even a website that passes today’s audit may fail tomorrow if updates are made without accessibility in mind. Regular testing, feedback from users with disabilities, and iterative improvements are what separate superficial fixes from sustainable progress.

Additionally, there’s value in openness. Letting your customers know you’re working on accessibility,  even if you’re not there yet, can earn you credibility. It signals that you care, that you’re listening, and that you’re committed to building a better digital experience. 

Why PDF Accessibility Demands More Than Automation

Making your PDFs truly accessible isn’t as simple as running an auto-check or pressing a “Make Accessible” button in Adobe. While tools can help flag issues, they rarely deliver fully compliant, user-friendly results on their own — especially when it comes to complex layouts, interactive forms, or branded documents that rely heavily on custom styling.

The challenge? Maintaining visual consistency and brand integrity while ensuring that every element — from tables and infographics to reading order and form fields — works seamlessly with assistive technologies. Automated fixes often flatten design, strip meaning, or miss key accessibility gaps altogether. Worse, they can create a false sense of security while leaving you exposed to compliance risks.

This is not something most internal teams are equipped to handle alone — especially under time pressure. That’s why many organizations partner with accessibility experts who not only understand the technical requirements (PDF/UA, EN 301 549, WCAG 2.1), but also know how to preserve design and user experience throughout the process.

It’s Not Too Late, But It Is Time

This is your chance to step back and ask: How do users move through our services? Where do they get stuck, frustrated, or excluded? What would it look like to make every touchpoint intuitive, inclusive, and seamless?

Accessibility doesn’t sit in a vacuum. It intersects with your ESG goals, your DEI commitments, and your customer experience ambitions. Leading companies are already drawing these lines, and using them to futureproof their strategies. 

So yes, the clock is ticking, but getting serious about accessibility now puts you in a position to lead, not scramble to catch up later. 

Summary

With the European Accessibility Act deadline approaching on 28 June 2025, industry leaders are already working toward compliance and gaining a competitive edge in the process. However, even if you’re behind now, it’s not too late to start. Accessibility isn’t only about ticking boxes. Done well, it improves the experience for everyone, and early adopters are already seeing the benefits. The first step is understanding where you stand and recognizing that accessibility touches every part of your organization. It’s not a one-off project, but an ongoing commitment. Avoid the trap of quick fixes that don’t serve real users. Instead, use this moment to rethink how your digital experiences can be more inclusive and take the first step now. 

DORA word surrounded by EU flag stars, all on planned background

Uncover the DORA Support from Quertum Service

Written by Kateryna Klynovska on . Posted in GDPR.

Understanding DORA 

The Digital Operational Resilience Act (DORA) is a European Union regulation designed to strengthen the digital resilience of the financial sector. It applies to banks, insurance companies, investment firms, and other financial organizations, requiring them to manage ICT risks, secure their digital operations, and ensure business continuity in the face of cyber threats and IT failures.

DORA is primarily focused on the Information Communication Technology (ICT) tools, systems, and third-party services used by the financial sector. Organizations must assess and mitigate ICT risks across their entire operations, including external technology providers.

With DORA becoming fully applicable on January 17, 2025, financial institutions must ensure they comply with a range of risk management, incident reporting, and resilience testing requirements.

Quertum Service in DORA Context

While Quertum is not directly subject to DORA. In the same time, we recognize the importance of this regulation for our customers, including those who are directly impacted and those serving DORA-regulated clients.

As a provider of secure document management and customer communication management, we actively support our customers in aligning with DORA requirements. Our solutions help organizations strengthen their digital resilience, improve data security, and ensure compliance with regulatory standards.

Should your Financial Institution Trust Quertum in DORA Landscape?

At Quertum, we understand that financial institutions must ensure compliance with DORA while maintaining operational efficiency and security.

We provide peace of mind and confidence for our customers by ensuring that we take a range of actions associated with the 5 pillars of DORA regulations:


IT Risk Management. Institutions must establish a comprehensive IT risk management frameworks. As part of our certification to ISO 27001:2022, we carefully review our risks and take all necessary actions to mitigate or remove them.

IT Incident Reporting. Companies must promptly report any significant ICT-related incidents to their respective regulators. We’ve got this covered too via the development of a range of Incident Management documents. Our approach to these requirements supports a coordinated response mechanism for incidents.

Digital Operational Resilience Testing. Quertum systems are regularly tested (business continuity, disaster recovery testing supported by regular penetration and vulnerability tests)to future-proof our digital operational resilience abilities against IT disruptions.

IT Third-Party Risk Management and Oversight. This is a real differentiating factor for us. We do not outsource any development activities or engage any third party IT providers.

Information and intelligence sharing. Sharing information about cyber threats with different financial entities helps improve overall robustness within the industry. We are committed to sharing security awareness threads & trends with all interested parties. We also keep our team up to date with regular awareness training and source best practice advice from a range of trustworthy sources.

Get Ready for DORA Compliance with Quertum

While Quertum is not directly subject to DORA, we recognize its significance for our customers and their extended networks. That’s why we’ve created a DORA-readiness overview—outlining our key commitments and actions to support financial institutions in achieving compliance.

Industries such as finance, banking, insurance ace significant challenges in an increasingly dynamic security landscape. We’re always here to answer any questions that may arise as you search for the right solution to meet your needs.