Which Sectors Are in Focus Under the EAA? GDPR Lessons and What to Expect in 2025
When the GDPR came into force in 2018, companies had to adapt how they handled personal data. It set a new standard for privacy and introduced penalties that many businesses were unprepared for. Now, the European Accessibility Act (EAA) is following a similar trajectory – only this time, the focus is on accessibility.
The EAA takes full effect on June 28, 2025. The new Directive aims to ensure that digital products and services, such as websites, apps, documents, and ticketing systems, are accessible to people with disabilities across the EU. For many businesses, this will mean redesigning websites, rethinking digital communications, and ensuring that customer-facing services meet accessibility standards like WCAG and PDF/UA. The parallels to GDPR are clear: a sweeping EU regulation, broad applicability, and the potential for significant fines for non-compliance.
Yet few organisations have a clear plan in place to meet the upcoming requirements.
High-Exposure Sectors: Who Will Feel the EAA First?
Industries that rely heavily on digital customer interaction are the first in line. This includes finance, where online banking and digital onboarding are core to the customer journey; retail, where e-commerce platforms and checkout systems must be accessible by default; and transportation, where digital ticketing and self-check-in are now standard. Public services such as healthcare portals and government sites are also squarely within scope, especially given the public-sector accessibility precedents already in place.
In these sectors, the risks often take the shape of inaccessible platforms, customer documents, or service workflows, each of which may soon be considered a legal liability under national enforcement laws.
What raises the stakes even further is visibility. The more essential a service is to daily life, the more likely it is to be scrutinised, and the less tolerance regulators will have for inaccessible touchpoints.
One Directive, 27 Penalty Systems
Just like with the GDPR, the EAA leaves enforcement in the hands of EU Member States. This means companies must pay close attention to the specific penalties and compliance expectations in each country where they operate.
Some countries have already outlined substantial fines. In Spain, Ley 11/2023 introduces penalties of up to €1 million per infringement, explicitly covering electronic documents like PDFs. Germany’s Barrierefreiheitsstärkungsgesetz allows for fines of up to €500,000, and in severe cases, non-compliant digital products or services can even be removed from the market.
Elsewhere in the EU, the landscape remains just as serious. France imposes fines of up to €300,000, Czechia up to €400,000, and Hungary has set penalties as high as €1.26 million or 5% of annual net turnover. In Italy, fines can reach €40,000, or up to 5% of turnover under the Stanca Law for private entities.
Enforcement isn’t uniform, and that’s the point. While the EAA sets a harmonised baseline, the risks vary dramatically by jurisdiction. Businesses with operations or customers across multiple countries must be proactive in tracking national developments to avoid falling foul of country-specific enforcement actions.
For a quick overview of the already established EAA penalties across EU markets, see the table below.
From Privacy to Accessibility: How GDPR Prepared Us for the EAA
The GDPR era taught businesses several hard-earned lessons. Some of them can be directly applied to the EAA:
✅ Compliance is a continuous process, not a single deadline
✅ User expectations evolve, and meeting them consistently builds trust
✅ Regulatory alignment can become a competitive advantage
✅ One-size-fits-all solutions rarely work in complex, multi-market operations
✅ Technology alone isn’t enough – internal processes and policy need to support it
Perhaps most importantly, GDPR showed us that EU legislation doesn’t stay theoretical for long. Once enforcement begins, regulators act – especially where clear obligations have been set and ignored.
The EAA will likely follow a similar trajectory. Companies that treat accessibility as a long-term priority, and can demonstrate visible progress, will be in a much stronger position than those that scramble to catch up. Building capability early helps reduce risk, avoid reputational damage, and respond confidently as national enforcement frameworks mature.
EAA Day One: What Happens After June 2025?
The EAA becomes enforceable on June 28, 2025 – but that date doesn’t mark the end of the road. It marks the beginning of active enforcement and increased scrutiny. Compliance won’t be measured by a single audit on that day, but by how well your organisation is prepared to show progress, intent, and structure.
Just as with GDPR, regulators are unlikely to expect flawless implementation on day one. What they will expect is a demonstrable plan – evidence that your company understands its obligations and is actively working to meet them. That includes documented audits, defined roles and responsibilities, and timelines for remediating accessibility gaps.
The most resilient companies will treat this moment not as a finish line, but as the launch of a more permanent phase of compliance. Laws will evolve, interpretations will shift, and enforcement will likely become more consistent over time. Establishing regular review cycles, tracking relevant country-level legislation, and integrating accessibility into procurement and development processes will be essential to keeping pace.
June 2025 isn’t the point where you need to have everything perfect. It’s the point where you need to have a credible, visible path forward – and the ability to prove that accessibility is already part of how your organisation operates.
Set the Standard, Don’t Chase It
If GDPR taught us anything, it’s that the cost of inaction grows fast. The companies that took early, practical steps toward compliance were the ones that avoided penalties and earned long-term trust. The same holds true for the EAA.
At Quertum, we can help you take those early, practical steps, by making your digital communications accessible, efficiently and at scale. Whether you need support implementing PDF/UA standards or ensuring your customer-facing content meets EAA requirements, we’re here to help you get it right from the start.
Accessibility doesn’t have to be overwhelming.
Quertum helps make it manageable. See how we can support your accessibility implementation.
Summary
The shift from GDPR to the European Accessibility Act (EAA) marks a new phase in EU regulation, this time focused on digital accessibility. Like the GDPR, the EAA has a broad scope and serious penalties, yet many organisations remain unprepared. Industries that depend on digital customer interaction, including finance, retail, transport, and public services, are especially exposed. The more essential and visible the service, the greater the risk of regulatory scrutiny. While the EAA provides a shared EU framework, each Member State sets its own penalties, resulting in varied enforcement across countries. This variation is intentional, which makes staying informed about local requirements essential. A key lesson from the GDPR still holds true: compliance is not a one-time task. Companies that take early steps toward accessibility will be better equipped to manage risk and build long-term trust. June 2025 is not the point when everything must be perfect, but the moment when meaningful progress must be visible.
Let’s drive your Digital Transformation Together.
Schedule a free consultation with our team to explore how we can help you achieve your goals.
See also
PDF Accessibility for EAA: How to Start, Where You Stand, and Why It Matters
How Legacy Systems Are Slowing Down Modern Business Managers
