Back to Blog
One year of the European Accessibility Act: what actually happened
The EAA turned one on 28 June 2026. No fine tsunami — but a landmark court ruling, a professional warning-letter industry, and regulators quietly staffing up.
11 min read
On 28 June 2025, the European Accessibility Act became applicable across the EU. In the months before that date, you could find two confident predictions: vendors warning that fines would start raining down on 29 June, and sceptics saying the law would never be enforced at all.
One year in, we can check both predictions against what actually happened. We track every verified EAA enforcement action in our live enforcement tracker, and the honest summary is: both camps were wrong — and the way they were wrong tells you exactly what to do next.
What didn't happen: the fine tsunami
Let's start with the misses, because they matter for anyone deciding how seriously to take this law.
- No wave of regulator fines. One year in, we still cannot point to a single confirmed, regulator-issued fine under a national EAA transposition law. The famous Vueling penalty (€90,000 plus a ban from public funds in Spain) predates the EAA and was issued under older Spanish rules.
- Norway's "running penalty" quietly ended at €0. The HelsaMi health-portal case — widely cited as an accruing daily fine — was resolved before the December 2025 deadline. The portal was fixed, supervision was closed, and no money changed hands. The threat worked; the fine never materialised.
- A headline lawsuit was dismissed on a technicality. In May 2026 the Lille court threw out the case against Auchan over which turnover threshold applied — a procedural question, now under appeal. First-generation lawsuits hit first-generation problems.
If you stopped reading here, you might conclude the law is toothless. That would be the second wrong prediction.
What did happen: a court ruling with teeth
On 4 June 2026, the Tribunal judiciaire de Caen handed down the first landmark EAA-era judgment against a major retailer. The court ordered Carrefour France to make its e-commerce site and mobile app fully compliant within six months, with a penalty of €500 per day after the deadline. Carrefour argued its 71% RGAA compliance score showed good faith; the court rejected that, calling accessibility an obligation of result — you're accessible or you're not, and effort is not the standard.
Two details of that case matter more than the ruling itself:
- It wasn't brought by a regulator. Disability associations (apiDV and Droit Pluriel) took Carrefour to court. The French consumer-protection authority runs a separate, so-far-pedagogical track. Year one's sharpest enforcement came from civil society, not the state.
- "Partially compliant" was not a defence. A 71% score from one of Europe's largest retailers — with a real accessibility budget — was ruled insufficient. That's the benchmark now on record.
Cases against E.Leclerc and Picard from the same litigation wave are still pending. Whatever the appeal outcomes, the playbook is public: associations can sue, and courts will impose deadlines with daily penalties.
EAA Enforcement Timeline · one year in
Confirmed fines, court rulings, and enforcement patterns since 28 June 2025
- Jun 2025Law in effectEAA becomes enforceableAll 27 EU states · 28 June 2025
- Aug 2025Enforcement patternGermany: Abmahnung wave beginsBFSG go-live; law firms file cease-and-desists under UWG
- Oct 2025Regulatory milestoneNetherlands: mandatory reportingACM begins publishing non-compliance findings
- Nov 2025Lawsuit filedFrance: first association lawsuitsapiDV & Droit Pluriel sue Auchan, Carrefour, E.Leclerc, Picard
- Dec 2025Resolved — no fineNorway: HelsaMi resolvedDaily-penalty threat forced a fix before the deadline — €0 ever charged
- Jan 2026Confirmed fine / rulingSpain: Vueling fined €90,000National High Court · pre-EAA accessibility law*
- May 2026Case dismissedFrance: Auchan case dismissedThreshold technicality (Lille) — under appeal at Douai
- Jun 2026Confirmed fine / rulingFrance: Carrefour condemned€500/day + 100% RGAA in 6 months · "obligation of result"
* Vueling fine issued under Royal Decree 1112/2018 (Spanish accessibility law; predates the EAA but mirrors WCAG 2.1 AA). Verified June 2026.
The German channel: warning letters became an industry
Germany's EAA transposition, the BFSG, has produced no named regulator fine yet either. What it produced instead is arguably more relevant to a small shop: a professionalised Abmahnung wave.
An Abmahnung is a formal warning letter, typically sent by a competitor or a specialised law firm under unfair-competition rules, demanding you fix violations and pay their costs. The first wave, in late 2025, was scattershot. Industry reporting from mid-2026 describes a second wave that is qualitatively different: letters now arrive backed by formal audit reports, with typical demands of around €1,780 (net) in legal fees plus roughly €490 (net) for the audit report — before you've spent a cent actually fixing anything.
The same reporting puts the average German company at only around 49% of the applicable accessibility criteria, with more than 80% of examined shops not fully compliant at the start of 2026. We treat those market-wide figures with some caution (the methodology isn't published), but they rhyme with what the independent WebAIM Million study found globally in 2026: 95.9% of homepages had detectable WCAG failures. There is no shortage of valid targets — which is exactly why the warning-letter business model works. We covered how these letters work and how to respond in our German-market deep dive.
The quiet story: regulators spent year one building the machine
The most underreported development of the year is what regulators did while not issuing fines.
Hiring ~70 auditors, running sweeps, publishing procedures, and coordinating across borders is not what an agency does with a law it plans to ignore. It's what an agency does in the year before it starts sanctioning.
The escalation ladder — and why it favours you
Monitoring bodies have been unusually open about their sequence. It looks like this:
- Automated scanning. Regulators scan sites in bulk and validate non-conformance — the same machine-detectable issues any scanner finds: missing alt text, unlabelled controls, broken keyboard access.
- Outreach. A letter or a visit: here's what we found, here's what we expect.
- Escalating scrutiny for non-responders. Repeated contact, deadlines, potential on-site inspection. Regulators have flagged what triggers escalation: missing or unserious remediation plans, repeated consumer complaints, and no evidence of forward movement.
- Formal sanctions. Fines and orders — in Austria, financial penalties can be imposed without litigation.
Read that ladder as a shop owner and the strategic implication is plain: the cheap exit is at step one. Everything the automated scan finds, you can find first. A credible, visible remediation effort de-escalates at every rung — the Carrefour court punished a company it deemed to be coasting, and regulators explicitly reward documented progress. Silence and inaction are the two behaviours the system is designed to punish.
Three lessons from year one
- Enforcement arrived from the side, not from above. Associations sued, competitors sent warning letters, and regulators mostly watched and built capacity. If you modelled your risk as "will the state fine me?", you modelled the wrong actor — for now.
- Partial compliance is not a safe harbour. The one major court judgment of the year rejected 71% compliance from a company with vastly more resources than any SMB. "We're working on it" only counts if it's documented, funded, and visibly moving.
- The detectable basics decide who gets targeted. Warning-letter firms and regulators alike select targets by automated scan. The shops that get letters are overwhelmingly the ones failing checks a machine can run in minutes.
What to do this quarter
Not a 40-point checklist — the two moves that match how enforcement actually worked in year one:
- Close the machine-detectable gap. Run a scan, fix the alt texts, button labels, contrast failures and keyboard traps it surfaces. This is what removes you from every automated target list — the regulator's and the law firm's. (Platform-specific steps: our Shopify / WooCommerce / WordPress checklist.)
- Have your paper trail ready. An accessibility statement, a dated scan report, and a short remediation plan. On the escalation ladder, the difference between "non-responder" and "company with a credible plan" is the difference between step 3 and a closed file — Norway's HelsaMi case ended at €0 for exactly this reason.
See what an automated sweep would find on your shop
Webply runs the same category of automated checks regulators and warning-letter firms use to pick targets — and turns the results into a prioritised fix-list plus the compliance paper trail. Free scan, no credit card, no overlay.
Related reading
Sources
- Tribunal judiciaire de Caen ruling of 4 June 2026 (Carrefour France) — as reported in French legal press; case brought by apiDV and Droit Pluriel.
- One year of the EAA — Deque Systems (2026): regulator staffing, May 2026 coordination meeting, escalation sequence.
- 1 Jahr Barrierefreiheitsstärkungsgesetz — German industry reporting on the Abmahnung wave and market compliance levels (methodology not published; figures indicative).
- The WebAIM Million 2026 — automated WCAG failure rates across 1M homepages.
- Webply EAA Enforcement Tracker — our verified, continuously updated case list (primary sources only).
This article is informational, not legal advice. Enforcement details reflect our verification status as of 14 July 2026; court cases under appeal may change. For decisions about your specific obligations, consult a lawyer in your member state.