Written by: Kacper Osiewalski, Lead Backend Engineer, Digital Colliers
The deadline is behind us. The European Accessibility Act came into force on 28 June 2025, and most eCommerce storefronts selling into the EU still fall short of the technical baseline. If you sell into any EU member state and you're above the size threshold, you're already exposed. The question is how much, and where you patch first.
What the EAA actually asks of a storefront
The EAA is a directive, so each member state transposes it into national law with its own enforcement flavour. The substance is consistent though. If you run a consumer-facing online store, your site, checkout, mobile app, and pre-purchase information all have to be accessible to users with disabilities. The technical yardstick regulators are using is WCAG 2.1 Level AA. That's the same standard the public sector has been held to for years, now extended to private eCommerce.
In practice, WCAG 2.1 AA means things like:
- Every interactive element reachable and operable by keyboard alone.
- Colour contrast at 4.5:1 for normal text, 3:1 for large text.
- Form fields with real labels, not just placeholder text.
- Images with meaningful alt text, not filenames or empty strings.
- Video content with captions and, where relevant, audio descriptions.
- Focus states visible on every control, not stripped by the design system.
None of this is exotic. It's the checklist your frontend team already knows exists. The problem is nobody prioritised it.
Who is actually on the hook
The EAA carves out microenterprises for services. If you have fewer than 10 employees and under €2M in annual turnover, the service obligations don't apply to you. Everyone else is in scope, and "everyone else" is where the noise is right now. Mid-sized DTC brands assumed this was an enterprise problem. It isn't. If you're a UK brand shipping into Germany or France through a local entity or a fulfilment partner, you're still expected to meet the standard for those customers.
One detail worth flagging. The obligation covers products too, not just the website. Digital products sold on the store, e-readers, self-service terminals, ticketing kiosks, and consumer banking interfaces all have their own product-side requirements. If you sell your own hardware or a digital product with an interface, get a specialist involved.
The product-feed hygiene angle nobody talks about
Here's where the pattern gets interesting. Accessibility audits keep surfacing the same class of failure, and it's not the checkout. It's the product data itself. Alt text auto-generated from SKU codes. Size charts embedded as flat images with no text alternative. Materials and care instructions stored as PDFs with no tagged structure. Colour described only through swatches, no accessible name.
If your PIM feeds a headless storefront, the accessibility failures are baked into the feed. You can rebuild the frontend to be WCAG perfect and still fail an audit because your 40,000 product pages inherit garbage descriptive data. The teams shipping compliance work in 2026 are the ones treating this as a data quality project first and a UI project second. Fix the feed, and the storefront inherits the fix. Fix the storefront alone, and you're patching symptoms.
Enforcement pace and exposure
Don't expect a €20M fine on day one. That's not how EU enforcement usually plays out. GDPR is instructive here. Fines reach up to €20M or 4% of global turnover, but the first two years were mostly guidance, warnings, and low-value penalties before the big cases landed. Expect the EAA to follow a similar curve. National market surveillance authorities are staffing up. Complaints from consumer groups and disability advocacy organisations are the trigger most often, not proactive audits.
The realistic 2025-2026 exposure profile looks like this:
- Consumer complaints escalated to national authorities, followed by remediation orders with tight deadlines.
- Civil claims in member states that allow them, particularly Germany.
- Marketplace and payment-partner pressure, since platforms don't want their own compliance status muddied by non-compliant merchants.
With UK eCommerce growth sitting at roughly 3% year-over-year, and customer acquisition costs up around 40% since 2023, the margin to absorb a forced remediation sprint plus lost sales during a takedown period is thin. The operators moving now are the ones who ran the numbers on that trade and decided reactive was more expensive than proactive.
If your team hasn't run a WCAG 2.1 AA audit against production, that's the first move. The second is looking at the feed, not the frontend.

