Skip to main content
← Back to blog

EAA Audit and Inspection Processes: A Complete Compliance Guide

The EAA Deadline Is Not Hypothetical

A mid-sized European bank finalizes a digital loan application portal in the first months after the European Accessibility Act enforcement date of June 28, 2025. Internal testing focused on visual design and browser compatibility—no one ran a formal accessibility audit. The portal's PDF disclosure documents carry no tag tree, the reading order is undefined, and form fields lack programmatic labels. A national market surveillance authority flags the product during a routine inspection sweep. The result: mandatory remediation, a suspension of the product's market availability, and potential penalties under national transposing legislation.

This scenario is not speculative. The EAA—formally Directive (EU) 2019/882, published in 2019—establishes enforceable accessibility standards for a defined set of private-sector products and services across all EU member states. As of June 28, 2025, non-compliant entities face active market surveillance, complaints-driven investigations, and the full range of corrective measures available to national authorities.

Answer Block — What Are the EAA Audit and Inspection Processes?

The European Accessibility Act establishes a two-track enforcement model: proactive market surveillance by national authorities and reactive complaints-based investigations. Audits assess conformance against WCAG 2.1 Level AA for digital services and EN 301 549 V3.2.1 for ICT products, which itself references WCAG 2.1 Level AA. Inspections may be triggered by a surveillance authority's own monitoring program or by a formal complaint from a user or advocacy organization. Authorities can demand technical documentation, conformance statements, and access to systems. Findings of non-compliance may result in corrective orders, withdrawal of the product or service from the market, and financial penalties set by each member state's transposing law. Organizations should maintain a current accessibility conformance report, documented remediation logs, and a formal complaints-handling mechanism as the core of a defensible audit posture.

What Are EAA Regulations?

The European Accessibility Act (EAA), Directive (EU) 2019/882, is a harmonization directive that mandates accessibility requirements for specific private-sector products and services sold or provided within the European Union. Member states were required to transpose the directive into national law by June 28, 2022, and the requirements have been enforceable against in-scope entities since June 28, 2025.

Scope of Coverage

The EAA applies to a defined but broad product and service category list. In-scope items include:

  • Computers and operating systems — hardware and software combinations sold to consumers
  • Self-service terminals — ATMs, ticketing machines, check-in kiosks, and payment terminals
  • Consumer terminal equipment — smartphones and tablets used for electronic communications
  • E-commerce services — online retail platforms offering goods or services to consumers in the EU
  • Banking services — consumer-facing services including online banking portals, mobile apps, and document delivery
  • E-books and dedicated reading software
  • Audiovisual media services — streaming platforms and their access features
  • Electronic communications services — including real-time text and video relay
  • Transport services — passenger air, bus, rail, and waterborne transport's digital touchpoints (websites, apps, ticketing)

EAA vs. ADA: Key Structural Differences

Compliance professionals familiar with the Americans with Disabilities Act should note fundamental structural differences. The ADA is a civil rights statute enforced primarily through private litigation and DOJ action; the EAA is a product and service regulation enforced through national market surveillance authorities. The ADA's public-accommodations title (Title III) reaches virtually all consumer-facing businesses with no general size threshold; the EAA defines a specific product/service list but applies to private entities regardless of sector. The ADA's web accessibility standard—WCAG 2.1 Level AA per the 2024 Title II rule—maps closely to the EAA's digital standard, but enforcement mechanisms, timelines, and documentation requirements differ materially. The ADA Title II deadline for municipalities with populations serving 50,000 or more is April 24, 2026; the EAA's private-sector deadline is June 28, 2025—earlier, and with distinct national penalty regimes.

Technical Standard: EN 301 549 and WCAG 2.1 AA

The EAA's functional accessibility requirements are operationalized through the European standard EN 301 549 V3.2.1 (March 2021), the reference technical standard for the EAA's digital requirements. For web content and documents, EN 301 549 incorporates WCAG 2.1 Level AA—published as a W3C Recommendation on June 5, 2018—as its normative technical baseline. PDF documents delivered as part of an in-scope service must meet the PDF/UA-1 standard (ISO 14289-1:2014) to satisfy EN 301 549's non-web document requirements. Conformance at WCAG 2.1 AA alone is insufficient for PDF deliverables; PDF/UA structural requirements—tagged content, logical reading order, artifact designation, document title metadata—must be independently verified.

EAA Exceptions and Disproportionate Burden

The EAA includes two principal exception mechanisms. First, microenterprises—defined as entities employing fewer than 10 persons and with annual turnover or balance sheet not exceeding €2 million—are fully exempt from EAA obligations when providing services (though not when manufacturing in-scope products). Second, the disproportionate burden exemption permits an in-scope entity to defer or limit specific requirements where compliance would impose a burden disproportionate to the benefit, assessed against defined criteria: net cost relative to overall costs, estimated benefit to persons with disabilities, and the organization's size and resources. Entities invoking disproportionate burden must document the assessment, notify the relevant national authority, and make a non-accessible alternative available where feasible. This exemption is not self-executing—it requires formal documentation and authority notification, and it does not exempt an entity from all accessibility obligations, only from specific requirements deemed disproportionate.

What Is the Inspection Audit Procedure?

EAA inspection and audit processes operate under two complementary regimes. For in-scope products (self-service terminals, consumer terminal equipment, and the like), the market surveillance framework of Regulation (EU) 2019/1020 applies via the EAA. For in-scope services—including the banking, e-commerce, and document-delivery services this guide focuses on—the EAA's own service-compliance and enforcement provisions govern, under which each member state designates national authorities to verify service compliance, handle complaints, and set penalties. Each EU member state designates one or more national market surveillance authorities (MSAs) responsible for verifying compliance and taking corrective action.

Two Triggers for an EAA Audit

Audits and inspections are initiated through two distinct channels:

  1. Proactive market surveillance — MSAs conduct planned monitoring sweeps of in-scope products and services, often using automated scanning, sample testing, and document review. Frequency and methodology vary by member state.
  2. Complaints-based investigations — Any natural or legal person, or representative organization, may lodge a complaint with the relevant MSA. The EAA requires member states to establish accessible complaint mechanisms and obliges MSAs to act on substantiated complaints.

Stages of an EAA Inspection

While member state procedures vary, the EAA's directive framework establishes a consistent procedural architecture:

  1. Initial document request — The MSA requests the organization's accessibility statement, conformance documentation, and any self-assessment records. For digital services, this typically includes a Voluntary Product Accessibility Template (VPAT) or equivalent Accessibility Conformance Report (ACR) referencing EN 301 549.
  2. Technical assessment — Authorities or their appointed assessors perform functional testing of the product or service interface, including assistive technology compatibility testing. For document-heavy services, PDF documents are tested against PDF/UA-1 structural requirements: presence of a complete tag tree, correct reading order, alt text on non-decorative images, language specification, and form field labeling.
  3. Evidence review — Internal audit logs, remediation histories, user testing records, and training documentation may be requested to assess whether the organization has an ongoing conformance process, not merely a point-in-time snapshot.
  4. Preliminary findings and response period — The organization typically receives a findings notice and a defined period to respond or submit additional evidence before a formal determination.
  5. Determination and corrective order — If non-compliance is confirmed, the MSA issues a corrective order specifying required remediation steps and a compliance deadline. Persistent non-compliance triggers escalating measures including withdrawal orders and financial penalties.

What Auditors Examine in Digital Documents

PDF and office-format documents delivered as part of an in-scope service receive specific scrutiny. EAA auditors assessing document accessibility typically examine:

  • Tag tree completeness — whether every content element is tagged with an appropriate PDF structure type (paragraph, heading, list, table, figure)
  • Reading order — whether the tag tree sequence matches the intended logical reading order, independent of visual layout
  • Alternative text — whether all non-decorative images carry meaningful alt text attributes within the figure tag
  • Document language — whether the Lang entry is set at the document and, where relevant, at the span level for multilingual content
  • Form field labeling — whether interactive form elements carry programmatic labels accessible to screen readers
  • Artifact designation — whether decorative, background, and pagination elements are correctly marked as artifacts so assistive technologies ignore them
  • Document title metadata — whether the document title is present in XMP metadata and configured to display in the title bar
  • Heading hierarchy — whether heading tags (H1–H6) reflect actual document structure without skipped levels

The Role of Accessibility Statements

Article 13 of the EAA requires service providers to include accessibility information in the terms and conditions presented to consumers. For digital services, this is commonly implemented as an accessibility statement that identifies the applicable standard, the conformance level achieved, known limitations, and a contact mechanism for users to report barriers. An accessibility statement that is absent, outdated, or non-specific is itself a compliance deficiency that MSAs treat as a first-order finding. The statement must reference EN 301 549 V3.2.1 and WCAG 2.1 Level AA specifically, not a generic commitment to accessibility.

How to Comply with EAA?

EAA compliance is not a single audit event—it is a continuous conformance program anchored to documented processes, technical remediation, and accessible user-facing mechanisms. Organizations with defensible compliance programs share four structural characteristics: complete technical conformance documentation, remediated digital assets, operational complaints handling, and a monitoring cadence that keeps conformance current.

Step 1: Conduct a Scope Determination

Identify every product and service your organization offers that falls within the EAA's enumerated categories. Map each in-scope item to the applicable technical requirements under EN 301 549 V3.2.1. Document this scope determination formally—if an authority questions your compliance posture, a clear scope map demonstrates organizational competence and good-faith effort.

Step 2: Perform a Technical Conformance Assessment

Commission a full conformance audit against WCAG 2.1 Level AA for all web and application interfaces, and against PDF/UA-1 (ISO 14289-1:2014) for all PDF documents delivered as part of an in-scope service. The audit should produce a detailed issue register, not just a pass/fail verdict. Each finding should be mapped to the specific WCAG success criterion or PDF/UA requirement it violates, with severity and remediation effort estimated.

For organizations managing large volumes of PDF documents—regulatory disclosures, product information sheets, account statements, e-book content—manual remediation at scale requires a structured workflow. RemeDocs' PDF remediation process is designed specifically for this challenge: batch remediation with tag tree reconstruction, reading order correction, and conformance verification against PDF/UA-1 and EN 301 549 requirements, producing audit-ready documentation at each stage.

Step 3: Remediate and Document

Prioritize remediation by user impact and audit exposure. Consumer-facing documents at the point of sale, account opening, and service delivery represent the highest-risk PDF assets because they are the most likely to be tested in a complaints-based investigation. For each remediated document, retain a remediation record that includes the original conformance state, the specific changes made, the tool or process used, and a post-remediation conformance verification result.

Step 4: Publish an Accurate Accessibility Statement

Draft an accessibility statement that specifies EN 301 549 V3.2.1 and WCAG 2.1 Level AA as the applicable standards, documents any known non-conformances with remediation timelines, and provides a functional contact mechanism. Review and update this statement at a minimum annually and following any significant service change.

Step 5: Establish a Complaints Mechanism

The EAA requires in-scope service providers to offer users a mechanism to report accessibility barriers. This mechanism must itself be accessible. Log all complaints received, document the investigation undertaken, and record the resolution. A complaint log with documented resolutions is substantive evidence of good-faith compliance effort in an MSA investigation.

Step 6: Build a Monitoring Cadence

Accessibility conformance degrades over time as content is updated, platforms are changed, and new documents are added. Establish a monitoring schedule that includes automated scanning for regression detection, periodic manual audits of high-traffic flows, and a gating review for new document templates before deployment. When using RemeDocs for ongoing document remediation, the platform's conformance verification step functions as a built-in quality gate, flagging structural issues before a document reaches end users.

Practical EAA Compliance Checklist

  • Formal scope determination document mapping products/services to EAA categories
  • WCAG 2.1 Level AA conformance audit completed for all in-scope digital interfaces
  • PDF/UA-1 audit completed for all PDF documents delivered as part of in-scope services
  • Issue register with severity ratings and remediation owners assigned
  • Remediation completed and verified for high-priority assets — the June 28, 2025 deadline is now in force
  • Accessibility statement published, referencing EN 301 549 V3.2.1 and WCAG 2.1 AA
  • Accessible complaints mechanism live and monitored
  • Complaint log template and resolution workflow documented
  • Disproportionate burden assessment completed and documented where applicable
  • Monitoring schedule established with defined review triggers
  • Staff training completed for content authors, developers, and document producers

Enforcement date: June 28, 2025 — the date from which EAA requirements are enforceable against in-scope private-sector entities across EU member states.

Technical standard: EN 301 549 V3.2.1 (March 2021), which incorporates WCAG 2.1 Level AA as the normative baseline for web content and digital documents.

Document standard: PDF/UA-1 (ISO 14289-1:2014) for non-web documents, including PDFs delivered as part of an in-scope service.

Enforcement authority: National market surveillance authorities designated by each member state; complaints may be filed by any natural or legal person.

Microenterprise exemption: Entities with fewer than 10 employees and annual turnover or balance sheet not exceeding €2 million are exempt from EAA service obligations (not product manufacturing obligations).

Disproportionate burden: Available but requires formal documentation, authority notification, and an accessible alternative where feasible—not self-executing.

ADA comparison: ADA Title II (public entities, 50,000+ population) deadline is April 24, 2026, also at WCAG 2.1 Level AA. EAA applies to private-sector entities with a June 28, 2025 deadline—earlier and with distinct enforcement architecture.

EAA Audit FAQs

Who enforces the EAA after June 28, 2025?

Each EU member state designates its own national market surveillance authority (MSA) under its transposing legislation. In Germany, France, Ireland, and other member states, these may be existing consumer protection or telecommunications regulators given expanded mandates. Organizations operating across multiple member states face oversight from multiple national authorities simultaneously.

Does the EAA apply to non-EU companies?

Yes. The EAA applies to any entity offering in-scope products or services to consumers in the EU, regardless of where the entity is headquartered. A U.S.-based e-commerce retailer selling to German consumers is in scope for EAA obligations with respect to that service. The relevant authority is the MSA in the member state where the service is provided or the consumer is located.

What is the difference between a WCAG 2.1 AA conformance audit and an EAA compliance audit?

A WCAG 2.1 AA conformance audit tests web content against 50 success criteria across four principles (Perceivable, Operable, Understandable, Robust). An EAA compliance audit is broader: it covers the same WCAG criteria for digital interfaces but also assesses non-web documents (PDF/UA-1 requirements), self-service terminal hardware, complaints-handling processes, accessibility statement completeness, and organizational documentation. WCAG conformance is a necessary but not sufficient component of EAA compliance.

What does disproportionate burden mean in practice?

The disproportionate burden provision allows an in-scope organization to limit specific accessibility requirements where the cost of compliance is demonstrably disproportionate to the benefit delivered to persons with disabilities. The assessment must weigh net cost against overall costs, organizational size, estimated frequency of use by persons with disabilities, and the duration of use. Critically, the organization must notify the relevant MSA and must provide an accessible alternative means of accessing the service where feasible. The burden is on the organization to substantiate the claim—unsubstantiated assertions of disproportionate burden are not a defensible audit position.

Are PDF documents covered by the EAA?

PDF documents are covered when they are delivered as part of an in-scope service—for example, a bank's account statement, an e-commerce order confirmation, or an e-book. The applicable standard is EN 301 549 V3.2.1's requirements for non-web documents, which reference PDF/UA-1 (ISO 14289-1:2014). A PDF that lacks a complete tag tree, has undefined reading order, or carries untagged images will fail an EAA document accessibility assessment regardless of its visual presentation.

What is Level Access EAA and how does it relate to this framework?

Level Access is an accessibility consulting and platform vendor operating in the EAA compliance market. Organizations evaluating vendors for EAA audit support should assess any vendor against the specific technical requirements of EN 301 549 V3.2.1 and PDF/UA-1, not on market positioning alone. For PDF and document remediation specifically—a technical discipline that requires structural tag tree reconstruction, not just automated scanning—RemeDocs provides a purpose-built remediation workflow with audit-trail documentation suitable for MSA review.

What documentation should be ready before an EAA audit?

  • Scope determination document
  • Current Accessibility Conformance Report (ACR) referencing EN 301 549 V3.2.1
  • Accessibility statement with standard references, known limitations, and contact information
  • Remediation log for previously identified issues
  • Complaint log with documented resolutions
  • Disproportionate burden assessment documentation (if applicable)
  • Training records for staff responsible for accessible content production
  • PDF/UA-1 conformance verification records for in-scope document assets

Preparing for What Comes After June 28, 2025

The EAA enforcement landscape will not remain static after the June 28, 2025 deadline. Member states with stronger consumer protection traditions—Germany, the Netherlands, France—are likely to develop active surveillance programs with published sector-specific enforcement priorities within the first 12–18 months. Complaints-based enforcement will generate case law that clarifies scope ambiguities, particularly around which digital services qualify as in-scope and how disproportionate burden claims are assessed in practice.

WCAG 2.2, published as a W3C Recommendation on October 5, 2023, adds nine new success criteria over WCAG 2.1. EN 301 549 will eventually be updated to reference WCAG 2.2, at which point the EAA's technical baseline will shift. Organizations that have built conformance programs on WCAG 2.1 AA should monitor the EN 301 549 revision process and assess their exposure to the additional WCAG 2.2 criteria—particularly the focus appearance, dragging movements, and accessible authentication criteria—before a revised standard is mandated.

For document accessibility, the evolution of PDF/UA-2 (ISO 14289-2), which aligns with the PDF 2.0 specification, will eventually create a new compliance baseline for organizations generating high volumes of structured documents. Remediation programs built on PDF/UA-1 conformance today should be designed with migration pathways in mind.

Organizations that treat the June 28, 2025 deadline as a one-time compliance event will face mounting audit exposure as surveillance programs mature. The defensible posture is a continuous conformance program with documented monitoring, rapid remediation capability, and accessibility integrated into content production workflows from the point of creation—not retrofitted after the fact. RemeDocs supports this posture by embedding conformance verification into the document production pipeline, ensuring that PDF assets entering service delivery are audit-ready by default.

Ready to make your PDFs accessible?

Upload any PDF and get a fully compliant, audit-ready document back in seconds.

Try free PDF audit
← Back to all posts