Enforced since June 28, 2025 — fines are active
EAA Is Enforced. Is Your Checkout Compliant?
The European Accessibility Act requires every e-commerce checkout to meet WCAG 2.2 AA. Penalties are live: up to EUR 500K in Germany, 5% of turnover in Italy. SmarterTariff is the only tool that scans inside cross-origin payment iframes — the blind spot where most violations hide.
Supply chain → checkout → accessibility → AI. Every broken link is a self-imposed tariff on your revenue.
What the EAA Requires
The European Accessibility Act (Directive 2019/882) sets binding accessibility requirements for all e-commerce services in the EU market. Here is what you need to know.
Scope: All E-Commerce
The EAA covers all e-commerce services sold to EU consumers, including product browsing, checkout, payment, and order confirmation. This applies to businesses of any size operating in the EU market.
Standard: WCAG 2.2 AA
The EAA references the EN 301 549 harmonised standard, which maps directly to WCAG 2.2 AA. This includes perceivable content, operable interfaces, understandable navigation, and robust markup.
Enforced: June 28, 2025
The transposition deadline passed in June 2022. National enforcement began June 28, 2025. Market surveillance authorities in each member state can now investigate and penalise non-compliant services.
Responsibility: Shared Liability
Merchants are responsible for their checkout flow's accessibility, even when using third-party payment providers. Embedding an inaccessible Stripe or PayPal iframe does not shift liability to the payment provider.
EAA Penalties by Country
Each EU member state sets its own enforcement mechanism and penalty structure. These are already active.
Germany
EUR 500,000
Per violation, enforced by the Federal Network Agency (BNetzA)
Italy
5% of turnover
Annual revenue-based penalty, enforced by AGID
France
EUR 250,000
Per infraction, enforced by ARCOM
Netherlands
EUR 100,000
Administrative fines, enforced by the Authority for Consumers & Markets
Why Checkout Is the Highest Risk
Payment iframes are the single largest compliance blind spot in e-commerce. Standard accessibility scanners cannot reach inside them.
Cross-Origin Iframes Are Invisible to Scanners
Stripe Elements embeds card fields in iframes on js.stripe.com. PayPal and Braintree do the same on their own domains. Browser same-origin policy blocks external tools from inspecting these frames. Deque axe, Siteimprove, and accessiBe all report “no issues found” while critical violations exist inside the payment form.
Form Labels and Error Messages in Iframes
WCAG 1.3.1 (Info and Relationships) and 3.3.1 (Error Identification) require that form fields have programmatic labels and that errors are identified in text. When card number, expiry, and CVC fields live inside an iframe, missing labels mean screen readers announce “edit text, blank” instead of “Card number.” Users cannot complete payment.
Keyboard Navigation Through Payment Flows
WCAG 2.1.1 (Keyboard) and 2.4.7 (Focus Visible) require that every interactive element is reachable and operable via keyboard. When focus enters a payment iframe and cannot exit, or when focus indicators disappear inside the frame, keyboard-only users and screen reader users are locked out of completing their purchase. This is both an EAA violation and a direct revenue loss.
How SmarterTariff Helps
The only platform auditing cross-origin payment iframes. Not Deque, not Siteimprove, not accessiBe.
Free 30-Second Scan
Enter any URL and get a full WCAG 2.2 AA compliance report in about 30 seconds. Cached results mean repeat scans return instantly. No credit card required.
Payment Provider Detection
Automatically identifies Stripe Elements, PayPal, Square, Braintree, and Adyen integrations. Maps violations specific to each provider's iframe implementation.
Violation-by-Violation Remediation
Each detected issue includes the WCAG criterion violated, severity level, affected element, and specific remediation guidance your developers can act on immediately.
Export for Compliance Documentation
Generate detailed reports suitable for compliance teams, legal review, and regulatory filings. Prove due diligence with timestamped scan results and remediation records.
EAA Compliance FAQ
- What is the European Accessibility Act (EAA)?
- The European Accessibility Act (Directive 2019/882) is EU-wide legislation requiring that products and services sold in the European market meet accessibility standards. For e-commerce, this means the entire purchase journey — from browsing to checkout to order confirmation — must conform to WCAG 2.2 AA. The EAA was adopted in 2019 and became enforceable on June 28, 2025.
- Does the EAA apply to non-EU companies?
- Yes. The EAA applies to any business offering products or services to consumers in the EU, regardless of where the company is headquartered. If a US or Canadian e-commerce site accepts orders from EU customers and ships to EU addresses, its checkout flow must comply. This includes payment forms, error messages, and order confirmation screens.
- What are the penalties for EAA non-compliance?
- Penalties vary by EU member state. Germany allows fines up to EUR 500,000 per violation. Italy can impose penalties up to 5% of annual turnover. France allows fines up to EUR 250,000. Member states can also order services to be withdrawn from the market until compliance is achieved. Enforcement is handled by national market surveillance authorities.
- Why are payment iframes the highest-risk area for EAA compliance?
- Payment providers like Stripe, PayPal, and Braintree embed card entry fields inside cross-origin iframes hosted on their own domains. Browser same-origin policy prevents any external accessibility scanner from inspecting those iframes. This means standard audit tools report your checkout as compliant when the actual payment fields may have missing labels, broken keyboard navigation, or insufficient contrast — all EAA violations that go undetected.
- How does SmarterTariff scan for EAA compliance?
- SmarterTariff uses a Playwright-based headless browser that navigates your full checkout flow, detects the payment provider (Stripe, PayPal, Square, Braintree, Adyen), and analyzes WCAG 2.2 AA violations including those inside cross-origin payment iframes. A first scan completes in about 30 seconds. Results include violation-by-violation remediation guidance, EAA compliance mapping, and exportable reports for compliance documentation.
Check Your EAA Compliance Free
The EAA is enforced. Fines are active. Your checkout’s payment iframes are the highest-risk area — and the one place no other scanner can reach. Find out where you stand in 30 seconds.
Free tier includes cached results for any URL. No credit card required.