EAA for SaaS Companies: What Digital Products Must Fix Before 2030
Giriprasad Patil·· 7 min read·EAA & Global Laws
SaaS products deployed to EU users after June 28, 2025 are already required to meet EN 301 549 accessibility standards — not at some future date, but from the moment they launched. If your platform has EU subscribers, there is no transition period for new features. Every screen you shipped after that date must be accessible. And the 2030 deadline that everyone in your industry is referencing applies to your *existing* product backlog, not to new work.
This is the most misunderstood aspect of the European Accessibility Act (EAA) in the SaaS sector: the dual-deadline structure. The EAA compliance window that ends June 28, 2030 is for remediating products and services that existed *before* enforcement began. For anything new — a product you launched last month, a feature you shipped last week — compliance was required on day one.
If your engineering team is treating EAA as a 2030 project, the enforcement calendar says otherwise.
## Does the EAA Apply to Your SaaS Product?
The EAA applies to any company that provides products or services to EU consumers, regardless of where the company is incorporated. A US-headquartered SaaS with EU subscribers is subject to the EAA in the same way as a German one.
The threshold test: **more than 10 employees or more than €2 million in annual turnover**. Any company below both thresholds qualifies for the microenterprise exemption. Most commercial SaaS businesses cross at least one of those lines within their first year of revenue.
In-scope SaaS products and services include:
- **E-commerce platforms** — checkout flows, product pages, customer accounts
- **Online banking and fintech** — account portals, transaction histories, payment interfaces
- **Customer-facing SaaS** — any B2C platform where EU users are the end customer
- **B2B SaaS** — where the "consumers" are employees at EU businesses using your tool
That last point trips up many B2B founders. The EAA language covers "services provided to consumers" — but EU implementation guidance clarifies that B2B services in sectors like banking, transport, e-commerce, and digital communications are in scope when natural persons (employees, end users) interact with the interface. If your enterprise tool has individual user accounts used by EU employees, you're likely in scope.
## What Parts of a SaaS Product Are in Scope?
The EAA covers everything a user interacts with as part of the service. Under EN 301 549, that includes:
| SaaS Element | EN 301 549 Chapter | WCAG Equivalent? |
|---|---|---|
| Web application UI (dashboards, settings, forms) | Chapter 9 | Yes — maps to WCAG 2.1 AA |
| Mobile app (iOS/Android) | Chapter 11 | Partial — adds mobile-specific requirements |
| PDFs, reports, and exported documents | Chapter 10 | No — separate non-web document requirements |
| In-app voice or video calling | Chapter 12 | No — real-time text, captioning latency requirements |
| Knowledge base and help documentation | Chapter 9 + Chapter 10 | Partial |
| Authoring tools (if your SaaS lets users create content) | Chapter 8 | No — authoring tools have their own requirements |
| Customer support chat and email | Support services clause | No |
The scope is broader than most accessibility audits address. A typical WCAG 2.1 AA audit covers Chapter 9 only. If your SaaS includes a mobile app, exports PDFs, or offers a knowledge base, you have compliance obligations in chapters that never appear in a standard WCAG report.
## The Two Deadlines That Matter
**June 28, 2025** — EAA enforcement began. All new products and services put on the market after this date must comply with EN 301 549 immediately. No grace period. No transition window.
**June 28, 2030** — The deadline for bringing *existing* products into compliance. Any SaaS product that was live before June 28, 2025 and has not yet met EN 301 549 has until this date to remediate.
The practical implication: if you launched a new pricing page, onboarding flow, or dashboard feature in Q3 2025 or later, that feature needed to comply from launch. Product managers who are deferring accessibility to "the 2030 roadmap" are creating a growing backlog of non-compliant new features on top of an existing remediation project.
## B2C vs. B2B: Who Bears the Compliance Risk?
In B2C SaaS — where individual consumers in the EU subscribe and use your product directly — the EAA applies clearly. Your platform is the service, your EU subscribers are the consumers, and you carry the compliance obligation.
In B2B SaaS, the picture is more nuanced. If your enterprise customer is an EU-based company and their employees use your tool daily, most EU member states' implementations place the compliance obligation on you as the service provider. Your business customer cannot contractually transfer that obligation to you, but they also cannot use an inaccessible tool without exposing themselves to their own regulatory risk. In practice, **enterprise buyers in the EU are already inserting EN 301 549 compliance clauses into SaaS procurement contracts**. Legal and procurement teams at large EU businesses began including accessibility compliance requirements in RFPs from mid-2025.
Failing to satisfy those clauses is becoming a commercial risk, not just a regulatory one.
## What Enforcement Looks Like in 2026
EAA enforcement operates at the national level. Each EU member state has designated its own market surveillance authority. Enforcement actions visible as of May 2026 include formal notices and Abmahnungen — private warning letters — rather than published fines. But the enforcement machinery is operational.
The countries with the highest penalty exposure for SaaS companies are those with the most aggressive fine structures: the Netherlands (up to **€900,000** or 1–10% of annual turnover, enforced by ACM), Spain (up to **€1,000,000** for very serious violations), and Germany, where BFSG enables competitors to sue each other — private Abmahnungen started arriving in August 2025. Italy's fine can reach 5% of annual revenue for large companies.
For a SaaS company with €10 million ARR and EU customers, **5% of revenue in Italy or 10% of turnover in the Netherlands** represents a fine that would materially affect the business.
## The Accessibility Coverage Gap in Typical SaaS Audits
The 2026 WebAIM Million report found that 94.8% of websites still have detectable WCAG failures, averaging 56.1 errors per page — and that number increased 10.1% from 2025. SaaS dashboards are typically more complex than marketing pages, with more dynamic content, more interactive components, and more third-party integrations, each of which can introduce new violations.
ADAGuard's authenticated scanning capability is specifically relevant here. Standard accessibility tools scan public-facing pages. ADAGuard can scan password-protected pages and logged-in application flows — which is where most SaaS accessibility violations actually live. The dashboard, the settings panel, the checkout page, the onboarding wizard: these are the screens your EU users interact with daily, and they're invisible to tools that only scan public URLs.
ADAGuard covers 22 custom checker categories plus axe-core integration, testing against WCAG 2.2 AA — the criteria that will become the EN 301 549 baseline when v4.1.1 is harmonised. Running a scan gives you a prioritised list of failures with WCAG criterion numbers your engineering team can act on directly.
## What to Do When You Find Violations
Violations in a SaaS product fall into two buckets. First, violations in code your own team controls — these go directly into your engineering backlog with the specific WCAG criterion number from your ADAGuard scan report. Second, violations introduced by third-party SDKs, embedded widgets, or no-code tools your team uses to build flows — these require a vendor ticket with the exact failure and WCAG criterion reference, not a vague "please fix the accessibility."
For EN 301 549 chapters beyond Chapter 9 — mobile, documents, voice — commission a specialist audit after you've addressed the web-layer failures first. The web layer is where the majority of violations live and where you'll see the fastest compliance improvement.
Prioritise by user impact and enforcement exposure: features used by the most EU users, processed during checkout or account creation, and pages linked directly from your public marketing site are the highest-risk surfaces.
## The 30-Second Fix
Run your SaaS application's most critical user-facing URL through [adaguard.io](https://www.adaguard.io) right now — it's free, no signup required. ADAGuard provides ~78% automated WCAG 2.2 AA coverage, far beyond what axe-core alone (~57%), Lighthouse (~42%), or WAVE (~40%) detects. If your product is behind authentication, ADAGuard's authenticated scanning on paid plans handles that too. Your EAA compliance programme starts with knowing what you're dealing with. Start there.
