EN 301 549 vs WCAG 2.1: What's the Difference and Which One Applies to You
Giriprasad Patil·· 8 min read·EAA & Global Laws
If your website passes WCAG 2.1 AA, you still might not satisfy EN 301 549 — and under the European Accessibility Act (EAA), now in full enforcement since June 28, 2025, that distinction carries real regulatory consequences. Every day, accessibility teams conflate the two standards and file away their WCAG audit results as proof of EAA compliance. They're not the same document — and the gap is exactly where enforcement notices land.
EN 301 549 is the European harmonised standard that defines technical accessibility requirements across the full range of ICT products: websites, mobile apps, desktop software, hardware, kiosks, document formats, and support services. WCAG 2.1 is the underlying content guideline that EN 301 549 incorporates for web and mobile. WCAG is the specification; EN 301 549 is the legal instrument that gives WCAG its enforcement teeth in the EU — while also adding over a hundred additional requirements that WCAG never mentions.
Understanding the relationship between these two frameworks is no longer an academic exercise. It determines whether your EU-facing product satisfies the EAA, or whether a national market surveillance authority in Germany, the Netherlands, or Spain can issue a formal notice.
## What Is EN 301 549?
EN 301 549 is a European standard published jointly by ETSI, CEN, and CENELEC. Its full title is "Accessibility requirements for ICT products and services," and it's the technical backbone of the EAA. When the European Commission refers to the harmonised standard for the EAA, EN 301 549 is what it means.
The current version — **v3.2.1, published in 2021** — incorporates WCAG 2.1 Level AA in its entirety through Chapter 9. But that's where the similarity ends. EN 301 549 extends well beyond web content into every category of ICT that a modern business might deploy.
The standard is organised into chapters:
- **Chapter 9** — Web content (maps to WCAG 2.1 AA in full)
- **Chapter 10** — Non-web documents (PDFs, Word files, presentations)
- **Chapter 11** — Mobile applications
- **Chapter 12** — Two-way voice communication (telephony, real-time text)
- **Chapter 13** — ICT with video capabilities
- **Chapter 14** — Hardware (ATMs, kiosks, payment terminals, self-service machines)
- **Chapters 5–8** — Generic ICT requirements, including authoring tools, documentation, and support services
A WCAG 2.1 AA audit covers Chapter 9 only. If your business also delivers a mobile app, processes PDFs, uses a kiosk, or provides customer support services, you have additional compliance obligations that WCAG doesn't address at all.
## EN 301 549 vs WCAG 2.1: The Core Differences
| Standard | Scope | What It Covers | Legal Force in EU |
|----------|-------|----------------|-------------------|
| WCAG 2.1 AA | Web content, mobile web | Perceivable, Operable, Understandable, Robust | Guideline — no direct legal force |
| EN 301 549 v3.2.1 | Web, mobile apps, software, hardware, documents, support | WCAG 2.1 AA + ICT-specific requirements | Harmonised standard — creates presumption of EAA conformity |
| EN 301 549 v4.1.1 (expected 2026–27) | All ICT | WCAG 2.2 AA + updated ICT requirements | Will replace v3.2.1 once harmonised |
| European Accessibility Act | Products and services sold in EU market | Technical compliance via EN 301 549 | Law — enforced by national regulators |
WCAG's requirements focus on the four POUR principles — Perceivable, Operable, Understandable, Robust — applied to web and mobile content. EN 301 549 incorporates all of those, then adds:
**Two-way voice communication**: requirements for captioning latency, real-time text (RTT) support, and voice quality for users with hearing or speech disabilities. This applies to any SaaS tool with a voice or video calling feature.
**Authoring tools**: CMSs, page builders, email editors, and other tools that produce web content must support accessibility in their interfaces and help users create accessible output. If you sell a CMS to EU customers, the CMS itself must comply — not just the pages it produces.
**Support services**: customer service channels, help documentation, and technical support must be accessible. An inaccessible knowledge base or a customer support portal with keyboard traps is an EN 301 549 violation even if your main product is WCAG-compliant.
**Hardware**: physical ICT products — ATMs, ticketing kiosks, payment terminals — have detailed hardware-level requirements that WCAG never covers.
## The "Presumption of Conformity" Rule
Meeting EN 301 549 gives you something WCAG alone cannot: a **legal presumption of conformity** with the EAA. Under EU law, if your product demonstrably complies with the harmonised standard, national market surveillance authorities presume it meets the legal requirements. They can still investigate, but the burden of proof shifts.
WCAG compliance without EN 301 549 documentation gives you no such presumption. You can present WCAG audit results as evidence — but a national authority in the Netherlands or Spain can still require you to demonstrate full EN 301 549 compliance chapter by chapter.
This matters especially because **94.8% of websites still fail automated accessibility checks** (WebAIM 2026 Million report, analysing one million home pages). Most of those sites are failing even the WCAG 2.1 subset of EN 301 549 Chapter 9 — let alone the additional chapters.
## WCAG 2.2 Is Coming to EN 301 549
WCAG 2.2 was published in October 2023 and added nine new success criteria, including 2.4.11 and 2.4.12 (focus appearance requirements), 2.5.7 (dragging movements), and 2.5.8 (target size minimum). These directly affect eCommerce checkout flows, interactive widgets, and mobile navigation.
EN 301 549 v3.2.1 still references WCAG 2.1. The next version — **v4.1.1 — is expected in 2026–27** and will incorporate WCAG 2.2 as the new baseline. Once ETSI publishes that version and the European Commission harmonises it in the EU Official Journal, WCAG 2.2 AA will become the minimum requirement for EAA compliance.
Companies building to WCAG 2.1 today are building to a standard that is already being superseded. ADAGuard scans against WCAG 2.2 AA on every plan, including the free tier, so users are testing against the criteria that will become mandatory as the harmonised standard updates — without needing a re-audit cycle when EN 301 549 v4.1.1 lands.
## Which Standard Applies to Your Business?
The answer depends on what you sell and to whom:
**E-commerce websites and mobile apps selling to EU consumers**: EN 301 549 via the EAA. The EAA applies to any company (regardless of country of incorporation) with more than 10 employees or more than €2 million in annual turnover. For most commercial operations, that threshold is easily crossed.
**US businesses with no EU sales**: WCAG 2.1 AA remains the relevant standard. The Department of Justice's ADA Title III guidance explicitly references it, and EN 301 549 has no direct US legal force.
**SaaS tools used by EU businesses or consumers**: Your platform itself is an EAA-scope service. Login flows, dashboards, checkout pages, API documentation, and support portals are all in scope under Chapter 9 (web), Chapter 10 (documents), and Chapter 11 (mobile app, if applicable).
**Native mobile apps alongside a web service**: You have both Chapter 9 (web content) and Chapter 11 (mobile applications) to address. Mobile-specific requirements under Chapter 11 include orientation locking, pointer cancellation, and status message announcements — some of which overlap with WCAG 2.1/2.2, but others that are mobile-specific.
**Businesses with physical self-service machines**: Chapter 14 hardware requirements apply separately and require physical product testing that no automated web scanner can assess.
## EAA Enforcement Is Already Active
Germany's BFSG — the German EAA transposition law — began receiving private Abmahnungen (competitor-initiated cease-and-desist letters) in August 2025, just two months after enforcement began. French market authorities issued formal notices to Carrefour, Auchan, and Leclerc for inaccessible e-commerce platforms in late 2025. The Netherlands' ACM can issue fines up to **€900,000** or 1–10% of annual turnover. Spain's maximum fine for serious violations is **€1,000,000**.
No formal EAA fines have been publicly disclosed yet as of May 2026, but warning letters and formal notices are active across multiple member states. The enforcement gap between "meeting WCAG 2.1" and "satisfying EN 301 549" is where these early actions concentrate.
## What to Do When You Find Violations
Start with a web scan to establish your WCAG 2.1/2.2 baseline — that covers EN 301 549 Chapter 9 and is the most practical entry point. Run your URL through ADAGuard for a free scan. ADAGuard covers 22 custom checker categories plus axe-core integration across 50+ checks, testing against WCAG 2.2 AA criteria. The resulting report gives you WCAG success criterion numbers — exactly the references your developers and third-party vendors need to remediate specific failures.
Violations fall into two categories: what your own development team can fix through code changes, and what requires a formal ticket to a third-party vendor (a CMS, payment processor, or embedded widget supplier) with specific WCAG criterion numbers attached. Don't write "fix the button" — write "this element fails WCAG 4.1.2 (Name, Role, Value) — the close button is missing an accessible name."
For EN 301 549 chapters beyond Chapter 9 — mobile applications, voice services, authoring tools — commission a specialist audit after you've resolved your web-layer violations. Fixing Chapter 9 first is both the fastest win and the most critical compliance gap.
## The 30-Second Fix
Before engaging an EN 301 549 compliance consultant, baseline your web presence with a free scan at [adaguard.io](https://www.adaguard.io). ADAGuard's scan covers ~78% of WCAG 2.2 AA criteria automatically — more than axe-core alone (~57%), Lighthouse (~42%), or WAVE (~40%). You'll have a prioritised issues list in under 60 seconds, with criterion numbers your team can take directly into remediation. Chapter 9 compliance is the critical path. Start there.
