The European Accessibility Act (EAA) requires online banking interfaces to be perceivable, operable, understandable, and dependable for people with disabilities. Banks offering consumer services to EU customers must align with EN 301 549, which references WCAG 2.1 Level AA as the technical standard for web and mobile interfaces. The rule went into effect on June 28, 2025, and covers websites, mobile apps, authentication flows, and self-service terminals tied to banking services. Banks that fall short face enforcement action from national market surveillance authorities, fines, and reputational risk. The path to conformance starts with an accessibility audit and a remediation plan that maps every issue to a fix.
| Element | Requirement |
|---|---|
| Effective Date | June 28, 2025 |
| Technical Standard | EN 301 549, which references WCAG 2.1 Level AA |
| Scope | Websites, mobile apps, authentication, account management, ATMs and self-service terminals |
| Who Is Covered | Banks providing consumer banking services to customers in EU member states |
| Enforcement | National market surveillance authorities in each member state |
| Path to Conformance | Accessibility audit, remediation, validation, ongoing tracking |
What does the EAA require of banks?
The EAA is a directive that sets accessibility requirements for products and services sold to EU consumers. Consumer banking services are explicitly named in Article 2, which means retail banking interfaces fall squarely inside the rule.
Banks must make their digital interfaces perceivable, operable, understandable, and dependable. In practice, that means meeting WCAG 2.1 Level AA across web and mobile, and meeting the broader EN 301 549 standard for any related hardware like ATMs.
The directive also requires written accessibility documentation. Banks must produce an accessibility statement describing how the service conforms and how customers can report issues.
Which banking interfaces are in scope?
The rule covers far more than the public marketing website. Anything a consumer uses to access or manage a banking service is in scope, including public websites and account login pages, mobile banking apps on iOS and Android, authentication flows such as multi-factor authentication and biometric prompts, transaction confirmation screens and receipts, account statements and downloadable PDFs, customer support chat, contact forms, and chatbots, as well as ATMs and self-service kiosks.
Authentication is where banks most often fall short. Time-limited one-time passcodes, CAPTCHAs without accessible alternatives, and biometric prompts that lack screen reader support all create issues for customers who rely on assistive technology.
What WCAG criteria matter most for banking?
Every Level A and AA criterion applies, but a handful carry extra weight in financial interfaces.
Form input is constant in banking. Labels (1.3.1, 3.3.2), error identification (3.3.1), and error suggestion (3.3.3) directly affect whether a customer can complete a transfer or open an account.
Session timeouts are another pressure point. Criterion 2.2.1 requires that users can extend or turn off time limits, which matters when a screen reader user is partway through a wire transfer.
Contrast (1.4.3) and text resizing (1.4.4) affect customers with low vision reading balances and transaction histories. Keyboard operability (2.1.1) determines whether a customer can move through the entire flow without a mouse.
How do banks confirm conformance?
Automated scans alone are not enough. Scans only flag approximately 25% of issues, and they miss most of the criteria that matter for banking flows, like meaningful error messages and logical focus order.
A manual accessibility audit is the only way to determine WCAG conformance. An auditor evaluates each page or screen against every applicable criterion and identifies the specific issues that need to be addressed.
After the audit, the remediation phase begins. Developers work through each issue, and the auditor validates the fixes. The output is documented conformance, which banks can reference in their accessibility statement and internal records.
What about the accessibility statement?
The EAA requires an accessibility statement that explains how the service meets the requirements, lists any content that is not accessible, and provides a way for customers to report issues. Banks should publish this statement somewhere customers can find it from any page.
The statement is not a formality. National authorities can request it during an investigation, and customers can use it to file complaints. Vague or templated statements create more risk than they reduce.
Frequently Asked Questions
Does the EAA apply to banks based outside the EU?
Yes, if they offer banking services to consumers in EU member states. A US or UK bank with an EU customer base must meet the same requirements as a bank headquartered in Germany or France.
What happens if a bank ignores the EAA?
Each member state sets its own penalties. These range from fines to orders requiring the service be withdrawn from the market until it meets the standard. Customers can also file complaints with national authorities, which can trigger formal investigations.
Is WCAG 2.1 AA the right standard, or should banks target 2.2 AA?
EN 301 549 currently references WCAG 2.1 AA, so that is the legal floor. Many banks target WCAG 2.2 AA because it adds criteria that further support customers with cognitive and motor disabilities, and because future revisions to EN 301 549 are expected to incorporate 2.2.
How often should a bank audit its banking interfaces?
An audit should follow every major release that changes user-facing flows. For stable interfaces, an annual audit cycle is reasonable. Authentication and payment flows warrant more frequent review because they change often and carry the highest customer impact.
Can a bank rely on its core banking vendor for accessibility?
The bank is the service provider under the EAA, so the legal responsibility sits with the bank, not the vendor. Procurement teams should request a current Accessibility Conformance Report (ACR) from every vendor and verify the claims through independent evaluation.
Online banking accessibility is now a baseline expectation under EU law, and the path to meeting it is well defined: audit, remediate, validate, document.
Contact Accessible.org to scope an EAA audit for your banking interfaces.
