The European Accessibility Act (EAA) applies to consumer banking and financial services offered to customers in the EU. That includes retail banking websites, mobile banking apps, online account opening, payment services, and self-service terminals like ATMs. Covered providers had to meet accessibility requirements by June 28, 2025. The technical baseline aligns with EN 301 549, which references WCAG 2.1 Level AA for web and mobile interfaces. Microenterprises providing services may be exempt, but most banks, neobanks, payment processors, and investment platforms serving EU consumers fall in scope and must produce conformance documentation describing how their digital products meet the requirements.
| Area | What It Covers |
|---|---|
| In-scope services | Retail banking, payment accounts, electronic money, consumer credit, mortgage services for consumers, investment services for retail clients |
| In-scope products | ATMs, payment terminals, self-service kiosks, and the websites and mobile apps used to deliver banking services |
| Technical standard | EN 301 549, which adopts WCAG 2.1 Level AA for web content and mobile applications |
| Effective date | June 28, 2025 for new products and services placed on the market |
| Documentation | Accessibility statement describing conformance, information for users, and internal records of evaluation |
What Banking Services Fall Under the EAA?
The EAA defines consumer banking services broadly. It covers credit agreements with consumers, payment services, payment accounts, electronic money, and investment services offered to retail clients under MiFID II.
That sweep pulls in traditional banks, neobanks, payment processors, e-money issuers, brokerages serving retail investors, and lenders offering mortgages or consumer credit to EU residents. Business-to-business financial services aimed only at professional clients sit outside the consumer scope, though many providers run mixed offerings and end up in scope through their retail products.
Which Digital Products Need to Meet the Requirements?
Two categories matter: the services themselves and the products used to deliver them.
On the services side, that means the bank’s public website, the authenticated customer portal, the mobile banking app, online onboarding flows, statement delivery, and any digital customer support channels like chat or messaging. On the product side, the EAA covers self-service hardware that consumers interact with directly. ATMs, payment terminals in branches, and self-service kiosks all need to meet the requirements when they are placed on the market after the effective date.
Internal tools used by employees are not in scope under the EAA, though they may be covered by other obligations such as the Web Accessibility Directive for public sector bodies or national employment law.
What Technical Standard Applies?
The EAA does not contain a line-by-line technical checklist. Instead, it points to harmonised standards, and EN 301 549 is the standard used for digital products and services across the EU.
EN 301 549 incorporates WCAG 2.1 Level AA by reference for web content and mobile applications. It also includes requirements specific to hardware, ICT with two-way voice communication, and documentation. For a bank, this means the website and mobile app must meet WCAG 2.1 AA, and any ATM or terminal must meet the hardware sections of EN 301 549 covering things like tactile controls, audio output, screen contrast, and reach ranges.
What Does Conformance Actually Look Like?
Meeting WCAG 2.1 AA on a banking site or app is rarely a quick fix. Authentication flows, transaction confirmation screens, document viewers, and complex data tables all create accessibility risk if they are not built with assistive technology in mind.
Common issues identified during a banking evaluation include inaccessible PDF statements, time-out warnings that do not give users enough time to extend a session, custom date pickers that screen readers cannot operate, charts and account dashboards delivered as images without text alternatives, and OTP entry fields that break keyboard navigation. Resolving these requires a manual accessibility evaluation against WCAG 2.1 AA, prioritized remediation, and validation that the fixes hold. Automated scans only flag approximately 25% of issues, so they cannot stand in for evaluation by an auditor.
What Documentation Is Required?
The EAA expects providers to publish information about how their service meets the accessibility requirements. For a bank, this typically takes the form of a public accessibility statement on the website and within the mobile app.
The statement should describe the parts of the service that conform, identify any content that does not yet conform with a clear explanation, and provide a feedback channel for users to report issues. Internally, providers are expected to keep records of how they evaluated conformance. For software products sold to financial institutions (core banking platforms, lending software, payment gateways), buyers increasingly request an Accessibility Conformance Report (ACR) generated from a VPAT to confirm the product can support their own EAA obligations.
How Does Enforcement Work?
The EAA is a directive, which means each EU member state transposes it into national law and designates its own market surveillance authority. Penalties vary by country but generally include fines, orders to bring a product or service into conformance, and in serious cases, removal from the market.
For banks, the practical risk extends beyond regulator action. Customer complaints, reputational exposure, and procurement requirements from corporate clients all create pressure to demonstrate real conformance rather than a paper claim.
Frequently Asked Questions
Does the EAA apply to banks based outside the EU?
Yes, if the bank offers in-scope services to consumers in the EU. A US, UK, or Swiss bank with EU retail customers must meet the requirements for those services. Where a provider has no EU consumer offering, the EAA does not reach it.
Are existing ATMs covered or only new ones?
The requirements apply to products placed on the market after June 28, 2025. ATMs already in service before that date can continue to be used through a transitional period that runs until June 28, 2030, or the end of their economic life, whichever comes first.
Is WCAG 2.2 AA required instead of 2.1 AA?
The current version of EN 301 549 references WCAG 2.1 AA. Many banks choose to evaluate against 2.2 AA anyway because the additional criteria reflect modern interaction patterns and the standard is expected to update.
What is the difference between an evaluation and an accessibility statement?
An evaluation is the process that identifies issues against WCAG and EN 301 549. The accessibility statement is the public document that describes the result. The statement is only credible if it is backed by an evaluation conducted by qualified auditors. More on what goes into an accessibility evaluation of a digital product.
How do banks demonstrate conformance to corporate clients and regulators?
For consumer-facing services, the accessibility statement is the primary public artifact. For B2B software and vendor relationships, an ACR produced from a VPAT is the standard document used to communicate conformance. Procurement teams at financial institutions increasingly require one before purchase.
Accessible.org has worked with banks, payment companies, and fintech providers on EAA readiness through full WCAG 2.1 AA evaluations, remediation guidance, and ACR production. The work is detailed, but the path is well defined: evaluate, remediate, validate, document. For help mapping your EAA scope or scheduling an evaluation of your banking website or mobile app, contact Accessible.org.
