We publish a VPAT and a GDPR DPA. Why isnt that enough?

VPAT covers US standards. GDPR DPA covers data protection. The EAA accessibility statement is a third document with its own format (Decision 2018/1523) and its own legal basis (Directive 2019/882). Deliver all three.

European Accessibility Act for Indian SaaS Companies (2026)

Q: We are pure B2B SaaS headquartered in India. Does the EAA directly regulate us?

Probably not directly — pure B2B services are outside the direct scope. But your marketing site and trial accounts are consumer-facing, and EU enterprise customers will cascade the requirement contractually regardless.

What reaches an Indian SaaS company and what doesn’t

Directive (EU) 2019/882 targets services provided to consumers in the EU. Pure B2B SaaS not offered to the general public is outside the direct services scope of the directive. For most Indian SaaS companies this means direct regulatory exposure is limited to:

Consumer-facing surfaces you operate directly (marketing website, sign-up flow, free trial, public knowledge base, public-facing support portal)
Services delivered to EU consumers where the SaaS product is consumer-facing in the customer journey

Everything else reaches you indirectly — through EU enterprise customers who are directly regulated and cascade the requirement through contract addenda, vendor questionnaires and renewal conditions. The document you need is the same in both cases: an accessibility statement following the European harmonised model of Commission Implementing Decision (EU) 2018/1523, adapted to the scope of Directive (EU) 2019/882.

Your GDPR response was portable. Your ADA work was too. This is too.

When GDPR landed, the accessible SaaS teams that handled it well were the ones who treated it as a document-layer problem on top of already-good data practice, not as a ground-up security overhaul. The ones that panicked hired consultants at six-figure rates. The EAA is structurally the same problem with a different document output.

If your SaaS already does WCAG 2.1 AA work for ADA reasons (and most Indian SaaS selling to US enterprises does, by now), the underlying accessibility knowledge is portable. What is not portable is the wrapper: European legal references, the harmonised statement format, country-specific enforcement data, Annex V non-accessible content declaration. EAA-Report is the wrapper. Your team does not re-learn accessibility — they re-package what they already know into the document the European customer will accept.

What’s in the 9-page PDF

Cover page

Global compliance score, country-specific enforcement data, unique verification reference (EAA-XXXXXXXX).

Service owner identification, scope and evaluation method

Under the European harmonised model — Commission Implementing Decision (EU) 2018/1523.

3–4

Compliance status + criterion-by-criterion evaluation

All 17 WCAG 2.1 AA criteria with Yes / Partial / No / N/A across Perceivable, Operable, Understandable, Robust.

5–6

Official W3C remediation guidance

Per failed or partial criterion, extracted from “Understanding WCAG 2.1” — real fixes, not generic advice.

Non-accessible content declaration

Under Annex V, Directive 2019/882.

Feedback mechanism and enforcement procedure

Competent national authority for your service country, applicable national transposition law, exact fine range.

Legal basis

Directive (EU) 2019/882, the European harmonised model of Decision (EU) 2018/1523 (adapted to the scope of Directive 2019/882) and EN 301 549 V3.2.1.

Enforcement reality your EMEA customer reads every week

🇪🇸

Vueling — Spain, sentence Feb 2024

€90,000

Fine upheld by the Audiencia Nacional Contentious-Administrative Chamber Section 8 in February 2024 (sanction originally imposed October 2020), plus a six-month ban on concurring in proceedings for the granting of official aid.

🇪🇸

Endesa — Spain, 2018

€30,001

Fine after a CERMI complaint. CENTAC and OADI technical reports confirmed failure to meet WCAG Level AA.

🇫🇷

Auchan, Carrefour, E. Leclerc, Picard Surgelés — France, November 2025

Pending

Four supermarket giants summoned before the Tribunal Judiciaire de Paris on 12 November 2025 by ApiDV and Droit Pluriel.

🇺🇸

FTC vs accessiBe — April 2025

$1,000,000

Civil penalty for deceptive overlay claims, final consent order 22 April 2025 (Docket C-4817). Overlays are not a legal defence in the US or the EU.

“Free templates exist. Why pay €149?”

Alternative	Cost	What you actually get
Manual accessibility audit (BarrierBreak, Deque, Level Access)	€4,000 – €8,000	Thorough, 3-week lead time — right for third-party audit demands, overkill for cascade documentation
Annual SaaS compliance subscription	€500 – €2,000 / year	Recurring cost, US-focused format
Accessibility overlay (legally discredited)	€490 – €1,990 / year	Not a defence in US or EU. FTC penalised accessiBe $1M.
EAA-Report	€149, one-time	9-page PDF, 15 min, European harmonised model adapted to Directive 2019/882 — pack pricing for portfolios

Portfolio pricing for 10+ reports

For large European customer portfolios requiring 10, 20, 50 or more accessibility statements, we offer pack pricing with volume discounts. Tell us the size of your cascade and we'll reply within one business day.

Request Portfolio Pricing

One-business-day response · Direct quote by email · No sales call

Frequently asked questions

We are a pure B2B SaaS headquartered in India. Does the EAA directly regulate us?

Probably not directly — the directive’s services scope targets services provided to consumers, and pure B2B services not offered to the general public are outside that direct scope. But your marketing website, sign-up flow and trial accounts are typically consumer-facing surfaces, and your EU enterprise customers will cascade the requirement contractually regardless.

We already publish a VPAT and a GDPR DPA on our trust center. Why isn’t that enough for European customers?

VPAT documents conformance with US standards (Section 508, WCAG). GDPR DPA documents data processing compliance. The EAA accessibility statement is a third document, structured following the European harmonised model of Commission Implementing Decision (EU) 2018/1523 adapted to the scope of Directive (EU) 2019/882, with its own legal basis in Directive (EU) 2019/882. Deliver all three.

Our engineering team already runs automated accessibility scans. Is that the same as this document?

No. Automated scans catch about 30–40% of real WCAG violations. The harmonised accessibility statement is a documented self-assessment against the 17 applicable WCAG 2.1 AA criteria, not an automated scan output. Your scan results are useful input, not a substitute for the statement.

We have 60 European enterprise customers across 15 EU countries. How do we scale?

Pack pricing — email hello@solidwaretools.com with the portfolio size and a brief description of the service lines, and we come back within one business day with a quote.

What about Indian government data localisation rules? Do they affect our EAA response?

No. Indian data localisation requirements (under DPDP Act and sectoral regulations) govern where data is stored and processed. The EAA governs accessibility of the digital service interface. They are separate regulations on separate axes and do not interact in the document you provide to European customers.

Is EAA-Report legal advice or a third-party audit?

No. It is a structured self-assessment following the European harmonised model, generated from the data you provide under your own responsibility. Not legal advice, not a third-party audit — it is the document the EAA framework expects every obliged service provider to maintain, and the one your European customer’s procurement team is asking for.

⚠️ Important notice: EAA-Report is a structured self-assessment tool, not legal advice and not an overlay. All enforcement cases cited are sourced from identified public documentation.

The European Accessibility Act for Indian SaaS Companies: What Your EMEA Customer Is Asking For

40 European clients in your portfolio? One report at a time is not a plan.