Why Indian banking app developers are getting EAA contract clauses
India is the world's largest outsourcing hub for banking software. TCS, Infosys, Wipro, HCL — and hundreds of mid-size firms — build the digital banking interfaces that European banks deploy to millions of consumers. The EAA places the obligation on the bank (Art. 2.2.d), but the bank's procurement contract now flows the requirement down to the developer.
Art. 3.18 defines "consumer banking services" narrowly: credit agreements (Directive 2008/48/EC), payment services (PSD2), payment accounts (PAD), electronic money, and certain MiFID II investment services. This is not all of banking — wealth management, corporate banking and wholesale services are not in scope. But the consumer-facing app — the one you build — covers exactly the services that ARE in scope.
What European bank compliance teams audit in your app
Login and authentication
Biometric, PIN, OTP and password login must all be keyboard-accessible and screen-reader compatible. WCAG 2.1.1, 4.1.2, 1.3.1.
Transaction flows
Balance display, transfers and payment confirmations must meet contrast and structure requirements. WCAG 1.4.3, 1.3.1, 3.3.4.
Dashboard and account overview
Charts and graphs must have text alternatives. WCAG 1.1.1.
Loan and product application forms
Multi-step forms must have visible labels, error identification and step indicators. WCAG 1.3.1, 3.3.1, 3.3.3, 2.4.8.
What you deliver with the release
Cover page
Compliance score, verification reference, date.
Identification and scope
Product, deployment context, evaluation method, legal framework.
17 WCAG 2.1 AA criteria
Criterion-by-criterion evaluation across four principles.
W3C remediation guidance
Actionable fixes per failed criterion.
Accessibility statement
Following Annex V of Directive 2019/882.
Legal basis and scope disclaimer
Directive 2019/882, EN 301 549 V3.2.1, national transposition.
What it costs
Three mistakes Indian banking app developers make
"The bank does QA, not us"
The bank does acceptance testing. But if you deliver without an accessibility assessment, the bank's QA will reject the release. The report should ship with the code.
Accessible login, inaccessible transaction flows
Many teams focus on the login screen and neglect transactions, settings and product applications. The assessment covers all 17 criteria across the entire app.
PSD2 covers payment security. PCI covers card data. Neither covers accessibility.
They are parallel obligations. The bank needs all three. Your report covers the EAA layer.
Enforcement the bank faces — and passes to you
BFSG. Per-infringement fines.
Law 11/2023.
Ordonnance 2023-859.
Implementatiewet. Up to 10% of turnover.
The bank drops non-compliant vendors.
What EAA-Report guarantees and what it doesn't
EAA-Report generates a document structured under Art. 13.2 of Directive (EU) 2019/882 based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as the service provider or software vendor.
We guarantee that the document structure follows Art. 13.2 of Directive (EU) 2019/882 and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.
EAA-Report is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.
FAQ — Indian banking app developers
Does the EAA apply to me as an Indian developer?
Does Art. 2.2(d) cover all banking services?
One report across multiple bank clients?
What about the mobile app?
15 minutes?
Certified audit?
⚠️ Important notice: EAA-Report is a self-assessment documentation tool, not legal advice and not a third-party audit. The document is generated from your input data. You are responsible for the accuracy of the data you provide. EAA-Report does not replace a qualified professional assessment.
Official legal sources
- Directive (EU) 2019/882 — European Accessibility Act — full text