European Accessibility Act – The Accessibility Strengthening Act (BFSG): Warnings, fines and legal consequences – Image: Xpert.Digital
Legal accessibility: What companies need to prepare for now
The European Accessibility Act: Drastic consequences for non-compliance
The Accessibility Strengthening Act (BFSG) is about to come into force on June 28, 2025, and will impose significant legal obligations on many companies. In fact, companies that fail to comply risk both cease-and-desist letters under competition law and substantial fines. The law transposes EU Directive 2019/882 (European Accessibility Act) into German law and obligates providers of certain products and services to ensure accessibility. The legal consequences are considerably stricter than with other laws, as the legislator wants to clearly signal that implementation must be taken seriously.
Risk of receiving a warning letter under the BFSG
Legal basis for cease and desist letters
Warnings for violations of the German Federal Financial Supervisory Authority (BaFin) are indeed possible and are based on competition law. According to Section 3a of the German Act Against Unfair Competition (UWG), it is unfair to act contrary to a statutory provision that is also intended to regulate market conduct in the interest of market participants. The violation must be likely to noticeably impair the interests of consumers, other market participants, or competitors. The decisive factor is whether the provisions of the BaFin can be classified as so-called market conduct rules that have competitive relevance under Section 3a UWG.
The grounds for issuing cease-and-desist letters for violations of the German Federal Consumer Protection Act (BFSG) arise from the fact that the Act imposes extensive obligations on economic operators regarding goods and services. The Act is specifically designed to protect consumers with disabilities. Manufacturers who fail to comply with the regulations thus violate a consumer protection standard and gain a competitive advantage over law-abiding manufacturers. This can certainly be considered a significant impairment of the market position of other companies.
Persons and organizations authorized to issue cease and desist letters
The right to issue cease-and-desist letters is granted to various parties. According to Section 8 of the German Act Against Unfair Competition (UWG), the following are entitled to do so: competitors who offer similar services to a significant extent, certain trade and consumer associations (provided they are registered with the Federal Office of Justice), and chambers of industry and commerce. This regulation aims to enable competitors to prevent unlawful conduct by their rivals in order to guarantee fair market conditions.
An important aspect is that, unlike the GDPR, there is no general right of action for private individuals or lawyers specializing in cease-and-desist letters. The primary avenue is through market surveillance authorities. However, competition law could still offer a possibility for uninvolved third parties, such as lawyers specializing in cease-and-desist letters, to file lawsuits, although the exact procedures are not yet fully clarified.
Content and form of a BFSG warning
A cease-and-desist letter issued under the German Federal Data Protection Act (BDSG) is a formalized demand to refrain from unlawful conduct. These letters typically include a pre-prepared, legally binding declaration to cease and desist, designed to prevent any recurrence. Often, the letter also includes an invoice for incurred costs or a flat fee. The aim is to resolve the dispute out of court.
A cease-and-desist letter must contain certain information: the name of the sender, the reason and extent of the alleged infringement, a calculation of any potential costs, and details regarding the claimant's entitlement to the infringement. Caution is advised when responding to a cease-and-desist letter, as submitting a declaration of discontinuance can have far-reaching consequences. A substantial contractual penalty may be imposed for any further violations.
Fines and official sanctions
Amount and categories of fines
The Federal Road Traffic Act (BFSG) provides for substantial fines, which are tiered depending on the type of violation. According to Section 37 of the BFSG, administrative offenses can be punished with a fine of up to €100,000 in serious cases and with a fine of up to €10,000 in other cases. This distinction reflects the severity that the legislator attaches to certain violations.
Serious violations, punishable by fines of up to €100,000, include placing products on the market that do not comply with accessibility requirements, missing CE markings, and other fundamental breaches of obligations. Less serious violations, such as missing accessible information or incomplete information, can be penalized with fines of up to €10,000. These fine ranges demonstrate that the legislator takes the enforcement of accessibility requirements seriously.
Procedures in case of violations
The procedure for non-compliance with the German Federal Office for Information Security Act (BSI) is clearly structured and follows a tiered system. First, the market surveillance authority investigates if it has reason to believe that a product or service does not meet the accessibility requirements. Economic operators are obligated to cooperate in this investigation. The market surveillance authority can also examine a service without a specific reason, based on appropriate random samples.
If the market surveillance authority determines that a product or service does not meet accessibility requirements, it will request the economic operator to take appropriate measures to bring it into compliance within a reasonable timeframe. The economic operator has the right to be heard in this process. If the operator fails to comply with this request, the market surveillance authority may take further measures, including imposing fines.
Competent authorities and organization
Market surveillance is carried out by specially established authorities. Originally, it was planned that each federal state would establish its own market surveillance authority. However, it now appears that the states have agreed to establish and fund a nationwide market surveillance authority. This authority will be called the "Joint Market Surveillance of the Federal States for the Accessibility of Products and Services (MLBF)" and will be located in Saxony-Anhalt.
Several German states, including Baden-Württemberg, Berlin, Lower Saxony, Saxony-Anhalt, and Thuringia, have already approved the interstate treaty required for the establishment of the agency. It is therefore likely that instead of 16 individual market surveillance authorities, there will be only the MLBF. This centralization could lead to more uniform enforcement of the requirements of the German Federal Financial Supervisory Authority (BaFin).
Affected companies and application areas
Products and services recorded
The BFSG covers a wide range of products and services in both the digital and analog sectors. The digital products covered include computers, tablets, smartphones, e-book readers, and other digital devices. The services covered specifically include e-commerce platforms, online shops, banking services, digital booking systems, and mobile applications from transport companies.
Self-service terminals such as ATMs also fall under the regulations of the BFSG (Federal Act on the Protection of Personal Data). Websites and mobile applications must be designed to be accessible for B2C providers, although there are differences between B2B and B2C offerings. The requirements are based on the standards of EN 301 549, which in turn are based on the Web Content Accessibility Guidelines (WCAG).
Company sizes and exceptions
The BFSG (Federal Act on the Protection of Consumers) generally applies to all companies that offer relevant products or services. However, there are important exceptions for micro-enterprises. The law primarily applies to companies with more than 10 employees and an annual turnover exceeding €2 million. Micro-enterprises are only exempt if they exclusively provide services – as soon as they manufacture or sell products, the law also applies to them.
This regulation means that even smaller companies can be affected if they place products on the market. The distinction between B2B and B2C is relevant here, as the requirements primarily apply to consumer transactions. Companies should therefore carefully examine whether and to what extent they are affected by the BFSG requirements.
Temporal application
The requirements of the German Federal Office for Information Security Act (BfSG) generally apply to products placed on the market after June 28, 2025, as well as to services provided to consumers after June 28, 2025. This means that companies have only a few weeks left to adapt their offerings accordingly. After this deadline, all new products and services must meet the accessibility requirements.
Products and services already on the market are generally not affected retroactively. However, companies should bear in mind that if their offerings are changed or revised after the deadline, the new requirements will apply. Early adaptation can therefore be advisable to avoid costly revisions later.
Protective measures and compliance strategies
Preventive measures to avoid sanctions
To avoid cease-and-desist letters and fines, companies should act proactively and review their digital offerings in a timely manner. A key recommendation is to optimize pages that are publicly accessible without a login to ensure they do not show errors in automated testing tools like Wave. Many companies that issue mass cease-and-desist letters use such automated tools, so optimizing for these systems can offer a degree of protection.
Implementing the technical standards of EN 301 549 is essential for compliance. This standard is based on the internationally recognized Web Content Accessibility Guidelines (WCAG) and defines the specific technical requirements for accessibility. Companies should systematically check their websites and applications for compliance with these standards and make the necessary adjustments.
Documentation and declarations of conformity
Proper documentation of accessibility measures is not only important for compliance, but can also be helpful in the event of warnings or official audits. Unlike BITV 2.0, which allows an accessibility declaration with unmet requirements, the BFSG requirements are more comprehensive and aim for full compliance with EN 301 549.
Companies should develop a clear strategy for the phased implementation of accessibility requirements. Even if not all aspects can be fully implemented by June 28, 2025, it is important to have a comprehensible roadmap for further measures. This can be advantageous during assessments by authorities or when defending against warnings.
Legal advice and defense strategies
Upon receiving a cease-and-desist letter from a German Federal Office for Information Security (BSI), companies should immediately seek expert legal advice, ideally from a lawyer specializing in competition law. Submitting a declaration of discontinuance has far-reaching consequences, as a substantial contractual penalty may be imposed for any further violations. Claims for information or damages may also be made.
It is advisable to have the legal situation thoroughly reviewed before making any statements or initiating legal proceedings. Possible defense strategies may relate to the interpretation of the BFSG requirements, the legitimacy of the party issuing the warning, or technical aspects of the alleged violations. Since case law regarding the BFSG is not yet established, there may well be avenues for defense.
Recommendations for action
The Accessibility Strengthening Act, coming into effect on June 28, 2025, will pose significant legal risks for companies that fail to meet the requirements. Both cease-and-desist letters under competition law and fines of up to €100,000 are realistic consequences for violations. The legislature has clearly signaled that it takes the enforcement of accessibility requirements seriously and intends to impose correspondingly severe sanctions.
Companies should therefore immediately assess whether they are affected by the BFSG requirements and initiate appropriate adaptation measures. An early and systematic approach to accessibility is not only legally required, but can also bring economic benefits through a broader target audience and improved user experience. The remaining time before the law comes into effect should be used intensively for preparation in order to avoid costly legal consequences.
Your global marketing and business development partner
☑️ Our business language is English or German
☑️ NEW: Correspondence in your native language!
Konrad Wolfenstein
I and my team are happy to be available to you as your personal advisor.
You can contact me by filling out the contact form here wolfenstein@xpert.digital:or simply call me at +49 7348 4088 965. My email address is
I'm looking forward to our joint project.
