EAA compliance in Finland — what businesses need to know

The European Accessibility Act became enforceable in Finland on 28 June 2025 under the Act on Accessibility Requirements for Products and Services (568/2023). Finland’s EAA enforcement environment is shaped by two factors that make it distinctive among the markets we track: a strong institutional and cultural tradition of digital inclusion, and an enforcement mechanism that is complaint-driven from the outset rather than waiting for regulator-initiated audits.

Any organisation providing covered digital products or services to consumers in Finland is in scope — regardless of where the organisation is headquartered.

The enforcement authority: Traficom

Traficom (the Finnish Transport and Communications Agency, known in Finnish as Liikenne- ja viestintävirasto) is the designated supervisory authority for EAA compliance in Finland. Traficom receives complaints from users, investigates them, and has the authority to impose penalties where an organisation is found to be non-compliant.

Traficom also conducts its own market surveillance independently of complaints. An organisation does not need to have received a complaint to be subject to a Traficom investigation. However, given Finland’s high levels of public awareness of accessibility rights, the complaint pathway is likely to be the primary route by which most enforcement actions begin.

The distinctive penalty mechanism: conditional fines

Finland’s most significant enforcement feature is not a headline fine ceiling — it is the mechanism through which fines are structured. Traficom can impose conditional fines: financial penalties that accrue on a daily basis until the accessibility issue is fully resolved.

This mechanism creates a fundamentally different risk profile from markets where penalties are assessed as a single fixed sum. In Finland, delay has a direct and compounding cost. An organisation that remediates promptly limits its liability; one that contests, ignores, or delays remediation sees that liability grow with each passing day.

The practical reality of this mechanism is already visible in the Nordic region. In December 2025, Norway’s equivalent digital accessibility regulator issued daily fines of NOK 50,000 against the operator of HelsaMi — a patient portal used by 425,000 residents — after 64 of 119 identified accessibility issues remained unresolved past the remediation deadline. Norway operates under equivalent EEA obligations rather than the EAA directly, but the enforcement mechanism and its consequences are identical. Daily accruing fines compound quickly.

How the complaint pathway works

A user who encounters an accessibility barrier on a digital product or service in scope can file a complaint directly with Traficom. Finland’s public is active in exercising digital rights — this is not a passive enforcement environment. Complaints are expected to arrive from day one of enforcement rather than following a period of regulator-led outreach.

Once a complaint is received, Traficom investigates. If it finds non-compliance, it can require the organisation to remediate and impose a conditional fine for each day that remediation is not completed. The organisation has the opportunity to respond and provide evidence of its compliance position — which is precisely why having documented compliance activity matters.

Traficom can also initiate an investigation without a user complaint, based on its own market surveillance programme.

What compliance requires

EAA compliance in Finland has four mandatory elements:

• Technical conformance. Digital products and services must meet EN 301 549 — the harmonised European technical standard. In practice that means WCAG 2.1 Level AA for web and mobile content. EN 301 549 V3.2.1 is the current harmonised standard; V4.1.1, which incorporates WCAG 2.2, is expected to be referenced in the Official Journal in late 2026.
• A published accessibility statement. A mandatory public declaration of your current conformance level, what is not yet accessible, and your remediation plan. In Finland, as across the EU, this statement is typically the first document a supervisory authority requests when investigating a complaint.
• Active governance. A named owner for accessibility within the organisation, a regular testing rhythm, and a process that continues to function regardless of team changes. Governance is what turns a one-time audit into ongoing compliance.
• Documentary evidence. Dated assessments, remediation records, and a compliance process that demonstrates the organisation has been actively managing its obligations — not simply asserting them.

Documentary evidence is particularly important in Finland’s enforcement environment. Because complaints can arrive promptly, organisations need to be in a position to respond quickly and substantively. Evidence of active compliance management is what distinguishes a defensible position from one that is not.

Which organisations are covered

The standard EAA scope applies in Finland: e-commerce, banking and financial services, electronic communications, audiovisual media services, and transport services provided to consumers. Organisations based outside Finland that offer covered services to Finnish consumers are in scope on the same basis as Finnish-based organisations.

The microenterprise exemption applies where an organisation has fewer than 10 employees and annual turnover or balance sheet total not exceeding €2 million. Both conditions are required simultaneously — meeting one but not the other does not qualify an organisation for the exemption. Organisations that believe they may qualify should verify this position before relying on it.