EAA compliance in the Netherlands: what organisations need to know

The Netherlands has one of the most active EAA enforcement environments in Europe. The ACM (Authority for Consumers and Markets) began active auditing following the June 2025 deadline and is progressing through its inspection programme. Penalty decisions are expected in the second half of 2026.

The mandatory reporting requirement

The Netherlands has a requirement that most organisations operating there have either missed or misunderstood. Under Dutch implementation of the EAA, organisations must proactively report their accessibility compliance status to the ACM. This is not a passive obligation: it requires submitting documentation of your compliance position, with a compliance declaration available on request.

Organisations that failed to report by the October 2025 deadline, or submitted incomplete documentation, have moved to the front of the ACM audit queue. If you have not already reported, this is the most urgent action to take.

The ACM approach to enforcement

The ACM has stated publicly that fines are not its primary goal. Its stated position is that it aims to be mission and value driven, contributing to equal access rather than punishing non-compliance. In practice, this means the ACM is likely to give organisations a remediation window before imposing fines, except in cases of egregious or wilful non-compliance.

This remediation-first approach does not mean enforcement is soft. It means organisations that engage constructively, demonstrate active governance, and have a credible remediation plan are in a significantly better position than those that have done nothing. The ACM responds to evidence of genuine effort.

One important caveat: the remediation-first approach is not universal. The Netherlands can impose immediate penalties for egregious or wilful violations without a prior warning or remediation window. An organisation that has received notification of non-compliance and taken no action, or that has been found to be deliberately non-compliant, should not assume a grace period will be offered.

Financial services: AFM not ACM

For financial services organisations operating in the Netherlands, the relevant enforcement authority is the AFM (Authority for Financial Markets), not the ACM. The AFM has the same fine ceiling and enforcement mandate, but covers banking, insurance, investment platforms, and payment services. If your organisation provides digital financial services to Dutch consumers, your regulator is the AFM.

This distinction matters. Engaging with the ACM when your authority is the AFM, or assuming the ACM's remediation-first approach applies equally to AFM enforcement, may lead to incorrect assumptions about your risk position.

Penalties

The ACM and AFM can impose fines of up to 10% of annual turnover, with a maximum of €900,000. This ceiling places the Netherlands among the highest in Europe for EAA penalties. Administrative fines in the range of €5,000 to €100,000 are more typical for first-instance violations where an organisation has been unresponsive or shown no evidence of compliance activity.

Fines are calculated per violation, not per organisation. An organisation with multiple inaccessible products or services could face separate penalty assessments for each.

What EAA compliance requires

For organisations operating in the Netherlands, full EAA compliance requires four things:

• Technical conformance against EN 301 549 (WCAG 2.1 Level AA) across all consumer-facing digital products and services.
• A published accessibility statement accurately describing your current compliance position, what is not yet accessible, and your remediation plan.
• Active governance with a named owner, a regular testing rhythm, and a process that survives team changes.
• Documentary evidence of ongoing management, ready for the ACM or AFM on request.

The compliance declaration submitted to the ACM as part of mandatory reporting draws on all four. An organisation without governance and documentary evidence cannot produce a credible compliance declaration.

Which organisations are covered

Any organisation providing covered products or services to consumers in the Netherlands is in scope, regardless of where it is headquartered. A US SaaS company with Dutch enterprise customers that has consumer-facing elements, a UK e-commerce retailer selling to Dutch consumers, and a Dutch FinTech are all subject to the same obligations.

Microenterprises (fewer than 10 employees and annual turnover or balance sheet total not exceeding €2 million) may be exempt from some obligations but should verify this specifically before assuming exemption applies.