EAA compliance for SaaS: the B2B assumption worth checking
Most SaaS companies assume they are out of scope because they sell to businesses, not consumers. Most are wrong. Here is what actually determines whether the EAA applies to your platform.
The B2B argument does not hold for most SaaS platforms
“We are B2B, the EAA does not apply to us” is the most common misunderstanding we encounter when talking to SaaS companies. It is also the most expensive one.
The EAA applies to digital services provided to consumers in the EU. It does not ask who signs the contract. It asks who uses the product. A SaaS platform sold to a business customer is still in scope if that business customer’s own users, employees, or end customers who are EU consumers interact with it. A workforce scheduling tool sold to a retailer is used by that retailer’s staff. An insurance quoting platform sold to a broker is used by that broker’s customers. The contract is B2B; the usage is not.
The narrower true exemption is for platforms genuinely confined to internal, professional use with no consumer-facing surface at any point in the chain: a shrinking category as SaaS products increasingly serve customer-facing functions for their business clients.
The question to ask is not “who is our customer?” but “who ultimately uses this, and are any of them EU consumers?” If the answer is yes at any point in the chain, EN 301 549 and WCAG 2.1 AA apply to your interface.
Why governance is harder in SaaS than e-commerce
An e-commerce site changes its interface in discrete releases. A SaaS platform ships continuously. Feature velocity that is a competitive advantage in product development becomes a compliance liability without a governance process attached to it. Every sprint is an opportunity for a new accessibility barrier to enter production, and without a review step, none of them get caught before they ship.
This is compounded by AI-assisted development. The AIMAC benchmark found that most AI coding models produce non-compliant HTML by default. Accessibility hasn’t been a primary training objective for any major model tested. A SaaS team using AI tools to accelerate feature development is very likely accelerating the accumulation of accessibility debt at the same time, unless an explicit review step is built into the release process.
The technical fix for a single barrier is usually straightforward. The governance failure that let it ship unreviewed, and will let the next one ship the same way, is the actual risk.
The four requirements in a SaaS context
- Technical conformance — EN 301 549 and WCAG 2.1 AA apply to the software interface itself, not just marketing pages. Desktop and web application interfaces are both in scope.
- Accessibility statement — published, current, and covering the actual product interface, not just the public-facing website.
- Active governance — the requirement that matters most for SaaS specifically. An accessibility review step in the release pipeline, not a one-off audit disconnected from ongoing development.
- Documentary evidence — a dated record that accessibility review is genuinely happening release over release, not a single certificate from a year ago.
Which markets are most active
Netherlands
ACM enforces electronic services broadly, including SaaS platforms serving Dutch consumers. The mandatory self-reporting requirement applies regardless of business model — B2B SaaS companies with EU consumer-facing functionality are not exempt from the reporting obligation.
Ireland
ComReg enforcement and the criminal liability provision apply to SaaS companies incorporated or operating in Ireland in the same way they apply to any other sector. Director liability does not distinguish between B2B and B2C business models.
Sweden
PTS has investigated a broad range of digital service providers, not limited to e-commerce. A SaaS platform with Swedish consumer-facing functionality falls within the same investigation scope as any other digital service.
The demand signal
This is not a theoretical risk. Search data shows organisations already looking for guidance on this exact question before this page existed, a clear sign that SaaS companies are starting to ask whether the EAA applies to them, often prompted by a customer, a board member, or a competitor's compliance statement raising the question first.
Find out where your organisation stands
A free 20-minute conversation to find out whether the EAA applies to your organisation and where to begin — or, if you already know you need an audit, to talk through what that typically involves and what questions to answer first. No obligation, no assumptions.
Book your free assessment today.