The Barrierefreiheitsstärkungsgesetz (BFSG, the German Accessibility Act) transposes EU Directive 2019/882 – the European Accessibility Act (EAA) – into German law. Since 28 June 2025, digital products and services must meet the requirements of the harmonised standard EN 301 549, which is built on the WCAG 2.1 Level AA criteria. Bundesfachstelle Barrierefreiheit: BFSG This affects online shops, SaaS platforms, banking apps, and every digital B2C service. The transition period is over, audits have been running since September 2025 – and the first waves of cease-and-desist notices are already on record. Ratgeberrecht: First BFSG cease-and-desist notices
Who is affected?
The BFSG applies to all economic operators that offer digital products or services to consumers – regardless of company size, unless the micro-enterprise exemption applies (fewer than 10 employees and under €2M in annual revenue from services). BFSG-Gesetz.de: Full text and commentary Specifically, this covers:
- Online shops and e-commerce platforms (product pages, checkout, customer portals)
- SaaS products with end-user interfaces (dashboards, self-service portals)
- Mobile apps for consumers
- E-banking and financial services
- Telecommunications services and interactive media
WCAG 2.1 AA: the technical foundation
EN 301 549 – the harmonised European standard for digital accessibility – fully incorporates WCAG 2.1 Level AA. ETSI: EN 301 549 v3 – Harmonised European Standard The next version, EN 301 549 v4.1.1, is expected in 2026 and will incorporate WCAG 2.2 AA. ETSI: EN 301 549 – Harmonised European Standard for ICT Accessibility The four core principles:
- Perceivable: Text alternatives for images, captions for videos, sufficient colour contrast (at least 4.5:1 for body text)
- Operable: Full keyboard navigation, no time limits without an option to adjust them, a visible focus style
- Understandable: Clear language, consistent navigation, error detection with correction suggestions in forms
- Robust: Compatibility with assistive technologies (screen readers, braille displays), valid HTML, correct ARIA attributes
The most common errors – and why AI-generated code is especially vulnerable
The WebAIM Million 2026 report shows that across the top 1,000,000 home pages, 56.1 million accessibility errors were detected – an increase of 10.1% over 2025, averaging 56.1 errors per page. WebAIM: The WebAIM Million 2026 Six recurring error types account for 96% of all detected issues. WebAIM: The WebAIM Million 2026 The breakdown by error type below comes from the WebAIM Million 2025 report: WebAIM: The WebAIM Million 2025
- Low-contrast text – affects 79.1% of all pages, averaging 29.6 instances per page (WebAIM Million 2025)
- Missing alt text – on 55.5% of pages; 44% of the affected images without alt text are linked images (WebAIM Million 2025)
- Missing form labels – 48.2% of pages have unlabelled input fields (WebAIM Million 2025)
- Skipped heading levels – on 39% of all pages (WebAIM Million 2025)
- Missing document language – makes it harder for screen readers to pronounce content correctly
- Empty links and buttons – with no discernible purpose for assistive technologies
Vibe-coded platforms make the problem worse. If you want to take an AI prototype to production, you should have it checked for accessibility in a free platform assessment. An ACM study shows that AI-generated code from ChatGPT and Microsoft Copilot has systematic accessibility defects – missing visible focus indicators (WCAG 2.4.7), non-keyboard-accessible elements (WCAG 2.1.1), and missing semantic structure (WCAG 1.3.1). ACM: Evaluating AI-Generated Web Code for Accessibility Compliance Meanwhile, the complexity of modern pages is rising fast: the average number of elements per page climbed to 1,437 in 2026 – up 22.5% in a single year. More complexity correlates directly with more errors. WebAIM: The WebAIM Million 2026
Penalties and enforcement
Beyond BFSG conformance, web platforms must also meet the NIS2 cybersecurity requirements – both regulations apply to digital services across the DACH region. The BFSG relies on dual enforcement – administrative and competition-law:
Administrative sanctions (Section 37 BFSG):
- Fines of up to €100,000 per violation – but only for the most serious breaches (among others, placing non-conforming products on the market, providing non-accessible services, CE-marking violations); for the remaining violations, up to €10,000, in each case depending on the nature, severity, duration, and risk of repetition BFSG: Section 37 Penalty provisions
- Sales bans for non-conforming products and services
- The federal states' market surveillance body (MLBF) in Magdeburg oversees digital accessibility and reviews websites on a sample basis; the Bundesnetzagentur is, under Section 27 BFSG, the central liaison point for coordination with the EU member states and the European Commission Bundesnetzagentur: BFSG – Central liaison point
Competition-law enforcement (Section 3a UWG):
- BFSG violations can be classified as unfair competition
- Competitors and consumer protection associations can issue cost-bearing cease-and-desist notices
- Since summer 2025, the first waves of these notices have been documented – with claims of over €1,000 per notice in some cases Barrierefix: BFSG inspections 2026
| Kriterium | Typical vibe-coded platform | AnvilStack engineering |
|---|---|---|
| Colour contrast | AI picks colours for looks – contrast often below 4.5:1 | Contrast checking built into the design system |
| Keyboard navigation | Interactive elements only operable by mouse | Full keyboard navigation, visible focus |
| Screen readers | Missing or incorrect ARIA labels | Semantic HTML, ARIA only where needed |
| Forms | Placeholders instead of labels, no error messages | Associated labels, validation, correction hints |
| Accessibility statement | Missing entirely | Legally compliant, written and linked |
| Testing approach | No testing | Automated plus manual screen-reader testing |
Technical requirements for SaaS platforms
Beyond the WCAG fundamentals, EN 301 549 places concrete demands on web platforms: Deque: EN 301 549 Compliance
- Accessibility statement: Publicly available, with a way to report barriers – fewer than 0.5% of German websites have such a statement, which means it is missing on more than 99.5% of them AccessGO: 93% of German websites not accessible
- Consistent navigation: Menus, breadcrumbs, and page structure must be predictable
- Error handling in forms: Errors must be identified, described, and accompanied by correction suggestions
- Time-based media: Videos with captions, audio description where the content requires it
- Responsive design: Content must remain usable at 200% zoom without loss of information
- Reduced motion: Respect the
prefers-reduced-motionmedia query
Germany in a European comparison
The numbers are sobering: an AccessiWay analysis found that Germany, averaging 2.9 barriers per website, has the highest error rate in a European comparison. Tageskarte: No German website meets the requirements (AccessiWay analysis) Within a year, the share of fully accessible websites did rise from 6.53% to 11.84% – yet still only about one in eight websites meets the legal requirements. Gisma: Accessibility Check 2026 – Germany Bitkom has published a practical guide to BFSG implementation that spells out the requirements for the digital economy. Bitkom: Practical guide to BFSG implementation
How AnvilStack builds accessible platforms
We use AI tools for fast prototyping – but every line of code is reviewed by engineers who treat accessibility as an architectural decision, not a bolt-on overlay:
- Semantic HTML as the foundation: Correct heading hierarchy, landmark elements, native form controls instead of custom widgets
- Design tokens with a contrast guarantee: A colour system with built-in WCAG AA contrast checking – contrast violations are blocked at build time
- Keyboard navigation by default: Focus management, skip links, and tab order are part of every component
- Automated plus manual testing: axe-core in the CI pipeline, complemented by manual screen-reader testing (NVDA, VoiceOver)
- Accessibility statement: Produced in a legally compliant way under the BFSG, with a feedback mechanism for users
- Hetzner hosting (DE): No US trackers, no third-party scripts that undermine accessibility
In a free intro call, we assess your platform for BFSG conformance and show you which barriers are critical – from the free assessment through to an accessible production platform on EU-sovereign infrastructure.
Frequently asked questions
Does the BFSG apply to my company?
What penalties apply for BFSG violations?
Which WCAG standard is mandatory?
Are automated accessibility tests enough?
Does AI-generated code have particular accessibility problems?
Do I need an accessibility statement?
Sources
- Bundesfachstelle Barrierefreiheit: The BFSG
- BFSG-Gesetz.de: Full text and commentary
- BFSG: Section 37 Penalty provisions
- Bundesnetzagentur: BFSG – Central liaison point
- ETSI: EN 301 549 – Harmonised European Standard for ICT Accessibility
- WebAIM: The WebAIM Million 2026 Report
- WebAIM: The WebAIM Million 2025 Report
- ACM: Evaluating AI-Generated Web Code for Accessibility Compliance
- Barrierefix: BFSG inspections 2026
- Ratgeberrecht: First BFSG cease-and-desist notices
- AccessGO: 93% of German websites not accessible
- Tageskarte: No German website meets the requirements (AccessiWay analysis)
- Gisma: Accessibility Check 2026 – Germany
- Bitkom: Practical guide to BFSG implementation
- Deque: EN 301 549 Compliance