EAA Compliance for Shopify Plus: What You Need in 2026
EAA compliance for Shopify Plus selling to the EU: microenterprise threshold, the WCAG 2.1 AA standard via EN 301 549, and Germany's 100,000 EUR BFSG fine ceiling.
By Radoslaw Fedorczuk8 min read
The European Accessibility Act (EU Directive 2019/882) became enforceable on 28 June 2025 and requires e-commerce sites selling to EU consumers to meet WCAG 2.1 AA via the harmonized standard EN 301 549. It applies to any merchant above the microenterprise threshold (more than 10 employees OR more than 2 million EUR in annual revenue or balance sheet, with both conditions required cumulatively to qualify for the exemption). Germany's transposing law, the BFSG, sets the per-infringement fine ceiling at 100,000 EUR under § 37. The directive has been transposed across the EU member states with national supervisory bodies named per country.
The EAA covers economic operators offering products and services to consumers in the European Union. For Shopify merchants, the relevant service category is "e-commerce services" as defined in Article 3(29) of Directive 2019/882. You are in scope if all three are true:
You operate an online shop accessible to EU consumers.
You sell B2C, not exclusively B2B.
You exceed the microenterprise threshold.
The microenterprise exemption is the one most Shopify Plus merchants ask about. Article 4(5) defines a microenterprise as employing fewer than 10 people AND having annual turnover or balance sheet under 2 million EUR. Both conditions must be true to qualify for the exemption. If you have 8 employees but 3 million EUR in turnover, you are in scope. If you have 12 employees and 1 million EUR in turnover, you are in scope. Most Shopify Plus stores cross this threshold by the time they upgrade to Plus.
The directive sets the floor. Each EU member state transposes it into national law and names a supervisory body. Germany's transposing law is the BFSG (Barrierefreiheitsstärkungsgesetz), supervised by the Marktüberwachungsbehörden of the federal states, with the MLBF (Marktüberwachungsstelle der Länder für die Barrierefreiheit von Produkten und Dienstleistungen) in Magdeburg acting as the shared central contact point across all 16 Länder. Other member states have their own transposing statutes and competent authorities; the relevant statute, supervisory body, and enforcement start date for any country you sell to is best confirmed against that country's official accessibility portal or law-gazette, because national legislation evolves quickly and a single article cannot keep pace.
If you sell to multiple member states, you are liable in each. The directive does not have a "lead authority" model like GDPR.
Germany transposed the EAA through the BFSG, in force since 28 June 2025. The fine structure is the most aggressive in the EU:
Up to 100,000 EUR per individual administrative offense under §37 BFSG
Repeated or willful violations can trigger a permanent ban from the German market
Enforcement is complaint-driven, but the Marktüberwachungsstelle can also audit on its own initiative
The BFSG applies the WCAG 2.1 AA criteria via Annex I of the directive, which references EN 301 549 (the European harmonized standard). EN 301 549 v3.2.1 (the version cited in the BFSG) maps WCAG 2.1 AA into its requirements for web content.
The BFSG has been in force since 28 June 2025, with German supervisory authorities ramping up enforcement work since then. There is no consolidated public registry of fines issued under § 37 BFSG at the time of writing, so any specific number that circulates should be checked against the issuing state authority. A separate practical risk is the wettbewerbsrechtliche Abmahnung: under German competition law (UWG), competitors and consumer-protection associations can warn merchants for BFSG breaches as unfair commercial practices, often with shorter response windows than a regulatory hearing.
The EAA does not certify websites. There is no badge, no audit firm whose stamp grants safe harbor. Compliance is defined by conformance to the harmonized standard (EN 301 549, which references WCAG 2.1 AA) and by publishing an accessibility statement under Article 7.
The accessibility statement must include:
A list of non-accessible content with the reason for non-conformance
Alternatives offered for inaccessible content
A feedback mechanism so users can report issues
The enforcement body's contact information in the relevant member state
Most Shopify Plus stores I audit have a privacy policy, terms of service, and a cookie banner. They do not have an accessibility statement. This is the single fastest gap to close. Add a page at /pages/accessibility-statement and link it from the footer. Several EU member-state accessibility portals publish public-sector templates that translate well to e-commerce use with minimal adaptation.
Shopify Plus stores have specific structural risks the standard plan does not.
Custom checkout extensions. Plus merchants who customize checkout via Checkout Extensibility introduce code Shopify does not audit. Custom payment methods, post-purchase upsells, and Shop Pay alternatives that bypass the default checkout flow can fail 1.3.1 or 4.1.2 if the developer did not test with a screen reader.
B2B portals. Shopify B2B (the wholesale channel) has its own customer account page templates. These are newer than the storefront templates and tend to expose accessibility gaps the storefront templates do not, particularly around focus indication on company-grid and bulk-order screens. The specific gaps depend on the B2B template version you serve and are best verified against your own current release.
Third-party Shopify apps. Any app that injects DOM into the storefront via ScriptTag or App Embed becomes your liability. Review apps, upsell apps, and pop-up apps are the most frequent offenders, because they ship their own CSS and rarely test it against the merchant's brand palette and theme.
I want to be honest about risk. The probability of a German Shopify Plus store being fined the maximum 100,000 EUR in 2026 is low. The probability of receiving a compliance order (which requires you to fix within 30 to 90 days or face escalating fines) is meaningfully higher.
The pattern across EU supervisory bodies follows a familiar sequence:
A consumer files a complaint.
The enforcement body reviews the site against EN 301 549.
The merchant receives a notice with a fix deadline.
If unfixed by deadline, a small fine and a second deadline.
Continued non-compliance escalates fines and may trigger market exclusion.
The cost of compliance is dramatically lower than the cost of running the process above. A typical Shopify Plus theme can be brought into WCAG 2.1 AA conformance in 8 to 20 hours of focused work. For more on what fails most often, see our breakdown of Shopify theme conformance.
Confirm whether you exceed the microenterprise threshold.
Identify which EU member states your traffic comes from. Google Analytics 4 or Shopify Analytics gives you this in 5 minutes.
Run an automated WCAG 2.1 AA scan against your homepage, a collection, a product page, the cart, and the checkout. AccessifyAI does this for Shopify themes specifically. Find us on the Shopify App Store.
Publish an accessibility statement, even if it acknowledges work in progress. The act of publishing demonstrates good faith.
Schedule a quarterly re-scan. Theme updates and new app installations reintroduce failures.
Yes. The EAA applies based on where the consumer is, not where the merchant is incorporated. A US Shopify store with a .com domain that ships to Germany is in scope if it exceeds the microenterprise threshold and processes orders from EU consumers.
The Web Accessibility Directive (2016/2102) covers public-sector bodies. The EAA (2019/882) covers private-sector products and services including e-commerce. Both reference EN 301 549, but the EAA is the one that affects Shopify merchants.
Shopify's default checkout targets WCAG 2.1 AA per their public statement, which aligns with EN 301 549. Custom checkout extensions you add as a Plus merchant are your responsibility to audit.
Most lawyers I have worked with recommend a single statement in English plus translations for each market where you have meaningful traffic. The statement must include the enforcement body for each relevant country, or a list covering all relevant countries.
No. Under Article 4 of the directive, the economic operator (you, the merchant) is responsible for the service. Using a third-party theme does not transfer liability.
For a typical Plus store with 5 to 10 third-party apps and a moderately customized theme, expect 20 to 40 hours of work to reach full WCAG 2.1 AA conformance. Continuous monitoring catches regressions and reduces the per-quarter effort to 2 to 4 hours.
Share:
Get accessibility tips by email
One short email per month with new guides and Shopify accessibility updates. No spam, unsubscribe anytime.