Regulations

EU compliance regulations

The legal framework behind cookie consent, web accessibility, and data protection requirements for websites serving EU users.

EAA

European Accessibility Act

The European Accessibility Act requires products and services sold to EU consumers to meet accessibility standards. Websites of e-commerce businesses are in scope. The technical benchmark is EN 301 549 / WCAG 2.1 Level AA.

In force since 28 June 2025 · E-commerce websites, banking, transport, media services, and consumer electronics provided to EU consumers

ePrivacy

ePrivacy Directive — Cookie Consent

The ePrivacy Directive governs when websites may store or access information on a visitor's device. Any storage — cookies, pixels, localStorage, fingerprinting — requires prior informed consent unless a narrow exemption applies.

In force since 2003 (directive); national transpositions vary · Any website that stores or accesses information on a user's terminal equipment (cookies, localStorage, pixels, fingerprinting)

GDPR

GDPR — General Data Protection Regulation

The GDPR is the EU's general data protection law. It governs how personal data is collected, stored, and processed. For websites, the GDPR applies alongside the ePrivacy Directive — GDPR covers the lawfulness of data processing, while ePrivacy covers the act of storing or accessing information on a device.

In force since 25 May 2018 · Any processing of personal data of individuals in the EU

WCAG

WCAG 2.1 Level AA

WCAG 2.1 AA is the technical standard for web accessibility. It is not a law itself, but is incorporated by reference into the European Accessibility Act (via EN 301 549), the Web Accessibility Directive, and is increasingly referenced in US ADA enforcement.

In force since 2018 (W3C Recommendation); legally binding via EAA/WAD transpositions from 2025 · Web content; the technical benchmark referenced by the EAA, WAD, and ADA enforcement