Ensure clear accountability for securing and monitoring digital accessibility

SUPERVISION EAA-UPDATE 3 AFM launches compliance investigation and emphasizes importance of a clear EAA notification In brief – In this third EAA update, we address the accessibility requirements, specifically the following points: • Key WCAG focus areas • Securing accessibility within the organization • Upcoming compliance investigation Additionally, we provide supplementary instructions and examples for reporting non-conformity in the AFM Portal. We request enterprises to follow these instructions when submitting an EAA notification. APRIL | 2026

© AFM 2026 | EAA-update 3 2 Accessibility requirements: AFM expectations and upcoming investigation The AFM expects financial enterprises to structurally secure digital accessibility and comply with WCAG criteria. To assess the sector's current status, we will conduct a compliance investigation into accessibility in the coming quarter. Key WCAG focus areas The WCAG criteria are important guidelines for meeting accessibility requirements. We expect enterprises to prioritize level-A criteria. Four of these are particularly important: the non-interference criteria: • Audio control (1.4.2) • No keyboard trap (2.1.2) • Pause, stop, hide (2.2.2) • Three flashes or below threshold (2.3.1) If any of these criteria are not properly implemented, the entire website may become unusable for certain groups of visitors. Or, in some cases, cause risky physical reactions. These criteria are therefore always classified as 'critical'. We also expect enterprises to be capable of meeting level AA of the WCAG criteria. Additionally, with the arrival of WCAG 2.2, new criteria will become mandatory. Therefore, work towards these requirements now so that you are well prepared for future obligations. Securing accessibility within the organization The AFM emphasizes that accessibility is broader than just the WCAG criteria. We expect enterprises to have insight into the greatest accessibility risks in their services and to have established processes to make their websites, apps, and digital services accessible and keep them accessible. Pay attention to the following points: • An accessibility audit helps to identify bottlenecks, risks, and violations of accessibility requirements. This provides clear insight into problems such as insufficient text contrast, missing alt texts, buttons or links without text, missing form labels, or inadequate keyboard navigation. An audit forms the basis for targeted improvement steps. • Ensure structural security through fixed guidelines, periodic checks, and clear responsibilities. Enterprises must be able to account for how accessibility is continuously secured and monitored. New content, updates, or functionalities can create new barriers and limit accessibility. Therefore, incorporate accessibility from the start in design and development. Additionally, it is important to have adequate procedures to receive complaints from consumers with disabilities and to resolve them. • Involve people with disabilities from the beginning in the development and testing of your website, app, or other online applications. This immediately clarifies whether solutions are usable in practice (and thus fully accessible). This makes the design more effective and prevents costly and time-consuming corrective actions afterwards. Upcoming compliance investigation In the coming quarter, the AFM will conduct a compliance investigation into the digital accessibility of financial enterprises. We will assess the extent to which enterprise websites comply with WCAG criteria, with specific attention to level-A criteria. We focus on sectors and services most used by consumers. We will use the results to determine targeted interventions and, where necessary, address enterprises on shortcomings.

© AFM 2026 | EAA-update 3 3 Supplementary instructions for a clear EAA notification to the AFM Financial enterprises are required to report when they do not comply with the EAA (non-conformity notification). It is good to see that many parties have reported to the AFM and shown that they are taking steps to become more accessible. However, we notice that the notifications are not always filled out concretely. In that case, we cannot properly assess what the accessibility problems exactly are and where they are located. To clarify the EAA notifications, we have included supplementary instructions below for some questions from the notification form. We request enterprises to follow these instructions when submitting a notification. The instructions are also available on the AFM website. Question 1: For which part of the services does this notification apply? Indicate which parts of the services do not meet the requirements. Do this for example as follows: • Specify for which trade name this notification applies. • Describe not only the service, such as 'insurance' or 'mortgages', but also which component. For example, whether it concerns website(s), app(s), documents (PDF, Word file or letters), e-mails, or physical products. • Specify the function of the web page, app, documents, e-mails, or physical products for the consumer. Note: If the same problem applies to multiple trade names or parts of the services, this can be submitted in one notification. It is important to specify which parts of the services are affected, as described above. Example – Question 1 This notification applies to the trade name 'Onderneming B.V.' and concerns the online customer portal on the web page 'Submit application'. It specifically concerns the function 'Upload document' during the application process. Question 2: In what way does your service not meet the requirements of the EAA? Specify concretely what accessibility problems exist and where they are located. Do this for example by indicating which WCAG criteria are involved, or in the case of an app, whether it applies to iOS or Android. Example – Question 2 WCAG 2.1 – criterion 2.1.1 (Keyboard – A): the 'Upload document' button is not accessible via keyboard navigation. WCAG 2.1 – criterion 1.4.3 (Contrast – AA): text labels in the upload screen have insufficient contrast. This applies to both the website, the iOS app, and the Android app. Question 3: How many consumers can be affected by this? Indicate the number of visitors or users of a website or app. Also consider the number of people who are not yet customers. Example – Question 3 • The web pages receive 12,000 visitors monthly. • In the app, approximately 3,000 users actively purchase products monthly.

© AFM 2026 | EAA-update 3 4 Question 4: What is the level of impact on the consumer? (critical, serious, moderate, minor) As a guideline, the impact can be determined based on the level of the WCAG criteria. A level-A criterion has a serious or critical impact, and a level-AA criterion has a moderate or minor impact. Example – Question 4 The impact is serious, as an A criterion is affected and keyboard users are hindered from independently completing the application. Question 5: What measures are being taken to correct the non-conformity? Specify concretely what steps are being taken to meet the requirements and which departments within the organization are involved. For example, indicate in which processes this is incorporated so that it is permanently secured. Example – Question 5 • IT department adjusts navigation, button structure, and color contrast. • UX team tests the solution with a panel of users with visual impairments. • Accessibility is structurally built in via a WCAG checklist in the development process. • Solutions will be rolled out within 8 weeks; department X monitors progress. Question 6: Are there equivalent accessible alternatives to use the service (for example, an e-mail address)? We see that enterprises, for example, indicate that customers can visit a physical office as an alternative solution. This is not an equivalent alternative for people with disabilities, as not everyone has the opportunity to visit an office. Example – Question 6 • Customers can submit their request via our e-mail address. These e-mails are fully accessible to screen readers and are handled with the same priority as other digital requests. • Customer service provides support when customers encounter limitations. Employees are trained to perform actions on behalf of the customer and are reachable via phone and chat. • When a customer gets stuck, an alternative channel is offered, such as the option to use a phone number or e-mail address, or to switch from the app to the web environment to complete the action there.