Zum Inhalt springen
BFSG compliance since 2025
All Articles BFSG

BFSG Enforcement: Minimizing Your Legal Risks

13 min read
BFSGRechtCompliance

Since June 28, 2025, the German Accessibility Strengthening Act (BFSG) has been binding. Many companies are now asking not whether they are affected, but how the law is actually enforced and what concrete risks arise. Contrary to occasional claims, the BFSG is not an automatic cease-and-desist machine with instant maximum penalties. It defines a graduated procedure: from a defect report through official review to possible measures. This article explains factually how enforcement under the BFSG statute works, which actors are involved and how legal risks can be effectively reduced through documented conformance.

BFSG Enforcement: From Notice to MeasureEscalation Stages of BFSG Market Surveillance (Sections 19 to 25)1Defect ReportUser, association orauthority reports a barrierto the supervisory body2ReviewAuthority requests recordsand a conformity prooffrom the company3RequestA deadline to removethe barriers isset4MeasuresOrder, prohibition orfine within thestatutory frameworkWho Can Act?State market surveillance authoritiesRecognized associations (group lawsuit)Affected users and consumersWhat Protects the Company?Documented WCAG 2.2 AA conformanceCurrent accessibility statementWorking feedback mechanismRisk decreases with demonstrable conformanceAudit log - Action plan - Accessibility statement - Re-audit - Documentation of fixes

Who Enforces the BFSG?

Enforcement of the BFSG does not rest with a single federal authority but is organized along federal lines. The law (BFSG, Section 19) provides that the federal states designate market surveillance authorities responsible for overseeing products and services. In practice, a cross-state structure was created for this: the Market Surveillance Body of the Federal States for the Accessibility of Products and Services (MLBF) centrally coordinates oversight of services, while products are partly subject to individual state jurisdictions (Federal Agency for Accessibility, 2025).

Technical guidance also plays a role: the Federal Agency for Accessibility at the Federal Ministry of Labour and Social Affairs supports authorities and companies with implementation information. It is not a sanctioning authority, but an important body for interpretation. Anyone wanting to understand how market surveillance interprets requirements will find orienting guidance here (BMAS, 2025).

State Market Surveillance Authorities

They test on a sample basis and in response to complaints whether digital offerings meet the requirements. They can request records, set deadlines and order measures within the statutory framework (BFSG, Sections 19 to 23).

Recognized Associations

Under BFSG, Section 30, qualified associations representing the interests of people with disabilities can take legal action via a group lawsuit if requirements are not met.

Affected Users

Consumers can report barriers via the feedback mechanism and lodge a complaint with the market surveillance authority if an offering is not accessible (BFSG, Section 28).

The Association Lawsuit Under the BFSG

A central enforcement instrument is the right to a group lawsuit. Under BFSG, Section 30, recognized associations entitled to sue under the Disability Equality Act or comparable rules can take action against economic operators who violate accessibility requirements. These lawsuits typically aim at cessation or removal of the barrier, not at damages. This means an association can demand in court that a barrier be removed.

Important for a sober assessment: the right to a group lawsuit is not a mass cease-and-desist instrument like those known from competition law. Associations must be recognized, the lawsuit must be in the interest of the group they represent, and proceedings go through the ordinary courts. Still, the risk should not be underestimated: a court-established obligation to remove a barrier often creates short-term pressure and costs that could have been avoided through forward-looking BFSG implementation.

Group Lawsuit Versus Competition Cease-and-Desist

Enforcement explicitly provided for in the BFSG runs through market surveillance and the group lawsuit. Whether and to what extent violations can additionally be pursued as competition-law violations is legally disputed and is assessed by the courts on a case-by-case basis. A blanket scare scenario is neither serious nor helpful here.

Defect Reports and the Feedback Mechanism

The practical entry point into an enforcement procedure is usually the defect report. The BFSG obliges companies to provide a feedback mechanism through which users can report barriers (BFSG, Section 14 in conjunction with the BFSGV ordinance). If this mechanism does not work or the company does not respond appropriately, affected persons can turn directly to the market surveillance authority.

A defect report does not trigger a sanction on its own. It is initially a notice that can prompt a review. What matters is how the company responds: those who record, assess and remedy a reported barrier within a reasonable period demonstrate exactly the serious effort that is viewed positively in the procedure. Those who ignore reports risk escalation to the next stage. A well-maintained feedback mechanism is therefore not only an obligation but also a shield.

  1. Log the entry: Record every report with date, content and the affected area.
  2. Reproduce the barrier: Technically verify the reported defect and map it to a WCAG success criterion.
  3. Set a deadline: Define a realistic, documented processing deadline internally.
  4. Implement the fix: Remove the barrier and test the correction.
  5. Provide feedback: Inform the reporting person about the fix and archive the case.

The Escalation Stages of Market Surveillance

The BFSG procedure is structured in stages and gives companies an opportunity to remedy issues at each phase. The market surveillance authority does not jump straight to the harshest measure. Rather, it follows a proportionality principle derived from Sections 19 to 25 BFSG. The following overview shows the typical stages from the first notice to a possible sanction.

StageWhat HappensRole of the Company
1. Defect reportUser, association or authority reports a barrierRespond via the feedback mechanism and document
2. ReviewAuthority requests records and a conformity proofPresent the audit log and accessibility statement
3. RequestAuthority sets a deadline to remove the barriersImplement measures and prove completion on time
4. OrderIf inactive: a binding order to make correctionsComply with the order or examine legal remedies
5. MeasureProhibition, restriction or fine within statutory limitsSanction avoidable through timely remediation

The decisive point: in the first three stages, the company can each time avoid escalation through cooperation and remediation. Those who respond cooperatively, document and remove barriers generally never reach the measures stage. This is exactly where the value of a prepared conformance documentation becomes apparent.

What Measures Does the BFSG Provide For?

If a procedure reaches the final stage, authorities have several instruments available. In Sections 23 to 25, the BFSG provides for orders, restrictions or prohibitions if an offering permanently fails to meet the requirements. In addition, the law can classify violations as administrative offences that may be punished with a fine (BFSG, Section 37).

A Factual Look at the Fine Ranges

The BFSG names statutory fine ceilings for certain administrative offences (BFSG, Section 37). These ranges are maximum values, not standard penalties. The amount set in an individual case is decided by the authority based on severity, duration and culpability. Blanket statements like 'every violation costs the maximum amount' are inaccurate and should be questioned critically.

This distinction matters: anyone wanting to assess BFSG enforcement seriously should distinguish between the theoretically possible statutory framework and realistic regulatory practice. Market surveillance primarily aims to establish accessibility, not to maximize fines. A swift, documented remediation of reported defects, for example in the checkout of an accessible online shop, is therefore almost always the most sensible path to limit economic and legal risks.

Deadlines and Transition Rules at a Glance

Deadlines are decisive for risk assessment. The BFSG has applied since June 28, 2025. New digital offerings and newly concluded contracts have been fully subject to the requirements since then. For certain legacy situations, however, the law provides transition rules (BFSG, Section 38) that stretch out the conversion process.

Since June 28, 2025

New services and new contracts must fully meet the accessibility requirements. There is no blanket grace period for new offerings.

Until June 28, 2030

For services based on contracts concluded before the deadline, an extended transition period applies (BFSG, Section 38).

Self-Service Terminals

For self-service terminals already in use before the deadline, a separate, longer transition period applies until the end of their economic service life, up to 15 years.

A common misconception: that transition periods are a free pass to remain inactive. The opposite is true. The extended periods cover narrowly defined legacy cases. For ongoing maintenance, new features and new contracts, the requirements apply immediately. Anyone who trains teams for ongoing accessible implementation should therefore not view the transition rules as a postponement, but as a planning horizon.

Documented Conformance as Effective Risk Protection

The most effective lever for risk minimization is traceable documentation. In an inspection, the market surveillance authority does not ask for belief but for proof. A company that can substantiate its conformance in a structured way is in a far better position than one that has to improvise in an emergency. The technical foundation is the harmonized standard EN 301 549, which references WCAG for web content (EN 301 549, 2021).

Five Building Blocks of a Robust Conformity Proof

A complete proof comprises a current audit log against WCAG 2.2 AA, a published accessibility statement, a working and documented feedback mechanism, a prioritized action plan with deadlines, and a traceable log of remediated barriers. Together, these five elements form a proof that holds up during an inspection.

In practice, a simple principle proves effective: every statement about accessibility should be backed by evidence. If the accessibility statement claims the checkout is keyboard-operable, then a test log should prove exactly that. This linking of statement and evidence is the core of inspection-ready documentation. It can be built systematically with a structured WCAG audit.

In an inspection, what counts is not what a company claims about its accessibility, but what it can prove. Documentation turns a claim into evidence.

Digital Accessibility Agency, project experience

What Companies Should Do Now in Practice

Enforcement of the BFSG is not an abstract threat but a comprehensible procedure with clear stages. Those who implement the following steps noticeably reduce their legal risk and remain capable of acting during an inspection. The order is based on effort and impact: the building blocks with the greatest protective effect come first.

  • Assess the status: A WCAG 2.2 AA audit shows where the offering stands today and which barriers must be prioritized.
  • Publish the statement: Set up a current, honest accessibility statement with status, known limitations and a contact.
  • Activate the feedback mechanism: Provide a working reporting channel and define internal responsibilities.
  • Document the action plan: Keep barriers with deadlines, responsibilities and status in a traceable plan.
  • Log the remediation: Archive every remediated barrier with date and test evidence.
  • Re-audit regularly: Continuously check new features and content to maintain conformance.

A frequent mistake in practice concerns forms: they are the bottleneck of many purchasing processes and at the same time particularly error-prone in terms of accessibility. How to design form validation, error messages and labels accessibly is covered in detail in our article on accessible forms and validation. For overarching implementation and an inspection-ready proof, our team is happy to support you via the contact page.

This article is based on data and sources from: BFSG statute (German Federal Law Gazette, 2021), Accessibility Strengthening Act Ordinance BFSGV (2022), EU Directive 2019/882 European Accessibility Act, Federal Agency for Accessibility (2025), Federal Ministry of Labour and Social Affairs BMAS (2025), EN 301 549 (2021), WCAG 2.2 (W3C, 2023). Legal notes do not replace individual legal advice.