Most advice about form completion starts and ends with one number: how many fields you have. Cut fields, win conversions. Simple. It’s also wrong, or at least incomplete. The real…
Table of contents
Your checkout tells people their input is invalid. It rarely tells them why.
That line of microcopy became a legal artifact on 28 June 2025, when the European Accessibility Act entered enforcement across all 27 EU member states.
Baymard Institute found only 2% of ecommerce sites adapt error messages to the actual fault. WebAIM’s 2026 scan found a third of form inputs unlabeled, and getting worse.
Conversion teams have tuned this field for a decade without once reading the standard that now governs it.
What follows:
- How the EAA reaches WCAG through EN 301 549
- What the first court rulings decided, one won and one dismissed
- Why these losses never surface in your analytics
- What to fix first, ordered by return
98% of ecommerce sites tell you your input is invalid. They don’t tell you why.
Baymard Institute benchmarked roughly 300 large ecommerce sites and found only 2% change the error message to match the actual fault that triggered it.
The back end already knows what’s wrong. It has to know, or it couldn’t have rejected the input.
Type john.newman@gmail and the validation logic identified a missing domain suffix. Type john.newmangmail.com and it identified a missing @ character.
Two different faults. One message: “Please enter a valid email address.”
That message became a legal artifact in the European Union on 28 June 2025. Nobody running conversion tests noticed.
Your growth team calls this field a friction point. A French court calls it a barrier. They are looking at the same <input>.
What does the European Accessibility Act actually require for form errors
The EAA (Directive 2019/882) never uses the phrase “error message.” The requirement arrives through a chain of three documents.
Annex I, Section IV(g) requires e-commerce services to make identification, security and payment functionality perceivable, operable, understandable and robust.
Understandable is where error handling lives.
How the law reaches down to a single line of microcopy
Article 16 grants a presumption of conformity to anything meeting a harmonised standard. That standard is EN 301 549, currently v3.2.1, published March 2021 by ETSI, CEN and CENELEC.
Clause 9 incorporates WCAG 2.1 Level AA in full. Not by reference. The complete text.
So the path runs: EU directive → presumption of conformity → European standard → two WCAG success criteria that most developers have never read.
What separates error identification from error suggestion
| Criterion | Level | Requires |
|---|---|---|
| 3.3.1 Error Identification | A | The item in error is identified and described in text |
| 3.3.3 Error Suggestion | AA | How to fix it, where a fix is known |
W3C is blunt about the floor: re-displaying a form without any hint the submission failed is not sufficient.
Their own example splits the two cleanly. “Email is not valid” passes 3.3.1. “Please provide a valid email address in the format [email protected]” passes both.
Both are minimums, not aspirations
Level A is the floor of the floor. Spain fined Vueling €90,000 for an inaccessible website in April 2024, before the EAA deadline had even landed.
A catalogue of error messages that actually tell people what went wrong is now closer to a compliance document than a style guide.
Why is error handling the one accessibility rule that also moves conversion
Because the failure mode is identical for both audiences.
A screen reader user who isn’t told what’s wrong leaves. A sighted shopper who isn’t told what’s wrong leaves. Same field, same silence, same abandoned cart.
Sources: Zuko Analytics form benchmarks (tablet sits at 41%); Dynamic Yield rolling twelve-month benchmark, which moves month to month; Click-Away Pound 2019, UK screen reader users, compared against 2016. Zuko’s field-level data names the culprits: the password field carries the highest mean abandonment rate of any input at 10.5%, followed by email at 6.4% and phone at 6.3%. All three are typed.
Baymard puts average cart abandonment at 70.22% across a meta-analysis of 50 studies, and better checkout design at a 35.26% conversion lift for the average large site.
What Baymard found when it watched people hit errors
The observed damage:
- Participants took up to five minutes to resolve a simple sign-in error, purely from vague wording
- A Next UK shopper hit “There was an error processing your card payment” and assumed his bank had blocked him. The real fault was a typo
- Appliances Online rejected a phone number containing a space, said nothing about spaces, and the participant said he’d go to another site
Users who can’t decode the message are locked out of the order. Baymard’s phrasing: those users are almost guaranteed to abandon.
The gap where nobody has done the work
Nobody has published a controlled test isolating accessible error handling as a conversion variable.
Baymard measures message quality. WebAIM measures label presence. Neither draws the line to revenue.
I’m synthesising here, and I’d rather say so than imply a study exists. If you run enough checkout traffic to test this properly, you’re sitting on data the industry doesn’t have.
What generic and adaptive messages actually look like
| Input fault | Generic (98% of sites) | Adaptive (2%) |
|---|---|---|
4532 1234 5678 |
“Invalid card number” | “Your card number is incomplete” (Away) |
| Phone too short | “Provide a valid phone number” | “Phone number is too short” (B&H Photo) |
| ZIP/state mismatch | “Invalid ZIP code” | “The state entered is not valid with the ZIP code entered” |
The right column costs microcopy. That’s it.
The validation logic that already knows the answer defined every one of those rules at field level before the page ever shipped.
How bad are web forms right now
WebAIM scanned the top one million home pages in February 2026. Forms are multiplying and getting worse at the same time.
Home pages averaged 6.9 form inputs, up 36% in three years. 33.1% of those inputs were not properly labeled.
| Failure type | 2026 | 2025 | Direction |
|---|---|---|---|
| Low contrast text | 83.9% | 79.1% in 2025 | Worse |
| Missing form labels | 51.0% | 48.2% in 2025 | Worse |
| Empty buttons | 30.6% | 29.6% in 2025 | Worse |
| Missing alt text | 53.1% | 55.5% in 2025 | Better |
Six straight years of slow improvement reversed. Detected errors hit 56.1 per page, up 10.1%.
WebAIM names the cause in its own conclusion: third-party frameworks, libraries, and automated or AI-assisted coding.
Generated markup that looks correct and carries no aria-describedby is the defining bug of 2026. It passes review because it reads fine.
Sources: W3C, Understanding SC 3.3.1 (updated June 2026); Adrian Roselli on native validation behaviour. The Constraint Validation API exposes everything needed to suppress the native bubble and supply your own message.
Platform matters more than most teams admit. WebAIM’s 2025 data put Magento at 85.4 errors per home page, WooCommerce at 75.6 and Shopify at 69.6, against a 51-error sample average.
The caveat that makes this worse, not better
WebAIM only scans home pages. Checkout flows, login screens and account settings are where the forms actually live.
So 51% is the optimistic read. The accessibility work that matters most sits on pages this study never opened.
Why are forms getting worse instead of better
WebAIM’s 2026 scan points at the toolchain. ARIA code on the average home page rose 27% in a single year and is six times higher than it was in 2019.
Pages carrying ARIA averaged 59.1 errors. Pages without it averaged 42.
Read that twice. The markup invented to describe interfaces to screen readers is sitting on the pages that fail hardest.
The libraries your team already installed

Look at what tops that list.
SweetAlert2 exists to display alerts and error messages. Pages using it average 101.6 errors, 81% above the sample average.
Select2 and jQuery UI are form control libraries. Both sit in the 80s. The tools built to improve form inputs live on the pages with the worst form accessibility.
WebAIM’s own summary: the presence of nearly all of these popular libraries was associated with an increase in detected errors.
The honest caveat, and the counterexample
Correlation is not causation, and WebAIM says so plainly. These pages are also more complex, and complexity breeds errors on its own.
But the framework data undercuts the fatalism.
Astro pages average 9.0 errors, 84% below the sample. Next.js sits at 40.9, React at 43.5. Meanwhile AngularJS runs 76.6 and Vue.js 64.6.
Same web, same year, same scanner. An eightfold spread between the best framework and the worst.
None of this is inevitable. It’s chosen, usually by someone who never opened the accessibility docs for the thing they installed.
Is anyone actually enforcing this
Yes. Unevenly, and not by the route most people expect.
Four French disability organisations issued formal legal notices to Auchan, Carrefour, E.Leclerc and Picard on 7 July 2025. When the responses fell short, they filed emergency injunctions on 12 November 2025.
Nobody waited for a regulator. Under the EAA, advocacy groups can sue directly.
The Carrefour ruling and what the judge refused to accept
On 4 June a French court gave Carrefour six months to make its online commerce services fully accessible, with a €500 daily penalty accruing.
Carrefour never argued the site was accessible. It argued that meeting 71% of RGAA criteria was enough.
The judge’s answer, in unusually plain language: an e-commerce site cannot be somewhat accessible.
There is no partial credit on a checkout a customer can’t finish.
The Auchan case that went the other way
Heard in May 2026. Dismissed.
The court accepted the site was non-conformant, which Auchan didn’t dispute, and noted the company’s lack of interest in accessibility despite being a major online player. It still refused to find an obvious unlawful breach in summary proceedings.
As of June 2026, no confirmed fine under any national EAA-implementing law has been publicly verified.
Read that correctly. Summary proceedings are an unreliable route. The obligation itself didn’t soften.
Where the regulators are looking instead
Sweden’s PTS published a list of 200 e-commerce platforms to audit by Q3 2026. The methodology is the part that should worry you.
Automated WCAG 2.1 AA testing, plus manual keyboard navigation and screen reader testing.
Automated scanners largely cannot detect whether an error message gets announced. Manual screen reader testing can. Sweden is running the exact test that catches this.
| Jurisdiction | Authority | Exposure |
|---|---|---|
| Sweden | PTS + Konsumentverket | SEK 10m~€900,000, market ban |
| Spain | Ley 11/2023 | Up to €1,000,000 |
| Hungary | National | Up to €1,260,000 |
| Ireland | ComReg, CCPC, others | Criminalup to 18 months on indictment |
The Dutch ACM has sent information requests to operators worldwide, including companies with no EU office. The EAA applies where the service is offered, not where the company is registered.
On the 2030 transition window: carrefour.fr predates 2025 by decades and got six months anyway. A major redesign is widely read as placing a new service on the market, which restarts the clock.
What do disabled shoppers say is actually broken
Click-Away Pound asked UK users with access needs which website problems make online shopping hard, then repeated the identical question three years later.
Filling in forms ranked fourth at 56%, ahead of poor keyboard access and ahead of poor screen reader access.

Three findings worth sitting with:
- Forms barely moved. 58% in 2016, 56% in 2019. Three years of awareness bought two points.
- Legibility got worse, 44% to 55%. Moving images too, 44% to 53%. The web got harder to read while the industry congratulated itself.
- Screen reader access was the only real win, 49% down to 35%. The problems that improved are the ones assistive tech vendors fixed. Not the ones site owners fixed.
The barrier nobody asked about until users insisted
reCAPTCHA wasn’t on the 2016 questionnaire. The researchers added it in 2019 because so many people wrote it into the comments unprompted.
It came back at 63%. Among screen reader users, 80%.
One respondent, quoted in the report: <q>reCAPTCHA challenges with no audio alternative have often stopped me from completing a purchase.</q>
Audio alternatives mostly don’t rescue it either. Listening to a distorted string while a screen reader talks over it is not an alternative, and there are better ways to stop bots that don’t cost you the sale.
Why this data outranks any benchmark
Nobody hypothesised this. No researcher went looking for forms and found them.
Disabled shoppers were handed an open list and picked forms, fourth, twice, five years apart.
That’s not a conversion metric inferring intent from a drop-off curve. That’s people telling you directly what your checkout does to them.
Why doesn’t any of this show up in your analytics
Only 8% of disabled customers who hit a barrier will ever contact the site owner. That figure comes from the Click-Away Pound survey.
Two unrelated studies, two methodologies, eight years apart, same behaviour. Click-Away Pound was a self-selecting online survey of UK users and does not publish a sample size. WebAIM’s respondents answered “never” or “rarely” to how often they contact site owners about barriers, and the 85.9% figure has climbed steadily from 68.6% in 2009.
69% simply click away. 86% have paid more to buy from an accessible site rather than less from a harder one.
This is the whole problem in one number.
The loss doesn’t arrive as a support ticket. It doesn’t arrive as a complaint, an angry tweet, or a bug report.
It arrives as an ordinary-looking drop between the shipping step and the payment step. Which you have already explained to yourself as price sensitivity, or mobile friction, or the season.
Source: Baymard Institute, quantitative study of reasons for abandonment among US online shoppers, last updated September 2025. Figures exclude the 43% who abandoned because they were browsing and not ready to buy. Respondents could give more than one reason, so shares do not total 100%. The fourth column is our reading, not Baymard’s.
Nobody optimising for conversions is watching this law. Nobody enforcing this law is watching your funnel.
The people it costs are in neither room, and they’ve stopped telling anyone. Most work on reducing form abandonment never looks at this cohort because the cohort left silently.
What to fix first
Ordered by return, not by effort. None of this needs a redesign.
Track which validation errors fire most often and which carry the highest post-error abandonment. Fix those two groups first. That’s Baymard’s own prioritisation, and it beats writing 160 messages for a field nobody fails.
Write 4 to 7 messages for the fields that break: card number, cardholder name, security code, password, phone, email. Baymard found that range captures most of the benefit.
Validate on blur. Never on keystroke, never before someone has had a chance to type a valid value.
Etsy triggered a required-field error the moment focus landed on an empty address box. The participant’s reaction, quoted verbatim in the research: it was yelling at him before he’d tried to submit anything.
Premature validation is the most common way teams get inline validation exactly backwards. 31% of sites skip it entirely, and 4% ship it broken.
Clear the error the instant the input becomes valid, on keystroke, not on blur.
At L.L. Bean, a participant fixed his first password field and the “passwords do not match” error stayed put under the second one. He sat there staring at a message about a problem he’d already solved.
Associate the message with its field programmatically:
aria-describedbyoraria-errormessagelinking input to messagearia-invalid="true"on the failing fieldrole="alert"or a live region so dynamically injected errors get announced- Text, never colour alone (that’s 1.4.1 as well as 3.3.1)
Support checked July 2026. Sources: WebAIM ARIA testing (May 2025), a11ysupport.io, David MacDonald’s live region tests, Adrian Roselli on field error exposure. NVDA added aria-errormessage support in version 2024.3.
This block is the line between a visual fix and a legal one. Everything above it improves UX. This makes it count.
Preserve the input. Don’t wipe correct fields on a failed submit, forcing people to redo work they already did.
Keep the submit button enabled. Disabling it hides the reason for failure from everyone, sighted or not.
The overlap nobody prices in
Every item on that list serves both audiences at once. There’s no accessibility tax here and no trade-off to negotiate.
Which is the strange part. Teams have spent years on checkout optimization and built the compliance fix by accident, or skipped it and lost both.
What happens next
Nothing about this gets easier in the next eighteen months. The requirement gets more specific, not less.
| Date | What lands |
|---|---|
| Q3 2026 | Sweden’s PTS concludes its audit of 200 e-commerce platforms |
| October 2026 | EN 301 549 v4.1.1 expected in the Official Journal |
| 28 June 2027 | Service contracts signed before June 2025 lose their grace period |
| 28 June 2030 | Transitional period ends for legacy services |
The Dutch ACM steps up active enforcement in the second half of 2026. Which is the half we’re in.
The standard is about to ask for more, not less
Draft V4.1.0 went out for public review in November 2025. The final V4.1.1 is expected to be cited in the Official Journal around October 2026, replacing v3.2.1 and moving the baseline from WCAG 2.1 to WCAG 2.2.
Look at what WCAG 2.2 adds and where it adds it. Focus appearance. Dragging movements. Accessible authentication.
Guideline 3.3, Input Assistance, is the family that already contains error identification and error suggestion. It’s the one getting expanded.
Source: W3C, WCAG 2.2. “In force now” means the criterion sits inside EN 301 549 v3.2.1, the harmonised standard behind the EAA today. 3.3.7 and 3.3.8 are new in WCAG 2.2 and reach EU law when v4.1.1 is cited in the Official Journal. Guideline 3.3 also holds three Level AAA criteria, which EN 301 549 does not require.
3.3.7 Redundant Entry and 3.3.8 Accessible Authentication both landed there. Forms are where the standard is growing.
Why the 2030 date won’t save anyone
Teams keep pointing at the transitional window as though it buys them four years.
carrefour.fr has existed since the 1990s. A French court gave it six months in June and attached a €500 daily penalty to the delay.
Any new digital service launched in 2026 or later must be accessible from day one. A major redesign is widely read as placing a new service on the market, which restarts the clock you were counting on.
The practical target
Treat WCAG 2.2 Level AA as the working baseline now, even though the harmonised standard still references 2.1.
You’d be building toward October’s requirement instead of retrofitting after it.
Two rooms, one input
87 million people in the EU have a disability. Baymard puts the average cart abandonment rate at 70.22%, a figure that has barely moved in a decade.
Nobody has ever been able to fully explain the gap between those two numbers, and the honest answer is that a slice of it has been sitting in an error message that said “invalid” and nothing else.
Here’s what I keep coming back to. The growth team has spent years on work to increase form conversions, running tests on field count, button colour, progress indicators, trust badges.
The compliance team got handed a directive, a harmonised standard, and a WCAG conformance target.
Same field. Same failure. Neither one told the other.
One of them was told it was a conversion lever. The other was told it was a legal risk.
Both were right. That’s the part nobody has caught up to yet.
Conclusion
Error messages are the cheapest fix in your checkout and the one almost nobody has made.
The microcopy already exists inside your validation logic. Surfacing it costs a sprint, not a redesign.
Weigh that against the other side of the ledger:
- Fines reaching €1,000,000 in Spain and €1,260,000 in Hungary
- A €500 daily penalty already accruing at Carrefour
- Seven in ten carts abandoned, with a slice of it invisible because only 8% of blocked shoppers ever complain
Sweden’s auditors are running manual screen reader tests through Q3. October brings WCAG 2.2 into the harmonised standard.
Start with the errors that fire most often. Write four messages where you currently have one.


