Ten months after Germany's Barrierefreiheitsstärkungsgesetz (BFSG) took effect, we audited 76 prominent German consumer websites for one thing: do they publish a digital accessibility statement?
A search-based audit, using Google site-restricted queries, said fewer than half did.
A DOM-level audit, using a headless browser that rendered each homepage, found that 61 of the 76 publish a statement that is reachable for a real visitor. (Two of those 61 were confirmed only after readers pointed us to the right URL. In both cases the statement is in the homepage footer for a normal visitor, but the site returned a bot-block error page to our automated browser and the page never rendered for our scan at all.)
About 31 of the original "no" results were false negatives. The compliance picture is better than search results suggest. What that uncovers is a separate problem: a large share of BFSG accessibility statements are technically published but functionally hard to find.
This audit is anonymous. No company, brand or domain is named anywhere in this article. Sample sizes per sector are reported so the shape of the data is verifiable.
What the BFSG requires
The BFSG entered into force on 28 June 2025. It transposes EU Directive 2019/882 (the European Accessibility Act, or EAA) into German national law. Among other obligations, it requires economic operators offering in-scope products and services to publish an accessibility information statement.
The content requirements are set out in the BFSG-Verordnung (BFSGV), Annex 3 to § 14 BFSG / § 28 BFSGV. The information must be made available in barrier-free form and in a way that is clearly perceptible to users.
Public-sector websites in Germany are also subject to the Barrierefreie-Informationstechnik-Verordnung (BITV 2.0), which transposes EU Directive 2016/2102. Existing public-sector sites have been required to publish an accessibility statement since 23 September 2020.
Between the two regimes, the great majority of large consumer-facing German websites should, in 2026, be publishing a statement of some kind.
Method
The sample
We selected 76 prominent German consumer websites across nine sectors. The sample skews to large, well-resourced organisations, because those are the ones the BFSG most clearly targets and the ones for which compliance expectations are most defensible.
Sector
E-commerce, retail and grocery - 20
News and daily press - 8
Public broadcasters - 9
Banking - 7
Telecom - 4
Travel - 4
Insurance - 3
Automotive - 3
News magazines and weeklies - 6
Email and ISP portals - 2
Energy - 1
Other (B2B and broadcasters' commercial peers) - 9
Total - 76
(Some sites appeared in more than one initial list. Duplicates were removed before audit.)
Pass 1: search-based audit
For each site, we ran site-restricted Google searches for terms including Barrierefreiheit, Barrierefreiheitserklärung and Erklärung zur Barrierefreiheit. A site was provisionally classified as compliant if Google returned a result on the company's own primary domain that pointed to a plausible accessibility statement page.
This is the approach used in many published BFSG monitoring exercises and journalistic spot-checks. It is fast, cheap, scriptable, and as we will show, badly biased.
Pass 2: DOM-level audit
For every site flagged as non-compliant in Pass 1, and as a sanity check for many of the compliant ones, we re-ran the audit using a headless Chrome instance. The script:
1. Loaded the homepage with realistic browser headers.
2. Waited for the page to settle.
3. For sites that returned no match, scrolled to the bottom of the document and waited again, to allow lazy-loaded footer regions to render.
4. For sites that still returned no match, attempted a small set of common direct URL patterns, such as /barrierefreiheit and /barrierefreiheitserklaerung.
5. Captured every <a> element whose text or href contained an accessibility-related keyword in German or English.
A site was classified as compliant only if a real, navigable link to an accessibility-related page was present in the rendered DOM, or if the page returned by direct URL probing had a title and content consistent with an accessibility statement.
Outcome categories
Confirmed compliant: an accessibility-statement link was present in the rendered DOM, or a direct URL probe returned a recognisable accessibility page.
No link from homepage: the homepage rendered fully (hundreds of anchor elements present), no anchor in the rendered DOM had matching text or href, and direct URL probes returned 404 or redirected to the homepage. A statement may still exist at a path the probe did not try; we cannot rule that out.
Inconclusive: the site bot-walled the headless browser (CAPTCHA, "Access Denied", "Human Verification", or a server-side bot-block error page), or rendered as a single-page application whose accessibility content did not surface within our scan window.
Inconclusive results are reported as inconclusive. They are not counted as either compliant or non-compliant in the headline numbers.
We learned during the audit that the boundary between "no link from homepage" and "inconclusive" is finer than our first-pass scan recognised. Two sites originally placed in the "no link" bucket turned out, on reader correction, to have been bot-walled at the time of the scan: their homepages did publish a footer link to a statement, but the page never rendered for our automated browser. We have re-classified those two as compliant. The lesson, written into the limitations below, is that an automated DOM scan should distinguish "page rendered fully, no match found" from "page returned almost no content at all" — and we should not have collapsed those into a single negative result.
Headline numbers
Result
Count
% of sample
Confirmed compliant
61 - 80%
No link from homepage (statement may exist at an unfound URL)
5 - 7%
Inconclusive (bot wall or SPA)
10 - 13%
Total
76 - 100%
By contrast, the search-based pass returned only about 30 confirmed compliant sites. The 31-site delta, companies that do publish a statement but were missed by Google, is the central finding of this audit.
Pattern across sectors
In the sectors with the cleanest verification (footer-confirmed via DOM, no significant bot-walling):
Telecom: 4 of 4 operators we tested publish a statement linked from the homepage.
Banking: 5 of 5 banks that rendered to a static DOM publish a statement linked from the homepage. Two further banking sites are single-page applications that did not finish loading the footer within the scan window.
Travel: 4 of 4 operators publish a statement linked from the homepage.
Daily press: every major German daily in the sample publishes a statement linked from the homepage. Most were missed by Google's site-restricted indexing.
Public broadcasters: 6 of 9 expose an accessibility-related link directly from the homepage. The remaining three are subject to BITV 2.0, with statements required since September 2020, and almost certainly publish one at a URL pattern our probe did not find.
Insurance, energy, automotive, fashion and white-goods retail: coverage is high, with most sectors reaching the high 80s or 90s in percentage terms once SPA and bot-wall cases are set aside.
The cluster of "no link from homepage" results sits in a small number of consumer categories: two grocery and discount retailers, plus three news-portal and entertainment-broadcaster sites. We are not naming individual organisations. Each of these five renders a normal-looking homepage with hundreds of anchor elements, none of which match accessibility-related text or href patterns, and on which our direct URL probes for /barrierefreiheit and similar paths return 404 or a homepage redirect. A statement may nonetheless exist at a deeper path on the site. Two earlier "no link" classifications were corrected after readers pointed us to deep paths that our probe never tried, so we expect at least some of the remaining five to do the same.
The behaviour is not necessarily a BFSG violation. It is a discoverability gap: a statement that does not surface in the homepage footer, and that is not findable at any obvious URL pattern, fails the regulation's "clearly perceptible" test even when the document itself exists somewhere on the server.
What the search-vs-DOM gap means
A 31-site false-negative count, on a sample where 61 sites do publish a statement, is not a marginal effect. The search-based pass missed roughly half of the statements that exist.
Three causes recur in the data.
The first is lazy-loaded footers. Several large German publishers and retailers defer rendering of their legal footer until the user scrolls. Search engine crawlers, and most basic audit scripts, never get to that point.
The second is cookie-consent walls. A site whose footer links are blocked from rendering until the user accepts cookies will not have those links indexed by search. The accessibility statement sits behind a click that the crawler never makes.
The third is subdomain and group-domain hosting. Several large publishing groups host the accessibility statement on a corporate or group domain shared by multiple consumer brands. The statement exists, the brand's homepage links to it, but Google does not associate the destination with the originating brand domain.
None of these is an accessibility violation on its own. Together, they produce a situation where statements are technically published but functionally hard to find. For a regulation that requires accessibility information to be presented in a clearly perceptible form, that gap matters.
Implications
For auditors and regulators: search-engine-based monitoring will under-report BFSG compliance, and the size of the under-report is large. The gap between Pass 1 and Pass 2 in our sample was 30 sites, with two further false negatives surfaced only after readers pointed us to non-standard URLs. Any policy decision based on the lower number would be aimed at a problem that is, in significant part, illusory.
DOM-level audits are not bias-free either. Two failure modes recurred in our own scan and are worth flagging.
The first is bot-walling. Several large enterprise sites returned Access Denied, CAPTCHA challenges, or platform error pages to our automated browser. The page never rendered. To a naive scoring rule, that looks identical to a fully-rendered homepage that simply has no accessibility link. It is not the same thing. Two of the sites we eventually re-classified as compliant had been mis-classified for exactly this reason: the homepage does carry a footer link for normal visitors, but our automated user-agent was blocked from seeing it. Any audit script needs to distinguish "no link found in a fully rendered page" from "the page returned almost no DOM at all".
The second is path discovery. Statements that live at long, non-obvious URL paths can be invisible to a probe that does not happen to load the page they are on, even when they are linked from somewhere on the site. A second-pass audit that crawls the full sitemap, rather than just the homepage and a list of guessed URLs, would catch more of these. Where compliance numbers are being published or relied upon, that is the audit worth running.
For operators that have already published a statement: it is worth checking that the statement is reachable from the homepage by a real user, with cookies accepted the way a real user accepts them, in a small number of clicks. The clearest signal that this is working is that a screen reader user can locate and use the feedback mechanism in the statement without prior knowledge of where to look.
For the wider conversation about BFSG: headlines reporting that "X% of German sites do not comply" need an asterisk. Compliance is not measurable from outside the rendered DOM, and "no result in Google" is not the same as "no statement on the site."
Limitations
The sample is judgment-based, not statistically random. It skews to large, prominent organisations. The compliance rate among smaller in-scope businesses may differ substantially.
"Has a statement" is not the same as "is accessible." Several of the confirmed-compliant statements in our sample self-declare partial compliance with WCAG 2.1 AA or EN 301 549. The statement is the floor of the legal obligation, not the ceiling.
10 sites were inconclusive. We do not assert anything about their compliance status.
The "no link from homepage" classification is weaker than it looks. Two earlier classifications in that bucket were corrected after readers pointed us to deep paths our probe had not tried. We have left the remaining five in the bucket, but we should not be surprised if some of those also publish a statement somewhere our scan did not reach.
Our automated DOM scan was bot-walled by several enterprise sites. Where the page returned an Access Denied, CAPTCHA challenge, or platform error rather than rendering, we have no view at all. We have re-classified those as inconclusive rather than guessing.
We did not verify, page by page, the substantive content of each accessibility statement against Annex 3 BFSGV. That is a separate audit and a much larger piece of work.
Where this leaves us
This audit is part of an ongoing effort at AccessibilityRef to make BFSG and EAA compliance verifiable without relying on search-engine indexing. The site scanner we publish at /tools/site-scanner runs ten WCAG- and EN 301 549-mapped checks against the rendered DOM of any URL submitted to it. A discoverability check for the accessibility statement is on the near-term roadmap.
To discuss the audit, the methodology, or your own organisation's BFSG position, our contact details are below.
Published by AccessibilityRef. This audit is anonymous. No individual company, brand or domain is named. Aggregate counts and per-sector sample sizes are accurate as of 28 April 2026.