Skip to main content
All scenarios

Mobile App

Apps collect more data than websites — and the rules are stricter.

Mobile apps access device sensors, location data, push notifications, and app store ecosystems — each with its own regulatory implications beyond standard web compliance.

Reality check

Does your app's privacy policy cover all data collected by third-party SDKs you've integrated?

GDPR (General Data Protection Regulation)

mandatory Art. 5(1)(c), Art. 6, Art. 7, Art. 25

Your obligations

  • Consent before accessing device features (camera, location)
  • Privacy policy accessible before first use
  • App store privacy labels must match actual processing
  • DPAs with all SDK providers (analytics, crash reporting)
  • Data minimisation — only collect what's necessary

SiteGuardian monitors this

  • TLS/HTTPS encryption monitoring
  • Automated cookie consent detection
  • Security headers analysis
  • Email transport encryption checks
  • Breach notification SLA tracking (72h)
  • Digital DPA/AVV signing

Risk if ignored

App store removal for privacy violations. Class action lawsuits (noyb-style complaints). Fines per user affected.

ePrivacy Directive (Cookie Consent)

mandatory Art. 5(3)

Your obligations

  • Consent for device storage access (equivalent to cookies)
  • Consent for advertising identifiers (IDFA/GAID)
  • No tracking without explicit opt-in

SiteGuardian monitors this

  • Pre-consent cookie and tracker detection
  • Cookie banner presence and configuration analysis
  • Reject option validation
  • Consent mode compatibility check

Risk if ignored

Apple/Google ATT enforcement. CNIL fines for app tracking without consent (multiple €M penalties in 2023-2024).

Cyber Resilience Act (CRA)

conditional Art. 10, Art. 11, Art. 13

Your obligations

  • Security by design for products with digital elements
  • Vulnerability handling and disclosure obligations
  • Security updates for the product's expected lifetime
  • Software Bill of Materials (SBOM) provision

SiteGuardian monitors this

  • TLS version and cipher suite monitoring
  • Security headers enforcement checks
  • Certificate chain and expiry validation

Risk if ignored

Products banned from EU market. Fines up to €15M or 2.5% of global turnover.

European Accessibility Act (EAA)

mandatory Art. 4, Art. 13, Art. 31

Your obligations

  • Mobile app accessibility (VoiceOver/TalkBack support)
  • Touch target sizes per WCAG 2.2
  • Accessible gestures and alternative input methods

SiteGuardian monitors this

  • WCAG 2.2 Level AA conformance auditing
  • Automated accessibility scoring
  • Violation severity breakdown and remediation hints
  • Daily accessibility scans

Risk if ignored

App store accessibility requirements increasing. Legal complaints under national EAA laws from June 2025.

Does this apply to you?

If you answer yes to 2 or more, these regulations very likely apply to your business.

See where you stand

Our free scanner checks your website's security posture, SSL, headers, email authentication, and more. No account needed.

Scan your app's backend security
View all scenarios · EU Regulatory Directory · Compliance Plan

This page provides general information about EU regulatory frameworks. It does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation. SiteGuardian documents your monitoring continuously — compliance is your organisation's responsibility.