EAA governance: what it means and why most organisations are missing it

Technical accessibility can be achieved. The harder problem is keeping it. A product that passes an accessibility audit today is not guaranteed to be compliant next quarter. Every new feature, every team restructure, every product release is an opportunity for accessibility to regress. Without governance, it will.

The BAF Beyond Compliance report, a two-year longitudinal study tracking organisations across banking, e-commerce and telecoms, found a clear pattern: organisations treating accessibility as a continuous process, with regular audits, design systems and dedicated accountability, sustained results above 80%. Organisations treating it as a one-off project did not.

What EAA governance actually requires

Governance is the third of the four mandatory EAA compliance requirements, alongside technical conformance, a published accessibility statement, and documentary evidence. It is also the one most commonly absent.

Why governance is what enforcement bodies look for

When an enforcement body investigates an EAA complaint, it does not only look at whether the product is currently accessible. It looks at whether the organisation was actively managing its accessibility obligations. The question is not just "is it compliant now?" but "was this organisation taking reasonable steps, over time, to achieve and maintain compliance?"

In Ireland, the due diligence defence against criminal liability requires exactly this kind of evidence. A director cannot rely on a single historic audit. They need to demonstrate an active, ongoing process. The same principle applies in the Netherlands, where the ACM assesses whether organisations have taken genuine steps toward compliance rather than simply ignoring the obligation.

Governance and the accessibility statement

A well-maintained accessibility statement is both evidence of governance and a governance tool. It records your current compliance position, what is not yet accessible, and your remediation plan. Keeping it up to date requires a governance process. Its existence demonstrates one.

In Ireland, the accessibility statement is the first document ComReg requests in any complaint investigation. In the Netherlands, it forms part of the mandatory reporting declaration to the ACM. An organisation without a current, accurate statement starts any enforcement interaction at a disadvantage.

What good governance looks like in practice

For most SMBs, proportionate accessibility governance does not require a dedicated accessibility team or expensive tooling. It requires three things to be in place and documented:

• A named owner with defined responsibilities and sufficient time allocated to the role
• A testing schedule tied to your release calendar, with results recorded
• A remediation process that tracks identified issues through to resolution

The Solid Foundations Method, used across Europe to assess EAA compliance, evaluates whether the core elements users need to complete essential tasks are in place. It is an expert evaluation, not a replacement for user testing with disabled people. Both matter. Governance is what ensures the findings from both are acted on and maintained.

The difference is process, not effort

Organisations that sustain accessibility are not trying harder than those that do not. They have built a process that survives team changes, product releases, and restructures. The effort is in building the process once, correctly. After that, it runs.