An automated accessibility scan is not an EAA compliance audit. Here is what a genuine audit covers, what automated tools cannot do, and what to prioritise first.
If your organisation has run an automated accessibility scan and considers the result an EAA compliance audit, it has not audited its EAA compliance. Automated tools find approximately 30–40% of accessibility barriers. The remaining 60–70% require human testing, assistive technology, and assessment of the user journeys that matter most to your business. Here is what a genuine EAA compliance audit covers.
EAA compliance has four requirements. An audit assesses all four — not just the technical layer.
Technical conformance with EN 301 549 (based on WCAG 2.1 Level AA). A published accessibility statement that accurately reflects the current state of your product. Active governance — a named owner, a testing process, a remediation workflow. Documentary evidence that compliance is being managed. See our full guide to what EAA compliance requires.
Automated tools are a starting point, not an end point. They can identify missing alt text, insufficient colour contrast, missing form labels, and obvious structural failures like missing page titles or empty headings. They can scan large numbers of pages quickly and produce a baseline picture of technical failures at scale.
What automated tools cannot do: assess keyboard navigation flows or whether a user can actually complete a task; test with real assistive technology such as screen readers, switch access, or magnification; evaluate whether a booking, payment, or account creation can be completed by a disabled user; assess cognitive accessibility or whether content is understandable; review the accessibility statement for EAA compliance; or assess governance — whether there is a process in place to maintain compliance over time.
An organisation that has only run an automated scan has documented the first 30–40% of its compliance picture. The rest requires human judgement.
1. Automated technical scan. Baseline identification of WCAG failures across your pages. Starting point, not end point. Produces a volume picture of obvious failures and allows prioritisation of what to investigate manually.
2. Manual technical review. A qualified assessor reviews code and interface for failures automated tools miss: keyboard navigation, focus management, ARIA implementation, and dynamic content behaviour. This layer typically identifies the barriers that cause users to fail tasks entirely.
3. Assistive technology testing. Testing with screen readers (NVDA, JAWS, VoiceOver), keyboard-only navigation, and where appropriate other assistive technology. This is the layer that identifies the barriers disabled users actually encounter — not the barriers a tool predicts they might encounter.
4. User journey assessment. Testing the journeys that matter most commercially: checkout, account creation, booking, payment, onboarding. A homepage that passes technical testing is not an accessible product if the checkout is broken. The Barómetro de Accesibilidad Web 2025 found that 40% of travel sites and 32% of financial services sites fail at exactly these journeys.
5. Governance and documentation review. Is the accessibility statement accurate and EAA-compliant? Is there a named owner for accessibility? Is there a testing cadence and remediation process? Can the organisation demonstrate what it has done? This layer determines whether the organisation has a compliance position or just a scan result.
Not all user journeys are equal. Start with the journeys that matter most commercially and legally — the ones where failure causes a user to leave entirely, not just encounter friction. For e-commerce: checkout and payment. For financial services: account opening, login, and transaction initiation. For travel: search and booking. For SaaS: onboarding and the core workflow your product exists to deliver.
These are also the journeys enforcement authorities and disability organisations assess. An organisation whose homepage is accessible but whose checkout is not has an accessibility problem where it matters most.
An audit produces a findings report: a prioritised list of barriers with severity ratings, affected user groups, WCAG criterion references, and recommended remediation. The report is also a compliance document — evidence that the organisation assessed its position and has a remediation plan.
Under the EAA, the accessibility statement must reflect the current state of the product. An audit that produces findings and no remediation plan is not sufficient. Findings must be addressed or documented as known barriers with a timeline for remediation. Both are acceptable; neither ignoring the findings nor claiming compliance without addressing them is.
Three signals that an internal assessment is insufficient: your team has run an automated scan but no manual review; no one in your team uses assistive technology regularly; you have not tested your core user journeys with a disabled user.
An external audit provides independent assessment, qualified expertise, and a documented record that the assessment was conducted by someone with the relevant knowledge. For EAA enforcement purposes, a documented external audit is stronger evidence of due diligence than a self-assessment. If enforcement contact arrives, what you can demonstrate matters as much as what you have done.
Our Quick Compliance Audit covers your most commercially critical user journeys — checkout, account creation, booking, payment — tested against EN 301 549 (WCAG 2.1 Level AA). You receive a prioritised findings report, a remediation plan, and a documented compliance position. One clear picture of where you stand and what to do next.
The audit covers five components: automated technical scan, manual technical review, assistive technology testing, user journey assessment, and a governance and documentation review. The findings report identifies barriers by severity, affected user group, and WCAG criterion. The remediation plan is prioritised by commercial impact. The documented compliance position gives you evidence of due diligence if enforcement contact arrives.
The free initial assessment is the right starting point — 20 minutes to understand your current position and scope what a proportionate audit looks like for your organisation.
Book your free assessment