EAA accessibility audit

EAA compliance-readiness for European SaaS.

A fixed-scope WCAG 2.2 AA assessment of your web product, mapped to the EAA technical baseline. Findings come with severity, dev-hour estimates, and three sample PRs — delivered in 14 days at a fixed price.

Book a fit callDownload the methodology PDF
  • No SaaS subscription
  • No overlay resale
  • No mandatory retainer

— Audit offer · 3 options

14-day delivery

  • EAA Audit

    €7,500

    14 days

  • EAA + Remediation

    €12,000

    14 days

  • Bundle

    €11,000

    21 days

Why now

The operating environment changed.

A real shift in how SaaS products serving European customers handle accessibility — new engineering work that is hard to scope from the inside.

Accessibility

4 shifts

The European Accessibility Act is in effect.

  1. The EAA now applies to a broad set of digital products and services sold into the EU.

  2. SaaS products serving European customers may need to understand their accessibility exposure.

  3. Automated scans surface a fraction of real WCAG issues — manual review is required for the rest.

  4. Engineering teams need prioritised, implementable remediation plans tied to the actual codebase.

AuditSmith provides an engineering compliance-readiness assessment. It is not legal advice and is not a legal certification.

What you receive

Concrete artefacts your team can use.

A defined output set — not advice hours.

— Deliverables

8 items

EAA Audit deliverables

  1. Executive summary

    One page for leadership — scope, headline findings, and posture.

  2. Technical findings report

    10–15 pages of detailed findings with screenshots and code excerpts.

  3. Prioritised remediation backlog

    Notion-, Linear-, and Jira-importable CSV — one row per finding.

  4. Severity matrix

    Critical / High / Medium / Low against the relevant WCAG criterion.

  5. WCAG 2.2 AA + EAA article mapping

    Each finding tied to a specific WCAG success criterion and EAA article.

  6. Dev-hour effort estimate per finding

    Engineering time estimate so the backlog can be planned, not guessed at.

  7. Three sample PRs

    Real PRs in your repository if access is granted; otherwise gists or patch files.

  8. One-hour walkthrough call

    Live walk through the report with the engineering team — questions answered.

Example output

Sample finding, not a testimonial.

Anonymized from real audit work — built so you can see the shape of the deliverable before you buy.

Finding ticket

WCAG 2.4.3 · 2.1.2

High severity

Example output — anonymized from real audit work

Modal dialog returns focus to body, not the trigger element

Affected
Shared <Dialog> primitive — checkout, account settings, invite flow
User impact
Keyboard and screen reader users lose their place in the page after closing any dialog. Focus drops to document body, forcing a manual re-tab through the navigation to resume the task.
Technical cause
The dialog component unmounts on close without storing the previously focused element. Radix's onOpenChange handler is wired, but the parent caller does not call element.focus() on the trigger after the close transition completes.
Suggested fix
Capture document.activeElement on open and restore focus to it inside a useEffect cleanup. Wrap with FocusScope from @radix-ui/react-focus-scope and set loop=false. Add a Playwright keyboard test that opens, closes, and asserts the trigger is the active element.

— EAA mappingAnnex I, Section III — perceivable and operable user interface

Methodology

14-day delivery window. Visible steps.

Same scope each engagement, repeatable handoffs.

— Phases

5 phases · 14 days

EAA Accessibility Audit · 14 days

  1. Day 0

    Intake, NDA, access setup

    • NDA
    • Access requirements
    • Audited flows confirmed
    • Repo access or patch-file route agreed

  2. Days 1–3

    Scope and environment review

    • Stack review
    • Design-system review
    • Screen and flow confirmation
    • Test environment access

  3. Days 4–9

    Deep audit

    • axe-core via Playwright
    • Manual keyboard testing
    • VoiceOver and NVDA spot-checks on top 10 flows
    • Full design-system contrast audit
    • WCAG 2.1 AA and 2.2 AA review
    • EAA article mapping

  4. Days 10–12

    Prioritization and PR drafting

    • Severity assignment
    • Backlog creation
    • Effort estimates
    • Sample PRs or patches

  5. Days 13–14

    Final report and walkthrough

    • Report handoff
    • Walkthrough call
    • Q&A

Scope and exclusions

What’s in scope. What isn’t.

Sophisticated buyers trust boundaries — these are the explicit limits for the audit and the optional remediation sprint.

EAA Accessibility Audit

A fixed-scope WCAG 2.2 AA compliance-readiness assessment of the in-scope frontend surfaces. Not a legal artefact, not a remediation engagement.

Excluded

10 items

  • Not legal advice
  • Not legal certification
  • Not a guarantee of compliance
  • Not a full product-wide accessibility rewrite
  • Native mobile is a separate engagement
  • Third-party embedded widgets and iframes cannot be fixed
  • Backend changes are excluded
  • UX or product redesign is excluded
  • Net-new feature work is excluded
  • Full remediation is excluded unless the remediation SKU is selected

EAA Audit + Top-Critical Remediation

The audit deliverables, plus a fixed-window engineering sprint focused on the highest-impact frontend issues. The sprint scope is intentionally narrow.

Included

4 items

  • Up to 5 Critical or High component-level frontend fixes
  • Fix list agreed at kickoff against the audit's Critical/High findings
  • Delivered within a single 14-day window after the audit ships
  • Work stops cleanly when the fixed window ends — no scope creep

Excluded

6 items

  • Not a design-system rebuild
  • Not backend work
  • Not native mobile
  • Not third-party iframe or widget remediation
  • Not new feature development
  • Not product redesign
If the codebase is too degraded for five component-level fixes to make a meaningful impact, the audit-only SKU is the better first step. A separate remediation sprint can be scoped after delivery.

Operator proof

Performed end-to-end by one senior frontend engineer.

Muhammed Erdem

Senior Frontend EngineerMadrid

Years
9+shipping production products
Sectors
5AI · fintech · e-commerce · Web3 · mobile
Production AI
WCAG AAled frontend accessibility on a webchat platform
CodePen
#1Most Hearted creator — 2018 & 2019

— Engineering profile

Stack
VueReactNext.jsTypeScript
Standards
WCAG 2.1 / 2.2 AA
Testing
PlaywrightVitestCypress
Practice
Design systemsperformance work
AI
Claude CodeCursorCopilotMCP

— Verify

Access and boundaries

Clear security, independence, and scope boundaries.

Built so internal champions can forward this page to legal, security, and procurement without surprises.

Legal

  • Standard NDA

    Plain-English mutual NDA available before any access discussion.

  • 24-hour countersign

    NDA returned countersigned within one business day.

Access

  • Repo access under NDA

    Read-only repository access handled under signed NDA, scoped to the surfaces being audited.

  • Least-access principle

    Only the access required to deliver the audit — nothing broader, nothing retained.

Independence

  • No outsourcing

    One senior engineer performs the work end-to-end. No subcontractors, no offshore handoff.

  • No overlay resale

    Independent of accessibility overlays, scanner vendors, and remediation widgets.

  • No AI tooling reseller

    Independent of Cursor, Claude, Copilot, and other AI vendors. No referral fees.

Data

  • 30-day data deletion

    Repository copies, engagement notes, and working artefacts deleted 30 days after delivery.

  • Sample PR fallback

    If repo access is not possible, sample changes ship as gists or patch files instead of pull requests.

Forwardable PDF

Download the methodology pack.

— Methodology pack

v1 · 16–20 pages

A 16–20 page document covering audit process, standards, data and access handling, sample outputs, exclusions, and pricing — built for forwarding internally to CTO, VPE, security, and procurement.

  1. 01

    Methodology

    Audit process · Standards covered · Data and access handling

  2. 02

    Deliverables

    EAA deliverables checklist · AI deliverables checklist

  3. 03

    Sample artefacts

    WCAG finding card · AI maturity scorecard · .cursor/rules excerpt · 30/60/90 roadmap

  4. 04

    Summaries

    FAQ and exclusions · Scope summary · Pricing summary

— Request the PDF

Sent to your inbox.

methodology-pack.pdf

PDF · 16–20 pages

  • Sent in seconds
  • Forwardable
  • No newsletter

We send the PDF and a one-line follow-up. No newsletter, no third-party trackers. See our privacy policy for what happens to your email.

FAQ

Short answers to common buying questions.

Calm responses to objections, edge cases, and procurement-style asks specific to the accessibility audit.

General

6 questions

EAA Audit

9 questions

Commercial and security

5 questions

Next step

Book a 20-minute fit call.

Used to confirm scope, access, timeline, and whether AuditSmith is the right shape for the problem. No self-serve checkout — every engagement starts here.

Booking this week

— Click here

Get on a call this week.

Book a fit callDownload methodology PDF
  • 20-minute call
  • Confirms scope, access, timeline
  • No charge, no commitment

— What happens next

  1. 01

    Fit call

    20-minute video call to confirm scope, access, and timeline.

  2. 02

    SOW + NDA

    Short SOW, invoice, and a mutual NDA before any repository access.

  3. 03

    Kickoff

    Repo access in place, audit timeline starts on the agreed date.