How to Audit Your Existing Content for EAA Compliance: A Technical Framework

Why Your Existing Content Is Your Biggest EAA Compliance Risk

The European Accessibility Act (EAA) — Directive 2019/882/EU — mandates that digital products and services meet defined accessibility standards by June 28, 2025. For most organizations, new content pipelines are already under review. The overlooked exposure is the existing archive: PDFs, web pages, documents, and digital interfaces published before compliance workflows were established.

A structured audit of existing content is not optional groundwork — it is the mechanism that determines remediation scope, resource allocation, and legal exposure. Organizations that skip the audit phase and remediate reactively face compounded costs: duplicated effort, missed barriers, and the risk of publishing newly inaccessible content while older non-conformant material remains live.

This post provides a technical audit framework aligned with the EAA's mandated standard — WCAG 2.1 Level AA — and the PDF/UA-1 specification (ISO 14289-1:2014), structured for compliance directors, IT leads, and accessibility specialists managing real content inventories at scale.

Answer Block: Auditing existing content for EAA compliance requires a four-phase process: inventory and prioritization, automated scanning, manual expert review, and remediation tracking. The EAA mandates WCAG 2.1 Level AA conformance for digital content and services, which means every web page, PDF, and document in public-facing distribution must meet perceivable, operable, understandable, and robust criteria. Automated tools can detect roughly 30–40% of WCAG failures — the remainder require human judgment, particularly for semantic structure, reading order, alternative text accuracy, and logical tag trees in PDFs. Prioritize content by audience reach, legal risk, and update frequency. Begin with the highest-traffic pages and most-distributed documents. Use a conformance tracking matrix to log barrier type, WCAG success criterion, severity, and remediation owner. This structured approach converts an undefined backlog into a manageable, auditable compliance record.

Understanding the EAA's Technical Requirements Before You Audit

Before running a single accessibility checker, compliance teams must map the EAA's technical requirements to their specific content types. The EAA applies to a defined set of products and services — including e-commerce, banking, e-books, transport ticketing, and telecommunications — and its technical baseline is WCAG 2.1 Level AA, as incorporated by reference into EN 301 549 V3.2.1 (March 2021).

EAA vs. WCAG: What the Distinction Means for Auditors

A common and costly misconception is the conflation of WCAG conformance with EAA compliance. They are related but not identical. WCAG 2.1 Level AA is the technical standard the EAA uses as its accessibility benchmark for digital content. EAA compliance, however, also includes:

• Accessibility statements: Organizations must publish an EAA accessibility statement documenting conformance status, known barriers, and contact mechanisms for users to request accessible alternatives.
• Functional performance criteria: EN 301 549 extends WCAG with requirements for hardware, documentation, and support services — relevant when auditing kiosks, apps, or customer-facing terminals.
• Disproportionate burden provisions: Non-conformance may be defensible only with documented economic impact analysis — not simply asserted.

WCAG 2.2 (W3C Recommendation, October 5, 2023) introduced additional success criteria including focus appearance and dragging movements, but the EAA's mandated baseline remains WCAG 2.1 Level AA as referenced in EN 301 549 V3.2.1. Auditing to WCAG 2.2 AA is forward-compatible and reduces future remediation cycles.

Content Types That Require Separate Audit Protocols

A single WCAG scan cannot cover all EAA-relevant content. Separate technical protocols apply to:

• PDFs and downloadable documents: Require PDF/UA-1 (ISO 14289-1:2014) conformance — tag tree integrity, logical reading order, artifact tagging, proper heading hierarchy, and alt text for non-decorative images.
• Web interfaces: Require WCAG 2.1 AA automated and manual testing, including keyboard navigation, focus management, ARIA implementation, color contrast ratios, and time-based media captions.
• Mobile applications: Require platform-specific testing (iOS VoiceOver, Android TalkBack) mapped against EN 301 549 mobile criteria.
• Third-party embedded content: Vendors supplying iframes, widgets, or document viewers remain within the EAA compliance scope of the integrating organization.

Knowing which audit protocol applies to each asset class before starting prevents scope creep and ensures findings are actionable rather than generic.

Phase 1 — Content Inventory and Risk-Based Prioritization

An EAA audit begins not with scanning tools but with an accurate inventory. Organizations routinely underestimate their content surface area: a mid-size enterprise may have thousands of indexed PDFs, hundreds of landing pages, and multiple application interfaces, all potentially in scope.

Building a Content Inventory

A structured inventory captures the following fields for each asset:

• Asset type (web page, PDF, DOCX, mobile app screen, video)
• URL or file path
• Publication date and last modified date
• Estimated monthly reach or download volume
• Owning team or department
• Current known conformance status

Web crawl tools (Screaming Frog, Sitebulb) can enumerate page-level URLs and surface meta information. For document repositories, CMS exports or SharePoint/Confluence API queries are more reliable than manual enumeration.

Risk-Based Prioritization Matrix

Remediating everything simultaneously is operationally impractical. Prioritize using a matrix that scores each asset on:

• Audience reach: High-traffic pages and widely distributed PDFs carry higher legal exposure.
• User dependency: Content that users must access to complete a transaction (application forms, checkout flows, policy documents) takes priority over informational archive content.
• Content age: Pre-2018 PDFs are statistically more likely to be untagged or incorrectly tagged.
• Regulatory sensitivity: Content in sectors explicitly named in the EAA (banking, transport, e-commerce) attracts enforcement attention first.

Assign a composite priority score (High / Medium / Low) to each asset before initiating any scanning. This prioritization directly informs remediation sprint planning and resource requests to leadership.

Phase 2 — Automated Scanning: Capabilities and Limitations

Automated EAA compliance checkers identify a subset of WCAG 2.1 AA failures — typically 30–40% of total barriers — at scale and speed that manual review cannot match for large inventories. The critical operational constraint: automated tools cannot assess meaning, context, or user experience, which means they cannot replace human judgment for a significant share of success criteria.

Web Accessibility Automated Scanning

For web content, the following tool categories cover distinct failure domains:

• Browser-integrated scanners (Axe DevTools, WAVE, Lighthouse): Identify missing alt text attributes, insufficient color contrast ratios, missing form labels, empty links, and invalid ARIA roles. Run at the page level during testing.
• Enterprise crawl platforms (Siteimprove, Deque Worldspace, Level Access AMP): Schedule site-wide scans, track issue counts over time, and assign remediation ownership. Essential for inventories exceeding 500 pages.
• Regression testing integration: Embed axe-core or similar libraries into CI/CD pipelines to catch new accessibility failures before deployment — preventing the backlog from growing while remediation is underway.

PDF Accessibility Automated Checking

PDF/UA conformance checking requires PDF-specific validators:

• Adobe Acrobat Accessibility Checker: Provides a structured report against PDF/UA criteria — tag tree presence, reading order, alt text, document title, language declaration, and heading structure. First-pass triage tool.
• PAC 2024 (PDF Accessibility Checker): Free, precise validator that tests against PDF/UA-1 (ISO 14289-1:2014) and Matterhorn Protocol checkpoints. More rigorous than Acrobat's built-in checker for structural issues.
• Automated batch processing: For inventories of hundreds of PDFs, scripted batch validation against PAC criteria identifies which files require full remediation versus minor correction.

What Automated Scanning Cannot Detect

Document this limitation explicitly in audit reports to set accurate expectations with stakeholders:

• Alt text that is present but inaccurate or non-descriptive
• Logical reading order errors that pass tag tree validation
• Heading hierarchy that is syntactically correct but semantically misleading
• Table structure where row/column relationships are technically tagged but functionally incorrect
• Color used as the sole means of conveying information (partial detection only)
• Keyboard traps that require user interaction path testing
• Audio description sufficiency for complex video content

Every asset that passes automated scanning still requires targeted manual review against the criteria listed above before a conformance claim can be made.

Phase 3 — Manual Accessibility Review: Criteria and Methods

Manual review is the audit phase that determines actual conformance status. It requires trained reviewers applying WCAG 2.1 AA success criteria and PDF/UA structural requirements through direct interaction with content — using assistive technology, keyboard-only navigation, and logical analysis of document structure.

Web Content Manual Review Protocol

For each high-priority web asset, manual review covers:

• Keyboard navigation: Tab through all interactive elements. Verify focus order matches visual and logical reading order. Confirm no keyboard traps exist. Test skip navigation links and modal dialog focus management.
• Screen reader testing: Test with NVDA + Firefox and JAWS + Chrome at minimum for Windows; VoiceOver + Safari for macOS/iOS coverage. Verify that landmarks, headings, lists, and tables are announced correctly and that dynamic content updates (ARIA live regions) are communicated.
• Color and contrast: Use a contrast analyzer to verify text contrast ratios meet 4.5:1 (normal text) and 3:1 (large text) thresholds per WCAG 2.1 SC 1.4.3. Check that no information is conveyed by color alone (SC 1.4.1).
• Forms and error handling: Confirm all inputs have programmatically associated labels, error messages are specific and linked to the relevant field, and required fields are identified in a way assistive technology can surface.
• Responsive and zoom behavior: Verify content reflows at 400% zoom without horizontal scrolling (SC 1.4.10) and that touch targets meet minimum size criteria.

PDF Manual Review Protocol

PDF accessibility audit goes beyond what PAC 2024 reports. Manual verification confirms:

• Tag tree integrity: Open the Tags panel in Acrobat Pro and verify the complete document is tagged — no untagged content outside the tag tree. Confirm all content roles use standard PDF tag types (P, H1–H6, Table, TR, TD, TH, L, LI, Figure).
• Reading order: Use the Reading Order tool and Order panel to verify the sequence in which a screen reader will encounter content matches the intended logical flow — particularly in multi-column layouts, sidebars, and tables.
• Alternative text accuracy: Review every Figure tag's Alt attribute. Alt text must describe the informational content of the image, not its visual appearance generically. Decorative images must be tagged as Artifact.
• Table structure: Verify that header cells use TH tags with appropriate Scope attributes (Column, Row). Complex tables with merged cells require ID/Headers associations.
• Document metadata: Confirm Title is set in Document Properties, language is declared at the document level (and per-element where language switches occur), and the PDF is not security-restricted in ways that block assistive technology access.

RemeDocs' PDF remediation process addresses each of these structural layers — tag tree reconstruction, reading order correction, and metadata validation — as discrete, auditable steps, producing conformance-ready documents that pass both PAC 2024 and screen reader verification.

How to Achieve EAA Compliance

Achieving EAA compliance is a structured process combining audit findings, prioritized remediation, conformance verification, and ongoing monitoring — not a one-time fix. The following framework translates audit output into a defensible compliance posture aligned with the EAA's June 28, 2025 deadline and the WCAG 2.1 Level AA standard it mandates.

Step 1: Establish a Conformance Baseline

Use Phase 1–3 audit outputs to establish a documented baseline: total assets audited, percentage conformant, barrier count by severity and WCAG success criterion. This baseline serves three functions — it quantifies remediation scope, provides evidence of good-faith compliance effort if challenged, and sets the measurement reference for progress tracking.

Step 2: Execute Prioritized Remediation

Remediation sequencing follows the priority matrix established during inventory. For web content, address critical barriers (keyboard traps, missing form labels, absent alt text) before moderate issues. For PDFs, documents with no tag tree require full remediation from source if editable, or structural remediation at the PDF level if source files are unavailable.

Key remediation decisions by content type:

• Web pages: Fix in the CMS or codebase. Integrate axe-core into CI/CD to catch new accessibility regressions before deployment. Update component libraries to use accessible patterns.
• PDFs from editable sources (DOCX, InDesign): Remediate the source document, export with accessibility settings enabled, validate output with PAC 2024. This approach scales more efficiently than direct PDF editing for content that is regularly updated.
• Legacy PDFs without editable source: Require direct PDF remediation — tag tree construction, reading order definition, alt text authoring, and metadata correction in Acrobat Pro or specialist remediation tools. When using RemeDocs, each document undergoes a structured remediation workflow with PAC 2024 validation as a quality gate.
• Video content: Add accurate closed captions (not auto-generated without human review), audio descriptions for visual-only information, and transcripts for content where captions alone are insufficient.

Step 3: Publish and Maintain an EAA Accessibility Statement

The EAA requires organizations to publish an accessibility statement that includes: current conformance status (Full / Partial / Non-conformant), a list of known non-conformant content with the reasons for non-conformance, contact information for users to request accessible alternatives, and a link to the relevant enforcement body. This statement must be kept current — a static statement published at launch and never updated is itself an EAA compliance risk.

Step 4: Implement Ongoing Monitoring

EAA compliance is not a point-in-time state. New content published after June 28, 2025 must meet WCAG 2.1 AA from inception. Monitoring infrastructure includes:

• Automated scheduled scans of all production web properties (weekly minimum for high-traffic sections)
• Accessibility review gates in content publishing workflows
• Author training on accessible document creation to reduce remediation load at source
• Quarterly manual audit cycles for highest-priority content tiers
• A user feedback mechanism linked from the accessibility statement

Step 5: Document Everything

Enforcement under the EAA operates through national market surveillance authorities. Documentation of audit methodology, remediation actions taken, testing results, and accessibility statement update history constitutes the evidentiary record that demonstrates compliance effort. Organizations without this documentation cannot substantiate a disproportionate burden defense or demonstrate good-faith progress toward full conformance.

Scoping Third-Party Content and Vendor Accountability Under the EAA

Third-party content integrated into an organization's digital properties — embedded payment widgets, map interfaces, chatbot iframes, document viewers, and analytics overlays — falls within the EAA compliance scope of the integrating organization. Enforcement authorities do not distinguish between first-party and third-party code when assessing user-facing barriers.

Vendor Accessibility Assessment

Before integrating or renewing contracts with third-party technology vendors, require a current Voluntary Product Accessibility Template (VPAT) or equivalent Accessibility Conformance Report (ACR) documenting WCAG 2.1 AA conformance status. Evaluate ACRs critically — self-reported conformance claims without testing methodology disclosure carry limited evidentiary weight.

For existing integrations, assess each third-party component against the same manual review criteria applied to first-party content. Where a vendor's component introduces keyboard traps, missing focus indicators, or inaccessible modals, document the barrier, notify the vendor in writing, and implement a timeline for remediation or replacement. This paper trail is essential if enforcement scrutiny requires demonstration that the organization exercised due diligence.

Procurement as a Compliance Control

Embedding accessibility requirements into procurement contracts — specifying WCAG 2.1 AA conformance, requiring ACR submission at contract signing, and including non-conformance remediation obligations — converts vendor accessibility from an audit problem into a contractual obligation. Organizations procuring software and digital services within EAA-covered sectors should treat accessibility conformance requirements as standard procurement terms, equivalent to security and data protection clauses.

Directive 2019/882/EU makes clear that market surveillance applies to the entire supply chain for products and services covered under the directive — not only the end-facing organization. Procurement-level controls are therefore both a compliance mechanism and a risk transfer instrument.

Immediate Next Steps to Begin Your EAA Content Audit Today

Organizations with content published before formal accessibility workflows were in place carry the highest EAA remediation risk. The audit framework above converts that risk into a managed, trackable program. Delay compounds cost: each new content publication without an accessibility gate extends the remediation backlog.

The following numbered steps are executable within the current business week:

1. Export your content inventory. Run a web crawl (Screaming Frog free tier handles up to 500 URLs) and a CMS or document repository export. Capture URL, asset type, publication date, and traffic data. This inventory is the audit foundation — without it, scope and effort estimates are speculative.
2. Run PAC 2024 on your five most-distributed PDFs. Download PAC 2024 (free), validate your highest-reach documents, and review the detailed report against PDF/UA-1 criteria. The results will immediately indicate whether your PDF inventory requires light correction or structural remediation.
3. Install Axe DevTools browser extension and audit your top three web pages. Run the automated check on your homepage, highest-traffic landing page, and primary conversion page. Export the findings report and categorize by WCAG success criterion — this is the first data input for your conformance tracking matrix.
4. Draft a remediation priority matrix. Using inventory data and initial scan results, assign High / Medium / Low priority to each asset class. Identify the team or vendor responsible for each remediation type. This matrix is the operational document that converts audit findings into sprint-ready work items.
5. Initiate an EAA accessibility statement draft. Even a partial-conformance statement published before the deadline demonstrates good-faith compliance effort. Use the mandatory elements: conformance status, known barriers, contact mechanism, and enforcement body reference. For organizations managing large PDF inventories requiring structural remediation, RemeDocs provides scoped assessment and remediation services that integrate directly into this workflow.