Compliance Programme Template

Section 1 — Programme Identity

Microenterprise Exemption (Article 4(5))

Article 4(5) of the EAA exempts microenterprises that provide services (not products) from the accessibility requirements of Article 4. This is a narrow exemption — both thresholds must be met simultaneously and continuously. If your organisation grows beyond either threshold, the exemption is lost and full compliance is required from that point. Hardware and product manufacturers are not eligible regardless of size.

Section 2 — Governance

The EAA does not prescribe a governance structure, but market surveillance authorities will look for clear, named accountability. A Management Sponsor provides senior-level ownership and signs off on legal documents (Declarations of Conformity, burden assessments). The Accessibility Officer manages day-to-day programme activities, maintains compliance records, and is the point of contact for regulatory enquiries. Without named owners, a compliance programme has no enforceable authority within the organisation.

The Competent Authority field is critical: under Article 14(7), any disproportionate burden assessment must be formally notified to the national market surveillance authority before the exemption can be relied upon. This field records which authority covers your organisation.

Section 3 — Products and Services in Scope

The EAA applies only to specific product and service categories listed in Annex I. You must identify exactly which of your products and services fall within scope, and map each one to the correct Annex I section — this mapping determines which technical requirements apply and which sector-specific provisions (e.g. banking, transport, e-commerce) are relevant.

Use Transitional for products already on the market before 28 June 2025 that benefit from the Article 32 grace period — these must still reach full compliance by 28 June 2030. Use Excluded only where there is a documented legal reason (e.g. the product genuinely falls outside Annex I scope, or a microenterprise exemption applies). Unjustified exclusions are a compliance risk if investigated.

The Annex I section is auto-populated from the category — you can override it if needed.

Section 4 — Compliance Document Management

Article 20 of the EAA requires economic operators to retain technical documentation for a minimum of 5 years after a product is last placed on the market or a service is last provided. Market surveillance authorities can request this documentation at any time — if it cannot be produced promptly, the organisation is treated as non-compliant regardless of the actual accessibility status of the product.

This section defines how compliance documents are stored, named, and version-controlled within your organisation. A clear naming convention prevents confusion between versions and makes it straightforward to locate the current document for each product during an inspection.

Section 5 — Audit and Review Cycle

The EAA does not prescribe a specific audit frequency, but Accessibility Statements must be reviewed whenever conformance status changes, and the disproportionate burden assessment renewal obligation (Article 14(4)) requires reassessment at least every 5 years or on significant product change. In practice, annual audits are the minimum credible standard — enforcement bodies will question a programme that has not been audited within the past 12 months.

The interim review triggers are events that require an out-of-cycle accessibility review regardless of when the last scheduled audit was. Without these, a major product release or regulatory change could go unreviewed until the next annual cycle, creating a compliance gap that is difficult to defend.

Section 6 — Remediation SLAs

When an audit or complaint identifies an accessibility barrier, you need a documented process for resolving it. Enforcement bodies will look not just at whether barriers exist, but at whether the organisation has a credible, time-bound plan to fix them. Defined severity levels and fix deadlines demonstrate good-faith compliance effort and protect the organisation in the event of an inspection or formal complaint.

Critical barriers — those that completely prevent a person with a disability from using the product or service — carry the highest regulatory risk. They should be treated with the same urgency as a production outage. Escalation is important: if a fix deadline is missed, the issue must automatically move up the reporting chain so that resource can be allocated.

Section 7 — Training Programme

Untrained staff will continuously introduce new accessibility barriers, regardless of how thorough the last audit was. The EAA's organisational measures — referenced in Annex V Accessibility Statements — implicitly require staff with relevant responsibilities to understand accessibility requirements. Training records serve two purposes: they change behaviour and they provide evidence of reasonable diligence if the organisation is challenged.

Different roles need different training. Developers need to know how to code accessibly and test with assistive technologies. Content authors need to understand alt text, plain language, and heading structure. Procurement teams need to know what to require from suppliers. Management needs enough awareness to make informed decisions about resourcing and risk. The pre-populated rows below cover the five core audiences — edit them to match your organisation.

Section 8 — Supply Chain & Procurement

Under the EAA, if you incorporate a third-party product or service into what you offer to end users, you are responsible for the accessibility of the combined result. Buying an inaccessible component and embedding it in your product does not transfer liability — the importer or distributor placing that product on the EU market is responsible under Article 7 and Article 9. This means supplier accessibility requirements are not optional extras; they are a direct extension of your own compliance obligation.

The most effective risk management tool is the contract. An Accessibility Conformance Report (ACR/VPAT) or EU Declaration of Conformity clause in the supplier agreement shifts risk and creates a paper trail showing due diligence. Requiring ACRs at procurement and renewal — rather than retrospectively — prevents inaccessible components from entering the supply chain in the first place. Document the clause reference below so it can be cited in any future inspection.

Section 9 — Feedback & Complaint Handling

Article 13(1) of the EAA requires service providers to include a feedback mechanism in their Accessibility Statement so that users can report barriers and request accessible alternatives. This is not just a courtesy — it is a legal obligation, and the channel must be functional and monitored. A 20-working-day response SLA is the standard used by most national implementations, though some member states set shorter deadlines. Check your national transposition law.

Complainants who are unsatisfied with the response have the right to escalate directly to the national enforcement body (the competent authority designated under Article 30). Enforcement bodies will check, at a minimum, whether a feedback mechanism exists, whether it was responded to, and whether any identified barriers were logged and remediated. Documenting your escalation path — both internally and the route to the enforcement body — shows that the organisation takes complaints seriously and has a structured process for handling them.