Every criterion deserves a verdict — or a protocol, not a blindly checked box
Our method starts from a simple observation: most audit tools stop where automation stops. Grown out of an R&D lab focused on automated compliance detection, we built ours to go further, while working hard not to mistake a tooling artifact for a real defect.
WCAG and RGAA, two independent frameworks
WCAG 2.1/2.2 levels A and AA (56 criteria) and RGAA 4.1.2 (106 criteria) are tested each on its own terms, not one derived from the other. A simple RGAA↔WCAG mapping table produces both false positives and false negatives: a single WCAG criterion can point to about twenty thematically unrelated RGAA criteria.
For every criterion in both frameworks, we produce:
- a verdict — compliant, non-compliant, not applicable, or real evidence gathered;
- and an actionable manual-test protocol — tool to use, precise actions to take, pass/fail criterion — whether or not the criterion is already resolved.
A human auditor can pick up the work without starting from scratch. Regulatory scope covered: EAA (European Directive 2019/882), WCAG 2.1/2.2, RGAA 4.1.2.
Our approach, step by step
-
Scoping
Site mapping, grouping by page template (not raw URL count), explicit scope presentation for a conscious trade-off, documented exclusions in the final report rather than silently dropped.
-
Large-scale automated detection
axe-core 4.9.1 scanning in a real browser, rich DOM inspection (accessible names, heading structure, ARIA roles), automated keyboard navigation, contrast, zoom and reflow, text spacing, pointer-gesture cancellation, CSS/JS-disabled comparison, office documents.
-
Real evidence instead of assumption
A bridge to a real screen reader (NVDA), a real session-timeout test (actual wait, no simulation), vision-model-assisted triage for unlabeled icons, touch-gesture and screen-rotation simulation.
-
Scaling to the whole site
Multi-agent orchestration to audit hundreds of pages in cascade, aggregating defect patterns to spot shared components rather than isolated page-by-page symptoms.
-
Cross-checking
Every potential defect is checked against one question: is this a real site defect, or a tooling artifact? See our methodological rigor principle below.
-
Deliverables and prioritization
CSV, Excel workbook, Word report, and interactive chat — in French and English — with severity-based prioritization and systemic defects highlighted for maximum leverage.
Real evidence: at the core of our difference
Instead of leaving a criterion "not tested" for lack of automation, we built protocols to get real evidence at a reasonable implementation cost.
Real screen-reader bridge (NVDA ↔ Playwright)
We capture the speech NVDA actually says — not an approximation of what it should say. This confirms defects with exact quotes of what a blind user hears (for example, an English date pronounced in French for lack of a lang attribute).
Real session-timeout test
An actual 30-minute wait, with spaced checks, to verify there's no silent warning or logout on a real transactional flow — not an accelerated simulation.
Vision-model-assisted triage
For every icon button flagged by the DOM as lacking an accessible name, a vision model proposes a relevant label and judges icon/function correspondence. Framed as triage, not a final verdict — a dedicated column flags cases needing human review.
Touch gestures and screen rotation
Simulated via Playwright emulation, without dedicated physical hardware — useful for verifying pointer-gesture cancellation (WCAG 2.5.2) and landscape-orientation behavior.
Methodological rigor: avoid mistaking a tooling artifact for a real defect
A principle applied strictly throughout our audits: avoid documenting as a real defect a behavior that is actually a malfunction of the audit tooling itself.
- A "15-30s rendering freeze" initially logged as a site defect turned out to be a screenshot-tool timeout — removed after investigation.
- Two accidentally duplicated defects from one audit pass were caught and merged during a regression run.
- The vision-triage tool was itself audited: an early version produced false positives on buttons whose accessible name actually came from an associated
<label>— fixed before going into production, revalidated at zero false positives.
What remains fundamentally manual
Some compliance work structurally cannot be automated, regardless of tooling level. We acknowledge this limit rather than hiding it — that's a trust argument, not a weakness to conceal.
Semantic judgments
Alt-text relevance, error-message clarity, perceived cognitive load.
Screen-reader parity
What NVDA announces can differ from JAWS or VoiceOver on some complex components.
Real authentication
Flows requiring valid credentials (e.g., a loyalty-program account) can't be simulated without a dedicated test account.
Alternate-version fidelity
Judging whether an alternate office document truly contains the same information as its web counterpart isn't automatable, even though its detection and technical tagging are.