WCAGdesk
EAA in force · 28 June 2025

Accessibility compliance you can prove — not just claim.

Continuous WCAG 2.2 AA monitoring that builds a timestamped, independently verifiable record of your accessibility work — for the EU Accessibility Act and Germany's BFSG. Free scan, no signup.

No signup required for the first scan. Calculate your risk → Sample report (PDF) See methodology →
Sample · PDF/A-2b · 4 pages · 218 KB RFC 3161 timestamped

Accessibility Conformance Report

handelshof-bremen.de · scan 047 · 2026-04-01
Standards
WCAG 2.2 AA · EN 301 549 V3.2.1 · BFSG § 12
Period
01 March – 01 April 2026 (monthly)
Findings
0 critical 2 serious 7 moderate 3 minor
Hash
sha256:a4f9e2d1b8c7e3a5f0d2b8c3d4e5f9a8…b91c3e7f
Time
2026-04-01T03:14:22Z · RFC 3161 trusted TSA
Conformance verdict
Partial conformance
RFC 3161 timestamp + SHA-256 hash chain FreeTSA · trusted timestamp authority
AdES seal (eIDAS Art. 35) on roadmap · Q3 2026
Verified 2026-04-09T14:23:11Z sha256:a4f9e2d1…8c3d RFC 3161 timestamp

Three numbers that changed the cost of ignoring accessibility.

€1,500–€7,500
Abmahnung legal-fee range

Typical legal fees cited in a competitor Abmahnung over BFSG / WCAG. § 37 BFSG administrative fines can reach €100,000 in severe cases, depending on duration, cooperation and remediation.

€1M
FTC settlement

Imposed on accessiBe in April 2025 for misleading claims about overlay widgets.

28.06.25
EAA enforcement begins

European Accessibility Act applies to every B2C service operating in EU member states.

Position

Overlay widgets are now a liability, not a remedy.

A scanner produces evidence. An overlay produces a JavaScript injection — and, increasingly, a regulator's invitation.

Approach A

Overlay widget

accessiBe, UserWay, EqualWeb

  • Documentary value
    Overlay output is not designed as a timestamped audit trail of conformance
  • Audit-trail preservation
    No timestamped record of compliance over time
  • Accessibility statement
    Generic boilerplate, not BFSG / EN 301 549 conformant
  • Timestamp verifiability
    No RFC 3161 or eIDAS signing
  • Abmahnung defense
    No defensible audit trail; AccessiBe paid a USD $1M FTC penalty in 2025 for overlay claims
Approach B

WCAGdesk

Audit trail, not augmentation

  • Audit-trail instruments
    RFC 3161 timestamps + SHA-256 hash chain anchored to Polygon mainnet. AdES PDF sealing (eIDAS Art. 35) on roadmap pending Skribble/Sectigo onboarding. Admissibility in any particular proceeding is for counsel and the court.
  • Audit-trail preservation
    Hash-chained scans · 30 days (Audit) / 90 days (Defense) / unlimited (Counsel)
  • Accessibility statement
    Per BFSG § 12 / EN 301 549 / Web Accessibility Directive 2016/2102
  • Timestamp verifiability
    RFC 3161 trusted timestamps from a trusted TSA
  • Abmahnung defense
    One-click evidence bundle export with response template (DE)
How the audit trail works

Three procedures. One verifiable record.

01

Scan

Your site is scanned weekly on Audit or daily on Defense / Counsel against WCAG 2.2 AA, EN 301 549 and BFSG. Each scan is hashed (SHA-256) and timestamped via an RFC 3161 trusted TSA.

rfc-3161 timestamp
02

Timestamp & chain

Reports export as PDF/A-2b with an RFC 3161 timestamp and SHA-256 hash chain embedded. An advanced electronic seal (eIDAS Art. 35, bound to SideLabs) ships once Skribble/Sectigo onboarding completes; a qualified electronic seal (Art. 36) upgrade follows. Roadmap target: Q3 2026. The sample report on this site demonstrates the current unsigned (timestamp + hash-chain) state.

rfc 3161 · hash chain · ades on roadmap
03

Defend

When an Abmahnung arrives, export the full evidence bundle in one click: scan history, hash chain, statement publication log, remediation log.

evidence bundle
Pricing

Self-serve, monthly, billed in EUR via Paddle.

Billed via Paddle as Merchant of Record. VAT handled per buyer jurisdiction. No annual lock-in. No free trial — the public URL scanner is free.

Audit

Tier 01

For one site that needs a clean record.

€149/mo

  • 1 site, up to 50 pages per scan
  • Weekly scans, RFC 3161 timestamped + hash chain
  • WCAG 2.2 AA, EN 301 549 coverage
  • PDF + JSON export
  • 30-day scan retention
  • Statement generator on Defense+ (not Audit)
Start with Audit

Counsel

Tier 03

For B2B SaaS with regulated procurement.

€599/mo

  • Everything in Defense
  • Advanced + qualified electronic seal upgrades (Q3 2026 roadmap; included for Counsel once available)
  • Quarterly expert review
  • White-label PDFs
  • SSO + audit log
  • Priority support, named contact
Start with Counsel

Prices exclude VAT. Cancel any time. Existing scans remain available for export for 90 days after cancellation.

Questions buyers ask before they buy.

What does an Abmahnung cost in Germany?
A typical Abmahnung from a Wettbewerbsverein cites €1,500–€7,500 in legal fees plus a Unterlassungserklärung (cease-and-desist undertaking) carrying contractual penalties of €5,001 per future violation. BFSG-specific cases brought via the Marktüberwachungsbehörden can additionally levy administrative fines up to €100,000 under § 37 BFSG.
Is automated scanning enough for legal compliance?
No tool is, and we will not claim otherwise. axe-core fully evaluates roughly 30–40 % of WCAG 2.2 AA success criteria — the ceiling for any automated engine, per Deque's own published research. What automation cannot assess includes keyboard-only task flow, screen-reader narration order, cognitive load of error messages, alt-text quality and content meaning, video captions and audio descriptions, focus management in complex single-page apps, and reading-order issues in custom widgets. For full BFSG / EN 301 549 conformance you also want a manual expert audit, typically every 12–24 months. WCAGdesk produces the dated, verifiable evidence layer regulators look for when assessing diligence; if you need an expert auditor, the Counsel tier includes a referral to a vetted EU accessibility consultant or Fachanwalt. Manual remediation remains your responsibility either way.
What about PDFs and other documents on my site?
We scan linked PDFs via veraPDF (PDF/UA-1 checks) and surface failures in your report. We do not remediate them — the tooling to rebuild a tagged, accessible PDF from a flat scan is its own product category. If your storefront ships product manuals, invoices, or terms PDFs that fail, you have three options: regenerate from source with accessible tags, route through a remediation service (CommonLook, Adobe Acrobat Pro's auto-tag, Foxit), or replace with HTML equivalents. Counsel-tier customers get an introduction to a PDF remediation partner; Audit and Defense tiers get the findings only.
How can timestamped reports support a legal defense?
Each report carries an RFC 3161 trusted timestamp from FreeTSA (a free public TSA — not a qualified TSA under eIDAS Art. 41) and a SHA-256 hash chain anchored as a Merkle root to Polygon mainnet. Both qualified-TSA and AdES PDF sealing (eIDAS Art. 35, then Art. 36 for qualified) are on the roadmap for Q3 2026 and ship once SideLabs completes Skribble/Sectigo onboarding. Until then, PDFs are not electronically sealed; they are timestamp + hash-chain only. These instruments support evidence of integrity and origin; admissibility in any particular proceeding is a determination for counsel and the court. WCAGdesk does not provide legal advice.
How is "Polygon anchored" actually verifiable?
Every scan's per-domain hash chain is included in a SHA-256 Merkle tree that gets written to a Polygon mainnet smart contract at 0xEc9fE204…CeE6a. For any individual scan we ship the Merkle path; you (or an auditor) recompute the root locally and confirm it on Polygonscan independently of WCAGdesk. Each weekly anchor costs us roughly $0.01 in gas — durable for as long as Polygon exists, which is the point.
What if I receive an Abmahnung — what do I do?
Do not sign the Unterlassungserklärung as written. Open the Defense view in WCAGdesk: upload the letter, generate a German-language response that references your scan history and remediation log, and forward both to a Fachanwalt für IT-Recht. We maintain a list of vetted DE accessibility lawyers for Counsel customers.
Why isn't an overlay widget enough?
Overlays modify the DOM at runtime; they neither fix underlying source code nor produce evidence of what was tested when. The Federal Trade Commission's April 2025 settlement with accessiBe ($1M) treats marketing claims about overlay efficacy as deceptive. EU regulators and accessibility advocates have raised similar concerns. Your underlying liability is the source HTML, not the JavaScript wrapped around it — overlay output is rarely durable evidence of compliance.
How is this different from Pope Tech, Siteimprove, accessiBe?
Pope Tech and Siteimprove are honest scanners — but they're positioned as enterprise audit tools, not legal-defense systems, and they don't produce RFC 3161-timestamped + hash-chained evidence bundles or Abmahnung response workflows. accessiBe and UserWay are overlay vendors, which we explicitly are not. Deque axe is a developer toolkit and excellent for that purpose; it isn't a service or a record-keeping system. Side-by-side: vs accessiBe · vs UserWay · vs Siteimprove.

Start the record. Defend it later.

First scan is free, no signup. Paid plans from €149/month, cancel any time. The artifacts you generate stay yours — exportable as RFC 3161-timestamped PDFs with SHA-256 hash chain (AdES seal on roadmap).

Start free scan See pricing No credit card. Public sites only. axe-core 4.11.