Published: 9 May 2026

Procurement Can’t Rely on Vendor Promises Anymore

I’ve read countless ACRs, and the quality varies significantly. Some are detailed, transparent, and evidence based. Others are vague, inconsistent, and full of red flags.

Procurement teams need to know how to tell the difference — because the quality of an ACR directly affects risk, cost, and operational continuity.

Note: For brevity I’ll use the term ACR, but remember that an Accessibility Conformance Report (ACR) is just a completed VPAT.

Vintage poster shows a man on an American frontier stage under sign 'Dr Miracle's Amazing Elixir. Only $1 Bottle!' saying 'Step right up! This elixir will cure all your problems' to a crowd of onlookers

What a VPAT/ACR Actually Is — and Isn’t

A VPAT/ACR is a self reported accessibility statement. It outlines how well a product conforms to standards such as WCAG 2.2 or EN 301 549. It is not:

  • a guarantee of compliance
  • a substitute for testing
  • a legal defence
  • evidence of maturity

It is a starting point — and procurement teams must interpret it critically.

The Anatomy of a High-Quality ACR

A credible ACR includes:

  • Clear test methods
  • Evidence of manual and assistive technology testing
  • Honest conformance statements
  • Notes explaining limitations
  • Versioning and dates
  • Scope (what was tested and what wasn’t)

If any of these are missing, the ACR is incomplete.

Red Flags Procurement Should Never Ignore

1. Copy paste language

If every criterion uses identical wording, the vendor likely hasn’t tested the product.

2. “Supports” with no explanation

A credible ACR explains how the product supports the criterion.

3. Entire sections marked “Not Applicable”

Especially suspicious for:

  • forms
  • tables
  • interactive components
  • multimedia
  • authentication flows

4. No mention of assistive technologies

If the vendor didn’t test with screen readers, magnifiers, or keyboard-only navigation, the ACR is incomplete.

5. No date or version

Accessibility changes over time. Undated ACRs are a liability.

How to Interpret “Partially Supports”

This is the most misunderstood term in accessibility procurement. “Partially Supports” means:

  • the feature exists
  • but it has accessibility limitations
  • and those limitations may affect users

It does not mean “good enough.” Procurement teams should ask:

  • What exactly is missing or broken?
  • How severe is the impact?
  • How many users are affected?
  • Is there a remediation plan?

A Simple Risk Scoring Framework for Procurement

To evaluate accessibility risk, assess each failure across three dimensions:

1. Severity

  • Critical: blocks access entirely
  • Major: significantly impairs use
  • Moderate: causes friction
  • Minor: cosmetic or low impact

2. Frequency

  • How often does the issue occur?
  • Is it in a core workflow?

3. User Impact

  • Does it affect people with vision, motor, cognitive, or hearing disabilities?
  • Does it affect staff or customers? This creates a clear, defensible risk profile.

Questions Procurement Should Ask Vendors

  • What testing methods were used?
  • Which assistive technologies were included?
  • Who performed the testing?
  • What is your remediation roadmap?
  • How often do you update your ACR?
  • Do you have an accessibility governance structure?

Vendors who can’t answer these questions are not ready for enterprise procurement.

Conclusion

A VPAT/ACR is only as good as the process behind it. Procurement teams that know how to interpret these documents reduce risk, avoid costly surprises, and ensure digital tools are usable by everyone

Services

Procurement: Learn how AccessUX helps IT buyers and procurement teams to source accessible ICT and evaluate supplier accessibility claims teams.