TL;DR
| Doc | Best for | Who asks for it |
|---|---|---|
| VPAT 2.5 | US Section 508 / ADA documentation | US federal procurement, large US enterprise IT teams |
| ACR | B2B procurement due diligence | Enterprise compliance teams, “send us your ACR” requests |
| EAA | EU market presence / EAA enforcement | European market surveillance authorities, EU-based customers |
VPAT 2.5
The Voluntary Product Accessibility Template (VPAT) is a free template maintained by the Information Technology Industry Council (ITI). Version 2.5 is the current revision; it’s the format US federal procurement teams expect when buying software or services that fall under Section 508 of the Rehabilitation Act.
A VPAT lists every applicable WCAG success criterion and Section 508 standard, and for each one declares your product’s conformance: Supports, Partially Supports, Does Not Support, or Not Applicable, along with remarks explaining the verdict.
When you need one
- Selling software to US federal agencies (mandatory)
- Selling to US state/local governments with their own 508 requirements
- Responding to ADA Title III demand letters where you need to demonstrate ongoing compliance posture
- RFP responses that explicitly ask for “your VPAT”
What ClearShield produces
The ClearShield VPAT covers all 50 WCAG 2.1 Level A+AA criteria plus the 6 WCAG 2.2 additions, maps each one to the axe-core rule it was tested against, and uses the official VPAT 2.5 conformance levels. It’s automated-baseline only — we tell readers explicitly in the document that an automated scan catches ~30–40% of accessibility issues and manual review is needed for formal attestation.
ACR (Accessibility Conformance Report)
An ACR is what you get when you fill out a VPAT. Strictly speaking, the VPAT is the template and the ACR is the completed report. But over the past few years, “ACR” has emerged as a distinct procurement deliverable in its own right — especially in B2B SaaS, where buyers want a slightly more flexible format than the formal VPAT.
The ClearShield ACR has the same conformance table as the VPAT, but the cover page is framed for procurement: explicit “Product Under Evaluation” + “Evaluator” blocks (so the receiving compliance team knows exactly what was tested and who’s accountable), and a standards table that lists WCAG 2.1, WCAG 2.2, Section 508, and EN 301 549 in one view.
When you need one
- A B2B prospect’s security/compliance review asks “please share your ACR”
- You want to proactively publish a conformance posture on your trust/security page
- You’re responding to a customer due-diligence questionnaire (DDQ) that includes accessibility
- You want one document that covers US + EU compliance baselines at a glance
VPAT or ACR — which?
If a procurement RFP explicitly asks for “your VPAT”, send the VPAT. If it asks for “your accessibility conformance report”, “ACR”, or “your accessibility posture document”, send the ACR. Functionally the data is identical; the cover framing is different.
EAA — European Accessibility Act
The European Accessibility Act (Directive (EU) 2019/882) is a 2019 EU directive that mandates accessibility for a broad set of ICT products and services sold into the EU market. The enforcement window opened on 28 June 2025.
EAA conformance for web content is presumed when your site meets the requirements of EN 301 549 V3.2.1, the harmonised European standard for ICT accessibility. For web content, EN 301 549 references WCAG 2.1 AA as its technical baseline.
When you need one
- You sell or operate in any EU member state
- Your B2B customers have EU end-users and pass through compliance obligations to you
- An EU member state’s market surveillance authority requests evidence of conformance
- You want to demonstrate “presumption of conformance” under Article 15 of the EAA
What ClearShield produces
The ClearShield EAA report is structured as a self-declaration of conformance: it references EN 301 549 V3.2.1 explicitly, uses European conventions (DD Month YYYY dates, “economic operator” terminology), and closes with a Declaration of Conformance block phrased per Annex VI of the EAA.
Important caveat: ClearShield is a software platform, not a Notified Body. The EAA report we produce is suitable as an internal compliance baseline and for B2B due diligence; for formal market-surveillance defense, customers in EU member states should commission a manually-reviewed conformance assessment in addition to the automated baseline.
The EAA document is gated to the Lite tier and above. Free-tier users see VPAT + ACR previews but are routed to /upgrade for EAA.
Common questions
Is an automated VPAT/ACR/EAA enough for legal defense?
No — not on its own. Automated audits like ours catch an industry-standard ~30–40% of accessibility issues. For a formal conformance attestation, you need manual review by a qualified auditor on top of the automated baseline. Where ClearShield is most valuable is the evidence trail: timestamped, continuous documentation showing your accessibility posture over time. That trail is what differentiates “we made good-faith efforts” from “we had no idea” if a demand letter ever arrives.
Can I customize the document with my company logo?
Not directly in the UI yet — the documents are auto-filled from your scan + profile. Business and Enterprise tier customers can request custom-branded versions; email us. Customers downloading the report can also save as PDF via the browser print dialog and edit cover pages externally.
How often should I regenerate these documents?
VPAT/ACR/EAA documents are timestamped to the underlying scan. Best practice: regenerate after every major site update, or at minimum quarterly. If you have a scheduled scan running daily/weekly, you already have a fresh scan to generate from at any time. The customer-facing audit trail is the rolling scan history; the conformance docs are point-in-time snapshots derived from it.
What if I’m already in active litigation?
Don’t use the standard subscription. Scan output from a standard ClearShield account is not attorney-client privileged work product, and it may be discoverable in active litigation. Defense counsel should reach out via contact@clearshield.legal to start a litigation-defense engagement, where reports are produced under privilege. See the Terms of Service § 9 for the full clause.
Do these documents satisfy WCAG 2.2 compliance on their own?
The documents describe your conformance posture — they don’t fix anything. WCAG 2.2 compliance comes from actually building accessible HTML/CSS/JS. ClearShield helps by surfacing what’s broken (the scan), producing the documentation (the conformance docs), and tracking remediation over time (the audit trail). The doing-the-fixing part is on your dev team.
Ready to generate yours?
Sign up free, run a scan, and you’ll have a preview VPAT + ACR in under 5 minutes.
Start free