Published: 6 June 2026

Accessibility Has Entered the Risk Mainstream

Prioritising accessibility in procurement is no longer a niche concern. It’s now a critical risk category that organisations must manage proactively. Inaccessible products can lead to legal liabilities, operational disruptions, and reputational damage — just like cybersecurity breaches and privacy violations.

A painter is adding 'Accessibility' to a board that already has 'Cybersecurity' and 'Privacy' painted on it.

The Three Dimensions of Accessibility Risk

Inaccessible products can breach anti discrimination laws, and organisations face potential consequences like complaints, investigations, enforceable undertakings, and reputational damage.

2. Operational Risk

If staff cannot use internal systems due to accessibility barriers, productivity drops and HR risk increases.

3. Reputational Risk

Public-facing accessibility failures can trigger media scrutiny and erode trust, because accessibility is no longer optional — it’s a compliance obligation.

Why Accessibility Belongs Beside Cybersecurity

Accessibility and cybersecurity share striking similarities. They both require continuous monitoring, involve vendor assurance, rely on governance, not one-off checks, can cause operational outages, and are now standard procurement requirements.

Procurement teams already manage cybersecurity risk, and surely accessibility fits naturally into the same frameworks.

Embedding Accessibility Into Procurement Processes

1. Update RFP Templates

If you truly want your ICT to be accessible, you need to ask for it. RFPs should explicitly:

  • require Accessibility Conformance Reports (ACR) or some solid evidence of the product’s accessibility status including its limitations and known issues
  • define accessibility testing requirements alongside security and privacy requirements (and other functional and non-functional requirements)
  • request remediation expectations. How will the supplier address accessibility issues that arise during procurement and after delivery? What are their timelines and processes for remediation? In general, crowd-sourced bug tracking systems are not sufficient for accessibility issues, because they may have a profound impact on arguably fewer users, and thus often require more detailed reporting and prioritisation.
  • ask governance questions. How do they maintain accessibility in their design system? How do they ensure ongoing compliance with evolving standards? Do they have a dedicated accessibility owner or team? What is their process for handling accessibility issues that arise post-delivery?

2. Include Accessibility in Evaluation Criteria

Explicitly weight accessibility alongside security, privacy, and functionality so buyers can make informed trade-offs. This also signals to suppliers that accessibility is a non-negotiable requirement, not an afterthought.

3. Add Accessibility Clauses to Contracts

Contracts should specify define remediation timelines, reporting obligations, version updates and impose penalties for non-compliance. This creates accountability and incentivises suppliers to maintain accessibility over time.

4. Require Evidence, Not Promises

Ask for concrete evidence of accessibility, not just assurances. This can include: ACRs, test reports, design system documentation and accessibility roadmaps.

How to Assess Vendor Maturity

A mature vendor can demonstrate:

  • A dedicated accessibility owner or team
  • Regular audits and updates to their accessibility documentation
  • A maintained design system with accessibility patterns
  • Testing that actively involves people with disabilities
  • Clear remediation processes and timelines for addressing accessibility issues, and transparent communication about known limitations and issues.

Immature vendors rely on vague assurances.

Case Examples

Example 1: Internal System Failure

A government agency purchased an HR system that was inaccessible to screen reader users. In result, some staff could not, or had great difficulty applying for leave or even access payslips independently. Yet they couldn’t reasonably ask their colleagues to do this for them either. In consequence the agency had to implement a costly workaround and renegotiate the contract, leading to avoidable operational disruptions and unexpected cost.

Example 2: Public-Facing Complaint

A financial services provider launched a new customer portal. But there were issues with inaccessible authentication flows for some clients with disabilities. The result was that complaints escalated, and customer service teams spent undue time addressing them. Then there was reputational damage and the unplanned remediation. Again, all avoidable if accessibility had been properly managed in procurement.

Conclusion

Accessibility is a procurement risk category that demands the same rigour as cybersecurity and privacy. Organisations that treat it seriously reduce exposure, improve operational resilience, and deliver better outcomes for staff and customers.

Free tools to try

Services

Procurement: Learn how AccessUX helps IT buyers and procurement teams to source accessible ICT and evaluate supplier accessibility claims teams.