EN 301 549 accessibility QMS process map
How to bridge ICT accessibility (EN 301 549) into a quality management system — process map, ownership, evidence, and the EAA 2025 deadline.
- EN 301 549
- ISO 9001
EN 301 549 is the harmonised European standard for ICT accessibility. It is the technical reference under the European Accessibility Act (Directive (EU) 2019/882), which becomes enforceable on 28 June 2025, and under the Web Accessibility Directive (Directive (EU) 2016/2102) for public-sector bodies. Most digital products sold to EU consumers from 28 June 2025 onward must demonstrate conformance, with limited exemptions for microenterprises.
This article gives you a process map that bridges accessibility conformance into an ISO 9001 quality management system. The point is to make EN 301 549 conformance a routine output of the QMS, not a periodic project.
Why bridge accessibility into the QMS
Accessibility teams often live in design or engineering. Without a QMS bridge, conformance becomes “the audit before launch,” which gives you the worst of both worlds, late findings, expensive rework, no continuous monitoring. Bridging makes accessibility:
- Process-led. Accessibility checks are gates inside existing development processes, not parallel ones.
- Evidenced. Audit records, testing records, and remediation records are documented information under clause 7.5.
- Reviewed. Accessibility metrics enter management review under clause 9.3.
- Improved. Accessibility nonconformities feed corrective action under clause 10.2.
The process map
Five processes plus a feedback loop. Each maps to ISO 9001 clauses and EN 301 549 sections.
1. Requirements and planning
Inputs. Product brief, target user segments, statutory scope (EAA in scope from 28 June 2025; WAD if public sector; ADA if US market).
Activities.
- Identify applicable EN 301 549 sections (web: section 9; non-web software: section 10; hardware: section 7 and 8; documentation: section 12).
- Define accessibility acceptance criteria per user story or feature.
- Choose the conformance level (default: WCAG 2.1 Level AA via section 9 for web; check the latest revision for AAA-applicable items).
- Allocate roles: a named accessibility owner; design and engineering contributors; QA validation.
ISO 9001 clauses. 6.1 risk and opportunity, 6.2 objectives, 8.1 operational planning.
2. Design
Inputs. Requirements, design system, content patterns.
Activities.
- Apply WCAG-aware design tokens (focus indicators meeting 1.4.11 non-text contrast, semantic colour usage, motion-reduction defaults).
- Annotate designs with accessibility metadata: heading order, landmark structure, ARIA where unavoidable, focus order, error message states.
- Design review includes a named accessibility reviewer.
ISO 9001 clauses. 8.3 design and development inputs and outputs.
3. Build and verify
Inputs. Designs, technical guidance, codebase.
Activities.
- Linting and unit-level checks (e.g., axe-core in CI for web).
- Component-level accessibility tests (keyboard reachability, ARIA contracts, screen-reader narration where automatable).
- Manual review of complex flows by an accessibility specialist.
- Assistive-technology spot-checks (NVDA + Firefox, JAWS + Chrome, VoiceOver + Safari, TalkBack + Chrome on Android).
ISO 9001 clauses. 8.5 production, 8.6 release of products.
4. Conformance evidence
Inputs. Test results, manual audit reports, screenshots, video.
Activities.
- Maintain a conformance record per release: which EN 301 549 clauses were tested, the test method (automated, manual, AT), the result, the evidence file.
- Compile or update the accessibility statement (EAA Annex V, WAD Article 7, or the EU model statement).
- For public-sector services, publish the statement and the contact point for feedback.
ISO 9001 clauses. 7.5 documented information, 8.5.4 preservation.
5. Monitor and improve
Inputs. User feedback, support tickets, analytics, periodic reaudit.
Activities.
- Triage accessibility-related feedback within the support process.
- Quarterly automated scans across deployed surfaces.
- Annual manual reaudit by a competent assessor.
- Trend metrics: defect density, mean time to remediate, regression count, complaint volume.
ISO 9001 clauses. 9.1 monitoring, 9.3 management review, 10.2 corrective action.
Roles and competence
| Role | Accessibility responsibility | Competence |
|---|---|---|
| Product manager | Acceptance criteria, scope decisions | Familiar with WCAG SC titles |
| Designer | Annotated designs | WCAG 2.1 AA, design-system tokens |
| Engineer | Implements semantics and ARIA | Automated tests pass; ARIA APG patterns |
| QA | Verifies acceptance criteria | Manual + automated + AT smoke tests |
| Accessibility specialist | Audit, advice, remediation guidance | IAAP CPACC or equivalent |
| Accessibility owner | Process governance | Senior; reports into QMS |
Documented information
Minimum set:
- Accessibility policy.
- Accessibility procedure (this process map plus details).
- Conformance evidence per release.
- Reaudit reports.
- Accessibility statements published per regulatory regime.
- Training records for the roles above.
- Risk and opportunity entries for accessibility.
Audit prep
The most common findings in QMS audits with an accessibility scope:
- No traceability between user stories, automated test results, and release records.
- Accessibility statement out of date relative to deployed product.
- Complaints handled by support but not flowing into corrective action.
- Annual reaudit is overdue.
Deadlines and what they mean
- 28 June 2025, EAA enforceable. Products and services in scope placed on the market from this date must conform.
- 23 September 2020 / 23 June 2021, historical WAD deadlines for public-sector websites and mobile apps.
- Pre-existing public-sector websites and mobile apps, already required to publish an accessibility statement.