Your homepage passed its accessibility audit. That says almost nothing about your site.

Part 1 was the engineering: how the discovery layer finds pages the homepage audit never touches, and how the deduper turns 5,808 instances of one bug into a single finding. This part is the question a CTO actually asks. What is that worth, and what does it cost to not have it?

No code here. Just the part that shows up on a budget.

Single-page green is a false sign-off

You point an audit at your homepage. It comes back green. You sign off.

Meanwhile the checkout was never audited. Neither was the account area, the search results, the article templates, the booking flow. The pages where conversion and compliance actually live are exactly the pages a single-URL audit can’t see.

Single-page-green doesn’t mean the site is accessible. It means that one page is. I learned this on my own portfolio: the homepage was clean across three audit rounds, and the moment I pointed discovery at the router I found nine SERIOUS findings on three pages I’d never have audited by hand.

That gap - between “this page passes” and “this site complies” - used to be a quality concern. Now it’s a legal one.

Since June 2025, this stopped being optional

The European Accessibility Act (Directive 2019/882) applies from 28 June 2025. It covers e-commerce, consumer banking, ticketing and transport, e-books, and more. The technical baseline is WCAG-level conformance. Enforcement and penalties are set by each member state.

Read the scope carefully: the obligation is the service. The whole product. Not the landing page.

So you have a law scoped to the entire user journey, and an audit scoped to one URL. The distance between those two scopes is your exposure. A complaint doesn’t arrive about the page you audited. It arrives about the page you didn’t.

The cost isn’t “audit more pages”

Here’s where the math usually goes wrong.

A manual accessibility audit across a real site - dozens to hundreds of pages - is weeks of specialist time. And the deliverable is a flat list of thousands of findings that nobody can action. Expensive to produce, useless to act on.

The lever isn’t auditing more pages. It’s reporting by cause instead of count. The 5,816 findings on my portfolio were three bugs. You don’t pay anyone to triage 5,808 duplicate tickets - you fix one CSS variable and 34 pages go green at once. That deduplication is the cost saving. It just happens to look like a technical detail.

Same method, real numbers from my own work: a full performance audit took 7 hours with this approach against 16 billable hours the manual way, against a week the classic way. The portfolio went from a failing grade to A in eight commits, 75 minutes of work. Accessibility has the same shape. The audit-and-fix loop runs in hours, not a multi-week engagement, because the tool collapses symptoms into causes before a human ever reads the report.

What you’re actually buying

The ability to say your whole site is compliant. Every template, every gated route, every page where money changes hands. With a remediation path that reads “one change, thirty-four pages green” - and with it done before an EAA complaint finds the page you forgot existed.

A single-page audit answers “is this page accessible.” A multi-page audit answers “is my business compliant.” Only one of those questions shows up in a legal letter.

Where the line is

The public toolkit does the core of this - discovery, cross-page dedup, A-F grading - open source under AGPL-3.0. Clone it, run it, see the method.

Production scale is a different job: authenticated routes behind a login, parallel execution across hundreds of pages, audit gating in CI so a regression never ships, token federation across a design system used by ten repos. That’s the Pro tier and the consulting work, and it’s where “compliant homepage” becomes “compliant company.”

If your accessibility sign-off currently covers one page, you’re signing off on a guess. That’s the part worth fixing first.

This is Part 2 of the multi-page WCAG build story. Part 1 covers the architecture: the discovery layer and the deduper. The toolkit is open source: sdet-wcag-toolkit, AGPL-3.0.