A qualified VPAT service provider is a vendor or independent practitioner who can accurately complete a Voluntary Product Accessibility Template and produce a credible Accessibility Conformance Report. Qualification rests on three things: the provider conducts a manual accessibility evaluation against the correct standard, the auditor has documented experience with WCAG success criteria and assistive technology, and the resulting ACR reflects the product’s real conformance status. A provider that fills in a VPAT from a scan alone, or from a self-report, is not qualified. The ACR is the document buyers will read, and it must hold up under procurement review.
| Factor | What to Look For |
|---|---|
| Audit Methodology | Fully manual evaluation against WCAG 2.1 AA or WCAG 2.2 AA, not a scan-driven fill-in. |
| Auditor Credentials | Documented experience with WCAG criteria, assistive technology, and prior ACR work. |
| VPAT Edition | Knows when to use WCAG, Section 508, EN 301 549, or INT editions. |
| Deliverable Quality | ACR with accurate Supports, Partially Supports, Does Not Support, and Not Applicable ratings, plus remarks. |
| Independence | Third-party issuance carries more weight with procurement teams than self-issued reports. |
| Pricing Transparency | Clear scope, clear cost, no vague enterprise quotes. |
What Makes a VPAT Provider Qualified
The core qualification is the audit behind the VPAT. An ACR is only as accurate as the evaluation that informs it. A qualified provider conducts a manual accessibility evaluation of the product against the WCAG version and conformance level the buyer requires, then maps results to the VPAT structure.
Scans cannot produce a credible ACR. Automated checkers detect approximately 25% of issues and cannot evaluate criteria like meaningful sequence, name role value in custom components, or whether an error message actually helps the user recover. A provider that skips the audit step is selling a document, not conformance evidence.
Auditor experience matters next. Look for practitioners who have read and applied WCAG criteria across web, web app, and mobile app contexts, and who evaluate with screen readers like NVDA, VoiceOver, and TalkBack. Certifications like DHS Trusted Tester or IAAP credentials are signals, not requirements.
How Do You Vet a VPAT Service Provider?
Ask direct questions. The answers separate qualified providers from vendors selling paperwork.
Is the audit fully manual? The answer should be yes. If the provider relies on automated tools to populate the VPAT, the ACR will miss the majority of issues.
Which VPAT edition will you use? A qualified provider asks about the buyer’s market and recommends WCAG, Section 508, EN 301 549, or INT accordingly.
What standard will you evaluate against? WCAG 2.1 AA is the most common baseline. WCAG 2.2 AA is gaining traction with enterprise buyers and government procurement.
Who conducts the audit? A named auditor with verifiable experience is preferable to an opaque team.
How are issues documented? The audit report should identify each issue, the criterion it maps to, and remediation guidance.
What does the ACR include? Accurate ratings, remarks tied to real findings, and scope clearly defined.
VPAT Editions and When They Apply
The VPAT is not one document. The Information Technology Industry Council publishes four editions, each suited to a different procurement context.
VPAT WCAG edition: Default for most SaaS companies selling to private-sector buyers.
VPAT Section 508 edition: Required for U.S. federal procurement.
VPAT EN 301 549 edition: Used in European Union procurement and EAA contexts.
VPAT INT edition: Combines all three for vendors selling across markets.
A qualified provider matches the edition to the buyer’s procurement requirements, not the vendor’s preference. Choosing the wrong edition can stall a contract.
Independent vs. Self-Issued ACRs
A company can fill out its own VPAT, but procurement teams increasingly prefer ACRs issued by an independent third party. Independence signals that the ratings were not shaped by sales pressure or product team optimism.
For SaaS vendors, an independently issued ACR also reduces back-and-forth during contract review. Buyers see a third-party name on the cover page and treat the document with more weight.
Pricing Signals to Watch
Pricing transparency is a qualification signal. Providers who publish rates, scope definitions, and turnaround times generally operate with more accountability than vendors who require a sales call before quoting.
VPAT pricing typically reflects audit scope: number of pages or screens, complexity of the product, and the VPAT edition selected. Quotes that swing wildly without scope clarity are a warning sign.
Red Flags That Disqualify a Provider
VPAT delivered without a corresponding audit report is a disqualifier. The same applies to use of “Supports” ratings across the board with no remarks, claims that AI can auto-generate a credible ACR with no human evaluation, no clarity on which auditor conducted the work, pricing that requires multiple sales calls to surface, and no discussion of scope, standard, or VPAT edition during intake.
Where the Industry Is Heading
AI is changing how VPATs get drafted. AI tools can support auditors and remediation teams by mapping audit findings to VPAT structure faster, drafting remarks from issue data, and reducing the manual document assembly time. The audit itself remains human work. AI does not evaluate WCAG criteria credibly on its own, and any provider claiming otherwise is overselling the technology.
The qualified provider of the next few years will combine experienced auditors with AI assistance on the documentation side, not AI replacing evaluation.
FAQ
How much should a qualified VPAT service provider cost?
Pricing depends on scope, but transparent providers publish ranges. A small SaaS product with a contained scope can fall in the low four figures. Larger products with multi-environment scope (web, mobile, admin) scale from there. Be cautious of quotes that exceed five figures without clear scope justification.
Do I need a new VPAT every year?
ACRs do not carry a formal expiration. A qualified provider recommends updating the ACR after significant product changes, major release cycles, or when the buyer’s procurement team requests a current version.
Can my internal team fill out the VPAT after an audit?
Yes, but the document carries less weight with procurement reviewers. A third-party issued ACR is generally more persuasive in vendor evaluation.
What is the difference between a VPAT and an ACR?
The VPAT is the blank template. The ACR is the completed document a vendor delivers to a buyer. A qualified provider produces the ACR, not just a filled-in template.
Should the provider use WCAG 2.1 AA or 2.2 AA?
WCAG 2.1 AA remains the most common baseline. WCAG 2.2 AA is increasingly requested by enterprise and government buyers. A qualified provider asks the buyer’s standard before starting.
Choosing a VPAT service provider is a procurement decision as much as an accessibility decision. The right provider produces an ACR that holds up to scrutiny and reflects the product’s real conformance posture.
Contact a qualified provider listed in the Accessibility Base directory to start your VPAT project.