RGAA 4.1 contains 106 criteria. For an e-commerce SME, aiming for full compliance in three months is unrealistic — and needlessly stressful. The good news: 80% of the legal risk and 90% of the user risk come from just a dozen criteria. Tackling those first defuses most of the danger before you polish the rest. Here's our prioritisation, in order of attack.

The prioritisation principle

We rank a criterion along two axes: its user impact (does it block a purchase?) and its legal exposure (does it recur in complaints?). A criterion that prevents completing an order by keyboard combines both — it comes before a comfort criterion. It's this logic of direct harm that drives the order below.

Blocking level — fix first

  1. 011.1 — Text alternatives for images (product, banner, icon)
  2. 028.5 — Page language (`<html lang>`)
  3. 0311.1 — A label for every form field (search, account, checkout)
  4. 0412.6 — An identifiable main content area (`<main>`)
  5. 0513.1 — Control over time limits (sessions, stock countdowns)

These five touch the heart of the journey: finding a product, filling in a form, paying. A failure here translates directly into an impossible order for some of your users.

Major level — sprint 2

  1. 013.1 / 3.2 — Colour contrast (body text + interface)
  2. 027.1 — JavaScript widgets reachable and operable by keyboard
  3. 0310.7 — A visible focus indicator on every interactive element
  4. 0411.10 — Form error messages that are understandable and tied to the field
  5. 0512.8 — A consistent tab order through the purchase funnel

Here we move from "impossible" to "very hard": the purchase stays theoretically doable, but at a cost of effort that makes people give up. This is the territory of conversion rate as much as compliance.

Minor level — sprint 3 and beyond

  • 8.6 — Quotes in another language (local `lang`)
  • 9.1 — A hierarchical heading structure (h1 through h6)
  • 6.1 — Explicit link labels ("See the listing" rather than "Learn more")
  • 10.11 — Content readable without loss at 200% zoom

// The sequence that works

Sprint 1, the 5 blockers: you leave the red zone in a few days. Sprint 2, the 5 majors: you cross the 80% mark. Sprint 3 and beyond, the long tail: you aim for 95%+. No need to do it all at once — a dated audit plus this sequencing is enough to demonstrate an active approach.

"You don't fix 106 criteria in one go. You fix the 12 that matter, then track the rest over time."

— ComplAudit method

Frequently asked questions

Why not aim for 100% straight away?

Because the marginal cost explodes on the last criteria, while the risk collapses from the first ones. Reaching 85% quickly beats aiming for 100% and never shipping. Documented partial compliance is legally protective.

Do these priorities apply to every CMS?

Yes. The criteria are the same on PrestaShop, WooCommerce, Shopify or a bespoke site. Only the location of the fix changes: theme, module, or component.

How do I know where I stand on these 12 criteria?

An automated audit already covers most of them (images, labels, contrast, structure). The few behavioural criteria (focus, keyboard navigation) are verified additionally with a keyboard and a screen reader.

Our audit quantifies your exposure across all 106 criteria and sorts by legal severity.

→ See a sample report