Skip to content

Early Access opens July 12 · $99/mo · all suites during the launch window · price locked through Q1 2027 · Join the waitlist →

← Back to Blog
Legal-counsel + compliance-program brief · 1,500 words

The demand letter just arrived — how the audit-defensible response runs.

acipta · Agent-based defensibility platform — workflow-grounded.

A WCAG accessibility demand letter is automated-scan output at a moment in time. The audit-defensible response is per-success-criterion signed evidence that can replay the same moment byte-identically. The arithmetic that follows is what drives the settlement dollar down. Here's the framework — the response order, the dollar math, and the artifacts your legal counsel will produce.

A typical WCAG demand letter in 2026 has the same skeleton: a specific URL or set of URLs, a list of cited success criteria from WCAG 2.1 AA (and increasingly 2.2 AA), screenshots or scan output that purports to demonstrate non-conformance, a settlement demand for a defined dollar figure, and a remediation undertaking with a timeline. The cited findings are almost always from an automated scanner — axe-core, WAVE, Lighthouse, or a wrapped commercial equivalent. The dollar figure is generally anchored to the plaintiff firm's read of the defendant's size, the number of cited findings, and the firm's historical settlement averages.

What the demand letter is not is a per-criterion human audit. The plaintiff firm's economics don't support that level of work pre-settlement. They run a scan, generate the letter from a template, and adjust the template by hand. This is not a criticism of the plaintiff's bar — it's structural. The arithmetic of accessibility litigation depends on volume, which depends on automation, which depends on scan output. Understanding that structure is where the audit-defensible response begins.

1.The 60% delta — what your re-audit will find

Automated scanners can deterministically check roughly 30-40% of WCAG success criteria. The machine-checkable bucket includes things like:

The remaining 60-70% requires human inspection, assistive-technology testing, or per-criterion specialist review. Examples:

A re-audit under per-criterion human-inspection methodology will frequently produce three buckets out of the demand letter's cited findings: (a) confirmed, (b) disputed methodology / false positive, and (c) already remediated since scan date. The proportion that lands in (b) and (c) combined is typically 40-60%. That number isn't aspirational — it's the typical delta between an automated scan and a per-criterion human-validated audit.

The single most consequential operational decision in demand-letter response: do not negotiate the dollar figure first. Run the re-audit first. The dollar follows the audit.

2.The response framework — five steps, in order

Step 1 — Preserve

Within 48 hours of receipt: litigation hold across IT, communications, procurement. Suspend any planned site re-deploys that would overwrite the URL state plaintiff scanned. Snapshot the disputed pages — HTML, rendered DOM, computed accessibility tree, browser version — and write to immutable storage with timestamps. If you have any signed-evidence platform (acipta or otherwise), capture the per-criterion verdict log for the cited URLs.

Step 2 — Scope

Re-test the cited URLs under your own audit methodology. Generate the three-bucket breakdown (confirmed / disputed / already remediated). This is where the dollar math gets built. The output is a per-finding, per-URL breakdown with citation back to specific WCAG success criteria and specific evidence artifacts.

Step 3 — Evidence

Produce per-success-criterion conformance records for the URLs where you can — signed at write time, RFC 3161-timestamped, hash-chained. For bucket (c) "already remediated since scan", produce the signed verdict log showing the criterion now passes and the date it passed. For bucket (b) "disputed methodology", produce the human-inspection record from your accessibility specialist including assistive-technology version, browser version, and screen-reader output. The decisive artifact is replayability — opposing counsel must be able to verify your evidence against the original rendered artifact.

Step 4 — Posture

The response letter has three jobs: (1) acknowledge receipt and reference your good-faith conformance program with documented evidence; (2) bucket the cited findings (confirmed / disputed / remediated) with per-finding citations; (3) offer a defined remediation timeline for the confirmed bucket with measurable milestones. This is not a settlement letter — it's the letter that determines whether settlement happens at the low end or the high end of the plaintiff's typical range.

Step 5 — Settlement

Most Title II and Title III accessibility demand letters settle. The question is at what dollar and on what remediation terms. The variables: how many findings move from bucket (a) to (b) or (c) under your re-audit, what your remediation runway looks like, what monitoring the plaintiff requires post-settlement, and how recent your last similar settlement was (plaintiffs' firms read each other's settlements).

3.The dollar arithmetic, illustrated

Two scenarios, same demand letter, different evidence postures:

Scenario A — Scan-output defense

Setup: Demand letter cites 14 WCAG 2.1 AA findings on 6 URLs. Initial demand: $75,000 + attorney's fees + 12-month remediation undertaking with quarterly third-party monitoring.

Defendant's evidence posture: Annual third-party WCAG audit PDF (last refreshed 14 months ago). Monthly internal scan dashboards. No per-criterion signed evidence.

Response: Attorney narrative argument plus a remediation commitment. Defendant cannot demonstrate the 14 findings are anything other than what plaintiff alleged.

Typical settlement: $55,000-$70,000 + attorney's fees + the full remediation undertaking with monitoring. Settlement reflects roughly 75-90% of the initial demand.

Scenario B — Audit-defensible evidence posture

Setup: Same demand letter. Same 14 findings on 6 URLs. Same initial demand: $75,000.

Defendant's evidence posture: Per-success-criterion signed evidence (Ed25519, RFC 3161 timestamps, hash-chained) covering all 6 URLs for the past 12 months. Continuous per-deploy re-evaluation.

Re-audit output: 6 findings confirmed (bucket a), 5 findings disputed as methodology / false positive (bucket b), 3 findings already remediated and timestamped pre-scan (bucket c).

Response: Per-finding response letter with replayable evidence artifacts. The 3 already-remediated findings come out of the dollar math entirely. The 5 disputed findings remain in the math but with significantly weaker plaintiff posture. Only the 6 confirmed findings drive the remediation commitment.

Typical settlement: $18,000-$32,000 + attorney's fees + a remediation undertaking limited to the 6 confirmed findings with self-audit reporting (not third-party monitoring). Settlement reflects roughly 25-40% of the initial demand.

The difference between Scenario A and Scenario B is not better negotiation. It's evidence quality. Plaintiff's counsel has seen Scenario A many times; the response is templated. Plaintiff's counsel has seen Scenario B less frequently, and the response is harder to template because the evidence does load-bearing work the attorney doesn't have to do.

4.The artifacts your counsel will produce

ArtifactPurposeWhat it contains
Litigation hold memoPreserve evidence and state of disputed URLsDirective to IT/comms/procurement teams; named custodians; preservation deadline
URL state snapshotByte-identical capture of disputed pagesRendered HTML, computed accessibility tree, scan output, browser metadata, timestamps
Re-audit reportThree-bucket breakdown of cited findingsPer-finding response: confirmed, disputed, or remediated with evidence references
Signed evidence packDefensible conformance verdictsPer-criterion Ed25519 signatures, RFC 3161 timestamps, hash chain, replay manifest
Response letterFormal reply to plaintiff's counselThree-bucket findings response, remediation commitment for confirmed bucket, settlement framework
Remediation pipeline docMeasurable forward-motion recordConfirmed findings + owners + milestone dates + per-criterion verification approach
Settlement agreementFinal close-outDollar figure, remediation undertaking scope, monitoring or self-audit terms, release language

5.What changes when you start with signed evidence vs. add it after

The audit-defensible posture has to be built before the demand letter arrives, not after. Per-success-criterion signed evidence cannot be retroactively manufactured — by definition, it has to exist at the moment the URL was rendered. If your stack today produces scan-output dashboards and quarterly third-party audit PDFs, you are in Scenario A and will continue to be in Scenario A until the architecture changes.

The good news is that the architectural change is small. Per-criterion signing at write time, RFC 3161 timestamping, hash-chained verdict log, replay manifest — these are operational primitives, not greenfield builds. acipta's A11Y suite produces this evidence as a byproduct of the same scan that today produces a dashboard. The difference is what gets persisted, signed, and made replayable. For the full operator's framework on the post-deadline window, read our ADA Title II post-deadline brief and the complete operator's guide.

What this brief is and isn't: this is operational guidance on the structural arithmetic of WCAG demand-letter response. It is not legal advice and should not be a substitute for it. Engage qualified ADA counsel — inside or outside — for matter-specific decisions. The framework here is what we see working in practice; matter-specific posture is your counsel's call.

Frequently asked questions

What's typically in a WCAG accessibility demand letter?
A specific URL or set of URLs, a list of cited WCAG success criteria with screenshots or scan output, a settlement demand for a defined dollar figure plus attorney's fees, and a remediation undertaking with timeline. The dollar figure is typically anchored to perceived defendant size and the number of cited findings.
How is the 60% delta between automated scans and human audits relevant to demand-letter response?
Automated scans check ~30-40% of WCAG criteria; the remaining 60-70% requires human inspection. A typical demand letter cites only the machine-checkable bucket. A re-audit will frequently find 40-60% of cited findings are disputed or already-remediated. That delta moves directly into settlement arithmetic.
What's the difference between scan output and audit-defensible evidence?
Scan output is a dashboard PDF. Audit-defensible evidence is a per-criterion verdict signed at write time, timestamped via RFC 3161, hash-chained, and replayable against the byte-identical rendered artifact. The legal weight is materially different at deposition.
Should we settle or fight a WCAG demand letter?
In most cases, settle — but at the right dollar and on the right terms. The variables: re-audit findings, remediation runway, monitoring requirements. A strong defendant settles at 20-40% of the initial demand with a 6-12 month remediation window. The arithmetic that drives the dollar down is signed evidence, not better negotiation.

Replay a verdict. Verify the hash. In 20 minutes.

Free 20-minute demo: bring a URL, leave with a per-success-criterion signed verdict against WCAG 2.1 AA + WCAG 2.2 AA. The same evidence pack that reframes settlement arithmetic in Scenario B — except it exists at write time on every URL, every deploy, going forward.