A couple of weeks ago, I packed my notebook and headed to London for two back-to-back events organised by Boye & Co: The UK Digital Leaders meeting and CMS Experts. After two days and a lot of discussions with the support of quality coffee, and delicious Thai and Indian food, I took the train back to Edinburgh having enough ideas, links and reflections to fill several blog posts. Here’s my summary.

About these events

Boye & Co run a series of peer group meetings over each year for digital professionals, bringing together practitioners from a range of sectors in small, high-trust settings. That format works well, encouraging genuine and honest conversation, and it’s very common to hear the real stories behind the polished case studies. This was not my first UK Digital Leaders, or CMS Experts, event, since myself and colleagues have been attending similar events over the last few years, so knew what to expect and was excited about the upcoming discussions. Both groups had overlap in attendees and themes, which made the two days feel satisfyingly joined up.

Reflections from a conference focussing on digital leadership in higher education – October 2025, by Stratos Filalithis

Key insights from the 2025 UK Digital Leaders Summit day in Cambridge – October 2025, by Emma Horrell

My takeaways from the latest Digital Leaders London meet-up – March 2025, by Emma Horrell

There is an expression that is used more and more when referencing use of AI, and makes me uncomfortable: “Keeping the human in the loop”. I, instead, believe we need to ensure that we “Keep the human in the middle”. What is more relevant with this then, other than reflecting on the impact, negative but positive too, of AI against digital accessibility?

Is AI improving or impeding web accessibility?

Sadly, the initial look is mostly negative: A lot of AI-generated code and content is inaccessible by default.

The team behind US-based WebAccessBench have been benchmarking AI-generated UI outputs, and the results are not great. Their findings describe what they call a “systematic civil-rights failure”: AI models are trained on over 20 years of internet content, and that content has historically been riddled with accessibility barriers. So when AI learns from it and then generates new interfaces and content, it faithfully reproduces those same barriers. This isn’t a minor bug that can just be fixed, it’s embedded in the structure and nature of how AI is trained, thinks and responds.

AI is locking people out. At Scale. – Digital Accessibility Reliability in LLM-Generated Web Interfaces, including white paper, by Casey Kreer.

As it is the reality with all things related to AI, everything is significantly faster and is applied at a greater scale. Inaccessible patterns are spreading faster than they can be reviewed and fixed. This is not a risk of failure complying with related regulations and legislation, but a failure in inclusion. Specifically for our sector, this could result in audiences unable to access our University website and admission pages to understand our study and research offerings, our student portal to find the information that they need, or our help and support pages to identify who to contact to get the support they need.

In the University of Edinburgh we have issued relevant guidance to support our staff & students make the right choices in using AI.

Guidance for student and staff on AI use

Looking in the wider sector, though, and more globally, the risk is real. The World Wide Web is accessed by many people requiring the content, and interfaces, to be accessible, so all of us need to keep a keen eye to ensure that. That has become even more important in the age of AI.

W3C is reviewing the impact of AI against its standards

Thankfully, the broader web standards community is taking this seriously. The W3C’s Accessible Platform Architectures Working Group has published an editor’s draft on the accessibility of machine learning and generative AI, which is attempting to keep the discussion alive and, hopefully, set the standard of expectations.

Accessibility of machine learning and generative AI – Editor’s draft, W3C

The document is honest about where AI currently falls short. The automation of alt text, one of the key accessibility features, is getting better, but is still inconsistent. For example, a bar chart showing children’s favourite colours might be described as simply “a graph with different coloured bars” by one tool, while a more sophisticated model provides a rich, detailed breakdown of the data, as it is appropriate. The gap between those two outputs is important, since it highlights the difference between understanding and exclusion for someone relying on a screen reader.

Automatic speech recognition for captions is another area where progress is real but the finish line is still some way off. A person experiencing a hearing deficiency will not consider an 85% accuracy rate good enough when captions are the primary means of accessing content.

Additionally, the European Union AI Act has been published since the 1st of August 2024. It makes direct accessibility-related references in terms of scope, requirement for content to be accessible and consideration of vulnerable groups in application of AI. It still, though, relies on existing EU law, like the European Accessibility Act to set the expectations, which makes sense since no one wants to reinvent the wheel.

EU AI Act – First regulation of Artificial Intelligence

AI as a positive agent for accessibility

Moving away from the negative aspects, it is true that AI holds genuine promise to support better digital accessibility. Real-time remediation of colour contrast issues, intelligent identification of non-descriptive links, improved heading structure detection, plain language simplification are all areas where machine learning and generative AI could make a tangible difference, in real time, particularly for users with cognitive disabilities or those who rely on assistive technologies.

Joshua Mitchell, a web platforms and accessibility specialist, published a fascinating experiment: he asked AI to simulate what using a screen reader on a real application feels like. Not to replace testing, but to generate a detailed transcript of the screen reader experience that he could share with stakeholders who had never used one.

I asked AI to use a Screen Reader – Blog post by Joshua Mitchell.

The results were fascinating, to say the least. The AI produced a long, detailed, and directionally accurate simulation of the experience of user navigating through a government permit application using a screen reader. It identified several issues: skip links that went nowhere, navigation drop down menus whose triggers were entirely unreachable by keyboard, and link text repeated identically ten times with no distinguishing context. The summary came back with the note that “a screen reader user attempting to search for a building permit would need to tab past approximately 40 interactive elements”. Not only a failure of accessibility, but of user experience altogether.

Joshua is clear that this approach doesn’t replace human testing or the specialist expertise of someone who actually uses assistive technology day to day.

Apart from accelerating the understanding of content challenges for screen reader users, there is another, hidden, benefit: It is often very difficult to communicate the challenge of abstract accessibility principles. “WCAG 2.1 AA compliance” doesn’t mean much to someone who has never relied on a screen reader, or is an accessibility expert. Even though there are applications that simulate the experience, they require time to set up and use. A simulated transcript of what their service actually announces, written out in plain text, is something else entirely. It can very quickly reveal fundamental issues which otherwise might not have triggered the necessary action.

There is a yin and there is a yang

AI is neither the villain nor the saviour of web accessibility. It’s a tool, and like most tools, its impact depends entirely on how it’s used and who’s in charge of it.

From one side, it carries over the biases and deficiencies of a 20+ year old World Wide Web. On the other hand, experiments like the one by Joshua Mitchell, show that AI can become a powerful assistive layer to accessibility experts. It cannot replace the human expertise in accessibility. Furthermore, it cannot be a replacement for continue having an approach of accessibility by design.

Personally, I will continue to seek how we can use AI as an ally in our efforts to deliver a more accessible University of Edinburgh web estate, and post my thoughts and findings.

I would love to hear how others in the Higher Education community, or beyond, are thinking about this. Are you already using AI tools in your accessibility workflows? What’s working? What’s causing concern? Please, drop a comment below or get in touch.

With the Christmas holidays fast approaching, it’s time to find the right recipe to bake cookies and sweets and please family and friends. But, there’s one kind of cookies that lives all year long, mostly in the devices you use to access the internet. If you give this permission explicitly. In the University of Edinburgh, we have been working to build the most appropriate approach to provide this option to our website visitors, while ensuring we are not compromising on our areas. Here’s the story of how we achieved this, with the Information Commissioner’s Office (ICO) confirming our compliance earlier this year.

And, if you stick to the end, there’s a Greek Christmas cookie recipe, too.

The University Web Estate: It’s complicated

First, a bit of context. When we talk about “the University of Edinburgh website,” we’re not talking about a single, tidy digital presence. We’re talking about an ecosystem. An iceberg, if you will. The numbers are staggering: our web registry lists an average of 1,500 websites, which are managed by more than 1,000 editors, publishing millions of pages, hosted in multiple platforms.

At the tip of that iceberg? The stuff everyone sees, the University homepage, school websites, alumni platforms, which receive millions of visits. But beneath the surface? A vast network of specialised research, project and departmental websites, which serve highly specific audiences who absolutely need that information.

One very important thing to note, though is that when the regulators, like the ICO, audit the University’s web estate, they don’t see 1,000 website owners making independent decisions. They see one entity. The University of Edinburgh. One door to knock on. That’s why we take web governance seriously. Because when it comes to compliance, we’re all in this together.

The cookie conundrum: finding the sweet spot

Since GDPR landed in 2017, the digital world has been wrestling with a fundamental question: how do we respect user privacy and continue to understand how people use our websites?

For us, that’s not just philosophical, it’s practical. Our marketing teams need web analytics data to know whether their campaigns are working. Are prospective students finding what they need? Is that targeted marketing campaign actually reaching its intended markets? Without data, these questions are impossible to answer.

But we’re also a global university. When someone accesses our website from the European Union (EU), GDPR applies. From California? CCPA matters. From elsewhere? Other regulations might kick in. We can’t realistically adjust our approach country-by-country, so we made a strategic call: comply with the strictest legislation out there, the EU’s GDPR.

The factor of web analytics

The previous iteration of our cookie consent banner was triggered by our move to use GA4 as our Web Analytics platform. Since the cookies that it set required explicit user consent, we need to adjust our banner to ensure full compliance. The message to our users was crystal clear. When someone visited our website for the first time, they had to make explicit choices right there and then, and only after they’d made their choices could they access the content they came for.

The University’s cookie cookie consent approach is changing – Blog post by Stratos Filalithis, November 2023

The result was full compliance, but at the expense of gathering meaningful web analytics from our users. The wasn’t because our website visitors were leaving the website, even though a subset of them visiting on mobile devices via social media probably did. Most of them  were still continuing their journey to our content, but they were now making informed choices (brilliant for our user), and many of those choices were “no thanks to tracking” (less brilliant for our marketing colleagues). Campaigns costing thousands of pounds were running blind. We couldn’t tell what was working, what wasn’t, or where people were coming from and where they were going.

Our marketing community came back to us, understandably frustrated: “How are we supposed to make strategic decisions without data?”

We had to go back to the drawing board.

Striking the balance

We did our homework. We talked to users about their expectations. We researched what other universities and major websites were doing. We worked closely with our marketing community and Data Protection Office to understand what “compliance” really means, not just in legal terms, but in practical, user-friendly terms, and how we can better support the gathering of web analytics.

The result? A simpler approach that respects both user choice and the need for meaningful data.

The updated banner sits quietly at the bottom of the page on your first visit. It doesn’t block your content. having just three clear options: Accept, Reject, or Manage Preferences. None of them is emphasised over the others, since we treat users fairly.

And it’s working. Analytics data has recovered because people are making genuinely informed choices, and many are comfortable with reasonable data collection. Those who aren’t can easily decline. Everyone wins.

We launched this approach in April 2025, confident we’d got the balance right.

Enhancing our cookie banner for better user experience – Blog post by Sonia Virdi, April 2025

The ICO Audit: sweaty palms and sweet validation

Then, shortly after we released the new banner, we got an email: “The ICO would like to audit your website.”

Cue the cold sweats and thoughts of that web estate iceberg metaphor. We sat down with our Data Protection Office and Legal team and we prepared our honest, and transparent, response. A couple of weeks later, the verdict arrived:

“The ICO has noted that you have declared that your website and domain is compliant with the scope of the ICO’s current criteria for investigation.”

That made us one of 415 sites (out of the 1,000 top UK websites audited) that were directly compliant. About 500 others eventually got there after some back-and-forth. Twenty-one still aren’t compliant.

ICO action secures increased cookie compliance, giving millions stronger control over their personal information online – ICO News, December 4th, 2025.

For us? It validated all the research, iteration, consultation, and careful balancing we’d done. Our efforts have paid off.

Why this matters beyond compliance

Cookie compliance isn’t just about avoiding regulatory trouble. It’s about building trust.

When we get this right, we’re telling our audiences: prospective and current students, staff, alumni, research partners worldwide, that we respect their choices. We’re transparent about what data we collect and why. We make it easy to opt in or out, and respect their choices. That trust matters. Especially for a global institution where our digital presence reaches people in dozens of countries, each with their own privacy expectations and cultural norms around data.

Helpful resources: We’ve done the heavy lifting

If you’re managing a University website (or any website within our ecosystem), we’ve created guidance that works. It’s been ICO-tested. It’s been user-tested. It balances compliance with usability.

UK GDPR compliance guidance for websites – University Wiki [Requires Login]

For those using our centrally supported platform, EdWeb, all of this is automatically deployed. For those on other platforms, please follow this  guidance. Because when the ICO comes knocking, they knock on the University’s door, and we need to know that everyone’s doing their bit.

Cookie compliance is just one piece of the puzzle. Over the past month, we’ve soft-launched a new resource covering the broader responsibilities of website owners. From legal requirements like data protection to university guidelines on branding, and best practices for sustainability and content creation.

Web Estate Governance resource – University Sharepoint [Require Login]

We’re a small team supporting a large, complex, evolving web estate, and we’re actively seeking feedback. We welcome colleagues to browse this content. and let us know what works, what doesn’t, and what’s missing. We’re evolving this resource for our community, so your input genuinely shapes what it becomes.

What about the sweet kind of cookies you were promised?

If you made it so far in this blog post, then you deserve the reward that was promised. Christmas in Greece is the time for some traditional baking. One of the favourites is sweet honey cookies, called “melomakarona”. Done right, they have a sweet syrupy cover, topped with walnuts, and a soft taste of orange, honey, cinnamon and cloves. Delicious! Try it and you will come back for more.

Greek Christmas Honey Cookies “Melomakarona” – Recipe by Akis Petretzikis