AI agents don’t read content the way humans do. They operate inside strict token budgets — fixed limits on how much text they can process at once. When your content exceeds that budget, the agent doesn’t skim. It cuts. Understanding where those cuts happen, and why, is the actual foundation of AI content strategy right now.
The optimization community has spent two years talking about “writing for AI” without confronting this constraint directly. Token limits aren’t a technical footnote. They’re the architectural fact that determines whether your content gets cited, summarized, or silently discarded.
Context Windows Don’t Determine What Agents Actually Read
Modern language models advertise context windows measured in hundreds of thousands of tokens. GPT-4o handles 128,000. Claude 3.5 handles 200,000. It’s tempting to assume that means an AI agent will happily consume an entire website and synthesize it. That’s not how deployed agents work in practice.
Most AI systems that retrieve web content use a retrieval-augmented generation (RAG) architecture. The agent doesn’t read your page from top to bottom. It queries a vector database, pulls the passages most semantically relevant to the query, and feeds only those passages into the model’s active context. The effective reading window for any single passage runs between 375 and 1,500 words.
Your content competes passage by passage, not page by page.
The agent isn’t evaluating whether your article is good. It’s evaluating whether a specific block answers the query it’s trying to resolve.
Sequential Content Architecture Fails at Passage-Level Extraction
Oomph’s GEO audit work across clients in multiple verticals has surfaced one consistent pattern: the passages that earn AI citations contain a complete unit of information within 150 to 300 words, with claim, evidence, and implication all present. Passages that require surrounding context get retrieved less often, and cited almost never.
The explanation is structural. Most web content is written to be read in order. Context builds across sections. Arguments develop over paragraphs. Evidence appears after setup. Sequential structure serves readers who move through an article from beginning to end. AI retrieval systems pull individual passages without surrounding context, which means content that relies on sequential reading will fail at the extraction stage.
When a RAG system pulls a passage from your article, it gets that passage without surrounding content. If your best insight sits in paragraph four of section three, after two paragraphs of setup and a transition, the retrieved passage is incomplete. The agent gets the insight without the framing that makes it intelligible. It can’t cite what it can’t understand in isolation.
Token-Aware Content Architecture Prioritizes Information Density Over Narrative Flow
SEO-first content prioritizes keyword density, internal linking, and time-on-page signals. Token-aware content organizes around a different variable: how much answerable information exists per unit of text, and whether each block can stand alone.
The practical difference shows up in four places.
Opening sentences carry the full answer. AI retrieval systems, including those powering Perplexity, ChatGPT search, and Google’s AI Overviews, are trained to extract the first one to two sentences of a passage as the primary answer candidate. If your opening sentence is context-setting (“The world of digital marketing has changed dramatically…”), that slot is wasted. If it’s answer-first (“Brands that structure content for passage-level extraction appear more frequently in AI-generated responses across the major platforms”), the agent has something to pull.
Headers state findings, not topics. “Content Strategy Best Practices” tells an AI agent nothing about whether this section answers its query. “Passage-Dense Content Gets Retrieved More Often Than Narrative-First Content” gives the agent a decision signal before it reads the body text. Header specificity is a retrieval signal, not just a UX preference.
Paragraph length maps to token chunks. Most RAG implementations chunk content at natural paragraph breaks. A 600-word paragraph becomes a single chunk that may or may not surface as a coherent answer. Five 120-word paragraphs, each containing a discrete claim with evidence, become five distinct retrieval candidates that an agent can evaluate independently.
Lists and tables survive extraction better than prose. Structured data holds up under chunking because each list item or table row is a self-contained unit. Narrative that relies on transitional connectives (“building on that point,” “as we saw above”) breaks when extracted from context.
None of these principles require abandoning good writing. They require front-loading the substance. The writer who saves the insight for the closing paragraph is writing for suspense. The content that gets cited leads with the answer.
Technical Signals Tell Agents Where to Look and What to Trust
Content structure gets you into the retrieval pool. Technical signals affect whether you’re weighted toward the top of it.
The llms.txt standard is the clearest example of a technical signal designed specifically for AI agents. A file placed at your domain root tells AI crawlers which content is authoritative, which is supplementary, and which sections are meant to inform rather than be cited. Oomph has implemented llms.txt across multiple client properties. The consistent finding is that agents using this signal weight the flagged authoritative content over other content on the same domain that isn’t marked up.
Structured data functions as a secondary retrieval signal. An FAQ schema turns a list of questions into machine-readable answer pairs. An Article schema with explicit author attribution, publication date, and about markup gives an AI agent metadata that affects both retrieval ranking and citation confidence. Agents are more likely to cite content when they can verify its provenance without inference.
Robots.txt deserves specific attention here. Blocking AI crawlers with a broad disallow rule does more than limit indexing. It determines whether any AI system trained on web crawl data ever incorporates your content into its model weights. Companies that blocked AI crawlers in 2023 and 2024, reasoning that they didn’t want their content used for training, may now find themselves underrepresented in AI responses across platforms they didn’t anticipate. The decision to block or allow specific crawlers (GPTBot, ClaudeBot, Anthropic-ai, PerplexityBot) affects citation share of voice, not just training data.
A Token-Aware Content Audit Finds Three Failure Modes Every Time
Running a token-aware audit on an existing content library typically surfaces the same problems across clients and verticals.
The first is setup debt. A significant portion of most articles’ opening sections contains no retrievable information: context-setting, background, and framing that made sense in a sequential reading model. An audit quantifies this debt and flags it for rewrite priority.
The second is information burial. High-value claims, the specific sourced insights that AI agents want to cite, frequently appear in the middle or end of articles. This is a holdover from the long-form content era of 2012–2016, when longer articles ranked better and writers front-loaded engagement hooks rather than answers. An audit maps where citable claims live relative to passage boundaries.
The third is structural mismatch. Social sharing content follows emotional arcs: story, tension, release, punchline. That pattern performs poorly under AI retrieval. An audit distinguishes between content that should keep its social-sharing structure and content that should be restructured for agent consumption, and flags which pieces warrant investment in both.
The Gap Still Favors Brands That Restructure First
The signals that drove content strategy for the past decade (keyword rankings, time-on-page, backlink profiles) don’t disappear. A new constraint joins them, one that’s structurally different from anything in traditional SEO: can an AI agent extract a complete, citable unit of information from your content without reading the whole article?
That question has a concrete answer for every piece of content on your site. Each passage either holds up in isolation or it doesn’t. The same binary applies to every header and every technical signal on the page.
The brands showing up in AI-generated responses right now aren’t necessarily the ones with the best content. They’re the ones whose content happens to be structured the way AI agents retrieve it. The gap between those groups is still wide enough that structural changes move fast. It won’t stay that way.
Ready to find out how your content holds up under AI retrieval? Oomph’s GEO audit process maps exactly where your content gets cut, buried, or missed, and what to restructure first. Get in touch with our team to start with a token-aware content audit.
Brands with strong traditional SEO rankings are getting skipped by ChatGPT, Perplexity, and Google’s AI Overviews. Not because their content is bad, but because it’s structured for a retrieval system that AI pipelines don’t use. Four days at SEO Week NYC 2026 laid out exactly what’s broken and what fixes it.
You’ve likely watched this play out already: rankings hold, but traffic from AI-generated answers goes to competitors. Or a prospect mentions they “looked it up” before calling, more recently meaning they asked an AI. The problem isn’t your SEO. It’s that the signals AI systems use to decide what to cite are often different than the signals that determine traditional rankings, and most brand sites haven’t been built for them yet.
AI Systems Filter Out Most Content Before They Ever Read It
AI retrieval pipelines evaluate content through a series of eligibility checks before a model ever sees it. Content that fails those checks can’t be cited, regardless of its quality or ranking. Krishna Madhavan, Principal Product Manager at Microsoft AI, opened the conference by describing what he called the “invisible, converged web”: a layer of grounding confidence scores, safety filters, publisher controls, and attribution signals that sits between your content and the AI systems your audience is using. If your content doesn’t carry the right signals, it gets filtered out at that layer. It never reaches the model.
This is the structural gap most brands don’t know they have. A page can rank on the first page of Google and be completely absent from AI-generated answers on the same topic, because ranking signals and retrieval eligibility signals are different. Google evaluates pages. AI pipelines evaluate whether individual content blocks are structured, sourced, and verified enough to ground a response. Madhavan’s framing was precise: modern SEO and GEO now feel less like ranking tactics and more like a distributed systems challenge, where the goal is coordinating the signals that let AI pipelines trust and reuse your content.
In every GEO audit we run at Oomph, most brand sites are missing at least two of those signals. The most common gaps are invisible in standard SEO tooling, which is exactly why brands with strong traditional performance are still surprised when their AI citation share is near zero.
Traffic Metrics Will Lie to You About Your AI Search Performance
AI Overviews, ChatGPT, and Perplexity are answering questions in your category and not sending traffic to your site, but your analytics won’t show you that as a problem, because there’s no traffic to track. Jori Ford, Chief Marketing and Product Officer at FoodBoss, introduced the HEO (Hybrid Engine Optimization) framework at SEO Week specifically to address this measurement gap. Her Hybrid Engine Score is a weekly composite that tracks both traditional ranking performance and AI citation performance in a single number. Measuring them separately, or measuring only one, gives you an incomplete and often misleading picture of your actual search visibility.
Dale Bertrand of Fire&Spark extended this into the CFO conversation that most marketing leaders are currently losing. If your traffic is down but AI-influenced conversions are up, you’re actually winning. GA4 misses most AI-driven attribution, so you look like you’re failing. Bertrand’s work with global brands showed that revenue-focused GEO consistently produces stronger business outcomes than traffic-focused SEO when you measure far enough downstream. The brands building that measurement and implementation frameworks now are the ones who’ll be able to defend AI search investment in 12 months, when leadership starts asking why organic traffic hasn’t recovered.
“Revenue-focused GEO consistently produces stronger business outcomes than traffic-focused SEO.”
A Weak Paragraph Loses to a Strong One Every Time
AI systems retrieve at the paragraph level, not the page level, which means every paragraph on your site now competes independently to be cited. Mike King’s session was the most direct of the conference on this point. His framing: Google has been operating semantically for over a decade, most SEO tooling still does keyword math, and the gap between what tools measure and what AI systems actually evaluate has become the opportunity for brands willing to close it. A well-structured, well-evidenced paragraph on a thinner site gets cited ahead of a buried, unfocused paragraph on a high-authority domain.
The practical consequence for your content team is specific. Paragraphs need to open with their conclusion, not build toward it. Each paragraph should address one provable idea with enough context that it can be extracted and stand alone. Sourcing needs to be explicit and named. An unnamed statistic is an assertion an AI system can’t ground.
The brands we work with who’ve rebuilt their content architecture around these requirements are seeing measurable improvement in AI citation rates within 60–90 days. That improvement shows up in AI Overview appearances and third-party platform citations before it shows up in traffic numbers.
Four Technical Requirements Now Sit Between Your Content and AI Citation
Structured, sourced, crawlable, and machine-readable content gets cited by AI systems. Content missing any one of those properties gets filtered before retrieval. Andrea Volpini, CEO of WordLift, described the staged retrieval process AI systems use: models don’t consume your site whole, they pull from a pre-filtered subset of content that met a minimum bar for structure and verifiability. Content that isn’t structured, connected, and verifiable gets excluded from that subset, regardless of how good it is as writing.
The four technical requirements that determine whether your content clears that bar are: AI crawler access confirmed in your robots.txt; schema markup that is complete, accurate, and present on key pages; an llms.txt file that correctly tells AI agents what they can use from your site; and content blocks written so individual paragraphs can stand alone as cited answers. In every GEO audit we run at Oomph, most brand sites are missing at least two. None of these are advanced configurations. They’re the new baseline for being retrievable. Platforms like Scrunch can show you exactly where you stand across ChatGPT, Perplexity, Gemini, and Google AI Overviews: which prompts surface your brand, which source pages are driving citations, and where competitors are getting cited in your place.
The Brands That Close This Gap First Will Be Significantly Harder to Displace
AI citation compounds the same way that traditional search authority compounds. Brands that establish consistent citation history build a signal advantage that takes competitors real time to close. The difference from traditional SEO is that the window to build that advantage early is shorter, because the field is moving fast and the gap between brands actively building for AI retrieval and brands waiting to see how it develops is widening every month.
The sequencing for closing that gap is straightforward. Technical access for AI crawlers comes first, because you can’t be cited if you can’t be read. Schema markup and structured data come next, because they’re the verification signals AI systems use to trust your content.
Passage-level content architecture follows. Reformatting existing strong content for standalone paragraph retrieval is often faster than creating new content. Third-party brand presence on the platforms AI models train on comes last, because it’s the authority signal that determines whether an AI system treats your content as a credible source or skips it in favor of one it recognizes.
At Oomph, we run GEO audits that score your site across all four of these dimensions and return a prioritized 30-day action plan. If you’re not sure where your brand stands on AI visibility, the audit tells you exactly which gaps are costing you citations right now. Talk to us about a GEO audit.
This week Salesforce signed a deal to acquire Contentful, and most of the coverage is filing it under CMS M&A. I think that misses what’s actually being bought. The interesting part is what an AI agent does with a content platform.
An agent doesn’t take your content and show it to someone. It reads structured, governed source material – your context – and writes the content itself: the answer, the reply, the assembled page, generated on the fly, per customer, per channel. So the most valuable thing you can hand an agent is context it can trust.
That distinction matters more than it sounds. Agents are moving into production quickly, and they will answer your customers and your own staff straight from that material. Point one at clean, governed context and it’s useful. Point it at stale, contradictory, ungoverned content and it will hand back a fluent, confident, wrong answer. Garbage in, confident-sounding garbage out. Either way, it’s speaking for you.
I’ve argued before that content won the web, but context wins the agents, that the CMS was quietly becoming the layer agents reason over. This deal is the biggest CRM on the planet putting real money behind exactly that. Oomph is a gold-certified Contentful partner. We build on the platform daily, and we’ve integrated it with Salesforce and the systems around it. So I’ve been watching this one closely.
So look at what Salesforce already owned. Customer data, and plenty of it – they paid $8 billion for Informatica last year to pull it all together. CRM, marketing, commerce, service. Agentforce on top, ready to act. The one thing they couldn’t pull out of a customer record was the context an agent needs to say something trustworthy: approved product facts, current pricing, the disclosure that has to run in a regulated market, the brand voice, and the right localized version for each audience. Contentful holds all of that. It fits a pattern, too – Informatica, then Momentum, Qualified, Cimulate, and now Contentful. That’s a company building an agent stack on purpose, one acquisition at a time. They decided the context layer was worth buying rather than building.
A customer record can’t tell an agent what it’s allowed to say
Your CRM knows who the customer is. It has no idea what you’re allowed to say to them.
That gap is the whole game. Ask an agent “what’s the current return policy in Germany for this product line” and it will answer either way. Whether the answer is right comes down to three things. Your data tells the agent who is asking. Your context, the structured, governed, current truth behind everything, is what it reasons from. And the content is what the agent generates out of that context in the moment. Data and content are the parts most companies already plan for. Context is the part that gets treated as an afterthought, and it’s the part an agent leans on most.
Jujhar Singh, who runs the applications group at Salesforce, framed the deal around three things working together: the data, the AI-driven content, and the experience. Context is the thread running through all of it. The agent generates the content live, the experience is only as good as what it generates, and both stand on whether the context underneath is trustworthy. That’s what Salesforce bought: the governed context everything else gets built from.
The old acronym survives. The job is changing.
For twenty-five years a CMS has been a Content Management System: somewhere to keep content and push it onto a page for a person to read. An agent uses the same system for a different job. It reasons over that governed context and generates whatever needs to be said from there. Same three letters, new system. The CMS is turning into a Context Management System, and Salesforce just paid to own one.
The headless platforms saw this coming. They had already solved the hard parts an agent needs – structured models, versioning, permissions, and audit trails – and were adding the connective tissue to talk to agents directly. When the biggest player in the category backs that direction with a checkbook, the rest of the market should take the hint.
The old job doesn’t go anywhere, to be clear. Plenty of organizations are running Contentful today purely to manage website content, several of them clients of ours, and that work is the foundation the rest of this gets built on. The structured models, the editorial workflows, the governance, the API-first delivery you set up to run a modern website are the exact things an agent reasons over. You built it to publish pages. You were also building the context layer, whether you planned to or not.
And context reaches well beyond the public website. A lot of it lives in intranets and internal systems: the policies, the procedures, the product knowledge, and the operational detail that actually run the business. That changes who owns the platform. For most of its life a CMS was a marketing purchase, a tool for the brand and the website. Once agents need that governed internal context too, it outgrows marketing, and ownership moves to IT, data, and the enterprise. That shift is already underway, and if you sit in one of those teams, it’s landing on your desk whether you asked for it or not.
The part most of the coverage will skip
The blast radius isn’t the same for everyone. For a retailer, a wrong answer is a bad refund. For a hospital, a bank, a university, or a regulator, it’s a misinformed patient, an exposed internal document, or a benefit you never actually offered. Same technology, very different exposure, which is why governed context is a bigger deal for the organizations we work with most – in healthcare, higher education, government, and associations – than the headlines suggest.
There’s a sovereignty question here too, and it lands hardest on the public sector. Contentful is a German company, and bringing it under a US owner pulls it under US law, including the CLOUD Act. With the EU moving to restrict sensitive public-sector data on US clouds, a government or higher-ed buyer should put that on the question list, not in a footnote.
Where this leaves you
The instinct in most organizations is to make more content. The work that matters now is getting your context in order – structured, current, owned, and governed – because your agents will generate from it whether it’s clean or not. The content platform becomes a system of record: where brand, policy, product knowledge, and compliance live, and where your agents go to find the truth.
If you already run Contentful, the practical news is reassuring. Salesforce has said it keeps operating on the same platform, APIs, and support model, with tighter Agentforce integration as the roadmap rather than a forced migration. Nothing about your current build breaks. The move now is to point the foundation you’ve built at what’s coming next, and that’s a conversation we’re already having with clients.
The organizations that get their context right now are the ones whose agents will be worth trusting later. The big platforms have started spending real money to get there. The window to do the unglamorous work before your agents go live is open right now, and I don’t think it stays open long.
Oomph is a digital experience consultancy serving regulated industries and mission-driven organizations, including healthcare, higher education, government, and associations, where compliance, accessibility, and trust are non-negotiable.
The DOJ just handed organizations an extra year on their WCAG compliance deadline, but that doesn’t mean the work stops. If anything, it’s a signal to accelerate.
On April 20, 2026, the Department of Justice issued an Interim Final Rule extending the ADA Title II web accessibility deadline by one year. State and local government entities serving populations of 50,000 or more now have until April 26, 2027, to achieve full WCAG 2.1 Level AA conformance. Smaller jurisdictions have until April 26, 2028. For organizations that have already been tracking Oomph’s earlier breakdown of the WCAG compliance landscape, this is the latest update, and the stakes are higher than the extension might suggest.
The Extension Doesn’t Change the Underlying Obligation
The DOJ’s rule revision pushes a deadline. It doesn’t remove one. WCAG 2.1 Level AA remains the legal standard under the ADA, and the obligation to make digital content accessible to people with disabilities has been codified since the original Title II rule was finalized in April 2024. The extension was issued in response to documented capacity constraints; some organizations were struggling with the scope of remediating thousands of PDFs and auditing vendor platforms. But organizations that have paused work in anticipation of a rollback shouldn’t interpret this as a signal to wait longer.
Private litigation hasn’t paused. ADA Title III lawsuits, which apply to private businesses, saw a 102% increase in recent years and aren’t tied to the DOJ’s enforcement calendar.
What the New Deadlines Mean for Your Organization
The updated compliance schedule breaks down by entity type:
- State and local governments (50,000+ population): April 26, 2027
- State and local governments (under 50,000 population) and special districts: April 26, 2028
- Private organizations that contract with or provide digital services to public entities: bound by the deadlines of their government partners, with contractual accessibility provisions becoming standard in procurement
If you work with public sector clients, including healthcare systems, universities, or municipalities, your contracts will increasingly reflect these requirements. Vendors are legally responsible for the accessibility of the tools and platforms they provide to covered entities. An extended deadline for your client doesn’t reduce your exposure.
Why an Extra Year Is Actually an Opportunity
Organizations that treat this extension as breathing room will spend it the same way they spent the last two years: waiting. The ones that use it intentionally will close the gap permanently.
True WCAG compliance requires more than fixing what’s broken today. It means building accessibility into your content production process, your procurement checklist, and your development workflow so that new content is compliant from the moment it’s published. There’s no grandfathering for content published after the compliance date; anything that goes live after your deadline has to meet the standard on day one.
The extension also offers something the original deadline didn’t: time to do the audit properly. A comprehensive audit, one that combines automated scanning with manual testing and includes real users with disabilities, takes time to execute and even more time to act on. Organizations that use this year to conduct a thorough audit, triage findings by risk, and implement remediation systematically will be in a fundamentally stronger position than those who rush a surface-level fix in the final weeks before a hard deadline.
What to Prioritize Now
The compliance work that matters most isn’t complicated, but it does require deliberate sequencing. Start with an honest inventory of what you have: web pages, PDFs, forms, video content, mobile applications. Identify which assets carry the highest user traffic and the highest legal exposure. That’s where remediation starts.
From there, the priorities are consistent regardless of organization type:
- Audit your highest-traffic pages and mission-critical digital services first.
- Address the underlying code. Overlay widgets don’t satisfy the standard and have been explicitly called out by the DOJ as insufficient.
- Review vendor contracts and confirm that third-party platforms in your digital ecosystem meet WCAG 2.1 Level AA.
- Build an accessibility policy that defines ownership, sets standards for new content, and creates a process for users to report issues.
- Train staff who create and publish digital content, not just developers.
The organizations that will find April 2027 manageable are already working through this list. The ones who don’t have 12 months to close a gap that was supposed to be closed already.
The Bigger Picture Hasn’t Changed
The DOJ’s extension is administrative. The underlying direction of travel toward universal, codified digital accessibility standards has been consistent for years and isn’t reversing. WCAG 3.0, expected no earlier than 2028, will shift from a pass/fail model to a tiered scoring system with Bronze, Silver, and Gold levels. Organizations that achieve full WCAG 2.1 Level AA conformance now will enter that transition from a position of strength.
Structured content distribution is the decoupling of content from presentation through a headless CMS and Content as a Service (CaaS) architecture. It is a sound strategy for organizations managing complex content distribution networks across multiple channels.
To be the most successful, this digital transformation requires organizations to change both their publishing workflows and their content ownership structures. Governance complexity affects 41% of CaaS adopters (PDF), workflow mismatches impact a third, and training requirements average 14 to 18 weeks.
We have implemented these systems for clients in healthcare, financial services, and higher education, and the pattern is consistent: the three failures that kill structured content initiatives are the preview gap, the ownership vacuum, and the training deficit. Here is what we have learned about each one — and what actually works.
The Promise
The pitch for structured content distribution is compelling: create content once, store it as modular data in a headless CMS, deliver it via API to any channel (web, mobile, kiosks, AI agents) without reformatting. The CaaS market is projected to reach $2.8 billion by 2035, and over 65% of enterprises have adopted headless CMS architectures.
What they do not tell you is that integration challenges affect 46% of adopters using legacy CMS platforms, and that 31% of enterprises encounter deployment delays exceeding six months. The technology works, but the governance requires just as much attention and is often overlooked. We have seen this avoidable pattern repeat across many structured content implementations.
Why Do Structured Content Migrations Stall?
In short, because organizations implement the technology without redesigning how their teams create, review, approve, and own content. That’s the governance problem.
A headless CMS decouples content from presentation. But most editorial teams have spent years, sometimes decades, working in systems where creating content and seeing how it looks are the same activity. WordPress, Drupal, and even SharePoint have a visual editing experience: build a page, see the page, publish the page.
Structured content does not work this way. Authors fill in fields like title, body, metadata, and related entries to publish content objects, not pages. As one analysis of Contentful’s editorial interface notes, “content editors work in structured content entry forms without seeing how content will render in production.” The front-end determines how those objects appear to users.
That architectural distinction is the correct one for consistent omnichannel delivery. It is also the one most likely to break editorial workflow expectations when teams do not deliberately plan for this big shift. In our experience, three governance failures account for the vast majority of structured content stalls.
What Is the Preview Gap, and Why Does It Derail Teams?
The preview gap is the loss of visual context that editorial teams experience when moving from a WYSIWYG (what you see is what you get) environment to a structured content interface, and it is the most immediate friction point in any headless CMS migration.
Authors who previously built pages visually are now filling in form fields and trusting that a front-end will render them correctly. The shift from “building a page” to “managing a content object” takes adjustment, and “once teams adapt, the structured approach tends to produce more consistent, reusable content.” The problem is what happens before they adapt.
What happens is that authors create workarounds. They paste formatted content into rich text fields, breaking the structured model. They submit tickets to developers asking “what will this look like?” multiple times per week. They maintain shadow documents in Google Docs so they can see their work in context. Every workaround is a governance failure — content that exists outside the system, formatting that undermines the content model, and developer time consumed by preview requests instead of feature development.
The planning that pays off includes building live preview environments for as many content sources as possible. This development work typically gets deprioritized because it is not user-facing, but it determines the success of the new system. As one migration guide puts it, headless platforms deliver excellent editorial experiences “when configured correctly — visual editing, live preview, flexible page-building, role-based permissions. But that configuration is work, it doesn’t happen by default.” Budget for it, build it first, and do not launch editorial access without it.
What Is the Ownership Vacuum?
The ownership vacuum is what happens when structured content crosses departmental boundaries without clear governance over who maintains the content model, who approves changes to shared components, and who is accountable when content is reused in a context the original author never intended.
In a traditional CMS, the marketing team owns the marketing pages, the product team owns product pages, etc. Structured content breaks this model deliberately — a product description created once might appear on the website, in a mobile app, in an email campaign, and through a chatbot simultaneously. But governance complexity affects 41% of CaaS adopters, and multi-team collaboration across 6 to 10 departments increases governance overhead by 27%.
Questions seldom asked include:
- When the compliance team changes a regulatory disclaimer, who is responsible for verifying that the change renders correctly across every channel consuming that content object?
- When marketing adds a field to the product content type, who assesses the downstream impact on the mobile app and the support knowledge base?
We have seen organizations discover these questions six months post-launch, usually during a content audit that reveals inconsistencies no one can trace. In regulated industries — healthcare, financial services, higher education — those inconsistencies are compliance risks.
Knowing these pitfalls ahead of time can lead to the establishment of a content model governance board before migration begins. A small, cross-functional group (typically 3 to 5 people spanning content strategy, development, and compliance) owns the content model as a shared organizational asset. They approve changes to content types, evaluate reuse implications, and maintain a living inventory of where shared content objects appear. This role does not exist in traditional CMS organizations because it’s not needed. But in structured content environments, it is absolutely necessary.
Why Does the Training Deficit Compound Everything?
Because organizations allocate 90% of their transformation budgets to technology and implementation, and only 10% to change management — the part that determines whether anyone actually uses the system they built.
Training requirements for CaaS implementations average 14 to 18 weeks, the elapsed time from initial exposure to genuine editorial fluency. This training creates the confidence for authors to create, structure, and publish content without reverting to old habits or filing developer tickets. Most implementation budgets account for a one-day training session and a knowledge base article. The gap between that and actual fluency is where adoption dies.
The compounding effect of the training deficit makes this particularly damaging. Undertrained authors hit the preview gap and panic. Without clear governance ownership, there is no one to answer their questions authoritatively. They build workarounds. Those workarounds corrupt the content model. The corrupted content model undermines the case for structured content. Stakeholders lose confidence. The transformation stalls.
BCG’s study of 850+ companies found that only 35% of digital transformations meet their value targets globally. The failure rate is a change management problem that looks like a core problem with the technology itself.
To avoid this failure spiral, structure editorial onboarding as a phased engagement, not a one-and-done event. In our implementations, we start with a pilot group of 3 to 5 authors working with the system while the front-end is still being built. They surface friction points the development addresses in real-time. When the broader editorial team is onboarded, the common pain points have been resolved, and the pilot group serves as advocates who can answer questions and support their peers. This approach adds little cost and dramatically improves adoption velocity.
What Should Organizations Do Before Starting a Structured Content Migration?
Treat governance design as a foundation to build a successful digital transformation:
- Audit your editorial workflows as they actually operate. Map who creates content, who reviews it, who approves it, and where informal workarounds exist. As one migration planning guide advises, most publishing workflows “are often based on legacy systems, informal approvals, or staff availability. The result? Delays, missed steps, and content that never quite gets finished.” Your structured content governance must account for the real workflow, not the theoretical one.
- Define content model ownership before selecting a platform. Determine who will own the content model as an organizational asset, who can request changes, and what the approval process looks like. This governance structure should be platform-agnostic — it is an organizational decision, not a technical one. We have helped clients build this through our roadmapping and strategy engagements, and it consistently reduces mid-project governance confusion.
- Budget for editorial experience parity. If your authors currently have WYSIWYG editing, live preview, and visual page building, do not assume they will accept a simpler and more limiting form-based interface. Calculate the development effort required to provide contextual preview in your new architecture and include it in the implementation scope, not as a phase-two enhancement. Phase two rarely arrives before editorial frustration does.
Wrap Up
The CaaS pitch is not wrong. Structured content distribution is the right architecture for organizations publishing across multiple channels, and it is increasingly the right architecture for AI readiness — structured data is what AI systems consume most effectively. But the promise underestimates the organizational effort to make it successful.
Technology is the easy part. Governance, training, and editorial adoption are harder, and that is where implementations succeed or fail.
We have built these systems on Contentful, Drupal, and composable architectures for organizations in regulated industries where getting content wrong has real consequences. The lesson we keep relearning is the same one: start with the team, not the platform.
Summary
On April 20, 2026, the Department of Justice extended ADA Title II web accessibility compliance deadlines by one to two years for state and local government entities. The extension does not pause underlying accessibility obligations, and it does not extend the separate HHS Section 504 deadline that may apply to hospitals and nonprofits receiving federal funding. Organizations tracking a single calendar are exposed to what we call the two-deadline trap. The right response is to use the extension to systematize accessibility, not to defer it.
This article is not legal advice. Confirm which rules apply to your organization with qualified counsel.
Four days before the original compliance date, the DOJ reset the clock.
Per a summary from Jackson Lewis, state and local governments with populations over 50,000 now have until April 26, 2027 to comply with WCAG 2.1 Level AA under Title II. Smaller entities and special districts have until April 26, 2028.
If you run digital for a public entity, exhale. If the extension made you slow down, recalibrate. The deadlines moved, but the risk did not.
What actually changed, and what did not?
The DOJ pushed back the date that specific technical requirements become enforceable.
What did not change: the underlying ADA obligation to provide accessible programs and services. Title III public-accommodation risk for hospitals, providers, and nonprofits is unaffected. Demand letters and accessibility-related litigation continued straight through the extension announcement; they did not pause for it.
The compliance date is a deadline, not a start date. Organizations that wait will spend the extension period accumulating debt in templates, content, and vendor contracts, then attempt to remediate it in a sprint. That sprint is where the avoidable risk lives.
Why doesn’t the extension help hospitals and nonprofits?
The DOJ rule covers state and local government entities. It does not cover hospitals and nonprofits whose accessibility obligations come from a different source: federal financial assistance under Section 504 of the Rehabilitation Act.
Jackson Lewis notes that HHS has a separate Section 504 web accessibility compliance date, and as of this writing it has not been extended. Until HHS acts, plan as if it holds.
If your organization receives HHS funding, operates patient portals, runs scheduling or billing flows, accepts donations online, or hosts learning and event platforms, your timeline is likely shorter than the DOJ headline suggests. Title III public-accommodation exposure runs alongside it.
What is the two-deadline trap?
The two-deadline trap is the assumption that a single, well-publicized accessibility deadline is the only one that applies to your organization.
It happens when leadership tracks the DOJ Title II extension and treats it as the program’s primary clock, while a separate Section 504 or Title III obligation governs the actual exposure. The result is a roadmap pegged to the wrong date and a remediation budget that arrives late.
Avoiding it requires confirming, in writing and with counsel, which rules apply, which deadlines govern, and which user-facing services fall inside each scope.
What does day-one compliance actually look like?
Day-one compliance is the day your organization can demonstrate that new content is published accessibly, high-impact user flows work with assistive technology, vendors are managed as part of your posture, and governance is in place.
In our experience working with regulated organizations, the failure mode is rarely the homepage. It is the publishing system that keeps creating new accessibility debt — new pages, new PDFs, new embedded forms, new third-party widgets — faster than remediation can clear it. A defensible program stops the inflow before it works down the backlog.
That means accessibility moves upstream into design system components, CMS templates, content briefs, QA gates, and vendor intake. “Archived content” stops being a folder name and becomes a governance decision with rules. Procurement language changes so the next contract renewal does not lock in another year of vendor risk.
Will an accessibility overlay protect you?
No. Overlays can adjust some visual and interaction settings for some users, but they do not remediate the underlying barriers in your templates, components, content, or third-party tools. The Overlay Fact Sheet, signed by hundreds of accessibility practitioners and organizations, documents the consensus position.
If a widget is your strategy, assume you still need code-level fixes in templates, manual testing with assistive technology, content authoring training, and a third-party tool plan. The widget is not a substitute for any of those, and a number of overlay vendors have themselves been named in accessibility lawsuits.
What should accessibility leaders do this week?
Five actions, in order.
- Confirm which rules apply, and which deadline governs. Title II, Section 504, Title III, or more than one. If there is uncertainty, this is a counsel question, not an internal one.
- Name a single accessibility owner. Not a committee, but one person responsible for coordinating across IT, content, legal, and procurement. Accountability is the program.
- Test your top five user-critical flows manually. Forms, authentication, scheduling, payments, donations, patient portal — whatever blocks access to your primary services. Manual keyboard-only and screen reader software spot checks find what automated scanners miss.
- Inventory third-party tools and audit their contracts. Where contracts are silent on accessibility, flag them as priority renewals. Your compliance posture runs through every embedded vendor whether the contract says so or not.
- Write a 90-day plan and share it with leadership. Specific, resourced, and tracked beats comprehensive and aspirational every time.
The extension is not a year off. It is a year to put a defensible program in place before the rules apply more explicitly than they already do. Use it wisely.
Summary
Most content strategies optimize for one outcome: ranking. Ranking is only half the visibility equation now. Citation-Ready Content Architecture, developed at Oomph, helps organizations build content that performs across traditional search results and AI-generated answers simultaneously. It rests on three principles – modular structure, demonstrated authority, and extractable specificity – and we apply it with clients in healthcare, higher education, and government where being cited accurately is as important as being found.
This crystallized during a client conversation earlier this year. We were looking at their analytics – a major healthcare organization – and the pattern was striking. Impressions were climbing. Rankings were stable. But clicks were dropping steadily, month over month. The content was being surfaced by Google, but patients were getting their answers from AI Overviews without ever visiting the site.
That’s a visibility problem most of us weren’t trained to solve – and it requires a different content architecture.
Gartner predicts traditional search volume will drop 25% by the end of 2026 as users migrate to AI-powered answer engines. Ahrefs found that 80% of URLs cited by ChatGPT, Perplexity, and Copilot don’t rank in Google’s top 100 for the original query. And the Pew Research Center’s study of 68,879 actual Google searches found that only 8% of users clicked a traditional result when an AI Overview appeared, compared to 15% without one – roughly half the click-through rate.
Content that ranks and content that gets cited aren’t always the same – but they can be, if you build for both from the start. That’s Citation-Ready Content Architecture.
What Is Citation-Ready Content Architecture?
Citation-Ready Content Architecture is the practice of structuring digital content so it simultaneously ranks in traditional search engine results and gets extracted, synthesized, and cited by AI answer engines like ChatGPT, Google AI Overviews, and Perplexity. Developed by Oomph as a framework for regulated industries, it combines modular content structure, demonstrated authority signals, and extractable specificity into a unified content design principle – replacing the need to maintain separate SEO and GEO strategies.
The key word in that definition is “simultaneously.” That means content architecturally designed to work across every discovery surface – ranked results, AI summaries, voice assistants, whatever comes next – because the underlying structure supports all of them.
In our work with clients across healthcare, higher education, and government, we’ve found this transition isn’t a massive lift for organizations with strong content fundamentals. The gap between SEO-optimized and citation-ready content is structural, not substantive – it’s about how content is organized, not whether it’s good.
Why Do Organizations Need a New Content Architecture Now?
Information discovery has forked. Content built for only one path leaves visibility on the table.
Two parallel discovery systems now exist. Traditional search ranks your content in a list users scan. AI-powered answer engines synthesize information from multiple sources into a single response – often without the user ever clicking through to your site.
The research is unambiguous. The foundational Princeton GEO study demonstrated that content optimized for generative engines can boost visibility by up to 40% in AI responses. But it also showed that the most effective strategies vary by domain – what works for a law firm doesn’t necessarily work for a children’s hospital. A March 2026 study from researchers at the University of Tokyo found that structural optimization alone – independent of content changes – improved citation rates by 17.3% across six major generative engines.
The most striking finding: research from AirOps found that pages ranking number one in Google were cited by ChatGPT 3.5 times more often than pages outside the top 20. Strong SEO remains the foundation. Citation-ready architecture is what makes that foundation legible to AI systems too.
What Are the Three Principles of Citation-Ready Content?
The framework rests on three principles. Each serves both search engines and AI systems simultaneously – that dual purpose is the point.
Modular structure
AI systems don’t read your article start to finish and decide whether to cite the whole thing. They extract passages – a definition, a data point, a direct answer to a specific question. Content with clear headings, self-contained sections, and answer-first paragraphs gives both search algorithms and AI systems clean material to work with.
We’ve written about how LLMs index and use content – and the takeaway is that the same accessibility principles that help AI crawlers parse your pages also make your content more citation-worthy. Semantic HTML, logical heading hierarchies, and sections that can stand on their own aren’t new concepts. They’re just worth more now than they’ve ever been.
Demonstrated authority
Being cited by AI systems has become a meaningful competitive advantage. BrightEdge found that sites earning citations inside AI Overviews see CTR increases of up to 35% compared to traditional organic rankings alone. Websites with author schema are 3x more likely to appear in AI answers, and sites implementing structured data and FAQ blocks saw a 44% increase in AI search citations.
In practice, demonstrated authority means: Author credentials on every piece. Original data and research when you have it. Linked sources for every claim. Topical depth across related content – not one-off articles, but interconnected clusters that demonstrate sustained expertise.
Authority isn’t just a ranking signal – it’s the entry qualification for AI inclusion.
Extractable specificity
This is the one that separates citation-ready content from content that’s merely well-written. AI systems select content that provides extractable facts – numbers, definitions, named frameworks, concrete comparisons. Content that gestures at a topic (“there are many factors to consider”) gets skipped in favor of content that states something specific and citable.
The Princeton study found that adding statistics to content improved AI visibility by 41%, and citing credible sources improved visibility by 115% for lower-ranked pages. That 115% figure is significant: it means content that isn’t winning the traditional ranking game can still earn AI citations by being specific and well-sourced.
How Does This Apply Differently in Regulated Industries?
For regulated industries, the stakes are higher and the timeline compressed – but the structural fit is actually better.
Conductor’s Q1 2026 analysis of 21.9 million searches found that healthcare queries trigger AI Overviews at a rate of 48.75% – nearly double the overall average. For healthcare organizations and universities, AI is already mediating close to half the informational queries that drive patient acquisition and enrollment.
The structural advantage for regulated industries is real. Organizations in regulated industries – healthcare systems, universities, government agencies – produce content that’s inherently tied to their institutional expertise. A hospital publishing evidence-based patient education content is structurally closer to citation-ready than a SaaS company publishing tangentially related blog posts for keyword volume. The authority is real. The specificity is built in by the nature of the content. What’s typically missing is the formatting and schema work that makes it extractable.
When we optimize content for GEO, the biggest wins often come from restructuring content that already exists – not creating new content from scratch.
What Should You Do First to Make Your Content Citation-Ready?
Start with what you have. The gap is almost always structural, not substantive.
- Audit your top 20 pages for extractability. Read the first paragraph of each section in isolation. Does it directly answer a question someone would ask an AI tool? If it doesn’t, restructure it. AI systems pull from the opening sentences of well-structured sections. Bury your answer three paragraphs in and it won’t get cited.
- Implement the schema that AI systems actually use. FAQPage, Organization, Article, and author schema across your priority content. Author schema is especially high-impact – BrightEdge’s research shows it triples your likelihood of appearing in AI answers.
- Track AI visibility alongside traditional rankings. Oomph’s GEO Analytics and Reporting service configures tracking in GA4 and Google Search Console to monitor AI bot traffic and AI-generated search impressions. At minimum, watch for the pattern of rising impressions with declining clicks – that’s the clearest signal that AI is summarizing your content without sending visitors.
- Build for reuse from the start. Every new piece of content should include at least one standalone definition, one specific data point, and one direct answer to a question your audience would ask an AI tool. Make it easy for AI systems to cite you. That’s the architecture.
In 20 years of building digital experiences, I’ve watched a handful of shifts fundamentally change how content needs to be structured. Mobile was one. Accessibility-first was another. The shift to AI-mediated discovery is the next.
Citation-Ready Content Architecture isn’t a bolt-on to your existing strategy – it’s the design principle that makes your existing strategy work across today’s fragmented discovery environment. Organizations that build for it now will compound that advantage as AI-mediated search grows. Those that wait will be optimizing for a world that has already moved on.
We’re helping clients across healthcare, higher education, and government make this shift. If your analytics show that pattern – impressions climbing, clicks dropping – start here.
As direct website traffic decreases and LLMs slurp up text from multiple sources to mix together and redistribute to users, it has never been more important to maintain high-quality online content. A ROT analysis — which stands for Redundant, Obsolete, Trivial — is a framework through which we can evaluate site content to improve it for usability, SEO, retrieval, and GEO.
This is a flexible exercise that can apply to a variety of digital properties: web pages, PDFs, intranets, social media pages, call center databases, support knowledgebases… Anywhere that you, as an organization, are speaking to your audience, you have an opportunity to share knowledge, build trust, and solidify your brand image.
Similarly, ROTten content can mislead users, seed doubt, and damage your reputation.
When you use a ROT analysis to kickstart a content clean-up project, you’re ensuring that users and bots alike find only your latest, clearest, most accurate and relevant information. When done properly, it can even set up your team for better content production and management in the future.
How Oomph Approaches Content ROT Analyses
Every ROT analysis looks a little different depending on the industry, content, and what a particular audience needs.
Make a Plan
Before jumping into dashboards and spreadsheets, we start with a conversation. With any project, we need to understand what problems your organization needs to solve: What’s important to you and your users? Where are you struggling? This is our chance to understand the why behind your content.
As we learn more about what you need, we’ll define what ROT is for your organization. What existing policies do you have in place around archiving old or outdated content? If you don’t have policies, what makes sense for you? What key user journeys should the analysis focus on? We’ll answer these questions and more to make sure we’re going into the analysis with a clear vision of what your content should look like so we can see where it’s missing the mark.
Find the ROT
Let’s get into what ROT looks like specifically and where we look for it.
Redundant means the content communicates information in more than one place. This can result in an inefficient information architecture and messy user paths. There are times duplicate content can be helpful, like when separate task flows require some of the same information. That’s why it’s important to know upfront what journeys are most important to prioritize. In these cases, when the same content shows up in multiple places across a website or app, it’s important to have a method for keeping all content in sync. If it’s possible to edit this content in a single place while distributing it across multiple pages, that can be a great method for maintaining a single source of truth.
Redundant might also refer to several articles written over time that deal with the same topics in similar ways. This can result in the newest content on the topic having its SEO/GEO cannibalized by older content on the same topic. Users might more easily find older content when you want them to find the latest.
Obsolete content includes outdated information, language, and (probably broken) links. This type of ROT is especially damaging when it’s related to products, services, or something users are trying to take action on. It’s important to keep in mind your entire digital landscape; Maybe you’ve updated the content on your main service page, but did you remember to update automated emails, support articles, and meta descriptions? What pages aren’t built directly into a user flow but can still be found by Google?
Consider whether it makes sense to archive or unpublish old content, like past news and events. And consider your audience: Is there a reason users would be looking for a historical record, and is that need strong enough to justify keeping it available? If you do choose to keep outdated information published, make sure that it’s clear to users that the content is old and consider providing a link to the latest version.
Trivial content can be harder to define and is highly subjective based on the organization. This might look like “fluff” pieces shared for the sake of SEO or maintaining a publishing schedule, or excessive marketing language that ultimately doesn’t serve you or your users. It might be low-traffic fine print details that apply to a specific audience who typically finds it another way. Maybe it’s content that is related to but outside of your core business function. You’ll need to make some decisions about what is important to you.
To find ROT, we’ll use a variety of collection and measurement tools. SortSite, Screaming Frog, and Siteimprove can locate broken links, orphaned pages, and other SEO issues. Google Analytics, Hotjar, Contentsquare, and MS Clarity can show common user flows and help identify trivial content. Data from these tools can also prioritize the analysis by surfacing what content is most important to users. If a page gets a lot of traffic, we know that it needs to be clear, up-to-date, and accurate. If a page isn’t visited much, we need to ask whether it should be more highly trafficked, consolidated with higher performing content, or removed.
Deliverables and Next Steps
After all this sorting and evaluating, you might be wondering what you’ll tangibly get out of the process. We know content teams are busy, and going through a review can feel like adding more work to the pile. How can we help prioritize meaningful progress here?
The big outcome is one of my personal favorites: a clean, annotated, actionable spreadsheet. Specifically, we’ll put together an audit of your content with links, page titles, notes on whether the content falls into any of the three ROT categories, and what to do about it: keep, modify, combine, or delete. Depending on the tools your content team uses or what you are willing to subscribe to, we might prepare dashboards and reports directly within an app that your team can use as an ongoing progress tracker. Wherever this list of to-do’s lives, we’ll help you prioritize it so you can start ticking off the most crucial items. Depending on what we decided in early scoping agreements, we can even help work through some high-impact issues, like bulk deleting content, suggesting rewrites, and fixing broken links.

We can also set up an ongoing content hygiene plan. While a dedicated content ROT analysis is a great way to identify and work through issues, an effective content plan should prevent ROT as much as possible and reduce the need for a large effort in the future. This might involve setting up policies, practices, and tools to guide future content management. We’ll help you find ways to see the bigger picture when updating or developing new content to make sure all pieces are accounted for. And when ROT falls through the cracks, you’ll have a plan to regularly review site content, setting ahead of time the when, what, and who.
One Piece in the Puzzle of Strong Content
As we continue to inspect the quality of your website and other digital properties, we can use this ROT analysis as a jumping off point. The initial audit may lead directly into a deeper content audit to evaluate URL paths, heading usage, performance metrics, reading level, and more. As we consider reworking, combining, and cutting entire pages, we may find the need to restructure your information architecture and taxonomy structures, in part or in whole, informed by research exercises like card sorts and tree tests. Depending on what we’ve found in the existing content and how it needs to change, we might suggest changes to your content model, adding, modifying, or removing content types and the relationships between them.
A content ROT analysis is a flexible and fruitful way to take a fresh look at your content ecosystem. If you need help getting started, let us know. We’d love to dig in with you!
Compliance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is a mandatory legal obligation for covered businesses, with significantly increased financial and operational risks starting in 2025.
The Critical Risk: Escalating Fines and Penalties
As of January 1, 2025, the California Privacy Protection Agency (CPPA) increased monetary thresholds and fines to align with the Consumer Price Index.
- Civil Penalties: Businesses face up to $2,663 per unintentional violation and up to $7,988 per intentional violation or those involving minors.
- No Total Cap: Because each individual consumer affected by a breach or non-compliant practice can count as a separate violation, total fines for large-scale data incidents can quickly reach millions of dollars.
- Private Right of Action: Consumers can sue for statutory damages between $107 and $799 per incident (or actual damages) following a data breach involving unencrypted personal data.
Key Deadlines and New Requirements (2026–2028)
Regulators have moved from a passive to an active enforcement model, removing the mandatory “grace period” for fixing violations before penalties are applied.
- Mandatory Risk Assessments (Effective Jan 1, 2026): Businesses must conduct risk assessments for “significant risk” processing, such as selling/sharing personal data or using sensitive information.
- Automated Decisionmaking (ADMT): New requirements for technologies that replace human decision-making (e.g., for credit or employment) go into effect, with a compliance deadline of January 1, 2027.
- Mandatory Reporting: Organizations must begin reporting their risk assessment activities to the CPPA by April 1, 2028.
Does This Apply to My Business?
A for-profit business must comply if it does business in California and meets any of the following:
- Gross annual revenue exceeds $26.625 million (updated for 2025).
- Buys, sells, or shares the personal information of 100,000 or more California residents or households.
- Derives 50% or more of its annual revenue from selling or sharing personal data.
Operational Impact of Non-Compliance
Beyond fines, non-compliance can lead to court-ordered injunctions, mandatory regular audits, and the required deletion of valuable data assets. It also risks significant reputational damage and customer churn, as modern consumers increasingly prioritize data security when choosing where to spend.
Is your website ready for California’s evolving privacy standards? Non-compliance isn’t just a legal risk — it’s a business one that can result in millions in fines, mandatory audits, and lasting reputational damage. Our team helps organizations like yours navigate complex regulatory requirements with confidence, so you can focus on what matters most. Talk to our team today.
To avoid significant financial penalties, which increased on January 1, 2025 to up to $7,988 per intentional violation, your website must function as a compliant interface for consumer privacy rights. Use this checklist to assess your current standing.
1. Mandatory Homepage Links
- “Do Not Sell or Share My Personal Information”: A clear and conspicuous link must be in the footer or header if you sell or share data for targeted advertising. This includes:
- Retargeting Ads: Uploading your email list to Facebook (Meta), Google, or LinkedIn to show ads to those specific users or to find “Lookalike” audiences.
- Data Brokerage: Selling your email list to another company or “renting” it out for their own marketing.
- Third-Party Analytics: Sharing email-linked identifiers with ad networks that track users across multiple unrelated websites.
- “Limit the Use of My Sensitive Personal Information”: Required if you collect sensitive data (e.g., precise geolocation, health info, or race) for purposes beyond providing the core service.
- Alternative Option: You may use a single, combined link labeled “Your Privacy Choices” or “Your California Privacy Choices” that includes an icon if desired.
2. Automated Privacy Signals (Global Privacy Control)
- GPC Detection: Your website must automatically detect and honor “Global Privacy Control” (GPC) signals from user browsers (e.g., Brave, DuckDuckGo) as a valid opt-out request.
- Status Confirmation: As of January 1, 2026, you must display a clear confirmation to the user, such as a message stating “Opt-Out Request Honored,” when a GPC signal is detected.
3. Notice at Collection
- Timely Disclosure: You must provide a notice at or before the point of collection (e.g., on a sign-up form or via a cookie banner).
- Content Requirements: The notice must list categories of personal and sensitive info collected, the specific purpose for each, and how long each category will be retained.
4. Consumer Rights Intake (DSARs)
- Dual Methods: You must provide at least two designated methods for submitting requests (e.g., a web form and a toll-free number).
- Verification: Establish a process to verify a consumer’s identity without requiring them to create a new account solely for the request.
5. Technical & Policy Maintenance
- Accessibility: All notices must follow Web Content Accessibility Guidelines (WCAG) and be available in every language in which you conduct business.
- Annual Update: The online Privacy Policy must be reviewed and updated at least once every 12 months.
- No “Dark Patterns”: Ensure the user interface is symmetrical; for example, it should not be significantly harder to “Opt-Out” than it is to “Opt-In”.
Is your website one missing link or undetected signal away from a costly CCPA violation? Oomph’s team can walk you through a compliance audit, identify gaps in your current setup, and help you implement the technical and content updates needed to protect your organization. Get in touch with us today to book your CCPA compliance call.
Website accessibility has shifted from a “best practice” to a strictly codified legal requirement. Federal and state regulations have eliminated previous ambiguities, making WCAG 2.1 Level AA the mandatory technical standard for digital content. With updated deadlines now in place, organizations have a renewed window to get it right.
1. The Compliance Deadline: What’s Changed
The U.S. Department of Justice (DOJ) finalized a rule under Title II of the ADA that sets a firm compliance deadline for many entities:
- April 24, 2027: Deadline for public entities (and many private partners) serving populations of 50,000 or more to achieve full WCAG 2.1 Level AA conformance.
- April 26, 2028: Deadline for smaller entities.
- Private Sector Impact: While the DOJ rule focuses on public entities, it solidifies WCAG 2.1 AA as the de-facto legal standard for private businesses in Title III lawsuits, which saw a 102% increase in recent years.
2. Why WCAG 2.1 Level AA?
Unlike older versions, WCAG 2.1 includes 17 additional criteria specifically designed for mobile accessibility and users with cognitive disabilities. Compliance is measured by the “POUR” Principles:
- Perceivable: Users must be able to see or hear content (e.g., Alt-Text for images, captions for video).
- Operable: The site must work without a mouse (e.g., Keyboard-only navigation, no keyboard traps).
- Understandable: Content must be predictable with clear error messaging on forms.
- Robust: Code must be “clean” enough to work with all current and future assistive technologies, like screen readers.
3. Compliance Risks to Keep in Mind
- No “Grandfathering” for New Content: Any digital asset (PDFs, videos, or web pages) posted after the compliance deadline must be compliant from day one.
- Vendor Liability: Business owners are legally responsible for their website’s accessibility, even if they use third-party platforms or templates.
- Inadequacy of “Overlay” Widgets: The DOJ has clarified that automated widgets or “overlays” alone cannot guarantee ADA compliance; true accessibility requires fixing the underlying code.
- California-Specific Penalties: Under California’s Unruh Act, businesses can face statutory damages of $4,000+ per violation in addition to federal ADA settlements.
4. Future-Proofing: Looking Toward WCAG 3.0
While WCAG 2.1/2.2 is the current law, WCAG 3.0 is in development (expected no earlier than 2028). It will move from a pass/fail model to a Bronze, Silver, and Gold scoring system. Achieving WCAG 2.1 Level AA now effectively places an organization at the “Bronze” level, providing a solid foundation for future shifts.
Is your website ready for the April 2027 deadline? Achieving WCAG 2.1 Level AA compliance requires more than a quick fix. It means addressing the underlying code, auditing every digital asset, and building accessibility into your process from the ground up. Whether you’re starting an audit, planning remediation, or building something new, get in touch with our team to start the conversation.
Contentful is no longer just an alternative CMS—it’s become a foundational platform for organizations navigating complexity, regulation, and rapid digital change. In 2026, the question isn’t what is Contentful? It’s why are so many organizations rebuilding their digital ecosystems around it? The answer lies in how digital experiences are built, managed, and scaled today.
Contentful Is Built for Systems, Not Pages
Traditional CMS platforms were designed around pages and templates. That model breaks down when content needs to move faster, live in more places, and remain consistent across teams and channels.
Contentful takes a different approach. It treats content as structured data, not static pages. That means teams create content once and deliver it anywhere—websites, apps, portals, email, or future channels that don’t yet exist.
In 2026, this isn’t a “nice to have.” It’s how modern digital platforms operate.
Composable Architecture Is Now the Default
Composable architecture has moved from trend to standard. Organizations want the freedom to choose best-in-class tools without being locked into monolithic platforms.
Contentful fits cleanly into this model. It integrates with design systems, analytics platforms, personalization tools, consent managers, and AI services through APIs—without forcing teams into rigid workflows.
This flexibility allows organizations to evolve their stack over time instead of rebuilding every few years.
AI Depends on Structured Content
AI-driven experiences are only as good as the content behind them. In 2026, organizations are using AI to support personalization, search, localization, content optimization, and automation.
Contentful’s structured content model makes this possible. Clean, well-defined content enables AI tools to understand, reuse, and adapt content accurately—without introducing risk or inconsistency.
For teams exploring AI responsibly, Contentful provides the infrastructure needed to scale with confidence.
Governance and Compliance Are Built In, Not Bolted On
For regulated and mission-driven organizations, governance isn’t optional. Publishing controls, audit trails, permissions, and review workflows are essential.
Contentful supports these needs at scale. Teams can define roles, control who edits or publishes content, and maintain visibility into changes across environments. This level of governance is critical in industries like healthcare, legal, finance, and the public sector.
In 2026, compliance isn’t something teams add later—it’s designed into the platform from day one.
Marketing and Development Work Better Together
One of Contentful’s biggest advantages is how it aligns marketing and engineering teams. Developers maintain design systems and integrations. Content teams manage content without breaking layouts or workflows.
This separation of concerns reduces friction, speeds up delivery, and minimizes production errors—especially as digital ecosystems grow more complex.
Ready to explore what Contentful could do for your organization? Whether you’re evaluating platforms, planning a migration, or looking to optimize your current setup, Oomph can help you build a content infrastructure designed for the long term. Let’s talk about your next move.

Why Organizations Move to Contentful Now
Organizations typically migrate to Contentful when legacy systems start holding them back. Common triggers include:
- Slow publishing workflows
- Heavy developer dependency
- Difficulty scaling across channels
- Growing compliance requirements
- The need to support AI and personalization
In 2026, Contentful isn’t chosen because it’s new. It’s chosen because it’s resilient.
For organizations new to the platform, getting started doesn’t have to mean a complete rebuild. Oomph’s Contentful Kickstart Package helps teams move from decision to deployment with a structured, low-risk approach—giving you the foundation to scale as your needs evolve.
The Takeaway
Contentful has evolved alongside the modern digital landscape. It’s not just a CMS—it’s a content platform designed for scale, governance, and change.
For organizations planning beyond their next website launch and toward long-term digital maturity, Contentful provides the flexibility and confidence needed to move forward.
Ready to explore what Contentful could do for your organization? Whether you’re evaluating platforms, planning a migration, or looking to optimize your current setup, Oomph can help you build a content infrastructure designed for the long term. Let’s talk about your next move.