Proving What You Published: MX as a Compliance Defence, RAG as the Reader
The court date is set. A European retailer has been served with an emergency injunction over the accessibility of its online storefront. The advocacy group bringing the action has snapshots, taken on specific dates by specific tools, of what the retailer's product detail pages looked like, what the accessibility statement said, and what the conformance claims were. The retailer's general counsel needs to answer a question that sounds straightforward but turns out not to be: what did we actually publish, and when?
Internal systems can show the current state. Git history can show what was in the repository at some point. Web archives can show snapshots, but not under the retailer's own control. None of these sources, on their own, produces a record that a court will treat as the retailer's own attested statement of what it was publishing at the moment in question.
This is the use case where the Machine Experience standard does something a Retrieval-Augmented Generation pipeline cannot do. RAG is excellent at helping someone read across many sources. It is not designed to produce a durable, attested record of the retailer's own publishing posture. MX is. The two are not in competition, they sit on different sides of the publisher and consumer boundary, but the boundary itself is where the value lands.
The shape of the problem
European Accessibility Act enforcement is now operationally live. Directive (EU) 2019/882 began enforcement on 28 June 2025, with EN 301 549 and WCAG 2.1 AA as the technical reference points. The pressure is no longer theoretical. ApiDV and Droit Pluriel have filed emergency injunctions, the French référé procedure, at the Tribunal judiciaire de Paris against Auchan, Carrefour, E.Leclerc, and Picard Surgelés. The E.Leclerc detail is the one that should focus minds: the retailer had improved from 32% to 50% compliance and was sued anyway. Half-measures did not protect them.
What gets contested in these cases is not only the current state of the site, but the trajectory: what the retailer claimed to be doing, what it published about its compliance, and how those claims held up over time. The compliance posture is a moving target, and the question of what was true at a specific date matters as much as what is true today.
Most regulated publishers do not have a defensible answer to that question. They have a live website that reflects today. A Git history that reflects the codebase, but not necessarily what was rendered. A content management system whose internal records may or may not survive a discovery process intact. PDFs of accessibility statements stored on a shared drive. Internal compliance memos that were never published. Screenshots from monitoring tools, taken by the publisher itself, with all the chain-of-custody questions that implies.
None of these is the record a court wants. The court wants the retailer's own attested statement of what it published, signed in a way that cannot be quietly altered after the fact, anchored to a date that cannot be backdated.
What MX-compliant publishing produces
The Machine Experience standard was not designed primarily as a litigation tool. It was designed to let publishers declare structured, attested information that machines can consume reliably. But the same properties that make MX content trustworthy for an AI system make it useful as a publishing record.
A COG, the data-file format that carries MX-compliant content, is Markdown with structured YAML frontmatter. The body is the actual content the publisher is putting forward: an accessibility statement, a conformance claim, a product specification, a returns policy, a price. The frontmatter declares purpose, audience, stability, version, and update instructions. The file is then reduced to a stable byte form.
That byte form can be signed. Using Ed25519, the publisher produces a signature over the canonical bytes. The signature does not need to be held by the publisher; it can be registered with REGINALD, the registry indexing where COGs live and what their attestations are. The registry holds the attestation; the publisher hosts the COG itself.
What this gives the retailer, operationally, is a record with three properties that the existing materials lack.
Bytes-exact integrity. If the published accessibility statement is altered after the fact, the signature will not verify. Anyone, the retailer, opposing counsel, the court, an advocacy group, can check whether the file they have is the file that was attested. This is not the same as preventing the retailer from updating their statement. Updates happen, and updates produce new attestations. What it prevents is the silent rewrite of history.
Publisher-attributed signing. The signature is the retailer's. It is not a third party making claims about the retailer's content. It is the retailer making a cryptographic statement that yes, this is what we published. The narrowness matters: attestation covers provenance and integrity, not editorial truth. The retailer is not claiming the statement is true in some absolute sense. They are claiming this is the statement they put their name to.
Currency in the registry. The REGINALD registry entry carries currency information that the retailer updates when the content changes. The registry can be queried for the state of the entry at a given time. The combination of the attestation, the registry entry, and the publisher's own audit trail produces a defensible record of what was current when.
For a general counsel preparing for an EAA case, this is a different position than the one most retailers are in today.
Where RAG sits in this picture
RAG is not displaced by any of this. It sits one layer up.
When the compliance team, or the auditor, or the court-appointed assessor, or the advocacy group, needs to read across the retailer's published material, supplier documents, internal memos, regulatory guidance, court filings, and trade press, RAG is the right tool. The question "how does our accessibility posture compare to the conformance levels claimed by Carrefour in their public statement of 14 March 2026?" is exactly the kind of cross-source synthesis question that hybrid retrieval, reranking, and constrained generation handle well.
The interesting case is when the RAG pipeline is reading content that includes the retailer's own MX-compliant material. The pipeline can branch.
For content that arrives as an attested COG with a current REGINALD entry, the pipeline does not need to chunk, score, and guess. It fetches the data file, checks the attestation, confirms currency, and passes structured content to the language model with the attestation status preserved. The compute cost is lower. The reliability is higher. The citation is durable, because it can reference the registry entry and the attestation rather than a brittle URL.
For everything else, the law firm briefing, the regulator's HTML guidance, the trade press article, the internal memo on a shared drive, the RAG pipeline does what it has always done. Normalisation, hybrid retrieval, reranking, confidence scoring, constrained generation, citation. None of this changes.
The output to the compliance officer is a single answer that cites mixed sources. The retailer's own published material is cited with attestation status and registry reference. Third-party sources are cited as retrieved content with confidence scores. The officer can see which is which, and so can a court if it comes to that.
What this changes for the publisher
The shift in posture is the point. Today, a regulated publisher's relationship to its own published content is uncomfortably loose. The website reflects whatever the CMS rendered last. The Git log reflects code, not output. Screenshots are evidence the retailer produced, not evidence the retailer attested. When a question arises about what the retailer was publishing on a specific date, the answer assembles itself from partial sources and depends on the goodwill of the system reading it.
MX-compliant publishing tightens this. The retailer's accessibility statement is a COG with an attestation. The retailer's conformance claim is a COG with an attestation. The retailer's product detail pages, where they make claims about accessibility features, are COGs with attestations. The retailer's quarterly update note saying "we have improved from 32% to 50% compliance and are continuing remediation" is a COG with an attestation, registered with REGINALD on the date it was published.
If a referee at the Tribunal judiciaire de Paris asks what the retailer was publishing on a specific date, the answer is not "let me check our archives". It is a registry query and a signature verification. The answer is a yes-or-no with cryptographic backing.
This does not win the case on its own. The underlying compliance work, meeting WCAG 2.1 AA, conforming to EN 301 549, fixing the actual product pages, still has to happen. What MX gives the retailer is a defensible record of the work they did and the claims they made, attested at the time they made them. That is a different evidentiary position than reconstruction after the fact.
What this looks like in operational terms
The MX Readiness Model and REGINALD Compliance Levels map the path.
A retailer at L0 has no MX-compliant publishing. Their content is HTML rendered from a CMS, with no structured metadata declaration, no attestation, no registry presence. Their compliance posture is reconstructed from snapshots and screenshots.
At L1 Discovery, the retailer has semantic HTML, a sitemap, server-side rendering. Machines can find the content. The publishing record is no more defensible than it was, but the technical foundation for machine consumption is in place.
At L2 Citation, the retailer has Schema.org JSON-LD on product pages and fact-level clarity in their accessibility statements. AI systems can cite the retailer's content with structural grounding. Still no attestation.
At L3 Attested, the retailer publishes COGs with Ed25519 signatures and registers them with REGINALD. This is the point at which the compliance-defence use case becomes operational. The retailer can prove what they published. REGINALD Compliance Level 3 is the minimum for registration where attestation is claimed.
At L4 Certified, the retailer has all MX fields populated, with Schema.org Product and Offer markup, ISO 4217 currency codes where relevant, and registry presence across their public claims. The publishing record is fully structured and attested.
L5 Audited, which would add third-party verification of the publisher's posture, is planned but not yet operational. When it lands, it adds another layer to the defensive record. Until it does, L3 Attested and L4 Certified are the practical targets.
The implementation is not a heavy lift for a team that publishes carefully. The COG format is Markdown with YAML frontmatter, nothing the content team cannot read or edit. The signing is a build-step operation. The registry interaction is a publish-step operation. The cost is in the discipline of treating compliance-relevant publications as durable records from the moment they are published, rather than as transient pages that happen to be live today.
Where this leaves the buyer
The honest position for a regulated publisher looking at MX is this. RAG is the reading layer: necessary, well-engineered, and not displaced by anything MX offers. The retailer will continue to use RAG-style systems to read across their own content, supplier documentation, regulatory guidance, and external commentary. That is fine.
MX is the publishing layer for content where the retailer needs a defensible record of what they said and when. Accessibility statements, conformance claims, terms of service, returns policies, pricing pages, product specifications, compliance updates, anywhere the retailer's own claims are operationally consequential. The investment in MX-compliant publishing is small relative to the cost of being unable to prove what was published at a specific moment in time.
The EAA enforcement context makes the argument concrete because the consequences are immediate. The injunctions filed against Auchan, Carrefour, E.Leclerc, and Picard Surgelés are not hypothetical. The E.Leclerc detail, 32% to 50%, sued anyway, is not hypothetical. The next round of cases, in France or elsewhere in the European Union, is not hypothetical either. Retailers operating in the regulated environment are going to be asked, repeatedly and adversarially, what they published and when. The ones who can answer with cryptographic backing are in a different position from the ones who answer with screenshots.
That is the use case for MX. Not as a replacement for the reading layer, but as the publishing-side discipline that makes the reading layer's job easier and the publisher's defensive position stronger. RAG reads. MX proves. Both have a place, and the place is determined by which side of the boundary the work is being done from.