TYPO3 CMS for Public Sector Websites: Requirements and Best Practices

This section explains who this guide is intended for and who it is not, so that readers can quickly assess whether the content fits their tasks and project context.

Who This Guide Is Written For

The target audience of this guide is organizations and teams working in regulated, long-term digital environments.

For example, the guide is relevant for:

• Public institutions and authorities in the DACH region and Germany
• IT leads, CTOs, and digital decision-makers responsible for CMS selection
• Stakeholders from procurement, compliance, accessibility, and data protection
• Agencies involved in planning, implementing, or maintaining TYPO3 projects for the public sector

The focus is on readers who need predictable systems, clear responsibilities, and long-term maintainability, rather than short-term successes.

Who This Guide Is Not Written For

Not every type of web project benefits from this guide.

It is not suitable for:

• Websites or microsites for short-term campaigns
• Organizations without defined maintenance or governance structures
• Teams seeking quick implementation with minimal process effort
• Projects where legal compliance, documentation, and audits do not play a role

If speed and simplicity are the only priorities, TYPO3 is generally not the right tool, and this guide does not attempt to make it so.

For public institutions, CMS decisions are rarely based solely on features. Legal certainty, operational control, and long-term sustainability are more important than speed or convenience. The following overview summarizes how TYPO3 aligns with typical requirements of the public sector in Germany.

• Accessibility: TYPO3 supports accessibility according to BITV 2.0 and WCAG 2.1 Level AA, when accessible templates, structured content models, and documented audits are used. The CMS provides the technical foundation, while actual compliance depends on implementation and governance.
• Hosting and infrastructure: TYPO3 is a self-hosted CMS. This allows operation on internal infrastructure or in certified German and EU data centers, in accordance with IT and security policies of the public sector.
• Data protection: TYPO3 enables GDPR-compliant operation through complete control over data processing, storage, and third-party integrations. Legal compliance is achieved through configuration, hosting decisions, and organizational processes, not by the CMS alone.
• Support and lifecycle planning: TYPO3 follows predictable Long Term Support (LTS) cycles. This allows maintenance, upgrades, and budgets to be planned over several years, which is essential for public sector platforms.
• Typical users: TYPO3 is frequently used by authorities, municipalities, universities, public law corporations, and other organizations operating in regulated and audit-driven environments.

TYPO3 v13 builds on the governance-oriented architecture of the platform while simultaneously improving usability, performance, and integration capabilities. For public institutions, these changes increase operational security without compromising control or compliance.

Backend Usability and Editorial Safety in TYPO3 Public Sector Workflows

Editorial teams in public institutions usually consist of users with very different technical knowledge. TYPO3 v13 improves the clarity of the backend to minimize errors and facilitate uniform content editing.

The main improvements are:

• Clearer backend navigation and content structures
• Faster response times for editorial actions
• Reduced risk of unintentional changes to live content

These improvements support daily work without weakening governance structures.

API and Integration Capabilities in TYPO3 Public Sector Landscapes

Public sector websites rarely stand alone. TYPO3 v13 offers modern APIs that enable integration with existing, controlled systems.

Typical integration scenarios are:

• Connecting internal databases or registers
• Integration of search, document management, or identity systems
• Secure data exchange with third-party services

Each integration follows the rights and security model of TYPO3.

Maintainability Over Time in TYPO3 Public Sector Installations

Long-term operational capability is a fundamental requirement for projects in the public sector. TYPO3 v13 places a strong focus on maintainability.

Thus, it is:

• The extension architecture is clearer
• There are defined upgrade paths between versions
• Technical debt is reduced through standard APIs

Maintainability is understood as a long-term responsibility, not a retrospective task.

In public sector environments, TYPO3 is typically used as a long-term platform, not as a short-term website solution. Real projects show consistent patterns in the use of the system and where it provides the greatest added value.

Public Sector’s Typical TYPO3 Use Cases

TYPO3 is one of the preferred solutions in the field of web publishing when content needs to be structured to be maintained collaboratively by many people.

Typical use cases are:

• Websites of local and regional authorities
• Universities and public research institutions
• Multi-site portals for ministries or agencies

These projects usually require the collaboration of multiple editors and have a long duration.

What Works Well in TYPO3 Public Sector Practic

When TYPO3 projects are well planned, the strengths of the system quickly become apparent in daily operations.

Practice shows that teams benefit from:

• Reduced editorial confusion through clear content models
• A combination of central governance and local editorial autonomy
• Stable operation over many years and versions

These strengths ensure predictable workflows and consistent quality.

Common Challenges in TYPO3 Public Sector Projects

Projects reflect reality and repeatedly bring similar issues to light.

The most common challenges include:

• Excessive customization with increasing maintenance costs
• Missing or outdated documentation
• Deferred upgrade planning until the critical point

Most of these problems are organizational in nature and can be avoided through proper planning.

For public sector websites in Germany, accessibility and compliance are not optional quality features. In TYPO3 projects of the public sector, they are legal obligations that permanently shape design, implementation, and operation.

Accessibility by Design in TYPO3 Public Sector Websites

The requirements for accessibility are supported in TYPO3 through the structured content approach and the templating system. This enables an accessible output that meets the standards of BITV 2.0 and WCAG 2.1 Level AA.

Typical aspects include:

• Content with a structure that supports a correct heading hierarchy
• Control over semantic HTML and ARIA usage at the template level
• Support in checking accessibility during content creation

Accessibility is part of the system architecture and is not added retroactively.

What TYPO3 Does Not Solve Automatically in Public Sector Contexts

TYPO3 does not automatically ensure legal compliance. In public sector projects, accessibility remains a shared responsibility.

TYPO3 does not automatically:

• Validate editorial decisions or content correctness
• Conduct manual accessibility audits
• Assume legal or organizational responsibility

Public institutions remain liable for non-compliance and documentation.

Audits, Monitoring, and Documentation in TYPO3 Public Sector Projects

In Germany, compliance with accessibility must be demonstrated. Structured audits and clear documentation are therefore central requirements in TYPO3 public sector projects.

Practically, this means:

• Regular automated and manual tests of accessibility
• Documentation of the resolution of identified issues
• Provision and maintenance of accessibility statements and feedback channels

TYPO3 supports these processes technically, but long-term compliance depends on clearly defined roles and workflows.

TYPO3 projects in the public sector are successful when technical, editorial, and organizational practices are aligned. The following best practices are based on long-term installations, not short-term implementation projects.

Technical and Coding Best Practices (with Examples)

Prefer TYPO3 core APIs over custom logic

Avoid bypassing internal TYPO3 mechanisms. This ensures upgradeability and predictable behavior.

use TYPO3\CMS\Core\Utility\GeneralUtility;
$connection =
GeneralUtility::makeInstance(ConnectionPool::class)
   ->getConnectionForTable('pages');

Use proper dependency injection instead of makeInstance() in modern code

final class PageService
{
   public function __construct(
       private readonly PageRepository $pageRepository
   ) {}
}

This improves testability and long-term maintainability.

Register plugins and content elements via TCA overrides

ExtensionUtility::registerPlugin(
   'My_extension',
   'PublicContent',
   'Public Sector Content'
);

Avoid runtime configurations or undocumented overrides.

Plan upgrades around TYPO3 LTS cycles

• No custom patches against the TYPO3 Core
• No fixed coupling to outdated APIs
• Changelog reviews are part of every upgrade

This prevents forced migrations during audits or security deadlines.

Editorial and Accessibility Best Practices (with Examples)

Enforce semantic structure via templates, not editor freedom

<h2>{content.title}</h2>
<p>{content.description}</p>

Editors should not manually set heading levels.

Ensure alternative text is mandatory for media

'config' => [
   'type' => 'file',
   'appearance' => [
       'showPossibleLocalizationRecords' => true,
   ],
   'overrideChildTca' => [
       'columns' => [
           'alternative' => [
               'config' => ['eval' => 'required']
           ],
       ],
   ],
]

Enforcing accessibility belongs in the configuration, not in training materials.

Limit editorial permissions clearly

• Editors: Content
• Reviewers: Approval
• Admins: Configuration

Avoid "everyone can publish" setups in the public sector.

Governance and Operational Best Practices

Document responsibility, not just configuration

Public TYPO3 projects should always document:

• Who is responsible for accessibility
• Who maintains the accessibility statement
• Who approves releases and content changes

Documentation is part of compliance.

Integrate accessibility checks into workflows

vendor/bin/typo3cms install:checkenv

Combine automated checks with manual audits. Automation alone is not sufficient under BITV 2.0.

Treat TYPO3 as infrastructure, not a finished product

• Regular reviews according to legal requirements
• Planned audits
• Proactive upgrades instead of reactive fixes

TYPO3 works best as a system, not just a website.

Practical Takeaway

TYPO3 supports the technical requirements of the public sector. Compliance, accessibility, and long-term stability, however, arise from processes, discipline, and clear responsibilities, not just from features.

When TYPO3 Public Sector Implementations Become Too Complex

Flexibility can also become a disadvantage and make TYPO3 difficult to maintain. This particularly affects projects with long durations and many stakeholders.

Typical risk factors are:

• Extensive use of custom extensions without clear responsibility
• Lack of documentation of complex permission structures
• Strongly user-centered editorial workflows

These factors lead to higher maintenance costs and delayed updates in the long run.

Common Mistakes in TYPO3 Public Sector Projects

The same problems repeatedly occur in public institutions.

The most common mistakes include:

• Viewing TYPO3 as a one-time delivery instead of a long-term system
• Feature extensions without checking compliance impacts
• Lack of upgrade planning in early project phases

Such decisions often later manifest as security, accessibility, or budget issues.

How to Reduce Long-Term Risk in TYPO3 Public Sector Environments

Risk minimization in TYPO3 projects in the public sector is primarily an organizational issue.

Appropriate measures are:

• Clear governance rules for extensions and integrations
• Clearly defined roles for content, compliance, and maintenance
• Regular reviews in line with TYPO3 LTS cycles

TYPO3 unfolds its strengths when IT decisions are aligned with the long-term realities of the public sector and not with short-term project pressure.

Interpretation:

TYPO3 is designed for organisations that value structure, control, and long-term reliability. If these conditions are not present, the system’s strengths may become unnecessary overhead.

TYPO3 is built for organisations that view their website as long-term digital infrastructure, not a temporary project. In public-sector and regulated environments, success depends less on features and more on governance, compliance readiness, and operational discipline.

If you are considering TYPO3 for a public institution, the next step is not a redesign, but clarity: understanding accessibility risks, compliance obligations, and long-term maintenance effort before decisions are made.

You can start in two practical ways:

• Review your current accessibility status using the typo3 accessibility checker
• Discuss requirements, audits, or tender preparation through a direct inquiry

As a TYPO3 agency experienced in German public-sector projects, NITSAN supports institutions in making decisions that are compliant, realistic, and sustainable over time.