If I understand correctly, ACCV is unilaterally taking the decision to violate the BRs, "for the sole purpose of avoiding the loss of service to users, although it is true that the time allowed to them has been excessive."?
I hope you can understand that such reasoning is not acceptable. CAs making such unilateral decisions jeopardizes the security of all users, and for that reason, such decisions are absolutely not allowed and of serious and great concern. CAs have been removed for such reasons in the past.
I can understand and appreciate the desire to provide a good customer experience. In the past, CAs have sought to provide a good customer experience by issuing 1024-bit certificates, issuing SHA-1 certificates, or issuing MITM certificates. As a result, those CAs were distrusted. All CAs participating in Mozilla's program are expected to abide by the BRs, including the requirements on revocation.
I can understand and appreciate the level of support you've provided to your customers. However, as part of the incident report, it's important to understand what steps you're taking to ensure that you never again miss a revocation requirement. Is my understanding correct, that your plan is to staff your support teams, such that in the future, all certificates will be replaced within the BR-mandated timeframe of 24 hours or 5 days, as appropriate?
I do want to acknowledge some of the good things in your report; for example, providing the timeline of communications helps show the frequency of that communication. After two or three of those messages, no customer can reasonably claim to not know about the issue.
It's important to note that the BRs do not require the customer replace their certificate within that timeframe. However, they do require the CA to revoke. What steps is ACCV taking to ensure it revokes, regardless of replacement, in the future?