Here is a pattern that plays out constantly across public agencies and universities.
Something triggers action. A complaint. A headline. A legal inquiry. A looming enforcement deadline. Leadership gets involved, IT gets involved, someone gets assigned, and a remediation project begins.
Issues are identified. Some get fixed. The project is declared complete. A box gets checked.
Six months later, the same organization is right back where it started — except now there are new issues, new content, new integrations, and no documentation to show for the work that was done the first time around.
This is the project mentality. And it is one of the most expensive ways to approach ADA digital accessibility compliance.
Because the math is simple: a website is a living system. Living systems require ongoing maintenance. Maintenance requires infrastructure. A project is not infrastructure.
This piece breaks down why the project approach fails, what causes accessibility compliance to decay even after remediation, what infrastructure actually looks like in practice, and what agencies and institutions need to do to stop re-entering the same remediation cycle every 18 months.
Why the Project Mentality Fails
When an organization treats ADA compliance as a project, it is making an implicit assumption: that accessibility is a state you can achieve and then maintain without ongoing investment.
That assumption is wrong. And it becomes more wrong every day your digital environment is in use.
Projects have a start date and an end date. They have a defined scope and a completion milestone. They are designed to close out.
Accessibility compliance does not close out. It does not have a finish line. It has a cadence.
Consider what actually happens after a remediation project ends at a typical public agency or university:
Content keeps moving. Departments publish emergency notices, seasonal updates, board packets, financial reports, public announcements, course materials, and policy changes — constantly. Every piece of new content is an opportunity for a new accessibility issue. One inaccessible document per week becomes more than fifty in a year. Multiply that across ten departments, and the scope of drift becomes enormous.
Templates shift. CMS updates happen. Design systems evolve. A navigation adjustment introduces a keyboard trap. A modal window update breaks focus order. A plugin update alters the markup behavior of form fields. Small template-level changes silently affect hundreds or thousands of pages.
Vendors update independently. Third-party systems — payment gateways, scheduling software, mapping tools, LMS platforms — evolve on their own release schedules, independent of agency or institution oversight. A vendor integration that was WCAG 2.1 AA conformant at the time of procurement may have regressed after a software update. Without monitoring, nobody knows.
Staff turns over. Editors change. Developers rotate. The person who managed accessibility leaves. The institutional knowledge walks out with them. If accessibility was never embedded into governance structures — training programs, documented standards, workflow checkpoints — it disappears when people do.
Each of these forces operates continuously. None of them pause because a project was completed.
The True Cost of Reactive Compliance
Reactive compliance feels cheaper in the short term. It is not cheaper. It is deferred and amplified cost.
When accessibility is addressed only after issues surface — after a complaint is filed, after a demand letter arrives, after an OCR investigation opens — the organization is paying a premium on every dimension.
Emergency remediation costs more. Fixing issues under legal pressure or enforcement timelines means less time for thoughtful, systematic work and more time for expensive, urgent intervention. Vendors charge more for expedited work. Internal teams scramble.
Legal review adds cost. Complaints require legal counsel engagement regardless of outcome. If the organization cannot produce documentation of prior compliance effort, legal exposure increases. If the matter escalates to a consent decree, the cost structure changes dramatically — ongoing third-party auditing, federal reporting requirements, and multi-year oversight obligations become the norm.
Repeated remediation cycles compound. Organizations that treat accessibility as a project typically complete two, three, or four remediation sprints before they realize the cycle is not self-correcting. Each sprint costs money. None of them create the structural conditions that would prevent the next sprint from being necessary.
The reputational dimension is real. A university known for inaccessible digital services loses prospective students with disabilities before they ever apply. A public agency that makes the news for an accessibility lawsuit loses public trust in ways that extend well beyond the digital experience.
Infrastructure spreads cost predictably over time. Reactive compliance concentrates it at the worst possible moments.
Why Accessibility Compliance Decays: The Four Structural Forces
Understanding why compliance regresses is essential to understanding why infrastructure is the only viable solution.
1. Content Velocity
Public agencies and universities publish at high volume and high frequency. Most of that content is created by people who are not web professionals — department coordinators, faculty, communications staff, administrative assistants.
Without accessible content standards, training, and workflow checkpoints built into the publishing process, every piece of content created by every non-specialist is a potential compliance issue. And because content volume is high, the compounding effect is fast.
A scanned PDF without OCR processing. An infographic without a text alternative. A video without captions. A form with unlabeled fields. Each of these is an individual failure. At publishing velocity, they become systemic exposure.
2. Template Drift
CMS platforms update. Themes get modified. Component libraries evolve. What was a compliant template at the time of launch may not be compliant after the next update cycle.
The dangerous thing about template drift is that it is invisible without monitoring. A single change to a shared template or component can introduce an accessibility failure across every page that inherits from it — sometimes hundreds or thousands of pages simultaneously. And because the change seems minor from a design perspective, it often goes unreviewed.
3. Third-Party Vendor Regression
The modern public agency or university website is not a single codebase. It is an ecosystem of integrated third-party tools. Payment processors. Scheduling systems. LMS platforms. Mapping tools. Chat widgets. Form builders. Each of these tools has its own development and release schedule.
What that means in practice: a vendor who provided a VPAT demonstrating WCAG 2.1 AA conformance at the time of procurement may release an update six months later that introduces new accessibility failures. The vendor may not disclose this. Without ongoing testing of embedded tools, the organization has no visibility into whether the third-party components in its digital environment are still compliant.
4. Organizational Turnover
This is the human infrastructure problem. If accessibility knowledge, standards, and process live inside individuals rather than systems, turnover destroys compliance posture.
The web manager who understood accessibility standards leaves. The developer who knew how to write accessible markup moves on. The IT director who championed the accessibility program retires. Without governance structures that make accessibility process-dependent rather than person-dependent, each departure is a regression event.
The Accessibility Maturity Ladder
Most organizations sit somewhere on a spectrum of accessibility maturity. Understanding where you are is the first step toward building the structure you need.
Stage 1: Reactive
Accessibility is addressed only after a complaint, legal inquiry, or enforcement directive. There is no audit history, no monitoring program, no documentation, and no formal governance. Fixes are made in response to specific issues, not as part of a systematic program. Risk is high and compounding.
Most organizations at this stage believe they are not at this stage.
Stage 2: Remediation-Focused
The organization has completed at least one audit and remediation sprint. Some issues have been fixed. A basic accessibility statement may be published. There may be limited monitoring. Documentation is incomplete or inconsistent. Governance is informal, often dependent on one or two individuals.
Risk is moderate but unstable. The organization is vulnerable to drift and has limited ability to demonstrate defensible compliance if challenged.
Stage 3: Governance-Driven
Accessibility is embedded in operational processes. There is a recurring monitoring cadence. Remediation capacity is defined and allocated. A risk-based prioritization model guides where effort goes. Remediation actions are logged with timestamps. Executive leadership receives regular reporting on compliance status. Vendor procurement includes accessibility review.
Risk is managed and defensible. The organization can demonstrate structured, sustained effort.
The critical observation here: most agencies and institutions believe they are operating at Stage 3. Most are operating at Stage 2. The difference is not intent. The difference is structure.
What Accessibility Infrastructure Actually Looks Like
Infrastructure is not abstract. It is a set of specific, operational components that work together to sustain compliance over time. Here is what each component does and why it matters.
Baseline Audit and Risk Classification
Infrastructure begins with an honest picture of where the organization stands. A documented baseline audit identifies issues by WCAG criterion, severity level, and affected surface. A risk classification model distinguishes between high-impact user journeys — transactional workflows that residents and students depend on — structural template issues that affect large numbers of pages, and lower-priority cosmetic issues.
Without this classification, remediation is driven by what is easiest to fix rather than what creates the most risk. That is not a compliance strategy. It is activity theater.
Dedicated Remediation Capacity
Accessibility fixes require time and skills. Without defined remediation allocation — whether that is internal developer hours, a retainer with an external partner, or some combination — accessibility will consistently lose in the competition for resources. Infrastructure means remediation capacity is planned and predictable, not crisis-driven.
Recurring Monitoring
Automated scanning tools can identify pattern-level issues across large surfaces on a consistent cadence. Manual QA validates real-world user journeys that automated tools miss — keyboard navigation flows, screen reader behavior, error handling logic. Together, these form a monitoring program that catches new issues before they compound.
Monthly cadences are common in mature programs. Annual reviews are insufficient for organizations publishing at meaningful content velocity.
Documentation and Remediation Logging
Every audit, every remediation action, every monitoring scan should be documented. This is not administrative overhead. This is defensibility.
When an enforcement inquiry opens — whether from DOJ, OCR, an advocacy organization, or a private attorney — the organization that can produce a dated audit report, a prioritization framework, a remediation log with timestamps, and a monitoring history is in a fundamentally different position than the organization that can only say "we fixed things."
Documentation transforms effort into evidence. Evidence is what defensibility is built from.
Executive Visibility and Reporting
Accessibility programs that do not have executive visibility do not sustain. They get deprioritized. They lose budget. They lose staffing. They become one person's responsibility, and then that person leaves.
Quarterly reporting to executive and leadership audiences creates institutional accountability. It keeps accessibility on the radar of the people who control resources. It also protects those leaders when questions arise from the outside — because they can demonstrate they were informed and engaged.
Vendor and Procurement Integration
The accessibility of an organization's digital environment is only as strong as its weakest third-party integration. Infrastructure means vendor accessibility is evaluated before tools are purchased, not discovered after they are embedded.
This requires accessibility language in RFPs, VPAT review as a procurement criterion, ongoing testing of integrated tools, and contractual accountability frameworks that give the organization recourse when vendor updates create new accessibility failures.
The Difference This Makes Internally
When accessibility becomes infrastructure rather than a project, the operational experience changes.
Content editors receive accessible publishing guidance before content goes live rather than after it creates a complaint. Developers validate accessibility of new components before launch rather than in response to audit findings. Vendors are evaluated for accessibility before integration rather than after they are embedded in the student or resident experience. Leadership receives regular reporting rather than surprise briefings during enforcement events.
Remediation becomes predictable and budgetable rather than urgent and expensive. Documentation becomes routine rather than frantic. Accessibility stops being a fire drill and becomes part of normal operations.
That is the difference between an organization that is managing this and an organization that is cycling through the same crisis repeatedly.
Where to Start If You Are Still in Project Mode
Most organizations begin in project mode. That is not a failure. It is a starting point.
The transition to infrastructure does not happen all at once. It builds in layers.
Start with a baseline. Get an honest, documented picture of your current compliance posture. Not a surface-level scan. A real audit that identifies issues by severity and surface, with a prioritization model attached.
Allocate remediation capacity. Even if it is modest, define what resources are committed to accessibility work on an ongoing basis. Without allocation, accessibility will always lose to other priorities.
Implement recurring monitoring. Automated scanning is not comprehensive, but it is essential for catching drift between manual audits. Start there and layer in manual QA as the program matures.
Build a remediation log. Start documenting what is being fixed, when, and by whom. This is the beginning of your defensibility record.
Assign clear ownership. Someone needs to be accountable for accessibility at the organizational level. That ownership should be named, documented, and resourced.
From there, governance can scale with the organization's capacity and risk profile.
Infrastructure Is What Compliance Actually Requires
Public agencies do not maintain roads through one-time repairs. They maintain them through inspection cycles, defined maintenance budgets, and monitoring systems. Water infrastructure is not audited once and left alone. It is governed continuously.
Digital services are infrastructure. They require the same operational logic.
The organizations managing ADA compliance well are not doing anything extraordinary. They have made accessibility process-dependent rather than person-dependent. They have built monitoring into their operating cadence. They have created documentation practices that generate defensibility over time.
The organizations creating the most risk are the ones still treating accessibility as something that happened once — and will happen again when the next complaint arrives.
If You Want to Move from Project to Infrastructure
The first step is an honest assessment of whether your current model is reactive, remediation-focused, or governance-driven.
A structured ADA governance assessment evaluates:
- Current monitoring cadence and coverage
- Remediation capacity and allocation
- Documentation completeness and defensibility
- Vendor accessibility oversight
- Executive reporting structure
- Governance ownership and accountability
From there, organizations can build the infrastructure that sustains compliance rather than the projects that reset it.