Public agencies in 2026 are operating in a compliance environment that has fundamentally changed.
ADA Title II digital accessibility is no longer an IT checklist item or a "nice to have" on a website redesign brief. It is a civil rights obligation, enforced under federal law, with enforcement patterns that are becoming more consistent, more public, and more consequential.
If your agency delivers services through a website, online portal, digital form, embedded system, or downloadable document, you are operating digital infrastructure. And that infrastructure is subject to the same access requirements as any physical facility you maintain.
This guide is written for CIOs, web administrators, and agency leadership who need clarity, not panic. It covers:
- What ADA Title II actually requires for digital services
- What WCAG 2.1 AA means in operational terms, not abstract ones
- How ADA enforcement unfolds in practice
- The most common failure points across public sector environments
- What defensible compliance documentation looks like
- What agencies should be doing right now
Let's get into it.
1. ADA Title II and Digital Accessibility: The Legal Foundation
Title II of the Americans with Disabilities Act of 1990 prohibits state and local governments from discriminating against people with disabilities in programs, services, and activities.
For most of the ADA's history, "programs, services, and activities" meant physical access. Ramps. Restrooms. Parking. Counter heights.
That era is over.
In 2024, the Department of Justice finalized a rule explicitly extending ADA Title II to digital services. In 2026, compliance timelines for many agencies have either arrived or are approaching fast. The DOJ's position is clear: digital access is not a gray area. It is a direct extension of Title II obligations.
Digital services covered under Title II include:
- Public agency websites and intranets accessible to the public
- Online permit, license, and registration systems
- Payment portals and fee collection tools
- Public records databases and FOIA portals
- Interactive maps and GIS dashboards
- Meeting livestreams, recordings, and agendas
- Downloadable forms, reports, and board packets
- Third-party scheduling, reservation, and service platforms embedded on agency sites
If a resident uses it to engage with your agency, it is part of your obligation.
That third-party point is not a technicality. Many agencies assume that using a vendor means transferring compliance responsibility. It does not. Public entities remain accountable for the accessibility of services delivered to the public, regardless of who built the underlying system.
2. WCAG 2.1 AA: What It Actually Means for Your Agency
WCAG, the Web Content Accessibility Guidelines, is the technical standard referenced in the DOJ rule and the baseline most courts and enforcement bodies use when evaluating digital accessibility compliance.
The current required standard is WCAG 2.1 Level AA.
WCAG 2.1 AA is organized around four core principles, often abbreviated as POUR: Perceivable, Operable, Understandable, and Robust. Each principle contains specific, testable success criteria. Agencies do not meet WCAG 2.1 AA by expressing intent. They meet it by satisfying those criteria across their digital surfaces.
Here is what each principle means in the context of public sector operations.
Perceivable
Information must be presented in ways all users can perceive, regardless of sensory ability.
In practice, that means:
- Every non-text element, including images, icons, and charts, requires meaningful alternative text that a screen reader can interpret
- All video content requires accurate closed captions
- Pre-recorded audio content requires transcripts
- Color contrast between text and background must meet minimum ratio thresholds (4.5:1 for standard text, 3:1 for large text)
- Data tables must include programmatic header structure so screen readers can parse relationships between cells
- Documents must have logical reading order when interpreted outside of visual context
Common failure points in public agencies:
Scanned PDFs are one of the most pervasive issues in local government. A board agenda scanned to PDF is a flat image. Screen readers see nothing. Agencies post thousands of these.
Charts and infographics published without text alternatives. A GIS map embedded without a structured alternative. Public notices published as images. All perceivability failures.
If a user relying on assistive technology cannot access the information in a document, that document is inaccessible, full stop.
Operable
Users must be able to navigate and interact with digital content using different input methods, not just a mouse.
Keyboard-only navigation is the primary benchmark. If a user cannot access every function of a page or application using only a keyboard, the content fails operability.
This includes:
- Full keyboard access to all interactive elements
- Visible focus indicators so keyboard users can see where they are on the page
- Logical tab order that follows content hierarchy
- No keyboard traps where focus enters a component and cannot exit
- Time limits that can be adjusted or disabled
- No content that flashes more than three times per second (seizure risk)
- Accessible dropdown menus and navigation structures
Common failure points in public agencies:
Online permit and license applications are high-risk. Custom date pickers that require mouse interaction. Modal windows that capture keyboard focus and do not allow escape. Multi-step application forms with illogical tab order.
Interactive maps are another consistent problem area. Most GIS tools embedded on agency websites are not keyboard navigable and provide no accessible alternative pathway.
CAPTCHA systems without audio alternatives lock out screen reader users entirely.
Forms are the single most common trigger for accessibility complaints. If your agency's online service delivery depends on forms, your forms need to be tested specifically for operability.
Understandable
Content and interface behavior must be clear, predictable, and usable under constraint.
This principle extends beyond technical markup into content design and interface logic.
Requirements include:
- Form fields must have visible, programmatically associated labels
- Error messages must identify what went wrong and how to correct it, not just flag a problem in red
- Navigation must be consistent across pages
- Content structure must follow logical hierarchy
- Language must be identified in code so assistive technology uses the correct voice profile
- Unusual words, abbreviations, and jargon should be explained or avoided
Common failure points in public agencies:
Forms that fail silently. A user submits an incomplete application and receives no meaningful feedback. Or receives an error message that says only "Invalid entry" without identifying which field or what the correct format is.
PDFs with no document structure. No headings. No reading order. No accessible form fields. Just positioned text that looks correct visually but is navigated in random order by screen readers.
Error messages that rely solely on color to communicate status, failing users with color vision deficiencies.
Accessibility is not only a technical problem. It is a usability problem. The understandability principle is where many agencies have technical markup correct but still fail in practice.
Robust
Content must be compatible with current and future assistive technologies, including screen readers, voice control software, and switch access devices.
Requirements include:
- Valid, well-formed HTML
- Correct use of ARIA attributes to communicate roles, states, and properties to assistive technology
- Content that does not break when accessed through non-standard browsers or assistive tools
- Compatibility maintained across platform updates and CMS changes
Why this matters operationally:
This is the governance principle. An agency's website may have been fully accessible after a remediation project two years ago. But if content has been added, templates modified, plugins updated, or third-party integrations changed without accessibility review, the site may have regressed significantly.
WCAG robustness is not a one-time achievement. It is a maintenance discipline.
3. How ADA Digital Accessibility Enforcement Actually Unfolds
There is a persistent assumption that enforcement means a surprise audit or a federal agency showing up unannounced.
That is not how it works.
Enforcement typically begins with one of the following:
- An individual complaint filed with the DOJ or a state civil rights authority
- A complaint filed by a disability advocacy organization
- A direct demand letter from a private attorney
- A civil lawsuit filed in federal or state court
- A proactive DOJ inquiry or compliance review targeting a category of agencies
- An internal trigger, often driven by a news story, a resident complaint forwarded to leadership, or a council or board inquiry
When an enforcement inquiry begins, the evaluation framework is not "Is every single page perfect?" It is whether the agency has demonstrated good faith, structured effort, and meaningful progress.
The questions enforcement bodies actually ask:
Does the agency have a formal accessibility policy? Has the agency conducted a documented audit? Is there evidence of risk-based prioritization? Are high-impact workflows addressed first? Is remediation ongoing and tracked? Is there executive-level accountability? Does the agency have a public accessibility statement and a complaint intake process?
What resolution typically looks like:
When complaints result in formal resolution, agencies often enter into settlement agreements or consent decrees with the DOJ. These typically require:
- A comprehensive third-party accessibility audit
- A prioritized remediation plan with defined timelines
- Ongoing monitoring and reporting requirements
- Staff training programs with documentation
- A published, updated public accessibility statement
- A formal complaint intake and response process
- Annual progress reporting to the DOJ
The consistent pattern across enforcement cases is that agencies with documented, actively managed compliance programs are treated differently than agencies with no formal structure. Not just in penalty exposure, but in the nature of the resolution process itself.
The absence of documentation is itself a liability. Not because an agency did nothing, but because it cannot demonstrate what it did.
4. The Most Common ADA Compliance Failure Points in Public Agencies
These are not edge cases. They appear consistently across audits of city, county, and state agency websites.
Decentralized Publishing Without Governance
Multiple departments publish to the website independently. Content editors are not trained on accessibility requirements. CMS templates are modified at the department level without review. No one owns the accessibility of content created outside IT. Accessibility drifts at the rate at which new content is published.
This is structural. Fixing individual pages does not solve a governance problem.
PDF and Document Overload
Board packets. Public meeting agendas. Annual reports. Budget documents. Permit applications. Grant announcements.
PDFs represent a disproportionate share of ADA compliance risk in public sector environments. They are frequently scanned without OCR processing, exported from applications without accessibility structure, published without tagged headings or reading order, and never reviewed after posting.
Agencies routinely underestimate how many inaccessible PDFs are publicly accessible on their domain. A site audit often reveals hundreds.
Third-Party Vendor Assumptions
Online payment processing. Park and facility reservations. Scheduling systems. Permit portals built by software vendors. Embedded mapping tools.
Agencies assume that using a third-party vendor transfers compliance responsibility. Courts and enforcement bodies disagree. The agency is responsible for the accessibility of the service delivered to the public. The vendor relationship is a procurement and contract management issue, not a liability shield.
If a vendor cannot demonstrate WCAG 2.1 AA compliance and provide a current VPAT (Voluntary Product Accessibility Template), the agency carries that risk.
One-Time Audit, No Follow-Through
An agency commissions an accessibility audit. Issues are identified. A portion are remediated. The audit is filed. Six months later, new content has introduced new issues. A CMS update has broken several components. Two new third-party tools have been integrated without accessibility review.
Accessibility without continuous monitoring regresses. Every month without oversight is a month of drift.
5. Project Compliance vs. Governance Compliance
Most agencies, when they engage with accessibility for the first time, pursue project compliance. It feels like the right starting point.
It is not enough.
Project compliance looks like:
- One-time audit conducted
- A list of issues documented
- A remediation sprint completed
- The project closed
- No monitoring
- No ownership
- No reporting
Governance compliance looks like:
- A baseline audit with full documentation
- A risk-based prioritization model that addresses high-impact workflows first
- Ongoing monthly monitoring with automated and manual testing
- A remediation log tracking issues by status, priority, and owner
- Clear internal ownership at the department and leadership level
- Quarterly reporting to executive leadership and council or board as appropriate
- Accessibility review integrated into the vendor procurement process
- Accessibility included in the content publishing workflow
- A published accessibility statement with a working complaint intake process
- Staff training documented and recurring
Only one of these models is defensible under scrutiny. Only one scales with staff turnover, CMS changes, and content growth. Only one positions an agency as a credible steward of public access.
Governance is not a larger version of a project. It is a different discipline.
6. What Defensible ADA Compliance Documentation Looks Like
If your agency is asked to demonstrate compliance effort by a federal investigator, an advocacy group attorney, or a city council member responding to a constituent complaint, the evidence that matters is structured and specific.
Strong compliance programs include:
Policy and Public Commitment A formal, board-approved accessibility policy. A published accessibility statement on the agency website that identifies the standard, the contact for complaints, and the date of the last review. This is often the first thing enforcement bodies look for.
Audit Documentation A current baseline audit covering the primary website, key workflows, and high-volume documents. The audit should identify issues by WCAG criterion, severity level, and affected page or document. Ideally conducted within the last 12 to 18 months.
Prioritization Framework Not all issues carry equal weight. A prioritization framework documents how the agency has ranked issues for remediation based on impact, volume, and compliance risk. This demonstrates that resource allocation is intentional, not arbitrary.
Remediation Log A living document tracking issues identified, remediation assigned, status, and resolution date. This is the operational record of ongoing compliance. Its absence is conspicuous.
Monitoring Records Evidence of recurring evaluation. Automated scan results. Manual testing records. Third-party review reports. A monitoring cadence creates a timeline that demonstrates sustained effort rather than a single past event.
Training Documentation Records of accessibility training completed by content editors, web staff, and relevant leadership. Who was trained, on what, and when.
Complaint Intake and Response A functioning process for receiving and responding to accessibility complaints. Documentation of complaints received and how they were resolved.
Vendor Review Records VPATs or equivalent documentation for third-party tools. Evidence that accessibility was evaluated as part of procurement decisions.
Executive Reporting Records showing that accessibility status was communicated to agency leadership on a regular basis. This demonstrates organizational accountability, not just technical activity.
The through line here is documentation. Agencies are not evaluated solely on whether every pixel is perfect. They are evaluated on whether they have built a structure that takes accessibility seriously and can prove it.
7. What Public Agencies Should Be Doing Right Now
This is not a 48-hour sprint. It is not a website redesign project. It is a compliance program.
Programs start with structure. Here is a practical sequence.
Step 1: Conduct or update a baseline audit. If your agency has not had a formal accessibility audit in the last 18 months, your current compliance posture is unknown. Start here. The audit should cover your primary website, top-volume digital workflows, and a representative sample of your document library.
Step 2: Identify and prioritize high-impact workflows. Online services that residents depend on are the highest-priority remediation targets. Permit applications. Payment portals. Public meeting participation tools. Address these before decorative pages.
Step 3: Fix template-level issues. Issues that exist in your CMS templates or global components affect every page. A broken navigation structure, missing skip links, or inaccessible form components at the template level multiplies across your entire site. Template-level fixes have the highest return.
Step 4: Address your PDF and document library. Establish a process for remediating high-volume and high-visibility documents. Prioritize forms and any document required for public participation. Implement a going-forward standard for new document publishing.
Step 5: Implement recurring monitoring. Automated monitoring tools can catch regressions between manual audits. Monthly scans with human review of flagged issues is a defensible baseline.
Step 6: Establish a remediation log and assign ownership. Accessibility without accountability drifts. Someone has to own this. That ownership should be clear, documented, and resourced.
Step 7: Build executive reporting into the cadence. Quarterly accessibility status reports to agency leadership create institutional accountability. They also protect leadership when questions arise.
Step 8: Review vendor agreements. Identify third-party tools embedded in your digital services. Request VPATs. Evaluate accessibility as a procurement criterion going forward.
Digital Accessibility Is Public Infrastructure
Public agencies do not inspect bridges once and consider the obligation complete. They maintain them on a schedule, document findings, allocate repair resources, and report to oversight bodies.
Water systems. Fleet maintenance. Building inspections. All of these are governed by recurring programs with structured documentation and clear accountability.
Digital accessibility is no different.
The agencies that are managing this well are not doing anything extraordinary. They have assigned ownership, established a monitoring cadence, documented their work, and made accessibility a standing operational commitment rather than a project.
The agencies creating the most risk are the ones treating accessibility as something that happened once.
The Next Step Is Assessment, Not Panic
If your agency does not have a clear picture of its current accessibility posture, the right move is not a crash remediation sprint. It is an honest baseline assessment.
A structured ADA risk assessment identifies:
- High-risk workflows requiring immediate attention
- Template and component-level issues affecting the full site
- Documentation gaps that create enforcement exposure
- Governance weaknesses that will cause regression
From there, your agency can prioritize intelligently, allocate resources where they matter most, and build a compliance program that actually holds up.