RatedWithAI

RatedWithAI

Accessibility scanner

ADA Accessibility Compliance Program Checklist 2026: Build a Defensible Program

Updated June 2026·15 min read·Compliance Guide

A one-time accessibility fix is not a compliance program. Courts, the DOJ, and enterprise procurement teams increasingly expect evidence of a sustained, documented process — not just a remediated website. This checklist walks through every element of a defensible ADA web accessibility compliance program, from governance to procurement to ongoing monitoring.

Who This Checklist Is For

Organizations that want to get ahead of ADA exposure — private businesses, state and local government entities, universities, and healthcare providers. Also useful for companies building compliance programs as a condition of DOJ settlement or enterprise contract requirements.

Phase 1: Governance and Ownership

An accessibility program without clear ownership fails. The first step is establishing who is accountable and what authority they have.

Designate an Accessibility Coordinator

A named individual (not just a team or role) responsible for ADA compliance. Required by DOJ consent decrees and the 2024 Title II rule. This person needs authority to stop launches, escalate to leadership, and enforce standards with vendors.

Executive sponsorship

Accessibility programs without C-suite backing consistently fail. Document leadership commitment — a signed accessibility policy, budget line, and quarterly review cadence are minimum signals.

Published Accessibility Policy

A written organizational policy stating your commitment to WCAG 2.1 Level AA, the scope of what you're committed to (website, app, digital documents), and who is accountable. Post it internally and link to your Accessibility Statement publicly.

Accessibility Statement on your website

Public-facing page stating your conformance target, known limitations, contact information for reporting barriers, and when the statement was last updated. Required by DOJ for Title II entities; best practice for all. Include a working contact email that is monitored.

Grievance procedure

A documented process for users to report accessibility barriers and receive a response within a defined timeframe (typically 15 business days). Log all complaints and track resolution status.

Phase 2: Accessibility Audit — Know Your Baseline

You can't build a remediation plan without knowing what you're fixing. A proper baseline audit is not a 5-minute automated scan — it combines automated testing with manual evaluation.

Automated WCAG 2.1 AA scan of all public-facing pages

Automated tools catch 30–40% of WCAG violations. Run scans on your homepage, top-traffic pages, checkout/forms, and any page that generates revenue. Export results and timestamp them — this is your legal baseline.

Manual keyboard navigation testing

Tab through every interactive element without a mouse. Verify that all focus states are visible, that no focus traps exist, and that modal dialogs can be closed with keyboard alone. Automated tools miss most keyboard failures.

Screen reader testing

Test with at least one screen reader (NVDA + Firefox on Windows, VoiceOver + Safari on Mac) on your highest-traffic pages. Pay particular attention to forms, dynamic content updates, carousels, and navigation menus.

Color contrast analysis

Check all text against background color ratios. Normal text needs 4.5:1 minimum; large text needs 3:1. Don't forget placeholder text, button labels, and error messages — these commonly fail.

PDF and document accessibility review

Tagged PDFs are required for screen reader access. Run your PDFs through accessibility checkers and confirm reading order, alt text for images, and proper heading structure.

Mobile accessibility testing

Verify touch target sizes (44x44px minimum), reflow at 320px viewport width, and that all content is operable with iOS VoiceOver and Android TalkBack.

Third-party component audit

Identify every third-party widget, chat tool, map, video player, and embedded content on your site. Third-party failures are your legal liability — document them and assess remediation options.

Phase 3: Remediation Plan

Audit findings need to become a tracked, prioritized remediation plan — not a spreadsheet that gets filed away. Use a project management system, not email threads.

Prioritize by severity and business impact

Fix critical blockers first: form fields without labels (users can't submit), keyboard traps (users can't navigate), missing alt text on important images, and missing page titles. These affect the most users and create the most legal exposure.

Set remediation milestones with dates

A remediation plan without dates is a wish list. Set 30/60/90-day milestones for critical, high, and medium-priority fixes. Document target completion dates in a tool that creates an audit trail.

Assign every issue to an owner

Unowned issues don't get fixed. Every finding in your audit should be assigned to a named developer, team, or vendor with a due date and a way to verify completion.

Don't use accessibility overlays as your fix

Overlay widgets (accessiBe, UserWay, etc.) do not reliably bring sites into compliance and have been the subject of their own ADA lawsuits. Remediating the underlying code is the only defensible approach.

Retest after remediation

Fixes that aren't verified have a high failure rate. After each sprint of remediation work, retest the affected components with automated tools and manual screen reader verification.

Document what you've fixed and when

Keep a log of remediation activity — issue, fix, tester, date of verification. This documentation is your evidence of good-faith effort if you face legal inquiry.

Phase 4: Training

Most accessibility failures are introduced by developers, designers, and content editors who weren't trained. Training reduces the rate of new violations entering your codebase.

Developer accessibility training

Annual training covering semantic HTML, ARIA usage, keyboard interaction patterns, and how to use browser devtools and axe DevTools for testing during development. Deque University and Google's web.dev are widely used.

Designer accessibility training

Covers color contrast requirements, focus indicator design, accessible form UI patterns, and touch target sizing. Designers making inaccessible mockups generate downstream remediation costs.

Content editor training

Non-technical staff creating pages, uploading PDFs, adding images, or writing link text need training on alt text, heading hierarchy, descriptive link text, and accessible PDF creation.

Procurement team training

Staff who purchase or contract for technology products need to know how to request VPATs, evaluate accessibility claims in vendor responses, and include ADA compliance requirements in RFPs.

Document training completion

Keep records of who was trained, on what, and when. This documentation matters in DOJ consent decree compliance reporting and demonstrates ongoing program investment.

Phase 5: Accessible Procurement

If you buy inaccessible third-party products and embed them in your digital properties, you own the compliance failure. Accessible procurement prevents new violations from entering your environment.

Include accessibility requirements in RFPs and contracts

Require vendors to provide a VPAT 2.5 (or equivalent WCAG 2.1 AA conformance documentation) as part of the procurement process. Include contractual language requiring WCAG 2.1 AA conformance and the right to test.

Evaluate VPATs before purchase

A VPAT that says 'supports' for every criterion without explanation is not evidence of compliance. Look for specific 'partially supports' disclosures with documented limitations — that indicates the vendor actually tested.

Test accessibility before signing

For major platform purchases, run your own accessibility evaluation or hire a third-party tester before contract execution. Vendor-provided VPATs are self-reported and may not reflect actual conformance.

Include remediation obligations in contracts

If post-purchase testing reveals accessibility failures, you need contractual recourse. Include provisions requiring the vendor to remediate critical issues within defined timelines.

Phase 6: Ongoing Monitoring

Accessibility regresses. Every code deployment, CMS update, or third-party widget change can introduce new violations. Monitoring is not optional — it's the difference between a compliance program and a one-time project.

Automated scanning cadence

Run automated accessibility scans at minimum monthly, ideally on every deployment. Alert on new critical violations before they reach production. Tools like RatedWithAI, axe Monitor, or Siteimprove can automate this.

CI/CD accessibility testing

Integrate automated accessibility testing into your build pipeline. Failing a build on critical WCAG violations prevents regressions from reaching production. axe-core (open source) is the most widely used integration.

Annual third-party audit

An internal team can't objectively assess its own work. Annual third-party accessibility audits provide independent verification and catch issues your internal processes miss. Required by most DOJ consent decrees.

User feedback monitoring

Monitor accessibility reports submitted through your grievance procedure. Pattern complaints signal areas your automated testing is missing. Respond to all reports within your documented timeframe.

Annual compliance review

Each year, review your Accessibility Statement, update your conformance claims based on current testing results, refresh your training materials, and document the program's status for leadership.

Update WCAG target when standards advance

WCAG 2.2 is the current published standard; WCAG 3.0 is in development. Monitor W3C publications and set a roadmap for upgrading your conformance target as courts and regulators catch up to newer versions.

Full Program Checklist: At a Glance

Governance

  • Accessibility Coordinator
  • Executive sponsorship
  • Written policy
  • Accessibility Statement
  • Grievance procedure

Audit

  • Automated WCAG scan
  • Keyboard testing
  • Screen reader testing
  • Color contrast
  • PDF/doc review
  • Mobile testing
  • 3rd-party audit

Remediation

  • Prioritized plan
  • Milestones + dates
  • Issue owners
  • No overlays
  • Retest after fix
  • Documentation log

Training

  • Developer training
  • Designer training
  • Content editor training
  • Procurement training
  • Completion records

Procurement

  • WCAG in RFPs
  • Evaluate VPATs
  • Test before signing
  • Contractual remediation terms

Monitoring

  • Monthly automated scans
  • CI/CD integration
  • Annual 3rd-party audit
  • Feedback monitoring
  • Annual review
  • WCAG version tracking

Start Your Baseline Audit Today

Every compliance program starts with knowing where you stand. RatedWithAI runs automated WCAG 2.1 AA scans across your site, identifies critical violations, and generates exportable audit reports for remediation planning.

Run a Free Accessibility Scan →