ADA Accessibility Compliance Program Checklist 2026: Build a Defensible Program
A one-time accessibility fix is not a compliance program. Courts, the DOJ, and enterprise procurement teams increasingly expect evidence of a sustained, documented process — not just a remediated website. This checklist walks through every element of a defensible ADA web accessibility compliance program, from governance to procurement to ongoing monitoring.
Who This Checklist Is For
Organizations that want to get ahead of ADA exposure — private businesses, state and local government entities, universities, and healthcare providers. Also useful for companies building compliance programs as a condition of DOJ settlement or enterprise contract requirements.
Phase 1: Governance and Ownership
An accessibility program without clear ownership fails. The first step is establishing who is accountable and what authority they have.
Designate an Accessibility Coordinator
A named individual (not just a team or role) responsible for ADA compliance. Required by DOJ consent decrees and the 2024 Title II rule. This person needs authority to stop launches, escalate to leadership, and enforce standards with vendors.
Executive sponsorship
Accessibility programs without C-suite backing consistently fail. Document leadership commitment — a signed accessibility policy, budget line, and quarterly review cadence are minimum signals.
Published Accessibility Policy
A written organizational policy stating your commitment to WCAG 2.1 Level AA, the scope of what you're committed to (website, app, digital documents), and who is accountable. Post it internally and link to your Accessibility Statement publicly.
Accessibility Statement on your website
Public-facing page stating your conformance target, known limitations, contact information for reporting barriers, and when the statement was last updated. Required by DOJ for Title II entities; best practice for all. Include a working contact email that is monitored.
Grievance procedure
A documented process for users to report accessibility barriers and receive a response within a defined timeframe (typically 15 business days). Log all complaints and track resolution status.
Phase 2: Accessibility Audit — Know Your Baseline
You can't build a remediation plan without knowing what you're fixing. A proper baseline audit is not a 5-minute automated scan — it combines automated testing with manual evaluation.
Automated WCAG 2.1 AA scan of all public-facing pages
Automated tools catch 30–40% of WCAG violations. Run scans on your homepage, top-traffic pages, checkout/forms, and any page that generates revenue. Export results and timestamp them — this is your legal baseline.
Manual keyboard navigation testing
Tab through every interactive element without a mouse. Verify that all focus states are visible, that no focus traps exist, and that modal dialogs can be closed with keyboard alone. Automated tools miss most keyboard failures.
Screen reader testing
Test with at least one screen reader (NVDA + Firefox on Windows, VoiceOver + Safari on Mac) on your highest-traffic pages. Pay particular attention to forms, dynamic content updates, carousels, and navigation menus.
Color contrast analysis
Check all text against background color ratios. Normal text needs 4.5:1 minimum; large text needs 3:1. Don't forget placeholder text, button labels, and error messages — these commonly fail.
PDF and document accessibility review
Tagged PDFs are required for screen reader access. Run your PDFs through accessibility checkers and confirm reading order, alt text for images, and proper heading structure.
Mobile accessibility testing
Verify touch target sizes (44x44px minimum), reflow at 320px viewport width, and that all content is operable with iOS VoiceOver and Android TalkBack.
Third-party component audit
Identify every third-party widget, chat tool, map, video player, and embedded content on your site. Third-party failures are your legal liability — document them and assess remediation options.
Phase 3: Remediation Plan
Audit findings need to become a tracked, prioritized remediation plan — not a spreadsheet that gets filed away. Use a project management system, not email threads.
Prioritize by severity and business impact
Fix critical blockers first: form fields without labels (users can't submit), keyboard traps (users can't navigate), missing alt text on important images, and missing page titles. These affect the most users and create the most legal exposure.
Set remediation milestones with dates
A remediation plan without dates is a wish list. Set 30/60/90-day milestones for critical, high, and medium-priority fixes. Document target completion dates in a tool that creates an audit trail.
Assign every issue to an owner
Unowned issues don't get fixed. Every finding in your audit should be assigned to a named developer, team, or vendor with a due date and a way to verify completion.
Don't use accessibility overlays as your fix
Overlay widgets (accessiBe, UserWay, etc.) do not reliably bring sites into compliance and have been the subject of their own ADA lawsuits. Remediating the underlying code is the only defensible approach.
Retest after remediation
Fixes that aren't verified have a high failure rate. After each sprint of remediation work, retest the affected components with automated tools and manual screen reader verification.
Document what you've fixed and when
Keep a log of remediation activity — issue, fix, tester, date of verification. This documentation is your evidence of good-faith effort if you face legal inquiry.
Phase 4: Training
Most accessibility failures are introduced by developers, designers, and content editors who weren't trained. Training reduces the rate of new violations entering your codebase.
Developer accessibility training
Annual training covering semantic HTML, ARIA usage, keyboard interaction patterns, and how to use browser devtools and axe DevTools for testing during development. Deque University and Google's web.dev are widely used.
Designer accessibility training
Covers color contrast requirements, focus indicator design, accessible form UI patterns, and touch target sizing. Designers making inaccessible mockups generate downstream remediation costs.
Content editor training
Non-technical staff creating pages, uploading PDFs, adding images, or writing link text need training on alt text, heading hierarchy, descriptive link text, and accessible PDF creation.
Procurement team training
Staff who purchase or contract for technology products need to know how to request VPATs, evaluate accessibility claims in vendor responses, and include ADA compliance requirements in RFPs.
Document training completion
Keep records of who was trained, on what, and when. This documentation matters in DOJ consent decree compliance reporting and demonstrates ongoing program investment.
Phase 5: Accessible Procurement
If you buy inaccessible third-party products and embed them in your digital properties, you own the compliance failure. Accessible procurement prevents new violations from entering your environment.
Include accessibility requirements in RFPs and contracts
Require vendors to provide a VPAT 2.5 (or equivalent WCAG 2.1 AA conformance documentation) as part of the procurement process. Include contractual language requiring WCAG 2.1 AA conformance and the right to test.
Evaluate VPATs before purchase
A VPAT that says 'supports' for every criterion without explanation is not evidence of compliance. Look for specific 'partially supports' disclosures with documented limitations — that indicates the vendor actually tested.
Test accessibility before signing
For major platform purchases, run your own accessibility evaluation or hire a third-party tester before contract execution. Vendor-provided VPATs are self-reported and may not reflect actual conformance.
Include remediation obligations in contracts
If post-purchase testing reveals accessibility failures, you need contractual recourse. Include provisions requiring the vendor to remediate critical issues within defined timelines.
Phase 6: Ongoing Monitoring
Accessibility regresses. Every code deployment, CMS update, or third-party widget change can introduce new violations. Monitoring is not optional — it's the difference between a compliance program and a one-time project.
Automated scanning cadence
Run automated accessibility scans at minimum monthly, ideally on every deployment. Alert on new critical violations before they reach production. Tools like RatedWithAI, axe Monitor, or Siteimprove can automate this.
CI/CD accessibility testing
Integrate automated accessibility testing into your build pipeline. Failing a build on critical WCAG violations prevents regressions from reaching production. axe-core (open source) is the most widely used integration.
Annual third-party audit
An internal team can't objectively assess its own work. Annual third-party accessibility audits provide independent verification and catch issues your internal processes miss. Required by most DOJ consent decrees.
User feedback monitoring
Monitor accessibility reports submitted through your grievance procedure. Pattern complaints signal areas your automated testing is missing. Respond to all reports within your documented timeframe.
Annual compliance review
Each year, review your Accessibility Statement, update your conformance claims based on current testing results, refresh your training materials, and document the program's status for leadership.
Update WCAG target when standards advance
WCAG 2.2 is the current published standard; WCAG 3.0 is in development. Monitor W3C publications and set a roadmap for upgrading your conformance target as courts and regulators catch up to newer versions.
Full Program Checklist: At a Glance
Governance
- Accessibility Coordinator
- Executive sponsorship
- Written policy
- Accessibility Statement
- Grievance procedure
Audit
- Automated WCAG scan
- Keyboard testing
- Screen reader testing
- Color contrast
- PDF/doc review
- Mobile testing
- 3rd-party audit
Remediation
- Prioritized plan
- Milestones + dates
- Issue owners
- No overlays
- Retest after fix
- Documentation log
Training
- Developer training
- Designer training
- Content editor training
- Procurement training
- Completion records
Procurement
- WCAG in RFPs
- Evaluate VPATs
- Test before signing
- Contractual remediation terms
Monitoring
- Monthly automated scans
- CI/CD integration
- Annual 3rd-party audit
- Feedback monitoring
- Annual review
- WCAG version tracking
Start Your Baseline Audit Today
Every compliance program starts with knowing where you stand. RatedWithAI runs automated WCAG 2.1 AA scans across your site, identifies critical violations, and generates exportable audit reports for remediation planning.
Run a Free Accessibility Scan →