RatedWithAI
Accessibility scanner
Section 508 Compliance: The Complete Guide for 2026
Section 508 of the Rehabilitation Act requires federal agencies — and any organization that receives federal funding or builds technology for the government — to make their information and communications technology (ICT) accessible to people with disabilities. With 9,900+ monthly searches for "section 508 compliance" and the April 24, 2026 ADA Title II deadline amplifying urgency, understanding these requirements has never been more critical.
Table of Contents
What Is Section 508?
Section 508 is part of the Rehabilitation Act of 1973, a landmark civil rights law that prohibits discrimination based on disability in programs conducted by federal agencies and in programs receiving federal financial assistance. Specifically, Section 508 addresses electronic and information technology (EIT) — now referred to as information and communications technology (ICT).
The law was first added as an amendment in 1986, but it wasn't until the Workforce Investment Act of 1998 that Section 508 gained real enforcement teeth. The 1998 amendment required federal agencies to make their electronic and information technology accessible to people with disabilities — both employees and members of the public.
The 2017 Section 508 Refresh
In January 2017, the U.S. Access Board published a major update to Section 508— commonly called the "508 Refresh." This was the first significant update in nearly 20 years, and it fundamentally changed how compliance is measured by incorporating the Web Content Accessibility Guidelines (WCAG) as the technical standard.
Key changes in the 2017 refresh:
- WCAG 2.0 Level AA incorporation — The refresh directly references WCAG 2.0 Level A and AA success criteria as the standard for web content, electronic documents, and software
- Technology-neutral approach — Instead of prescribing specific technologies, the updated standards focus on functional performance criteria that apply regardless of the technology used
- Harmonization with international standards — The refresh aligns Section 508 with the European standard EN 301 549, making it easier for multinational organizations to comply with both simultaneously
- Expanded scope to ICT — The terminology shifted from "electronic and information technology" to "information and communications technology" (ICT), broadening the categories of covered technology
- Authoring tool requirements — Tools used to create web content must also support the creation of accessible content
Who Must Comply with Section 508?
Section 508 applies to a broader range of organizations than most people realize. If your organization has any connection to the federal government, you likely have Section 508 obligations.
Federal Agencies
All executive branch agencies, independent regulatory agencies, the Postal Service, and the Postal Rate Commission. All ICT they develop, procure, maintain, or use must be accessible.
Federal Contractors
Any company that builds, sells, or maintains ICT products for the federal government. The Federal Acquisition Regulation (FAR) requires Section 508 compliance in contracts.
Recipients of Federal Funding
State agencies, universities, non-profits, and other organizations that receive federal grants, loans, or other financial assistance. This extends Section 504 protections to their digital assets.
State & Local Government (via Section 504)
While Section 508 is technically federal-only, Section 504 of the same law requires any program receiving federal money to be accessible. Most state/local governments receive some federal funding.
Defense Contractors
DoD contracts increasingly require Section 508 compliance. The Defense Information Systems Agency (DISA) has specific accessibility testing requirements for all delivered systems.
Healthcare Organizations
Hospitals and health systems receiving Medicare/Medicaid funding (i.e., virtually all of them) have Section 504 obligations that mirror Section 508 requirements.
💡 Important: The "Federal Nexus" Rule
Even if your organization isn't a federal agency, the "federal nexus" can bring you under Section 508's umbrella. If you receive federal grants (research universities, state Medicaid programs, transportation agencies), bid on federal contracts (SaaS vendors, IT consultancies), or participate in federally funded programs, your ICT must meet Section 508 standards. In practice, this covers tens of thousands of organizations beyond the federal government itself.
Section 508 vs WCAG 2.1 vs ADA Title II: Key Differences
These three standards are often confused, but they serve different purposes, apply to different organizations, and have different technical requirements. Understanding the differences — and overlaps — is essential for compliance planning.
The critical distinction: Section 508 currently references WCAG 2.0 Level AA, while the new ADA Title II rule references WCAG 2.1 Level AA. WCAG 2.1 adds 17 new success criteria beyond WCAG 2.0, primarily addressing mobile accessibility, low vision, and cognitive disabilities. If your organization falls under both Section 508 and ADA Title II, you should target WCAG 2.1 AA to satisfy both.
Complete Section 508 Compliance Checklist
Section 508 covers four main categories of ICT. Here's a comprehensive checklist organized by category:
Web Content & Electronic Documents
- ☐All images have meaningful alt text (or empty alt for decorative images)
- ☐Color contrast ratios meet 4.5:1 for normal text and 3:1 for large text
- ☐All content is accessible via keyboard alone (no mouse-only interactions)
- ☐Form inputs have associated labels and clear error messages
- ☐Heading hierarchy is logical (H1 → H2 → H3, no skipped levels)
- ☐Data tables have proper headers (th elements with scope attributes)
- ☐Links have descriptive text (no 'click here' or 'read more')
- ☐Page language is declared in the HTML lang attribute
- ☐PDF documents are tagged and have a logical reading order
- ☐Video content has captions and audio content has transcripts
- ☐ARIA landmarks are used correctly (main, nav, banner, complementary)
- ☐Dynamic content changes are announced to screen readers
Software Applications
- ☐All functionality is operable via keyboard
- ☐Screen reader compatible (proper API exposure of names, roles, states, values)
- ☐Focus management is logical and visible
- ☐Status messages are programmatically determined
- ☐User preferences for color, contrast, and font size are respected
- ☐No content flashes more than 3 times per second
- ☐Timed interactions can be extended or disabled
- ☐Error identification is specific and suggests corrections
Hardware & Telecommunications
- ☐Physical controls have tactile markers and are operable by users with limited dexterity
- ☐Visual information has an audio alternative
- ☐Audio information has a visual alternative
- ☐Biometric authentication has a non-biometric alternative
- ☐Hardware does not require simultaneous user actions
- ☐Telecom products support TTY and real-time text (RTT)
Support Documentation & Services
- ☐Product documentation is available in accessible formats
- ☐Support services (help desk, training) accommodate users with disabilities
- ☐Installation instructions are accessible
- ☐End-user documentation describes accessibility features
- ☐Accessibility conformance reports (VPATs/ACRs) are publicly available
How to Test for Section 508 Compliance
Effective Section 508 testing combines automated scanning, manual evaluation, and assistive technology testing. No single approach catches everything — you need all three.
1. Automated Scanning
Automated tools can detect approximately 30-40% of WCAG violationsinstantly. They're the best starting point because they can scan hundreds of pages in minutes and identify the most common issues like missing alt text, contrast failures, and missing form labels.
Start Your Section 508 Audit Now
RatedWithAI scans your website against WCAG 2.0 AA (Section 508) and WCAG 2.1 AA (ADA Title II) standards simultaneously. Get a compliance score, violation counts, and prioritized fix recommendations in seconds.
2. Manual Evaluation
Manual testing catches the other 60-70% of issues that automated tools miss. Focus on:
- Keyboard navigation — Tab through the entire page. Can you reach and operate every interactive element? Is the focus order logical? Is the focus indicator visible?
- Content structure — Are headings used correctly and hierarchically? Do data tables make sense without visual formatting? Is the reading order logical?
- Dynamic content — Are modal dialogs, accordions, and menus accessible? Does focus move appropriately when content changes?
- Cognitive accessibility — Are error messages clear and specific? Can users undo or correct actions? Is language plain and understandable?
3. Assistive Technology Testing
The DHS Trusted Tester process recommends testing with actual screen readers and assistive technologies:
Free, open-source screen reader. The most popular testing tool for Section 508 evaluations. Used in the DHS Trusted Tester process.
Industry-standard commercial screen reader. Most widely used by blind computer users. Essential for enterprise testing.
Built into Apple devices. Critical for testing iOS and macOS applications. No additional cost.
Built into Android devices. Required for testing Android applications.
Voice recognition software. Tests voice-only navigation for users with motor disabilities.
4. VPAT / Accessibility Conformance Report (ACR)
For federal procurement, you'll need a Voluntary Product Accessibility Template (VPAT). The VPAT is a standardized document that describes how your product conforms to Section 508 standards. There are four editions:
- WCAG Edition — For products evaluated against WCAG 2.0 or 2.1 (most common)
- Section 508 Edition — For products evaluated against the Revised Section 508 Standards
- EN 301 549 Edition — For products evaluated against the European standard
- INT Edition — Combined version covering all three standards simultaneously
Download VPAT templates and learn how to complete them →
Section 508 and the April 24, 2026 Deadline
While Section 508 has been in effect since 2001 (with the 2017 refresh effective January 2018), the upcoming April 24, 2026 ADA Title II deadline creates new urgency for many organizations that overlap both laws.
Here's why the deadline matters for Section 508-covered organizations:
State agencies receiving federal funding
Must comply with both Section 508 (via Section 504) AND the new ADA Title II WCAG 2.1 AA requirement. The ADA rule is stricter — WCAG 2.1 has 17 more criteria than WCAG 2.0.
Public universities
Federal research grants trigger Section 508. State funding triggers ADA Title II. Both now apply, and the higher standard (WCAG 2.1 AA) effectively becomes the floor.
Federal contractors serving state/local gov
Your government clients now face the April 2026 deadline. If your product isn't WCAG 2.1 AA compliant, they can't use it. This is a contract risk.
Healthcare systems
Medicare/Medicaid funding triggers Section 504/508. Hospital websites serving 50K+ populations also face ADA Title II. Double exposure requires the higher standard.
Bottom line: If your organization is subject to Section 508, you should already be targeting WCAG 2.1 Level AA — not just WCAG 2.0 — to future-proof compliance. The regulatory landscape is converging on 2.1 as the minimum standard.
Read our full ADA Title II deadline countdown guide →
Common Section 508 Failures and How to Fix Them
Based on data from the DHS Section 508 program office, GSA's IT Accessibility program, and WebAIM's 2026 Million Report, these are the most frequently cited violations — and their fixes:
Missing or inadequate alt text
CriticalFix: Add descriptive alt text to all meaningful images. Use alt="" for purely decorative images. For complex images (charts, diagrams), provide a long description via aria-describedby or a linked text alternative.
Insufficient color contrast
CriticalFix: Ensure text has at least 4.5:1 contrast ratio against its background. Large text (18pt or 14pt bold) needs 3:1. Use a contrast checker tool. Don't rely on color alone to convey information.
Missing form input labels
CriticalFix: Associate every form input with a label using the for/id pattern: <label for="email">Email</label><input id="email">. For visually hidden labels, use the sr-only CSS class pattern. Never use placeholder text as the only label.
Keyboard traps
CriticalFix: Ensure users can navigate into and out of every component using only the keyboard. Modal dialogs must trap focus inside while open but release it on close. Test by tabbing through the entire page without using a mouse.
Missing page language
MediumFix: Add lang attribute to the HTML element: <html lang="en">. For content in a different language, use the lang attribute on the containing element: <span lang="es">Hola mundo</span>.
Empty or vague links
HighFix: Replace 'click here', 'read more', and 'learn more' with descriptive text: 'Read our accessibility compliance guide'. If a link wraps an image, the image's alt text serves as the link text.
Inaccessible PDF documents
HighFix: Tag PDFs with proper heading structure, reading order, alt text, and table headers. Use Adobe Acrobat's accessibility checker. Better yet: publish content as HTML instead of PDF wherever possible.
Missing captions on video
CriticalFix: Add synchronized captions to all prerecorded video with audio. Auto-generated captions must be reviewed and corrected for accuracy. Live events need real-time captioning services.
See our detailed guide to fixing common WCAG failures →
Section 508 Enforcement and Penalties
Section 508 enforcement has historically been weaker than ADA Title III enforcement, but that's changing rapidly. Here are the mechanisms that can hold organizations accountable:
Administrative Complaints
Moderate RiskFederal employees and members of the public can file complaints with any federal agency. The agency must investigate and resolve. Since 2023, the DOJ has been more aggressive in tracking complaint resolution.
Contract Actions
High RiskFederal procurement officers can reject products without adequate VPATs, cancel contracts for non-compliance, or require remediation at the vendor's expense. The GSA's Buy Accessible program actively enforces this.
Section 504 Lawsuits
Very High RiskWhile Section 508 itself doesn't create a private right of action, Section 504 does. Organizations receiving federal funding can be sued under Section 504 for inaccessible ICT. This is how most enforcement actually happens.
DOJ Enforcement
Very High RiskThe DOJ can investigate and sue federal agencies and federally-funded organizations. Recent settlements have included multi-million dollar remediation requirements and ongoing monitoring.
Congressional Oversight
Moderate RiskThe Government Accountability Office (GAO) periodically audits federal agency compliance. Findings are public and can lead to budget impacts.
Recent Section 508 Enforcement Actions
Frequently Asked Questions
Does Section 508 apply to my company if we're not a federal agency?
What's the difference between WCAG 2.0 and WCAG 2.1 for Section 508?
Do I need a VPAT to sell to the federal government?
Can I use an accessibility overlay widget for Section 508 compliance?
How often should I test for Section 508 compliance?
What's the DHS Trusted Tester process?
Does Section 508 apply to mobile apps?
What happens if I fail a Section 508 audit?
Check Your Section 508 Compliance
Our free scanner tests your website against WCAG 2.0 AA (Section 508) and WCAG 2.1 AA (ADA Title II) simultaneously. Get your compliance score in under 60 seconds.