The Department of Justice finalized its ADA Title II rule on digital accessibility in April 2024. The compliance deadlines began arriving in April 2026 for larger public entities and continue into April 2027 for smaller ones. Enforcement is active. Civil-rights investigations tied to the rule are public record.
Most public-serving organizations we work with have a general awareness of the rule but underestimate its operational footprint. The rule does not apply narrowly to a website homepage or a single compliance statement. It applies to the full digital surface area an organization presents to the public, including documents, video, mobile applications, and third-party services that deliver government functions.
What the rule requires
The rule sets WCAG 2.1 Level AA as the standard for web content and mobile applications made available by state and local government entities. The scope extends to:
- Public-facing web content, including static pages, dynamic pages, and web applications.
- Mobile applications offered by the entity.
- Electronic documents posted on public-facing sites, including PDFs, Word, Excel, and PowerPoint.
- Multimedia content, including captioning and audio description obligations for video.
- Third-party content where the entity contracts for a function it would otherwise perform itself.
Technical conformance to WCAG 2.1 Level AA is the expressed target. In practice, conformance is evaluated across perceivability, operability, understandability, and robustness, with specific success criteria for contrast, keyboard access, focus indicators, alt text, heading structure, form labels, error identification, captioning, and more.
Enforcement is handled by DOJ and private plaintiffs. The remedy set includes consent decrees, injunctive relief, and, in some circumstances, damages. The reputational consequences of an enforcement matter are often larger than the direct legal cost.
Where public-serving organizations underestimate scope
The common gap is not ignorance of the rule; it is a narrow mental model of what the rule covers. Four surprises come up in nearly every assessment we run:
1. Documents as well as pages
Most public websites host hundreds or thousands of PDFs: board packets, meeting minutes, budget documents, forms, reports, and policies. A substantial share fails PDF accessibility standards: no tagged structure, missing reading order, images without alt text, scanned documents that are images rather than text, forms without accessible labels. Document remediation is frequently the largest single line of effort in a compliance program.
2. Third-party platforms inherit the obligation
Citizen portals for permitting, payments, transit, and benefits; learning management systems; community engagement platforms; transparency portals. When the entity contracts for a public function, the accessibility obligation follows. Vendor contracts frequently do not contain WCAG 2.1 AA conformance language or a remediation commitment.
3. Video and multimedia obligations are larger than captions
Council meeting video, classroom broadcasts, community announcements, training content, and informational media carry captioning requirements. Captioning alone is not always sufficient; audio description obligations apply where visual content is essential to understanding.
4. Mobile applications
Entity-branded mobile applications, including those for transit, citizen service requests, parents, students, and constituents, fall within scope. Application accessibility is a distinct discipline from web accessibility and is frequently missed in procurement.
A practical compliance path
The temptation is to start with a full site scan, produce a long findings list, and proceed from the top. That approach rarely finishes. A structured, risk-prioritized path is more defensible and more likely to complete.
Step 1. Establish scope and inventory
Define the digital surface: domains and subdomains, applications, published documents, multimedia content, and third-party platforms that deliver public functions. Name an owner for each. An organization cannot remediate what it does not know it operates.
Step 2. Assess current conformance
Evaluate the inventory against WCAG 2.1 Level AA. Automated scanning catches roughly a third of issues; human review catches the rest. A formal assessment produces categorized findings, severity ratings, and a prioritized remediation roadmap that aligns to risk, user impact, and operational feasibility.
Step 3. Prioritize remediation
High-use content and functions come first: homepage, search, navigation, citizen service portals, payment flows, board and meeting materials, and any page that is part of a legally required notice or function. Document remediation should be scoped to the most-accessed and most-recently-published materials, with a retirement plan for legacy documents that are unlikely to be used.
Step 4. Build the accessibility program
Accessibility is not a one-time project. Establish an accessibility statement, a feedback mechanism, a procurement checkpoint that requires WCAG 2.1 AA conformance language in vendor contracts, and a recurring review cadence. Train content authors and communications staff on accessible authoring. Designate a coordinator.
Step 5. Document
Keep evidence of each of the above: scope inventory, assessment results, remediation log, training records, procurement policy, vendor conformance statements. If an enforcement matter or complaint arises, the documented program is frequently the difference between a rapid resolution and a multi-year investigation.
What to do if you are past the deadline
A substantial number of public-serving organizations reached the April 2026 threshold without a documented program. The practical response is to establish the inventory, begin the assessment, and create a written compliance plan with realistic dates, rather than announcing a program that does not yet exist. A documented, good-faith program in progress is a better legal and reputational posture than silence. Complaints and enforcement matters frequently turn on evidence of good-faith effort rather than perfect conformance on day one.
How Firestorm helps
StormAccess is Firestorm's ADA Title II assessment service. It produces the inventory, the WCAG 2.1 Level AA evaluation, the document and multimedia analysis, and the prioritized remediation roadmap your organization can execute against.
Accessibility conformance sits alongside cybersecurity and AI governance as a third leg of the digital trust obligation public-serving organizations now carry. Our position is that these disciplines are reinforcing: a mature accessibility program shares infrastructure with a mature cybersecurity program and a mature AI governance program. Treating all three as one portfolio of obligations avoids duplicate effort.
Have questions or need support with ADA Title II compliance? Start a conversation.