ADA title II for state CIOs and enterprise IT: Governance, road maps, and vendor controls

The DOJ’s 2024 Title II rule adopts WCAG 2.1 Level AA (including Level A) as the technical standard for state and local governments’ web content and mobile apps, with specific compliance dates based on population size and special-district status. It covers web content (including conventional electronic documents and audiovisual content) and mobile apps, subject to defined exceptions. State CIOs and enterprise IT leaders should drive policy, tools, and remediation ahead of the April 24, 2026 and April 26, 2027 compliance dates, as applicable.

Imagine a local resident, left frustrated because they couldn’t complete an online form to apply for essential public benefits. Such experiences underscore the urgency of digital accessibility and the vital role of state CIOs and enterprise IT leaders in driving change.

Key takeaways

• Establish a statewide accessibility policy referencing WCAG 2.1 AA that applies to agencies and vendors. Make this a top priority, as it forms the foundation for all future actions.
• Implement centralized inventory and scanning to identify and prioritize issues across domains and applications.
• Integrate accessibility requirements into procurement (ACR/VPAT), contracts, and acceptance testing.
• Prioritize high-traffic services and emergency communications within the next 90 days to address the most critical areas first.
• Track progress using a concise set of KPIs that can be reported to cabinet leadership, providing a clear view of compliance efforts.

What the rule requires for state executive agencies

The DOJ’s 2024 Title II rule requires state and local government entities (public entities) to ensure their covered web content and mobile apps comply with WCAG 2.1 Level AA (including Level A), subject to the rule’s exceptions and limitations. In practice, this means the rule applies broadly to covered state digital services—websites, web applications and online forms, and mobile apps—plus web content such as conventional electronic documents and audiovisual content, subject to specific exceptions (for example, certain archived web content and certain preexisting electronic documents). It also extends to mobile applications, both iOS and Android, whenever those apps are used to deliver services or information to the public.

Many services use third-party vendors, but states remain responsible for the user experience. Procurements should require WCAG 2.1 AA conformance, current Accessibility Conformance Reports, and allow independent testing. Accessibility criteria must govern new launches and updates, with contracts enforcing remediation timelines. Incentivizing vendors by linking conformance to approvals and renewals can make accessibility a market differentiator.

The rule recognizes only narrow exceptions that prioritize equitable access for all (PDF). Claims of undue financial and administrative burdens or fundamental alteration must be documented, and the entity must still comply to the extent required under the rule and provide access through other means where applicable. By framing exceptions in terms of protecting equitable access rather than merely fulfilling paperwork requirements, decision-makers can foster genuine commitment to accessibility goals. Moreover, exceptions should be time-limited and revisited as technology or funding improves, underscoring a long-term commitment to inclusivity.

Timeline and what to do this quarter

Until the April 2026/2027 compliance dates, prioritize work by risk, traffic, and visibility. Set quarterly milestones tied to funding cycles so the road map aligns with approval processes and budget windows, becoming a fiscal planning tool.

Your 90-day plan

Use this 90-day sprint to inventory assets, triage for high-impact fixes, begin remediation on shared components and critical content, and establish governance to drive sustained progress. Form an accessibility tiger team to encourage cross-agency collaboration. Recruit agency champions to spark peer learning and early adoption for accessibility efforts.

Inventory (Weeks 1–2): Aggregate all domains, applications, PDFs, and video libraries. Map asset ownership. Register official mobile apps and list third-party platforms in use.

Triage (Weeks 2–3): Identify top 200 pages/forms per agency, flag critical apps and emergency communications, and select widely reused components (such as headers, navigation, and forms).

Remediate (Weeks 3–8): Fix top templates/components, then scale to content with PDF and captions plans. Prioritize mobile issues (focus order, labels, color contrast, hit targets).

Govern (Weeks 6–10): Finalize policy, set SLAs, document exception process, and publish an accessibility statement. Gate releases with CI/CD accessibility checks and acceptance criteria.

Evidence (Weeks 8–12): Set up dashboards, assign ownership, schedule executive updates, and export auditor-ready packets. Maintain ongoing monitoring and reporting to demonstrate oversight.

Top 10 high-risk assets for state exec IT

The following properties are most likely to trigger complaints, service disruptions, or DOJ scrutiny. Prioritize them for early remediation and continuous monitoring.

1. Benefits eligibility portals and online applications
2. Licensing/permits systems
3. Tax payment/collections sites
4. Emergency alerts pages and banners
5. PDF forms (legacy, downloadable)
6. Agency header/footer/nav components (reused everywhere)
7. Video livestreams/archives (governor briefings, pressers)
8. Appointment scheduling and kiosks
9. GIS maps and data visualizations
10. Mobile apps for core programs

Procurement and vendor management

Before you try to fix every page in-house, make sure your vendors can meet the standard. Require up-to-date ACR/VPAT reports, set clear go-live pass/fail rules tied to WCAG 2.1 AA, and use renewals to force fixes on a defined timeline. This prevents accessibility debt from sneaking back in through third-party tools (such as in forms and payment gateways, CMS plug-ins, map embeds, chatbots, schedulers, and other SaaS your agencies rely on).

Here are some requirements to consider:

• Current, accurate ACR/VPAT (or equivalent accessibility report) for all modules, integrations, and widgets, not just the core product
• Target standard is WCAG 2.1 Level AA for priority user journeys (apply, file, pay, schedule, request records, etc.)
• Pre-go-live accessibility testing of critical flows with explicit pass/fail gates and named state acceptance authority
• Time-bound remediation plan for any known gaps, plus a named vendor accessibility owner
• Ongoing reporting and audit cooperation, with remediation SLAs tied to renewals, extensions, and holdbacks
• Public accessibility statement, issue-reporting channel, and a clear escalation path
• Data export/API access to support independent testing, dashboards, and evidence packets

Make vendor governance explicit. Maintain a central list of approved tools with current ACRs, quarantine or deprecate tools without viable remediation pathways, and gate renewals on demonstrated progress. This mirrors proven statewide controls and keeps third-party risk manageable.

This guidance is informational, not legal advice. Work with counsel and Procurement on final terms and enforcement mechanisms.

Governance: Roles, policy, and measurement

Approach governance as the foundation for accessibility: Assign clear owners, publish a single statewide policy with enforceable workflows, and track a focused set of KPIs for executive leadership.

Roles: Appoint an enterprise accessibility lead to set statewide direction, empower agency-level coordinators for daily execution, and formalize partnerships with procurement, legal, and communications to make sure accessibility is integrated from sourcing to public release.

Policy: Publish a single statewide standard that explicitly references WCAG 2.1 AA and applies to websites, web applications, mobile apps, digital documents, and media. Support this with an exception workflow that documents undue burden, sets time-limited alternatives, and requires approval from leadership.

KPI widget (reported quarterly): Report a concise set of metrics for leadership. These should demonstrate daily quality and structural readiness. By providing baseline figures, such as “current average A/AA issues per page: 15,” progress becomes more visible and allows leaders to track improvements effectively.

• The average number of A/AA issues per page
• The percentage of priority PDFs passing automated checks
• The percentage of videos with captions
• The proportion of core templates and components meeting WCAG 2.1 AA
• The rate of contracts with current ACR/VPATs

How Siteimprove helps

Bring policy, remediation, and proof together with state-ready capabilities that align directly to the Title II rule and WCAG 2.1 AA.

Monitoring and evidence: Regular WCAG 2.1 AA scanning across domains and apps, with trend reporting, clear ownership, and exportable audit trails for counsel and auditors. Why it matters: Turns dispersed fixes into measurable progress tied to deadlines.

Policy and governance: Centralized policies, exception logging, and approval workflows that operationalize your statewide standard. Why it matters: Enforces rules consistently and creates defensible evidence.

Document remediation: Batch discovery and prioritization of PDFs/Office docs, plus remediation services and QA. Why it matters: Tackles the largest-volume risk with proof of fix.

Mobile app accessibility: iOS/Android guidance and testing mapped to WCAG 2.1 AA criteria for native apps. Why it matters: Closes the common “apps gap.”

Executive reporting: Deadline-readiness dashboards and quarterly roll-ups for cabinet leadership and counsel. Why it matters: Keeps leadership aligned to milestones and highlights where to escalate.

FAQ

Does this apply to third-party platforms our agencies use?
Yes—when the platform’s web content or app is provided or made available by the public entity, including through contractual, licensing, or similar arrangements. Content posted by an unrelated third party (not under those arrangements) can fall under an exception, though the entity may still need to provide access on request under existing Title II obligations.

What about legacy PDFs?
Prioritize high-traffic and current forms, archive or replace outdated files, and convert templates to accessible formats. By doing so, you comply with regulations and pave the way for a more inclusive future. Lead the nation in digital equity and set the standard for others to follow. Together, state CIOs and IT leaders can forge a path toward accessibility and digital transformation that uplifts everyone.