Accessibility of the Internet: A Guide to ADA & WCAG 2.2
A lot of teams arrive here the same way. A customer procurement form asks for your VPAT. Legal forwards an accessibility demand letter. A product launch stalls because nobody can say, with confidence, whether the website or app meets ADA expectations.
That’s when the accessibility of the internet stops sounding like a policy topic and starts looking like an operational problem.
For enterprise teams, accessibility sits at the intersection of revenue, compliance, engineering quality, and trust. If users can’t use your product with a keyboard, complete a form with a screen reader, or activate a control because the tap target is too small, the issue isn’t abstract. It affects sales cycles, support volume, public risk, and whether your organization can defend its own compliance claims.
This guide approaches internet accessibility the way a senior consultant would approach a live client environment. Start with legal and business exposure. Map that to WCAG and procurement requirements. Audit with more than a scanner. Fix the barriers that block real users. Then document the work so your teams can answer buyer questionnaires, government requirements, and internal governance reviews without scrambling.
Defining Internet Accessibility as a Business Imperative
A common enterprise scenario looks like this: security review is complete, pricing is approved, procurement likes the product, and then the buyer asks for accessibility documentation. The room goes quiet because nobody owns the answer. That’s a business failure, not just a UX problem.
Internet accessibility means more than publishing content online. It means people can perceive, understand, operate, and interact with your website, SaaS platform, portal, or mobile experience using the methods available to them, including assistive technology.
That matters because internet access alone doesn’t equal usable access. While global internet use has expanded dramatically, a large group of people still face barriers using digital products. An estimated 1.3 billion people, about 16% of the global population, live with a disability that affects how they use the internet, according to UserWay’s disability statistics summary.
Accessibility belongs in core operations
For a CTO, accessibility affects architecture choices, component libraries, QA scope, and release criteria.
For a product manager, it affects backlog quality, acceptance criteria, and whether the team can sell into regulated or procurement-heavy accounts.
For compliance and legal teams, it affects how defensible your public-facing claims are when a complaint, contract review, or agency requirement lands.
Practical rule: If accessibility only appears after design signoff or after code freeze, your process is already too late.
What internet accessibility looks like in practice
The accessibility of the internet becomes tangible when you tie it to ordinary tasks:
- A customer logs in: The authentication flow needs labels, focus order, and error handling that work with screen readers and keyboards.
- A patient fills out a form: Instructions, validation, and session controls have to be understandable without relying on sight, color, or precise mouse use.
- A buyer reviews your platform: Your team needs documentation that matches the product’s current state, not a vague statement that you “support accessibility.”
Accessible digital delivery is part of product quality. Teams that treat it as a side project usually end up paying for it in delayed sales cycles, rushed remediation, and weak answers to basic compliance questions.
The High Cost of Inaccessibility Legal Risks and Market Loss
Companies rarely lose sleep over accessibility because of standards language. They react when legal, revenue, and brand consequences become immediate.

Why legal exposure keeps growing
The legal environment is active, and teams that still treat accessibility as optional are exposed. There were 5,114 ADA digital accessibility lawsuits filed in the United States in 2025 alone, as noted in the earlier source cited above on disability statistics and digital accessibility litigation.
That number matters less as a headline than as an operating signal. Plaintiffs, procurement teams, agency reviewers, and enterprise buyers all expect organizations to show real accessibility work, not broad promises.
Three patterns tend to trigger risk:
- Unsupported compliance claims: Marketing says the platform is accessible, but the product hasn’t been tested manually.
- Critical user journeys fail: Checkout, application, onboarding, or account management can’t be completed without a mouse or visual cues.
- No defensible paper trail: The company can’t produce current audits, remediation records, or procurement-ready documentation.
A scanner report is not a legal defense. It’s one artifact in a much larger compliance record.
Revenue loss starts before a lawsuit
The most expensive accessibility issue often isn’t the complaint. It’s the deal that slows down or disappears during vendor review.
Enterprise procurement teams now ask sharper questions. They want to know whether your product has a current ACR, what WCAG level you test against, how you validate claims, and whether issues are tracked to remediation. If your answers are vague, buyers assume future friction.
Brand damage follows a similar path. Users don’t separate “design issue,” “front-end bug,” and “compliance gap.” They experience one thing: the company made the service harder to use than it needed to be.
Accessibility is a market access issue
Accessibility expands who can use and buy from you. In practice, that includes customers with disabilities, employees using internal systems, public-sector buyers, education buyers, healthcare organizations, and enterprise clients with procurement controls.
A strong accessibility program helps teams:
| Business area | What inaccessibility does | What accessibility supports |
|---|---|---|
| Sales | Delays procurement and vendor review | Faster answers to buyer due diligence |
| Product | Creates rework late in the release cycle | Cleaner acceptance criteria and fewer surprises |
| Legal | Leaves the company reacting to complaints | Better documentation and response posture |
| Brand | Signals exclusion and poor execution | Signals maturity and operational discipline |
If you’re deciding whether to fund accessibility work, frame it correctly. This isn’t just about avoiding trouble. It’s about protecting pipeline, preserving reputation, and making your product usable by more people.
Navigating Global Accessibility Laws and Standards
A typical enterprise problem looks like this. Legal asks whether the website meets ADA requirements, procurement asks for a VPAT, product says it tests against WCAG, and regional teams raise questions about Europe. The confusion is not about effort. It comes from treating laws, technical standards, and buyer documentation as if they were interchangeable.

Laws create exposure. Standards define execution.
In the United States, the ADA creates legal duties around equal access to digital experiences. Section 508 applies to U.S. federal agencies and strongly influences contractors, vendors, and any company selling into government environments. In Europe, the European Accessibility Act and related public procurement rules affect which digital products and services can be sold, adopted, or renewed in those markets.
WCAG plays a different role. It is not the law. It is the technical standard teams use to design requirements, test interfaces, document defects, and verify fixes.
If your team needs a plain-English overview before getting into audit scope and remediation planning, WebAbility.io’s ADA accessibility guide is a useful primer for non-specialists.
For U.S. public entities, the compliance picture is becoming more concrete. Under the new ADA web rule, local governments with populations of 50,000 or more will be required to meet WCAG 2.1 Level AA by April 26, 2027, and smaller jurisdictions will be required to comply by April 26, 2028, according to MRSC’s summary of the DOJ web rule deadlines.
That matters beyond the public sector. Enterprise buyers often adopt the same benchmark internally because it gives legal, procurement, design, engineering, and QA a shared target.
A practical comparison for enterprise teams
| Framework | What it is | Who usually cares most | How teams should use it |
|---|---|---|---|
| ADA | U.S. civil rights law | Private businesses, public accommodations, legal teams | Treat it as a legal obligation for accessible digital experiences |
| Section 508 | U.S. federal accessibility requirement | Agencies, contractors, procurement teams | Use it in procurement reviews, vendor screening, and contract documentation |
| WCAG 2.1 and 2.2 | Technical conformance standards | Product, design, engineering, QA | Use them to test, remediate, and verify accessibility in the product itself |
| VPAT / ACR | Procurement documentation format | Buyers and sellers | Use it to communicate conformance claims in a reviewable format |
Teams make better decisions once these categories are separated clearly. Laws set the obligation. WCAG gives the implementation and testing criteria. VPATs and ACRs record what was reviewed and what still needs work.
What to standardize on internally
For most businesses, the practical internal target is WCAG 2.2 Level AA. That target aligns current product work with buyer expectations and puts the organization in a stronger position when legal, sales, or procurement questions arrive. It also reduces a common operational failure, where one team builds to an older standard while another team documents against a newer one.
A good starting point is to pick one standard for new development, one defect severity model for accessibility issues, and one approval process for exceptions. Legacy systems can be phased in based on risk, traffic, revenue impact, and contract exposure. That is how mature programs control cost without leaving the highest-risk properties untouched.
For teams evaluating what changed recently, this overview of the WCAG 2.2 update and its compliance impact is a useful reference.
Mixed standards create avoidable cost. If design uses one WCAG version, engineering tests against another, and procurement documents neither clearly, the company creates delay, rework, and legal ambiguity on its own.
Common Barriers and the Assistive Tools Users Rely On
Accessibility problems usually look small in a sprint ticket. For users, they can make a task impossible.
How small defects become hard blockers
A screen reader user lands on a product image with no alt text. The system announces only that an image exists, not what it conveys. If that image contains product details, instructions, or status, the missing text isn’t cosmetic. It blocks information.
A keyboard-only user tabs into a navigation menu that opens on hover but not on focus. They can reach the trigger but not the submenu. What looked like a minor interaction choice becomes a dead end.
A deaf or hard-of-hearing user starts a training video with no captions. If the video delivers required onboarding or compliance instructions, the content is effectively unavailable.
Assistive technology depends on predictable code
Assistive tools aren’t magic layers that fix bad implementation. They depend on meaningful HTML, correct labels, logical focus order, and controls that behave consistently.
Common pairings look like this:
- Screen readers and forms: Users rely on labels, instructions, field groupings, and error messages that are coded so software can announce them properly.
- Screen magnifiers and layout: Users need interfaces that stay understandable when zoomed, without controls overlapping or disappearing.
- Switch devices and keyboard navigation: Users need every interactive element to be reachable and operable without pointer-specific gestures.
- Speech input and control names: Users need buttons and links with clear, programmatic names so spoken commands match what’s on screen.
One practical example comes from touch and pointer interaction. WCAG 2.2 Success Criterion 2.5.8 requires buttons and links to be at least 24×24 CSS pixels, or to have sufficient spacing, to support users with motor impairments, as explained in this summary of ADA compliance best practices.
If a control is technically present but difficult to target, many users will still experience it as broken.
Teams often underestimate how often these failures cluster. A modal with poor focus management may also have weak labels, inaccessible close controls, and error handling that isn’t announced. That’s why issue-by-issue patching rarely works well without broader review.
Your Accessibility Audit and Remediation Roadmap
A failed checkout, an unusable application form, or a support flow that traps keyboard users is not just a UX defect. It is a revenue leak, a legal exposure point, and a preventable operations problem. Accessibility work gets easier to manage once teams treat it that way and run it through a defined audit and remediation process.

Step one and two test and prioritize
Start by testing the experience people use.
Automated scanners are useful for spotting repeatable patterns such as some missing alt text, some color contrast failures, and certain markup errors. They do not assess whether a task makes sense from start to finish, whether focus moves in a logical order, whether a modal can be closed reliably, or whether error feedback is announced in a way users can act on.
A credible audit combines automated scans with manual review of key templates, core user journeys, and shared components. Add assistive technology testing where business risk is high, especially for authentication, checkout, account management, scheduling, and form-heavy workflows.
If your team is comparing scanners and manual methods, this guide to accessibility testing tools can help define the right mix.
Prioritization should follow business impact first, then implementation efficiency.
- Fix critical journeys first: Login, signup, checkout, quote requests, applications, patient or student portals, and support flows affect conversion, service access, and legal risk.
- Fix shared patterns next: Navigation, search, forms, modals, tables, toasts, and design system components reduce recurring defects when corrected at the source.
- Raise urgent blockers immediately: Issues that stop users from completing a core task should move ahead of lower-risk content defects, even if the defect count is smaller.
A short walkthrough can help teams see why sequencing matters.
Step three and four remediate and verify
Remediation succeeds when ownership is explicit. Design, engineering, content, QA, and product each have different parts of the fix.
Design teams should correct pattern behavior, naming, instructions, visible focus, and state changes. Engineers should correct semantics, keyboard interaction, focus handling, ARIA usage, and DOM order. QA should validate against test cases that can be repeated in future releases. Product owners should set deadlines based on user impact and business risk, not only sprint convenience.
A practical workflow looks like this:
- Turn findings into usable tickets: Include the affected page or component, the blocked user task, the likely user impact, the relevant WCAG criterion, and the expected change.
- Fix at the system level where possible: A repaired component in the design system is cheaper and more durable than patching the same defect across many pages.
- Verify after deployment: Accessibility regressions are common in active products, especially where front-end teams ship frequently.
- Track accepted risk openly: If a fix cannot ship yet, document the scope, reason, owner, interim mitigation, and target date.
One pattern I see often is a team closing tickets once code is merged, then discovering later that the user journey is still broken. Verification should happen in the live interface, with keyboard testing and targeted assistive technology checks where the issue warrants it. That is how teams reduce repeat defects and show good-faith progress if a complaint or demand letter arrives.
Manual audits show how barriers affect real tasks and real users. Automation supports that work, but it does not replace expert review.
Choose vendors and internal processes that make findings clear. If a report cannot explain the affected journey, the user impact, and the expected code or design change in plain language, remediation will slow down, costs will rise, and the same issues will return.
Mastering Procurement with VPATs and Compliance Docs
Procurement is where many accessibility claims get stress-tested. Buyers ask for proof, sellers scramble for documents, and weak documentation becomes a deal problem.

What buyers should ask vendors
A VPAT is the template. The completed document is typically issued as an Accessibility Conformance Report, or ACR. Buyers shouldn’t treat it as a checkbox. They should read it like technical due diligence.
Strong review questions include:
- When was it last updated: A VPAT tied to an old release tells you very little about the current product.
- Who performed the evaluation: A self-authored report may still be useful, but it deserves more scrutiny.
- What was tested: Look for scope across web, mobile, documents, authenticated areas, and key workflows where relevant.
- How were claims validated: Good reports reflect manual review, not just scanner output.
Weak VPATs have recognizable patterns. They use broad statements instead of product-specific findings. They mark many criteria as “Supports” with little explanation. They avoid listing exceptions or known gaps. They don’t describe testing methods clearly.
Buyers should compare the VPAT against a live demo. If the report says a workflow supports keyboard access, test that claim.
What sellers need before the deal gets serious
If you sell software into enterprise, education, healthcare, or government environments, accessibility documentation helps sales teams answer security-style reviews with less delay.
A defensible documentation package usually includes:
| Document | Why it matters | What good looks like |
|---|---|---|
| VPAT / ACR | Supports procurement review | Current version, clear remarks, realistic conformance statements |
| Audit report | Shows actual findings | WCAG-mapped issues, affected screens, severity and user impact |
| Remediation plan | Shows active governance | Prioritized fixes, owners, and status tracking |
| Re-test record | Confirms progress | Verification after fixes, not just planned work |
Sellers also need to understand the cost and effort involved before procurement starts asking. This breakdown of VPAT pricing considerations is useful for budgeting internal work or outside evaluation.
Contract language matters too. If accessibility is material to the deal, put expectations into the agreement, including remediation obligations, update timing for documentation, and notice requirements for material regressions.
The practical lesson is simple. Don’t create a VPAT at the end of a sales cycle. Build the evidence first, then document it.
Building an Accessibility-First Culture in Your Teams
Accessibility programs fail when one team owns all of it. Legal can’t code the fixes. Engineers shouldn’t guess policy. Product can’t write credible acceptance criteria without a standard to reference.
Product management responsibilities
Product teams should treat accessibility like any other release requirement.
Use this checklist in backlog grooming and planning:
- Write accessibility into stories: Include user needs for keyboard operation, screen reader naming, focus behavior, captions, and error handling where relevant.
- Define acceptance criteria early: Don’t wait for QA to discover that a modal can’t be closed without a mouse.
- Review components, not just pages: Reusable UI patterns create either repeatable compliance or repeatable defects.
If your organization produces internal learning content, onboarding, or knowledge-base material, the same discipline applies to documentation. Teams that publish training resources can use guides like this one on how to improve accessibility in teaching materials to keep content creation aligned with broader digital accessibility goals.
Engineering and QA responsibilities
Engineering teams need a shared target. The Department of Justice identifies WCAG 2.2 Level AA as the technical standard that provides a “mostly accessible experience” for users with disabilities, according to AudioEye’s summary of ADA compliance expectations.
That target should shape day-to-day delivery:
- Use semantic HTML first: Native controls usually outperform custom widgets for accessibility and maintenance.
- Add accessibility checks to code review: Focus order, labels, headings, landmarks, and keyboard behavior should be reviewed before merge.
- Test components in realistic states: Disabled, error, loading, zoomed, and mobile states often reveal defects hidden in default views.
QA should build regression coverage around user journeys, not just pages. A component can pass on one screen and fail in a slightly different implementation elsewhere.
Compliance and operations responsibilities
Compliance teams should maintain an evidence trail that survives staff turnover and procurement scrutiny.
That usually means keeping:
- A current standard of record: Most organizations should state WCAG 2.2 Level AA as the internal benchmark.
- Testing records: Audit dates, scope, methods, and known exceptions.
- Remediation logs: Owners, priorities, due dates, and verification status.
- Procurement responses: Approved language for questionnaires, ACR requests, and customer security-compliance reviews.
Culture changes when accessibility stops being an emergency lane and becomes part of how work gets approved.
Frequently Asked Questions on Digital Accessibility
Are accessibility overlays enough for ADA compliance
Usually, no. Overlays and widgets can provide some convenience features, but they don’t fix underlying code, structure, labeling, keyboard behavior, or workflow logic. If a form is unlabeled or a modal traps focus, adding a toolbar on top won’t solve the root issue.
That’s why serious buyers and experienced counsel look for audits, remediation records, and product-level evidence.
How should a company budget for accessibility work
Budget by scope and risk, not by a generic site-wide guess. A marketing site, authenticated SaaS platform, mobile app, design system, and document library all create different workloads.
The work should be separated into three lines:
- Audit cost: Testing, reporting, and validation
- Remediation cost: Design, engineering, QA, and retesting
- Governance cost: VPAT updates, training, and recurring reviews
If procurement pressure is immediate, start with the highest-risk workflows and the documentation needed for active deals.
Are small businesses exempt from ADA website expectations
Don’t assume they are. Digital accessibility risk doesn’t disappear because a business is smaller. The safer approach is to assess your actual exposure based on public-facing services, customer type, jurisdiction, and whether digital access is central to how people do business with you.
How long does remediation usually take
It depends on platform complexity, design system maturity, release cycles, and how many core workflows are affected. Teams with reusable components and strong engineering ownership move faster. Teams with fragmented front ends, custom widgets, and no accessibility standards take longer.
The mistake is waiting for “full compliance” before making visible progress. Fix the blockers first, document what remains, and verify each release.
What should we ask before hiring an accessibility audit firm
Ask how they test, which assistive technologies they use, whether they provide code-level guidance, whether they retest fixes, and whether they can produce procurement-ready documentation like VPATs and ACRs. Also ask what they expect from your internal design, engineering, QA, and legal teams.
Here’s a practical reference table.
| Question | Short Answer | Key Consideration |
|---|---|---|
| Are overlays enough? | No | They don’t replace code-level remediation or manual audit work |
| Should we start with automation? | Yes, but only as a start | Automated scans help find patterns, not full user impact |
| Do small companies need to care? | Yes | Risk depends on digital services and exposure, not optimism |
| What should buyers request from vendors? | A current VPAT or ACR plus evidence | Check testing method, scope, and update date |
| What standard should teams target? | WCAG 2.2 Level AA | It gives product, QA, and compliance teams a shared benchmark |
If your team needs a defensible path forward, consider talking with ADA Compliance Pros about a manual accessibility audit, remediation roadmap, or VPAT support. The goal isn’t to generate another scanner report. It’s to understand actual user barriers, reduce legal risk, and give product, engineering, and compliance teams documentation they can stand behind.