The technological advancement pushed most of the products and services, including the government services, to be accessible online. Although the services are convenient, they still have barriers that make it impossible for all users to access them. Therefore, the U.S. Department of Justice updated Title II of the Americans with Disabilities Act (in April 2024).
On April 17, 2026, the DOJ extended the original compliance deadlines by one year. Public entities serving populations of 50,000 or more must comply by April 26, 2027. Smaller public entities and special district governments have until April 26, 2028.
This update ensured that any digital service or content offered by the state or local governments through third-party vendors should be accessible. In other words, purchasing inaccessible software, apps, widgets, etc. will make your organization liable for lawsuits. In this blog, we will help you understand and ensure that your digital procurement process is accessible.
Table of Contents
- 1 Why Vendor Digital Accessibility Matters for Public Entities?
- 2 Baking Accessibility into Requests for Proposals (RFPs)
- 3 Demystifying VPATs and Accessibility Conformance Reports (ACRs)
- 4 Structured Approach to Scoring VPATs
- 5 Writing Enforceable Contract Language
- 6 Testing and Continuous Compliance Monitoring
- 7 Conclusion
Why Vendor Digital Accessibility Matters for Public Entities?
Title II of the ADA prohibits discrimination based on disability in services provided by state and local governments.
- The 2024 DOJ rule mandates that public entities ensure web content and mobile applications are accessible to individuals with various disabilities, including visual and auditory.
- A key principle is non-delegable duty, meaning public entities are legally responsible for the accessibility of digital content, even if provided by third-party vendors.
- If a municipality contracts a private SaaS provider, they remain liable for ADA violations related to inaccessible services, such as online payment portals.
High-risk points of failure in digital infrastructure include:
- Third-party payment processors that may trap keyboard users or lack descriptive labels.
- Learning Management Systems (LMS) that often do not render content accessibly.
- Interactive tools like chatbots that fail to communicate essential information to visually impaired users.
- Prioritizing accessibility in procurement helps public entities uphold civil rights and avoid costly retrofits for inaccessible products.
Baking Accessibility into Requests for Proposals (RFPs)
To mitigate third-party risk, organizations should integrate accessibility into their vendor sourcing strategies by requiring compliance with WCAG 2.1 Level AA in RFPs. This compliance must be a fundamental requirement, with vendors submitting verified accessibility documentation and outlining their testing methods. For products with partial compliance, a detailed timeline for resolving accessibility issues should be mandatory.
The table below outlines a conceptual RFP evaluation matrix that appropriately weights accessibility alongside traditional metrics:
| Evaluation Criteria | Description of Measurement | Recommended Weight |
| Technical Capabilities & Functionality | Fulfillment of core software requirements, scalability, and system integration capabilities. | 30% |
| Cost & Fee Transparency | Competitiveness of licensing costs, implementation fees, and long-term maintenance expenses. | 25% |
| ADA Title II & WCAG 2.1 AA Compliance | Verified conformance via comprehensive documentation, quality of manual testing methodologies, and robust remediation timelines. | 25% |
| Security & Data Privacy | Conformance with federal and state cybersecurity frameworks and data handling protocols. | 10% |
| Vendor Experience & References | Past performance with public sector entities, support SLAs, and proven client satisfaction. | 10% |
This structured approach ensures that a vendor offering a significantly lower price but scoring poorly on accessibility will lose the bid to a vendor who provides a fully conformant product, ultimately saving the agency from future litigation and remediation costs.
Demystifying VPATs and Accessibility Conformance Reports (ACRs)
The Voluntary Product Accessibility Template (VPAT) serves as a template for documenting the conformance of ICT products to accessibility standards. After a product audit, this leads to the Accessibility Conformance Report (ACR). Government procurement often mandates ACR submission to ensure accurate accessibility evaluations before purchases, emphasizing the need for procurement officers to critically assess the ACR rather than treating the VPAT as merely a bureaucratic formality.
Identifying Red Flags in Vendor Documentation
Not every accessibility report tells the full story. Some vendors claim complete WCAG compliance, but perfect compliance is rare in complex software.
Here are some critical red flags in vendor documentation:
- The “Too Perfect” Report raises concerns about vendors claiming full WCAG compliance without substantial justification.
- Perfect compliance is rare in complex software, often indicating superficial documentation aimed at procurement.
- ACR should align with the Revised Section 508 Standards or the International version to effectively evaluate WCAG 2.0 or 2.1.
- Submitting outdated VPATs or evaluations for older software versions makes the documentation ineffective.
- Genuine ACR production necessitates thorough audits involving manual testing and code inspections; quick turnarounds suggest inadequate assessments.
- Frequent use of “Not Applicable” for fitting criteria denotes a misunderstanding of accessibility standards.
- The “Remarks and Explanations” section is critical; vague comments without detailed reasons for partial support undermine risk assessment.
Structured Approach to Scoring VPATs
To bring objectivity to VPAT evaluations, progressive public sector IT departments utilize structured scoring models. The State of Minnesota provides a highly effective 0 to 5 raw scoring system to evaluate vendor ACRs based on the quality and depth of their disclosures.
| Score Level | Definition | Characteristics of the Vendor’s Submission |
| 0 (Fail) | Insufficient Data | Sections left blank, no contextual data provided, or the vendor merely copy-pasted the WCAG criteria text into the remarks column. |
| 1 (Poor) | Inaccessible | Minimal data provided indicating severe lack of awareness regarding accessibility. Product clearly lacks significant functional access. |
| 2 (Weak) | Low Accessibility | Vendor provides limited, vague data regarding their ability to support WCAG requirements. |
| 3 (Average) | Moderate | Vendor provides some technical data, but the evaluation lacks the depth required to instill confidence in the vendor’s remediation capabilities. |
| 4 (Good) | Strong | The ACR demonstrates clear technical knowledge of how the solution maps to each criterion, providing sufficient data to negotiate future improvements. |
| 5 (Exceptional) | Excellent | The vendor demonstrates extensive expertise, providing rich technical remarks for supported items and a documented, transparent roadmap for any unsupported criteria. |
The vendor showcases significant expertise by offering detailed technical remarks for supported items and a transparent roadmap for unsupported criteria. In accessibility procurement, a VPAT with “Partially Supports” and thorough explanations scores better than one claiming full support without details.
Writing Enforceable Contract Language
Public sector organizations now expect clear commitments around WCAG 2.1 Level AA compliance, audit rights, subcontractor accountability, and timelines for fixing accessibility issues. A strong contract makes accessibility enforceable throughout the entire vendor relationship, not just during procurement. Thus, effective vendor contracts should include the following definitive elements:
The contract must include the following provisions:
- the website content, mobile applications, and deliverables provided under the terms of the contract must meet the WCAG 2.1 Level AA standard for the entire term of the contract
- the clarification of the term “ensuring accessibility best practices”.
- Periods needed after the i’s and t’s. Add the details for each product feature the agency wants to test. The agency cannot release or sell any product that has blocker-level accessibility barriers.
- Unrestricted Testing and Audit Rights. The public entity should have an unconditional right to do independent accessibility audits on the vendor’s product at any time, using either in-house personnel or third-party auditors.
- Flow-Down Clauses to Subcontractors: The business contract should include language that requires the vendor to obligate any subcontractors it engages with to make the vendor’s site accessible. Primary Vendor Responsible for Third-Party Integrations The primary vendor is responsible to the business for any third-party integrations not meeting the requirements of WCAG 2.1 Level AA.
- Post-implementation audits are becoming more prevalent in the public sector during contract compliance audits. In the event non-compliance is discovered in the implemented software, it is imperative that the contract between the public sector organization and vendor includes a Service Level Agreement (SLA) to bind the vendor to correct any non-compliance issues. Ultimately, the vendor must correct any non-compliance issues within a specific timeframe as dictated by the audit as well as at no cost to the public sector organization.
ADA Indemnification Clause Indemnification clauses are a very important part of any contract to shift risk to others. An ADA indemnification clause would be a provision in the contract that:
- Requires the vendor to defend the government;
- Requires the vendor to indemnify the government; and
- Requires the vendor to hold the government harmless against any claim, demand, action, cause, lawsuit, arbitration, or proceeding.
The indemnification clause must cover the vendor’s obligation to indemnify and hold harmless the government against any claim, demand, action, cause, lawsuit, arbitration, or proceeding by virtue of any third party for:
- Any alleged infringement of any third party’s rights during the Term by reason of the Software or Documentation not being fully compliant with the ADA
- Any alleged breach of any representation, warranty, covenant, or condition made by the Vendor in this Agreement regarding the agency’s use of the Software and Documentation. Most vendors object to indemnification clauses in the contract. It is very important to advise vendors that you will not agree to any indemnification clause that does not exclude any waiver of liability for claims for failure to make the Software accessible. Any vendor agreement that includes a waiver of liability for non-compliance with the ADA should be non-negotiable.
Testing and Continuous Compliance Monitoring
Accessibility compliance does not end once a product is purchased or launched. Digital platforms change constantly through updates, integrations, and new features, which makes ongoing monitoring essential.
- Procuring accessible products and enforceable contracts establishes a foundation for accessibility, but digital environments are constantly changing, necessitating ongoing monitoring for compliance.
- Continuous updates of codebases and third-party APIs require a framework for detecting and addressing compliance regressions before they affect users.
- Automated tools can identify approximately 30% of WCAG violations, and they cannot assess the semantic context or meaning of the content.
- These tools cannot reliably manage complex keyboard focus, dynamic ARIA states, or the logical reading order of intricate interfaces.
- Public entities should not depend solely on automated tools or accessibility overlay widgets for legal protection against lawsuits.
- There is a common misconception that AI-driven overlay widgets can rectify inaccessible platforms, yet they often fail to fix underlying code issues and can conflict with screen reader functionality, not meeting DOJ conformance requirements.
Conclusion
In a nutshell, while procuring digital products from third-party vendors, ensure that their VPAT is genuine and doesn’t have red flags. Additionally, ensure that your vendor contracts follow strict acceptance criteria and have indemnification clauses. Lastly, establish a hybrid monitoring framework to ensure that vendors remain compliant. Creating a structured process involving these practices will help you avoid superficial or falsified vendors, who in turn can cause roadblocks to your progress. Contact us at AEL Data today to understand further.


