What Are the Legal Requirements for Website Accessibility? Laws and Standards

"Am I legally required to make my website accessible?"

I get this question from business owners, developers, and executives trying to understand their obligations. The answer depends on who you are, where you operate, and who you serve. But for most businesses, the practical answer is yes—and even where requirements seem ambiguous, the legal risk is real.

This guide breaks down the major accessibility laws and regulations, explains who they apply to, and helps you understand your specific obligations.

Q: What are the legal requirements for website accessibility?

A: Website accessibility is required under multiple laws including the Americans with Disabilities Act (ADA) for US businesses, Section 508 for federal agencies and contractors, and the European Accessibility Act for companies serving EU markets. While technical standards vary, WCAG 2.2 Level AA has emerged as the de facto standard referenced across jurisdictions.

United States Accessibility Laws

Americans with Disabilities Act (ADA)

The Americans with Disabilities Act is the most frequently cited basis for website accessibility lawsuits in the US.

What it requires:

Title III of the ADA prohibits discrimination by "places of public accommodation"—businesses open to the public like stores, restaurants, hotels, theaters, and professional offices. The ADA requires these businesses to provide equal access to their goods and services.

The website question:

The ADA, passed in 1990, doesn't mention websites. However, courts have increasingly found that websites connected to physical businesses, or websites that constitute the primary way people access services, fall under ADA requirements.

The Department of Justice has consistently interpreted the ADA to cover websites and published guidance in 2022 clarifying this position.

Who it applies to:

• Businesses open to the public (retail, hospitality, food service, entertainment)
• Professional services (healthcare, legal, accounting)
• Financial institutions
• Transportation services
• Educational institutions
• Most commercial websites and apps

Standard referenced:

DOJ guidance references WCAG 2.1 Level AA. Court settlements and consent decrees almost universally specify WCAG standards at the AA level.

Enforcement:

Private lawsuits are the primary enforcement mechanism. Individuals who encounter accessibility barriers can sue for injunctive relief (requiring fixes) and attorney's fees. Some states (California, New York) allow damages.

Section 508

Section 508 of the Rehabilitation Act applies to federal agencies and has ripple effects throughout the economy.

What it requires:

Federal agencies must make their electronic and information technology accessible to people with disabilities—both employees and members of the public.

Who it applies to:

• Federal government agencies
• Organizations receiving federal funding
• Companies selling to federal government

Standard:

Section 508 references WCAG 2.0 Level AA through its technical standards. Updates are in progress to reference newer WCAG versions.

Why it matters beyond government:

Federal procurement requirements mean companies selling technology to government must demonstrate accessibility compliance, typically through Voluntary Product Accessibility Templates (VPATs).

This requirement cascades: federal contractors often impose similar requirements on their subcontractors. The government's purchasing power drives accessibility investment throughout the technology industry.

State Laws

Several states have their own accessibility requirements:

California: The Unruh Civil Rights Act has been interpreted to cover website accessibility, with statutory damages of $4,000 minimum per violation potentially available to plaintiffs.

New York: Active plaintiff bar using state human rights laws alongside ADA claims.

Florida: Another high-volume jurisdiction for accessibility litigation.

Many state laws parallel or extend ADA requirements rather than creating fundamentally different obligations.

European Accessibility Requirements

European Accessibility Act (EAA)

The European Accessibility Act creates unified accessibility requirements across EU member states.

Effective date: June 28, 2025

What it covers:

• Computers and operating systems
• Self-service terminals (ATMs, ticketing machines)
• E-commerce websites and mobile applications
• Banking services
• E-books and dedicated software
• Transportation services
• Audio-visual media services

Who it applies to:

Companies selling products or services covered by the EAA to EU consumers, regardless of where the company is headquartered. US companies serving EU markets are included.

Standard:

The EAA references EN 301 549, the European standard that incorporates WCAG 2.1 Level AA plus additional requirements for software, hardware, and documentation.

Enforcement:

Each EU member state implements its own enforcement mechanisms, including market surveillance authorities and potential penalties.

Web Accessibility Directive (Existing)

The Web Accessibility Directive already requires public sector websites and apps to be accessible. The EAA extends requirements to private sector.

Other International Requirements

Canada

The Accessible Canada Act applies to federally regulated organizations. Provinces have additional requirements—notably Ontario's AODA (Accessibility for Ontarians with Disabilities Act) requires WCAG 2.0 AA compliance for larger businesses.

United Kingdom

Post-Brexit UK maintains accessibility requirements through the Public Sector Bodies Accessibility Regulations for public sector and general Equality Act obligations for private sector.

Australia

The Disability Discrimination Act applies to websites, with Australian Human Rights Commission guidance referencing WCAG standards.

Understanding Which Laws Apply to You

Decision Framework

Are you a US business serving consumers? → ADA likely applies. Assume obligation to provide accessible website.

Do you sell to or contract with federal government? → Section 508 requirements apply. Need VPAT documentation.

Do you serve EU customers? → EAA applies from June 2025. Compliance required for covered services.

Are you a public sector organization? → Multiple specific requirements apply depending on jurisdiction.

Are you in a regulated industry (healthcare, finance, education)? → Industry-specific regulations may impose additional accessibility requirements beyond general laws.

Practical Reality

If you're reading this trying to figure out whether you're "covered," here's the practical advice: assume you are.

The cost of achieving basic accessibility is modest compared to the cost of defending accessibility lawsuits. Organizations that proactively address accessibility face dramatically lower legal risk than those arguing about whether laws technically apply.

Technical Standards: WCAG

Why WCAG Is The Standard

Despite different laws referencing different versions, WCAG (Web Content Accessibility Guidelines) from the W3C has become the universal reference point for web accessibility compliance.

WCAG versions:

• WCAG 2.0 (2008) - Referenced in Section 508
• WCAG 2.1 (2018) - Referenced in DOJ guidance, EAA
• WCAG 2.2 (2023) - Current version, beginning to appear in new requirements

Conformance levels:

• Level A - Essential baseline (insufficient alone)
• Level AA - Standard target for legal compliance
• Level AAA - Enhanced accessibility (not typically required)

Practical target: WCAG 2.2 Level AA addresses current and emerging requirements while being achievable for typical websites.

Understanding WCAG conformance levels in detail helps you plan compliance efforts.

Beyond WCAG

Some requirements go beyond core WCAG:

EN 301 549 (European standard) adds requirements for software, hardware, and support documentation beyond web content.

PDF/UA (Universal Accessibility) standard addresses document accessibility specifically.

ATAG (Authoring Tool Accessibility Guidelines) applies to CMS and content creation tools.

For most organizations, WCAG AA compliance addresses primary legal obligations.

Compliance Documentation

What You Might Need

Accessibility statement: Public declaration of your accessibility commitment, conformance level, and contact information for accessibility issues. Often legally required (EAA, Web Accessibility Directive).

VPAT/ACR: Voluntary Product Accessibility Template or Accessibility Conformance Report documents product/service conformance to accessibility standards. Required for federal procurement, increasingly requested by enterprise customers.

Audit documentation: Records of accessibility testing, findings, and remediation efforts demonstrate good faith compliance attempts.

Training records: Documentation that staff have received accessibility training supports compliance claims.

Creating Defensible Documentation

Documentation serves two purposes: demonstrating current compliance and showing good faith efforts toward compliance.

Professional accessibility audits create authoritative documentation. Ongoing monitoring through platforms like TestParty provides continuous compliance evidence.

Penalties and Enforcement

US Enforcement

Private lawsuits: Primary enforcement mechanism. Plaintiffs can recover attorney's fees (often $20,000+) even without damages. Settlement costs typically range $10,000-$50,000 for small/medium businesses.

Repeat litigation: One settlement doesn't prevent future lawsuits. Genuine compliance, not settlement alone, provides ongoing protection.

DOJ enforcement: The Department of Justice can bring enforcement actions, though private litigation is more common.

European Enforcement

Market surveillance: National authorities monitor compliance and can require remediation.

Penalties: Vary by member state implementation but can be substantial.

Consumer complaints: Individuals can file complaints with national enforcement bodies.

Reputational Risk

Beyond direct legal penalties, accessibility failures create reputational risk:

• Negative media coverage of lawsuits
• Social media criticism from disability advocates
• Customer loss when accessibility issues affect users
• Procurement disqualification from accessibility-conscious organizations

Building Sustainable Compliance

Compliance as Ongoing Practice

Legal accessibility requirements aren't one-time projects. Compliance requires:

Initial remediation: Fixing existing accessibility issues

Ongoing monitoring: Catching new issues before they create problems

Process integration: Building accessibility into content creation and development workflows

Documentation maintenance: Keeping accessibility statements and VPATs current

Getting Started

If you're uncertain about your accessibility status:

1. Assess current state: Free accessibility scanning identifies obvious issues
2. Understand your scope: Which pages, apps, and documents need attention?
3. Prioritize remediation: Critical user paths first, then expanding coverage
4. Implement monitoring: Continuous scanning catches regressions
5. Document everything: Create audit trails supporting compliance claims

FAQ Section

Q: Is website accessibility legally required for small businesses?

A: Yes, if you're a "place of public accommodation" under the ADA. Business size doesn't exempt you from ADA requirements. However, small businesses may face proportionally lower remediation costs and can often address accessibility incrementally.

Q: What happens if I get sued for accessibility?

A: Typical outcomes include settlement ($10,000-$50,000 for small/medium businesses), commitment to remediation timeline (12-24 months), and ongoing monitoring. Understanding demand letters helps if this happens.

Q: Can I claim I'm working on accessibility to avoid legal action?

A: Good faith efforts matter, but work must be genuine and demonstrable. "Working on it" without evidence of actual progress doesn't provide legal protection. Document your efforts comprehensively.

Q: Are mobile apps covered by the same laws as websites?

A: Generally yes. ADA applies to mobile apps the same as websites. The European Accessibility Act explicitly covers mobile applications. Accessibility requirements increasingly treat web and mobile as part of unified digital presence.

Q: How do I know if I'm compliant?

A: Compliance requires meeting all applicable WCAG success criteria at the specified level. Automated scanning identifies many issues but can't verify complete compliance—comprehensive audits combining automated and manual testing provide reliable assessment.

The Path Forward

Legal requirements for accessibility will continue expanding, not contracting. The European Accessibility Act, DOJ rulemaking, and ongoing litigation all push toward clearer and stricter requirements.

Organizations that invest in accessibility now position themselves ahead of tightening requirements. Those that delay face increasing legal risk and potentially more expensive catch-up efforts.

Ready to understand your compliance status? Get a free accessibility scan to identify issues requiring attention.

Related Articles:

• Why Am I Getting Sued for Website Accessibility?
• WCAG Conformance Levels: A, AA, or AAA?
• ADA Website Compliance: The Complete Guide

AI-assisted content, human-reviewed. For compliance advice, consult professionals.